Transcript #300: A Jupyter merge driver for git
Return to episode page view on github00:00 Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds.
00:05 This is the big episode 300 recorded September 6th, 2022.
00:11 I'm Michael Kennedy.
00:12 And I'm Brian Okken.
00:13 And I'm Seth Larson.
00:14 And this episode is brought to you by Microsoft for startups, Founders Hub.
00:18 More about them later.
00:19 Seth, welcome to the show.
00:21 Thanks for having me.
00:22 This is so exciting.
00:23 I didn't realize it was going to be a 300.
00:25 Yeah.
00:25 Well, you hit the jackpot.
00:27 This is the big one.
00:28 - A big one for at least two more years, I would say.
00:31 And Brian, how about that?
00:33 300 episodes.
00:34 - That's amazing.
00:35 When did we start this?
00:36 We should look this up.
00:37 - It must have been a while ago, I don't know.
00:39 I mean, that's 5.7692307 years.
00:44 That's almost six years.
00:46 - That's amazing.
00:47 - Actually, a reason that I'm so focused on floating point numbers and large numbers, we're gonna get to that at the end of the show.
00:53 - 2016, we started November 2016.
00:56 That's pretty cool. - Yeah, absolutely.
00:57 - Anyway.
00:58 - Very cool indeed.
00:59 David says, "Congrats on 300." Thank you, David.
01:02 Thank you for being here, indeed.
01:04 - Awesome.
01:05 - All right.
01:06 - Well, I've been thinking about wheels and packages lately.
01:09 - Yeah, you were thinking about the phrase, rolling wheel gathers no moss or something like that.
01:16 Is that how it goes in programming?
01:17 - No, I wasn't thinking about that at all.
01:19 - All right, what were you thinking about?
01:20 Tell us about it.
01:21 - Okay, so I was thinking about actually using different packaging tools because pyproject.toml is supported by tons of stuff now.
01:29 Well, by tons of stuff, I mean like three that I know of.
01:32 So we've got Flit, well Poetry also, but I don't use Poetry.
01:38 Anyway, I've been using Flit and Hatch and Setup tools, which are all really easy to use with pyproject.toml lately.
01:46 And I've been using the Flit method of building wheels and Hatch and Python, the build package also, Python or the, if you just pip install build, you can do Python dash M build to build stuff, which is fun.
02:02 But since I've been building all these, I've been using a lot of tools to try to like check these wheels to make sure that they're the packages and wheels are what I expect is inside.
02:12 So there's this, there's a few tools I'm using.
02:15 One is wheel inspect.
02:17 And this one actually, it's kind of cool.
02:20 You can use it programmatically if you want.
02:23 I'm using, it comes with this thing called wheel to JSON.
02:28 And if you run that on a wheel and you give it a wheel name, it just pops out all like dumps the JSON information about the wheel.
02:38 And I've been using this to just, I'll like use different ways to build things and then dump this into a file and do a diff to just sort of see what's going on to make sure that, like make sure I got like the description correct or everything's right.
02:54 Just because I'm curious if all of these tools are building this same thing, and they are, there's slight differences, but it's neat that there's so many options now.
03:04 Wheel inspect is really cool for wheels.
03:07 I'm also using a thing called check wheel contents, and this is like a linter for wheels.
03:15 If you throw this at, because it's possible to make valid wheels that don't have really anything in them, or they don't have the thing that you thought was in there.
03:24 So this is a linter that goes through and it gives you a whole bunch of warnings and stuff.
03:31 If you can look through, like W001 wheel contains PYC and PYO files.
03:41 Somehow you've configured it wrong to grab that.
03:44 I don't know how you would do that for a lot of stuff, but with FLIT, impossibly, if you accidentally threw those in your Git, because Flit just grabs anything that's checked in, I think, or committed.
03:57 Duplicate files, it checks for that.
03:59 It checks for a whole bunch of stuff.
04:01 This is handy just to check as well.
04:03 But the powerhouse that I'm using, of course, is just Talks.
04:07 I wanted to cover the other ones because they're fun, but I wanted to remind people that one of the great things about Talks is it builds things on its own.
04:16 When you run Talks on a package, it will build the package, then install it into an environment, and then you run your tests.
04:24 We think of it as more of a test runner, but it does that whole packaging loop also.
04:29 Then the fourth way, I don't have a slide for this, but the fourth way that I've been doing is you can just push them into a Git repo, and then you can do the pip install, git plus, and then the repo name thing.
04:43 pip will use your packaging tools to create the wheel before it installs it.
04:49 That's another way to check your packaging.
04:52 >> Yeah, very cool.
04:53 >> You're doing a lot of packaging. Anyway.
04:55 >> I'm always super paranoid whenever I configure something to do with packages.
04:59 My method tends to be just unzip the wheel as a zip file and see what's in there, see what landed.
05:05 >> I didn't try that. What does that do?
05:08 >> Yeah, we have one way number five, Brian.
05:10 >> Yeah. Does it just unpacks it in place then?
05:14 >> Yeah. Wheels are technically zip files, So you can unzip them and just inspect what made it in there.
05:19 Okay.
05:20 Yeah.
05:20 Put a dot zip extension on it and then you can just put zip tools on it.
05:24 And off it goes.
05:25 So it must store the metadata somewhere then also though.
05:28 But yeah, there's a top level like metadata file that says all the things that it's about.
05:33 Ah, I love the pun in the chat.
05:36 we got from piling.
05:38 We'll get stuff, Brian.
05:39 Brian, that was real good stuff.
05:44 thanks.
05:45 Thanks for bringing it.
05:46 yeah.
05:48 So on, onto the next one for mine, huh?
05:50 Yeah.
05:50 Let's go.
05:51 We, before we jump onto it, you see, I have my, my race jersey on because the Portland grand prix IndyCar race was here this weekend.
05:58 So people listening and we're close by, they missed it, but next September go, be sure to go.
06:03 It was really, really fun.
06:03 Three days of racing.
06:05 Very nice.
06:05 Were they, were they fast cars?
06:07 They were very, it was IndyCars.
06:08 They were like, they were very fast, but they, they had no AI.
06:13 Okay.
06:14 no artificial intelligence yet from what I understand.
06:17 But if you look over on fast.ai, there's something that anybody who does proper data science is going to be pretty jazzed about.
06:25 So Jupyter Notebooks are notoriously bad citizens of source control and get and tools like that.
06:34 The reasons are basically whenever you have a notebook file, if you've ever run it, the output and the order in which the cells were run, and the number of times the cells was run is stored in there.
06:47 That's not great if someone gets the file and runs it, someone else gets it and runs it, and then you try to put it into source control.
06:54 That's a problem. I mean, when you and I work on our code, we have Python files, the output goes somewhere, we check it in, the source code goes in.
07:03 But with Jupyter, the outputs go in.
07:06 Not just the outputs, but the memory address of some of the object used in the address.
07:11 So even if it's you running it twice, you get merge conflicts, which is not the coolest thing ever.
07:17 I suspect that this goes by the name the Jupyter Plus Git Problem.
07:22 Really, it should be the Jupyter Plus Version Control System, VCS, because it doesn't matter what you're using.
07:28 Anything that just diffs files is going to hate this, right?
07:31 Anyway, the article and the feature really that I want to talk about is the Jupyter Git Problem is now solved from Jeremy Howard over at fast.ai.
07:40 the solution may surprise you.
07:42 So it talks a little bit about the challenges here, and it says, it's interesting, it speaks in terms that are not really developer-oriented, it speaks more in terms of end-users.
07:55 So the way that maybe a first-year science student might experience what the problem is, not the way a seasoned data scientist would.
08:04 Like for example, here's the problem.
08:07 The problem is when you're collaborating with others over Git, you literally can't load your notebook if you both try to check it in because it's broken.
08:15 Well, what does broken mean?
08:16 Broken means it has merge conflicts written into it.
08:19 That's really the problem is, you can easily solve this problem if you accept their changes or accept your changes, but then you're losing data.
08:27 Anyway, this is okay.
08:29 Let's look inside.
08:30 Well, there's JSON and then there's like the head and then the SHA diff error.
08:36 I already described this, but they do go into examples of like when you're talking about matplotlib or something like that, you'll have things like matplotlib.axis.subplot.axis.subplot at some memory address, right?
08:50 Which is suboptimal, let's say.
08:52 Yeah, there's a lot of axes.
08:55 That's right.
08:56 Then non-determining outputs and so on.
08:58 It says, OK, we identified two categories of problems here.
09:02 And I would like to say this is only accurate if you have zero based index when you start counting.
09:10 So we've identified in Michael's term, three problems here.
09:15 One, Jupyter notebook formats are fundamentally incompatible with version control, problem zero.
09:22 Problem one, get conflicts lead to broken notebooks.
09:25 There we go.
09:26 And many of these, almost all of these conflicts are unnecessary because metadata, like the environment, the machine name and stuff that it was run on, as well as the memory address of the objects is stored inside the file.
09:42 What do you do?
09:42 Well, there was this thing called nbdev that would allow you to clean the file.
09:48 I think it was nbdev that will let you clean it.
09:49 There's other ways to clean it within Jupyter as well.
09:51 You can say, I'm only gonna commit to version control the empty version, right?
09:56 You can say clear all cells and then commit that.
09:58 Then that would be fine 'cause you're wiping all that data out.
10:02 However, sometimes that data is incredibly hard to compute.
10:06 Right, I have a picture.
10:07 The picture comes from an hour of doing, training machine models and then processing a gig of data and then looking at this picture.
10:15 If I don't clear it and I check it in, the picture's right there.
10:19 You know what I mean?
10:20 Or some of the outputs are right there.
10:22 So there's a huge reason to not clear it because it might be incredibly hard to regenerate it.
10:27 Maybe on the system you're on, you can't even run the code necessary, right?
10:30 you don't have access to the database or whatever.
10:32 So here's what they did.
10:33 There's a new NBDev named NBDev2 as part of the name, not a version, but the name.
10:39 And this comes from the folks at Fast.ai.
10:43 And here's how it works.
10:44 It has a new merge driver for Git, okay?
10:47 Instead of like processing the files, it says, what we're gonna do is we're gonna set up hooks in Git so when there is a merge, our special Python code that understands notebooks will present a different view for you.
11:00 >> Wow.
11:01 >> I know. There's a new save hook for Jupyter that automatically removes the unnecessary metadata and non-deterministic cell output.
11:10 What you'll get is when you open up this conflicting notebook in Jupyter, you'll actually have the diff shown instead of having a corrupted notebook.
11:19 Additionally, it drops out the metadata, so you get these unnecessary ones are just gone.
11:25 It talks about some interesting things that you can do there.
11:28 You've got to run nbdev install hooks to get it set up and some other various things.
11:34 There's also a lot of history on what has been done before, what are some of the other alternatives.
11:38 But the big takeaway is the folks over at Fast.AI have been using this internally for several months and they say it has transformed their workflow.
11:47 It's totally solved this problem and the reason they care so much is almost all of their work, their unit tests, their documentation, their actual code, everything is in notebooks.
11:55 They're like all in a notebooks.
11:57 So having Git be a first class citizen is obviously important.
12:01 So I recommend people check this out.
12:02 Postscript side bonus here is there's another thing called review in B.
12:08 Review in B is about like reviewing, say, a GitHub pull request.
12:12 So somebody fixes a bug in a notebook and they do a PR and say, "Oh, you were generating this graph wrong.
12:19 You should have passed this parameter, which means a totally different thing.
12:22 Wouldn't it be nice to have a picture of the before graph and the after graph With this review in B, that's exactly what you get.
12:28 So you get your code diff, but then you also get the output diff, which might be a Matplotlib picture. Isn't that cool?
12:35 >> That's really cool. I'd be surprised if GitHub doesn't have this eventually.
12:39 >> Yeah. Well.
12:40 >> This seems like a logical next step.
12:42 >> Yeah, it sure does. Notebooks are so important.
12:45 >> But it's not just GitHub though.
12:47 So some people are using Git just straight.
12:49 >> Exactly.
12:50 >> Right. Or GitLab or whatever.
12:53 >> Yeah. This is pretty neat.
12:55 And this, I'm, yeah, I'm, one of the things I really like about this is the, all the part, like the, all the other solutions that we've tried and everything. I mean, data science people are really good about like covering that sort of stuff where a lot of other people are like, hey, I came up with a problem, I solved it. Maybe some other people have solved it also, but yeah, whatever.
13:14 >>Exactly.
13:17 >>I will say this, this set of tools like exactly solves a problem I had not that long ago. So.
13:23 - Okay, so this really resonates with you, huh?
13:26 - This resonates with me, yeah.
13:27 Using notebooks for documentation and as part of like an integration test suite, like this is great.
13:33 - Yeah, very cool.
13:34 Piling on the audience says, ah, so it looks like you can actually resolve merge conflicts inside the notebooks rather than traditionally ignore conflicts.
13:41 I believe so as well.
13:42 I think there's like a merge inside a Jupyter type of thing you can do.
13:47 - Mm, neat.
13:48 - Yeah, that's it, I haven't totally used it.
13:50 Anyway, if you're into data science That aside, if you do Jupyter and you care about source control, this looks really helpful.
13:57 >> Which you should care about source control.
14:00 >> Yes, exactly.
14:01 >> Yeah.
14:02 >> So if you use Jupyter, full stop.
14:04 >> Cool.
14:04 >> There you go. Awesome. All right.
14:06 Seth, over to you. Before we jump into the first topic you want to talk about though, just real quick.
14:12 We were so excited about Episode 300.
14:14 I didn't give you a chance to introduce yourself properly.
14:17 So give us a quick background on you and then tell us about your item.
14:20 Yeah, so I'm currently an engineer at Elastic, working on the language clients team.
14:26 Previously, I was the maintainer of the well-known within the Python community, the Elasticsearch client. Now I'm doing tech leadership for that same team.
14:36 And then in terms of open source work, I am a maintainer of many different Python packages, most notably urllib3, which is the most downloaded Python package. And it's one of the dependencies of requests and Bodo and a whole bunch of other really foundational packages.
14:53 That's incredible.
14:54 Does it make you nervous to make changes to it?
14:56 Oh yeah.
14:57 I, so the very first time that I became lead maintainer and had to make a release, it was, I actually spent multiple hours just kind of looking through the wheels and the source distributions and making sure that everything was right.
15:09 It was, it was a tough day, honestly.
15:11 Yeah.
15:12 So that chat with that, that Brian opened with you, you've been there as well, huh?
15:15 All right.
15:16 All right.
15:17 So my first item is about trust stores.
15:21 So this is about like certificates that you use to verify HTTPS connections.
15:26 And so this is a library that me and David Glick have worked together to, to implement, and it's essentially trying to solve the problem of certify with Python and how it kind of interacts with certificates that aren't necessarily trusted by the greater world.
15:44 the greater world.
15:46 So if, for example, if you have like a corporate proxy, if your company is installing a certificate on your behalf, enable it to do proxying of some sort, Certify just doesn't work with that.
15:58 And you get these errors that are kind of insurmountable.
16:00 You get errors that require really low level debugging knowledge to figure out.
16:04 And so we went and implemented this.
16:05 >> Anything that has to do with certificates.
16:08 If it goes wrong, it's just like, well, that's never going to work.
16:10 I guess we're done here.
16:11 You know, it's just so hard to understand, right?
16:12 So I'm on a campaign to make it.
16:16 So no one on the world needs to type verify equals false ever again.
16:20 That's my mission.
16:21 So also you spoke about certify, like tell us what, give us the background.
16:26 I'm not sure we all know what certified.
16:27 Sure.
16:28 Yeah.
16:28 Certify is essentially, every web browser like Chrome and Firefox and all that, they have a bundle, a group of certificates that they are marking as These are trusted and they kind of bundle those along with every single web browser.
16:45 Right.
16:45 And so Mozilla, because it's open source, it open sources, it's trust store.
16:49 And so what certify is, is it's a small, really thin wrapper, Python package around that bundle.
16:56 And it allows Python to make HTTPS connections to websites essentially without having to like rely on a certificate trust are being configured manually by the user.
17:09 And so a lot of times, because Python is installed on windows or macOS, but is relying on open SSL for a lot of its TLS, it really requires a file to be there, like open SSL doesn't know anything about the system certificate trust, or any of that.
17:27 It's very, it requires a file to be there.
17:29 And so certify is solving that problem.
17:31 I see.
17:32 So if I went and installed it, if I was on like windows and installed it into the trusted root store or something like that, it wouldn't, that wouldn't count.
17:39 It wouldn't be enough.
17:40 It wouldn't be enough.
17:41 Yeah.
17:41 Oh, you would.
17:42 There is a whole bunch of other things that you get also by using these native operating system APIs for certificates like auto updates.
17:50 it can be centrally managed.
17:52 So, you know, your it department can click a button and update everyone's system trust story.
17:58 So yeah, there's a lot of really good benefits to using the system trust store instead of this Python managed file.
18:04 And this, this article kind of goes into the nitty gritty of that, but the big announcement for this project was that pip actually, with the version 22.2 release, added support, experimental support, for using this library instead of Certify to verify HTTPS.
18:23 And so what this will allow people to do is try out TrustStore optionally, right, instead of switching it to a default. And if they're experiencing this class of errors with, you installing Python packages or upgrading Python packages, they can use one flag. I believe it's listed... either way it would be listed here. So you do --use-feature=truststore.
18:47 And you'll recognize that use feature flag for the 2020 resolver. That's another feature flag that they use. So this truststore feature flag is the same thing. If truststore is installed on on your system, it will use that instead of certify.
19:03 And it allows you to get around the errors that you can see when you have a corporate network involved.
19:08 So yeah, this is kind of the big thing that I'm really excited about.
19:13 And we're really hoping that in the future we can add this to Python, maybe make this a default for requests.
19:19 Like there's a whole bunch of different really interesting things that we can go forward with if we can prove that, hey, this is useful to these users.
19:28 - Yeah, yeah, fantastic.
19:31 So if I say --use feature=trustor, do I have to previously have pip installed trustor or something like that?
19:38 - You do have to have previously installed trustor.
19:40 So the package is relatively new, it's less than a year old.
19:44 And so to ensure that we're able to keep things moving, 'cause it's experimental, we didn't want to bundle with pip, their release cycle is a lot longer.
19:55 I collaborated with Sue Ping for a good long while on this and making sure that everything was all good to go for pip since shipping with pip is a big deal.
20:05 So yeah, it's been a long road.
20:09 - Yeah, this looks super useful.
20:11 Kim out in the audience says, I'd love to never need Verify False again on my internal network.
20:16 Seth's mission is fantastic.
20:18 - Yeah, yeah, I'm very grateful that this work is going on and I hope that that's true 'cause it drives me nuts.
20:24 Is this something you have to deal with internally as well, Brian?
20:26 Yeah, because we've got, you know, internal network, corporate firewall, we've got the trust stores on Windows systems, and it is an issue.
20:39 And we don't, so a lot of, I mean, one of the ways we get around it is to have an internal PyPI.
20:45 We'll get a mirror inside.
20:49 But sometimes I want to try out stuff that's not there.
20:51 So having something like this work would be good.
20:55 But it's not just PyPI, it's other places too.
20:58 - Yeah, the entire outside internet is usually impacted when you have that sort of situation of a corporate proxy.
21:06 - Yeah, and I'd like to be able to, so I'm guessing that this Trust Store, I mean, using it within pip would be great for a lot of people to try it, but trying out this Trust Store for applications that depend on trusted sites, that would be helpful as well, right?
21:21 - Yeah, so actually the documentation, if you're trying to use it manually with other things, we support your lib three AIO HTTP requests, and I'm sure it'll work with other libraries as well.
21:34 - Nice, like HTTPX.
21:36 - Yeah, it should work with anything that uses the standard SSL context, like API.
21:43 As long as it can use that API, it should work with it.
21:46 - This is great, awesome.
21:47 - Very cool.
21:48 - Nice work, thanks for coming on and sharing it.
21:51 Really it makes corporate Python a little better.
21:53 You know, there's, this was long ago when I first started the podcast, this one and Talk Python, there was a lot of debate or discussion, I guess, whether Python was an appropriate enterprise software type of language.
22:08 You know, I think that debate is largely over and I think the reason it's over is because the data scientist said, this is not a debate.
22:17 Do you want us to do the job or not do the job?
22:18 do the, that's right.
22:19 Okay.
22:19 Well, so let's use Python.
22:20 And then it kind of spread from there internally as through acceptance.
22:24 That said, like, now that it does live in these environments that Brian described much more frequently, it's really important to have this support.
22:32 Yeah.
22:32 It's actually really funny because so to put this in perspective for Java folks, this is like Java trust stores, is like certify where you have this manual thing that's shipped with Java as opposed to just using the system.
22:46 And I got that comment on a lobsters or something that I was talking about this article and they were just like, wow, this is like getting rid of Java trust stores.
22:54 This is great.
22:54 I'm like, okay.
22:55 I didn't even know that existed.
22:56 That's right.
22:57 We really hate it over there.
22:58 And we hate this.
22:59 So this is great.
23:00 I was like, okay, cool.
23:04 All right.
23:04 Well, before we get to the next topic, Brian, let's talk about our sponsor for this week in many weeks, this year, Microsoft for startups founders hub.
23:16 If you are starting a business, doing a startup, you are a little ways going or you're just thinking about it, you should really check this out because Microsoft for startups set out to understand the challenges that we all have creating startups in this digital cloud age.
23:31 And they created Microsoft for startups founders hub, help solve many of them.
23:35 So that includes getting cloud resources, GitHub credits, other credits like AI credits for example, from open AI that you can run your code on.
23:49 But maybe even more important than that, it has support for connecting you with mentors and experts to make sure that you go in the right direction when you're young and getting started.
24:00 So, so often you see the successful startups being in places where there are a lot of mentors, where there's these networks and people have connections to get funding, the marketing side of things, the product market fit, all of those things are super hard.
24:17 So if you are part of Microsoft for Startups Founders Hub, you'll have access to their mentorship network, which gives you access to hundreds of mentors across a range of disciplines, like the ones I just named and more, as well as up to a little bit over $100,000 worth of credits in Azure and GitHub and OpenAI and other places as you go through certain checkpoints as you sort of grow with this program.
24:41 So really tons of super support that you can get for your startup.
24:45 It doesn't have to be investor backed.
24:47 It doesn't have to be third party verified to participate.
24:50 All you have to do is go to Python by set of M slash founders hub 2022.
24:55 Apply.
24:56 And if you accept it, you'll get all of this support from them.
24:58 So make your idea a reality with Microsoft for startups founders hub.
25:02 Fly today for free.
25:03 Get in, you'll get tons of support.
25:05 So very nice.
25:06 Also nice Brian.
25:08 Lots.
25:08 Tell us about the spots.
25:10 Plots and command lines.
25:12 So I like command line stuff.
25:15 And actually with the thanks of Will McGugan, we've got a lot of people excited about CLIs.
25:21 But apparently Bob is also, Bob Bilderbos from the PyBytes duo.
25:28 So I like this article.
25:30 So actually I kind of skimmed the article, sorry, Bob.
25:34 But making plots with your terminal with plot, - Plot text, it's if you install it.
25:40 - Plot text.
25:41 - I think it's plot text.
25:43 - I can see the typo squatting happening right now.
25:46 - Yeah, so if you pip install it, there's one T in the middle, so it's P-L-O-T-E-X-T.
25:52 So he was doing, so he had some code where he was looking at plotting the frequency of their blog articles on the terminal, just so he was using some of their own data to plot stuff.
26:06 And he came up with like, it's kind of cool walking through how he grabbed the data and everything.
26:11 But I was looking at this plot going, oh, this is a pretty nice looking plot.
26:16 I mean, it's totally blocky, of course, but it's a bar chart, so it's supposed to be blocky.
26:21 So that's okay.
26:23 And so then I went over and looked at this package, this plotext, and it's cool.
26:30 Look at all these awesome plots.
26:33 I was looking at some of the various things you can do.
26:36 It's got basic plots for just like sine waves and things like that.
26:41 But you can also do fill-in plots and then multicolor.
26:46 This is a lot. You can cool stuff you can do on the command line.
26:50 Then even data streams, which I was, look at that.
26:54 It's a data stream going on in a plot in your terminal.
26:58 It's pretty great. Images even.
27:00 There's a cat image.
27:02 >> You can do low cats all day long.
27:04 >> Yeah.
27:05 >> People that put together those examples knew what the Internet wants.
27:09 Can it do cat pictures?
27:10 >> Yeah. Then even subplots.
27:14 The first example we saw, it's not actually that bad of the interface.
27:22 It's tedious to put together plots anyway, but this isn't too bad.
27:27 But that cover image that we saw is a is not a combination of images.
27:32 That's one plot that with subplots in it.
27:35 >> I see. That's cool. Within one terminal window, you can do almost like a dashboard view with different plots and they probably can be updating live.
27:44 >> Yeah. This is pretty exciting.
27:46 >> That is pretty exciting.
27:48 >> I like it. Anyway, I just wanted to say, hey, if you want to plot on the command line, you can use this.
27:54 >> I'm loving this terminal.
27:56 Renaissance is so fun.
27:59 >> Yeah. Make us feel like hackers again.
28:03 >> It does absolutely make you feel like a hacker.
28:05 I love it. It's so good.
28:08 On the next item?
28:11 >> Yeah.
28:12 >> Just hadn't really planned to talk about this, but I just yesterday did an episode with Will McGugan, seven lessons from building a modern TUI framework.
28:21 Brian, you covered that article last week on this show.
28:23 I reached out to Will and said, hey, we should absolutely cover this stuff in like a deep dive, so.
28:29 - Oh, I can't wait to listen, this is great.
28:31 - People can go check that out as well.
28:33 All right, but let's talk about one of my very favorite things, HTMX.
28:38 If people are not familiar with HTMX, you really owe it to yourself to check this out.
28:43 It's what the web should have been forever, but it wasn't for some reason.
28:47 It's like it stalled in the late, mid 90s, I don't know.
28:50 And you know, hyperlinks and forums are the only things that can make requests.
28:54 You can only click on them to make it happen and so on.
28:58 Why should the entire screen have to be replaced every interaction and all those things?
29:02 So HTMX is awesome.
29:05 You can just put in little fragments of declarative code and it does all the cool work.
29:10 Even have a class on it if people wanna check that out, but that's not the topic of today.
29:13 The topic is template fragments.
29:16 So Carson Gross over there wrote this article, this essay called "Template Fragments." It said one way you might consider doing this is In HTMX you very frequently have to first show the page and then as little sections of an update, he goes back to the server and says, "I just need to code the HTML block "that goes into this fragment here." 'Cause somebody moused over something else, so refresh it's related item or whatever.
29:38 He's a big fan of this thing called the locality of behavior design principle, where instead of having a bunch of pieces that cling together and reassemble themselves, like if it could just all be right there, wouldn't that be great?
29:50 So he says, normally the way that you would have to do this is you would have to have your full HTML and then a little subsection.
29:59 And then that subsection has the optional element.
30:02 But some frameworks, some template libraries allow you to define a fragment.
30:07 And then when the code is requested on the server, it can either show the whole thing or just peel that fragment out of the HTML, but you don't have to parse it into a bunch of small files.
30:18 Cool, huh?
30:18 It's really useful if there's no reuse.
30:21 Like if the only reason you would make that little fragment is so that you could return it separately, this is great because basically it means you can just write the page once and it can interact with different data, different elements.
30:32 If for some reason that fragment was being used in multiple places, all of a sudden it's like code duplication and that's not ideal.
30:39 But so we talked about this and hey, there's some known implementations of this.
30:45 Apparently Django has the render block extension.
30:48 I created the ginger partials and chameleon partials, which I'm not really sure.
30:51 I'm thinking I might actually take them out now that there's something for ginger better, which I'm about to talk about.
30:57 But nonetheless, those are kind of sort of allow this, but more in the second descriptive way where you have like a fragment that's separate but included.
31:05 But I was talking with Sergei Frixes, it says between, he said, "Between Ginger 2 Fragments and Michael's, my ginger partials, htmx plus flask is so awesome." So he created this library called Jinja2Fragments, which does exactly what I described.
31:23 So in Jinja, you have blocks, like you might have your main HTML, and you say, here's a block of main content.
31:28 With his library, what you can do is you can say, either just render the template, or you can now render block and name just part of your Jinja template, and that part comes back with the data you supply to it.
31:40 That's pretty awesome, right?
31:41 Like this one paragraph is the whole response from the server.
31:45 if you call render block instead of render template.
31:48 >> This is super great.
31:50 Honestly, on Twitter, every time I see HTMX, I'm just like I am so prepared to write a website.
31:57 Because I have not had the use case for a while, but I'm very excited for the next time I will have.
32:02 >> I exactly the same.
32:03 I'm working on projects that have been around for six or seven years.
32:06 I'm like, if I rewrite this thing, it's getting HTMX all over it.
32:09 But I just can't bring myself quite to do it.
32:12 But yeah, it's so good.
32:14 >> One day.
32:15 >> A couple of comments from the chat, Vincent from CompCode says, "HTML is the bee's knees and that CompCode uses it a whole bunch." I am not surprised, Vince.
32:26 >> Fantastic.
32:27 >> That's awesome.
32:27 >> Yeah. Any website I create after knowing about HTML is likely going to be using HTML.
32:34 If you thought the answer was Vue.js or React or something like that, you may really want to check this out first.
32:41 >> Well, especially if you're somebody like me that I'm like, >> Yeah, I want to put this interactive stuff in here.
32:47 I'm not an expert in JavaScript though, so I'm not sure.
32:54 But I do know somebody that knows a lot about HTMX.
32:58 >> You might know someone. You're venturing very close to getting me off onto a very long rant about HTMX.
33:04 But it's so good because even if you know JavaScript, it wouldn't it be better to not have to think about, now I'm running client code, now I'm running server code, now I'm running the APIs to connect the client code to the server code.
33:14 This one's in this language, it knows this.
33:16 That one's in that language in this location, it knows that.
33:19 Like in HTMX, you just write it all in one place in one language with the same context and a security model and everything, access to the database, for example, and then you just do what you need to do.
33:29 It's perfect.
33:30 - Well, and it's not really just about thinking about two languages either.
33:34 It's somebody, there's a lot of people like me that already have to think in two languages.
33:39 I'm thinking in C++ and Python.
33:42 So thinking about it in a third language or a fourth language, that's-- it's like, you know, come on.
33:48 Having a place to stop.
33:49 Plus, yeah.
33:50 >>Yeah, yeah.
33:51 A final comment I'll make on this is even people who are using Node.js like HTMX, where it's the same language.
33:57 It's like it's also just about the context and location switch.
34:01 >>Oh, yeah.
34:01 That's-- I hadn't heard that.
34:03 That's pretty cool.
34:04 >>Yeah.
34:04 Seth, it sounds like you were going to say something.
34:06 Maybe I'll let you have the last word here.
34:08 >>Oh, no.
34:08 I was obviously just going to say that the more we can stay HTML the better because you have to know HTML so you might as well stay in it right?
34:16 Yeah absolutely absolutely so well done Sergei check out his Jinja2 fragments framework it's it is super new like I don't know when it got released but a couple days these are like two and three days on all the commits here it is a very very new.
34:33 Two to three days.
34:34 Yeah well done well done all right Seth over to you for the final one.
34:39 thing.
34:40 Yeah.
34:41 This, this article was announcing something that's been getting worked on for a while, which is a generic generators for Salsa 3.
34:50 So what you're seeing there, SL, SLSA that stands for, if I can remember, it is supply chain levels for artifacts, levels for software artifacts.
35:02 So SLSA and you pronounce it Salsa.
35:06 And it's essentially a great, great way to say that acronym.
35:09 Yeah.
35:09 Right.
35:10 Makes you hungry every time, which is the best part.
35:12 but yeah, it's, it's basically a set of tools, and standards to a test and verified the provenance of artifacts.
35:21 So essentially where did this thing come from this file, this wheel, this jar, depending on what like ecosystem independent, whatever thing, whatever artifact you're building, where did it come from, how was it built?
35:33 and it, so it uses a whole bunch of different like cryptographical primitives and open IDC, which is basically magic, but it basically allows you to prove in effect, okay, this was built from this specific GitHub repository, this commit, this tag, and someone can then later take this file, this artifact that got built and then verify that that was the case.
36:00 And so this is kind of like in the future, hopefully be used as like a defense against Maybe like stolen credentials on the Python package index or accounts.
36:09 That, that would, that would never happen.
36:11 Right.
36:11 Like that's never happened.
36:12 And that would, that has never happened other than at the time of the recording never has happened, I would say.
36:17 so yeah, it, it gives a good defense against this.
36:21 Right.
36:21 Cause if you, let's say you have a package and the Python package index knows that this package came from, you know, github.com/sethmlarsen/whatever.
36:31 Right.
36:31 And then in the future, it received something that doesn't come from that GitHub repository.
36:37 It can flag that and say, "Hey, this isn't right.
36:40 Like, this didn't come from the place that it came from before or wherever it's, you know, supposed to come from." And the fact that this is generic is the big deal.
36:48 The part that ties us back to Python is that you can use it for wheel files and source distributions.
36:54 You can sign, like, anything.
36:56 And so, for example, one of the Python projects that is featured in here is Yerlibs3.
37:01 I've been trying to get into this and it's been really successful.
37:05 And so your lib three now does this, and you can actually verify that it came from a specific repo and that the wheel was came from a specific tag and yeah, it's, it's really interesting.
37:14 And this ecosystem is like just getting started.
37:17 and so if you're like interested in anything about like supply chain security and all of that, this is like a great place to start doing some learning about what the future might look like.
37:26 Yeah.
37:26 This is great.
37:27 I, when I first saw this, I thought, okay, this is cool, but how does that really help act against somebody sabotaging a package.
37:35 But then again, if you think, and I realize if you think back to what happened with some of those other packages, somebody got a hold of the IPI account, not the GitHub account.
37:44 >> Yes.
37:44 >> They just published a new version directly not through the CI, right?
37:49 >> Right. Yeah. So this is making, it just makes the amount of things that need to get compromised even larger.
37:55 >> Right.
37:56 >> No longer do you need to only compromise the email account on PyPI. You have to also compromise GitHub. And then if you have, you know, GitHub environments configured, you need to compromise a second account to like review the deployment. And so it just makes it even harder to actually get that attack off, essentially.
38:16 >> Yeah. And if you had to publish the actual vulnerability to a popular GitHub repository to trigger it, it would be discovered sooner, right? Because people are like, Oh, what's J, oh, that's it.
38:29 That's unusual.
38:30 Who has made this, that they've made this commit.
38:32 And now it's doing this URL thing over to hacksore.com.
38:36 And right.
38:37 Like that's, that's just another out in public thing.
38:41 Whereas if the direct account gets attacked, somebody can just use twine or something directly to push it a bad wheel up.
38:47 Yeah, exactly.
38:48 Yeah.
38:48 No more pushing bad wheels.
38:50 You have to go through so many different hoops just to do something.
38:52 You need to flatten those bad wheels.
38:54 Got to inspect them too.
38:57 >> Exactly. All right. Awesome.
39:00 This is good stuff. Well, Brian, that's no.
39:04 Do you have any more? No, that's all of them.
39:05 Do you have any extras for us?
39:07 >> I do, although I'm going to try to make it quick because now I'm hungry for some salsa.
39:12 I'm super excited for this upcoming weekend.
39:17 I can't believe it. On Saturday, September 10th, I will be in San Francisco.
39:26 and I've got two events going on at PyBay.
39:30 So PyBay, awesome conference.
39:32 I haven't been there before, but you've been there last year or something like that?
39:35 - Yeah, last year and I absolutely loved it.
39:37 I would go this year if I wasn't on single parent duty and had kids that had to go to school.
39:42 - So I'm giving two events.
39:45 So one of them is sharing is caring, pytest fixture edition.
39:48 I'm gonna talk about building, actually I'm just gonna talk about packaging, but it's not really about packaging.
39:55 It's about sharing fixtures with other people.
39:57 And because I think that that's a bigger need than people realize.
40:03 So anyway, love fixtures, we're gonna talk about that.
40:06 And then I got asked to be on this experts panel.
40:09 We got Zach Hatfield Dodds, me, Andy Knight, which is, he's got a--
40:18 - Automation Panda.
40:19 - Automation Panda, that's right.
40:21 Joshua Grant and Nishat Khan.
40:24 So it should be a fun panel.
40:26 And it's at seven o'clock at night.
40:28 I'm like, wow, I think I really need to change my flight because I was planning on flying out at 8 a.m. the next day and it's gonna be tough.
40:37 So that's going on next weekend.
40:39 I'm pretty excited.
40:40 - Yeah, Bai Leng says good luck on the talk, Brian.
40:43 - Thanks.
40:45 So how about you?
40:46 Do you have any extras?
40:47 - I do, I do.
40:48 A bunch, I'll make them pretty quick.
40:51 So Heroku, the platform is a service place.
40:54 They for 13 years or something have had a free plan where people can go and create, what are they called, dinos or something?
41:01 I don't use, yeah, dinos.
41:03 I don't use Heroku, so I don't know all the terminology and how all the plans break down, but for a long time they've had free plans, but now they are canceling them, and you will either have to pay or delete your projects.
41:19 So that's gonna affect a lot of people.
41:22 of something like 13 million.
41:25 What's the right number here?
41:26 Claims.
41:27 Yeah.
41:27 That it's been used by 13 to develop 13 million apps.
41:31 So I bet many of those are free and are going to be suffering this.
41:35 There's a interesting discussion on Y Combinator.
41:38 So you can check that out.
41:39 I'm sure it's very civil over there in the comments as it always would be.
41:44 Yes.
41:44 Yeah.
41:45 But basically, you know, Heroku was purchased by Salesforce for they claim.
41:50 And it may be true.
41:52 I'm sure that it is somewhat true.
41:53 They want to cancel this because of fraud and abuse.
41:56 It may be more that they have to spend so much money to fight the fraud and abuse that it's just not worth it to them.
42:01 I didn't know what it is, but for however you land on the, it's a good idea, a bad idea, it's going to cost money if you want to use this and it's, it's pretty pricey by the way, like, this change will roughly double the cost of a basic plan that uses Redis and, from like up to $50 a month, if you start bringing and your Redis cache and your Postgres hosting and your dynos and they all add up and then you got to scale this one or that one, right?
42:26 One of the reasons I'm not using it, but not the only reason, I just want a little more control as well.
42:30 But anyway, so if you have a free thing running on Heroku or you were thinking about it, you're gonna have to think again, find something else.
42:36 There's actually at the bottom, there's a bunch of platforms of service things that I've never heard of.
42:41 There's Porter, Railway, Render, Fly.io and Clever Cloud, all of these things vying for this business.
42:47 They all look kind of interesting.
42:48 I know nothing about them.
42:50 You can check it out.
42:50 Seen fly IO all over the place and Python Twitter at least.
42:54 Yeah, OK, so that's if I were personally picking one, I would check that one out first, but I don't know anything about any of them to be honest with you.
43:02 I last time I used Heroku was a long time ago, so I'd like to see some some some real comparisons among some of these.
43:11 If somebody just saying like there is, there's still a place for hobby projects.
43:16 I want to try something out or you do something live, even as a high school app or something like that.
43:26 I know, oh good, you're going to show Python anyway.
43:29 >> I was going to, I got to find the right link. Here we go.
43:31 >> I think they still have a free tier.
43:35 >> I think so.
43:35 >> I don't know if they advertise it much.
43:36 >> I think it's free, yeah.
43:38 >> The part that bothers me really isn't that it's, There's a comment about, a comment in the chat about, it's hard to complain about people, it's a free service, so they can do whatever they want, right, essentially.
43:55 Yeah, oh, there's that, that's the right one, yeah.
43:59 However, the jump between free and $50 a month is a big jump, and that's my gripe about it, so.
44:08 - Yep, and not to-- - I agree.
44:10 bring this into a recommendation, but yeah, that I feel like a lot of the cloud services have really pushed how easy it is to deploy.
44:18 Cause I remember what initially starting with Heroku, the ease of deployment was the big win for a lot of people.
44:24 And so, yeah, a lot of cloud services where, you know, you're you pay for everything you use, but what you use ends up being a few cents a month.
44:31 which is a lot more surmountable than $50 a month.
44:34 So yeah, there's definitely a gap there, but there's not as much of a gap there as there was before.
44:40 - Oh yeah, for sure.
44:41 Brian out in the audience says, at my last company we had to disable our free tier due to crypto miners.
44:46 Yeah, of course, I'm sure.
44:48 And Kim also has something, yeah, stealing the computation there.
44:53 But all right, anyway, again, I didn't wanna go too far down that one, but for sure, check out some of the options below.
45:00 DigitalOcean and Linode are also really, really good options.
45:03 This one, I'm full of rants today, potential rants.
45:08 This one comes to us from Extreme Tech.
45:09 White House, as in the US, bans paywalls on taxpayer funded research.
45:15 It is always felt super creepy and wrong that we have the NSF, which pays billions of dollars a year, millions for individual research projects to come up with scientific research that all three of us and many people listening actually pay for.
45:32 I'm glad to pay it.
45:34 I think this is really important.
45:36 It's important for the country.
45:37 It's important for the world.
45:38 And yet those results get locked up behind really expensive for pay scientific journals, right?
45:46 Like you've got to pay $5,000 a year to subscribe to this journal so that you can read the article that, wait, we paid to create that and we can't even get access to it?
45:54 So this article here is the White House has updated federal rules to close a loophole that enabled journals to keep taxpayer funded research behind a paywall, which I think is great.
46:05 So if you're so interested in the data science side, I think this might be relevant to you.
46:10 - Yeah, I'm curious how that's gonna get implemented.
46:13 - Yeah.
46:14 Me too.
46:15 All right, anyway, there's that.
46:16 And then, Seth, back to some of the stuff you were talking about.
46:20 I mean, it would never happen that someone would try to phish.
46:23 Wait, last week somebody tried to phish PyPI.
46:26 Maybe it was the week before when it started, but not too long ago.
46:29 So over on darkreading.com, there's an article that says, "Threat actor phishing PyPI users has been identified.
46:36 Juice Ledger has escalated a campaign to distribute its information stealer by now going after developers who publish code widely used on the Python code repository.
46:45 Don't want to go too much into it, but there's this group who had originally tried to do typo squatting, if I'm correct.
46:52 They wrote some thing to steal some malware written in .NET, by the way, which Will was joking about it only running on Windows.
47:02 Hey, if they use .NET Core, they could expand out the open source version. Anyway, I don't want to give them ideas, but they were distributing this malware through these malicious packages.
47:12 And then they said, well, what if we could get really popular ones, hack their accounts and then upload bad wheels.
47:17 So anyway, there's a bunch of background on the actual people behind this.
47:21 So it's pretty interesting.
47:23 You can check out that article if you want.
47:24 There's also an R technical article, but it doesn't have as much depth as the dark reading one.
47:30 Nice.
47:31 All right.
47:32 Last one.
47:33 I think this is the last one.
47:34 Former co-host on the show, who always contributes many interesting things, says PythonBytes will definitely want to check this out.
47:41 This is a tweet by Steve Dower that says, "We have published the details "of a critical security problem for Python.
47:50 "It is very rare that we have "direct vulnerabilities in Python." Like, it was all fun to have the lulls about Jindy and Log4j, but this is not exactly that, but it's a denial of service at that kind of scale.
48:07 So if you've ever thought, I have a string and it needs to be an integer, and that string came from user input, that's really bad it turns out, because there's a denial of service thing that you can do by passing very, very long strings to that integer parsing.
48:23 Seth, you're shaking your head like, oh boy.
48:25 Yes.
48:26 - Yeah, if you've been waiting to upgrade to Python 2, now's the time to upgrade Python 3, I would say.
48:32 - Exactly.
48:33 And you shouldn't say, I'll just go to one of the older ones.
48:37 Like you need to get the three 10, seven ASP.
48:41 I suspect they'll roll this back to some of the supported ones as well.
48:44 So they'll probably back port it to three nine and three eight.
48:47 But if you're on say three, six, that's a problem.
48:50 That's a big, big problem.
48:52 Yeah.
48:52 So expect releases for 3.7 plus in the next week.
48:56 This came out a few days ago.
48:57 This has now been done, but this Twitter thread is super interesting.
49:02 And that's what I'm linking to.
49:03 So you all can check that out.
49:04 There was also some feedback, like, what are you doing?
49:08 What, how dare you fix this?
49:10 The way they fixed this is they said, if you're doing base 10 parsing, you can only use 4,300 digits, not the number to 4,000, but places in the number.
49:20 4,000 places.
49:21 That's a really large number.
49:23 If it's bigger than that, basically Python won't be able to parse it before.
49:26 Brian, you, you do C++ all the time.
49:28 You have to think about, is this over 32,000?
49:31 Is it signed or unsigned?
49:33 Okay.
49:33 It's unsigned.
49:34 All right.
49:34 We can get to 64,000.
49:35 This is a, not that level of thinking, but you kind of do have to think about what the heck's going on here.
49:41 I think it's a fair fix.
49:44 I do too.
49:45 People freaking out for no reason.
49:46 Yeah.
49:47 This one was really, this one's wild too, because it, you just pass a long number.
49:51 Like it's not something sophisticated or anything.
49:53 This is it also, it feels almost not log for J, but kind of log for J a little where you can just do denial of service by doing something very trivial.
50:02 Exactly. Yeah, you just try to set your username to jndi://haxor.com.
50:10 This is like, well, the number is a1722117, and then boom, down goes the website.
50:15 This is just denial of service versus remote code execution, which is clearly better, but it's not great.
50:21 Just hold down the zero key for a little longer.
50:23 Exactly.
50:25 Or if you're writing Python code, but you can just do times 10,000, caret 10,000, you know, power to 10,000 or something and send that.
50:32 - Yeah, string extension really coming in handy here.
50:34 - R pad, exactly.
50:37 Or Z fill on the right.
50:38 - Z pad, Z fill.
50:40 - Exactly.
50:41 Yeah, piling wants to send pi across, you know, that's gonna upset it.
50:44 Anyway, I upgraded my servers to 310.7.
50:48 They were not available from Ubuntu directly.
50:50 It was still the old 310.6, which is unnerving.
50:54 But because I build mine from source, just change the number 3, 10, 7, rebuild and redeploy Python.
50:59 I'm good to go.
51:00 I imagine everybody listening to this podcast is on 3, 7 or above.
51:05 If they at any chance can be, I mean that if they're, if they're below, it's not because they haven't tried.
51:13 Yeah.
51:14 Well, let me point this out.
51:15 I would say, actually, I want to follow up with a couple of things.
51:17 Cause this is, maybe this should have been the main, a main item, but whatever.
51:20 one we've talked about the reason you should upgrade to Python three.
51:25 for a long time and Brian, you and I had lots of fun calling it Legacy Python.
51:29 Although we've had people go into iTunes and like post negative reviews of the podcast because I had said disparaging things of Python too, but it's okay.
51:38 I'm willing to stick by them.
51:41 Oh my goodness.
51:42 That is, that's wild.
51:43 More reviews.
51:45 Awesome.
51:46 If you have good things to say, also consider posting a review.
51:49 Not just if you're angry that I called it Legacy Python, but if you're on old legacy code, which is even 3.5, but is very seriously Python 2, because the gap to upgrade is really hard.
52:00 These are the types of things that we warned about that could be a problem.
52:04 >> Yeah. >> And there will be no fix, right?
52:07 You better just say, well, we're going to make sure the strings that are really destined to be integers are really, really checked.
52:13 And I mean, it's not good, it's not good.
52:16 So just one more reason to be on a shipping version of Python, even if it's just 3.7.
52:22 - Yeah. - All right.
52:23 Yeah, that's it.
52:26 Let's see.
52:27 Yeah, the change log.
52:28 One other really quick, yeah, so you can see it's like actually described quite well here.
52:33 Hatched by Gregory P. Smith and Christian Himes, feedback by a bunch of great folks.
52:38 Sebastian Ramirez sent a tweet out when this got fixed saying, "Please be kind to your open source contributors.
52:46 "They just wrote 800 lines of code in a PR "so that you can parse strings to integers." So apparently it wasn't easy to fix, but yeah, I agree.
52:54 Cool.
52:55 Ready for a joke or actually Seth, you got anything extra you want to throw out first?
52:59 Yeah, I had a real hopefully quick one.
53:02 So I follow a whole bunch of game art accounts on Twitter because I just love it.
53:08 Seeing what people create and one came by it was using #pixel, P-Y-X-L.
53:15 Did a little ding.
53:16 I'm like, wait a second, that's Python.
53:17 And then I just went back in this developers Twitter, a few, a few tweets back and they just released wasm support for this Python like game framework.
53:27 I'm like, this is incredible.
53:29 So yeah, it was quite the, it was a very fast journey of wow.
53:34 Wasm is everywhere at this point.
53:35 That's kind of, kind of wild that it's popping up so fast.
53:38 So yeah, version 1 8 0 of this.
53:41 Retro game engine for Python, which they had a whole bunch of really beautiful like examples.
53:47 I think y'all have covered this framework before, but I'm not sure we have.
53:50 Yeah, this is really cool.
53:52 Yeah.
53:53 So apparently they have a whole bunch of demos that you can just play in the browser.
53:56 And I was really blown away that I didn't even know this existed.
53:59 And suddenly there's wasm support for it.
54:02 So awesome.
54:03 I love it.
54:04 Okay.
54:05 That's a great one.
54:06 Yeah.
54:07 All right.
54:08 How about we close it out with a bit of a joke.
54:09 Have you ever felt like you've had a hard day at work?
54:11 There's one of these problems like parsing integers.
54:13 You're like, how could possibly this go wrong?
54:15 I just don't understand what is happening.
54:17 Well, here we have a joke of a guy at a nighttime soccer game.
54:20 [LAUGHTER]
54:22 Apparently, it's a little cool out, but he's been running really hard.
54:25 It's a picture of a guy whose head is literally steaming, like not a little bit, a lot.
54:30 [LAUGHTER]
54:32 >> I think that's a visualization of integer being parsed into a string right there.
54:37 >> Exactly.
54:37 >> That's the before.
54:38 >> I'll read what the tweet really says, and then maybe we can play with it a little.
54:42 The tweet says just a JavaScript developer after work.
54:45 You know, like, what do you mean I have to do a new framework?
54:47 I just did a new framework last month.
54:49 [laughter]
54:51 I feel like this could be Christian Himes after going, "What do you mean parsing an integer is a denial of service?
54:57 I just can't." >> The ints are wrong. The ints are cursed.
55:03 >> Exactly.
55:04 Anyway, I'll just leave this here for people to appreciate.
55:07 We can call it a show 300.
55:09 >> Yeah, nice.
55:10 - Thank you.
55:12 - Yeah, thank you, Brian.
55:13 Seth, thanks so much for being here and sharing the work you've been doing.
55:17 - Yeah, thanks so much for having me.
55:18 - Yeah, it's been great.