Transcript #309: When Malware PoC's are Themselves Malware
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver news and headlines directly to your earbuds.
00:04 This is episode 309, recorded November 8th, Election Day.
00:09 I am Brian Hawken.
00:10 And I'm Michael Kennedy.
00:11 Okay, now let's look at your thing.
00:13 So first of all, redesign the Python Bytes website to make it responsive.
00:17 So even the table gets super cool when you scroll up.
00:21 But that's not what I want to talk about.
00:22 That's not why I brought it up.
00:23 I mean, I always get these emails.
00:25 I know you haven't logged into our site in five years, but we've redesigned it.
00:28 Let's tell you about it.
00:29 No, I don't care.
00:30 The reason I'm on this page, what is the date today?
00:32 November what?
00:33 It's the 8th.
00:35 It's the 8th.
00:35 Yesterday was Python Bytes' birthday.
00:38 Six years old now.
00:40 Oh my gosh.
00:41 I can't believe it's been six years.
00:43 Yeah, six years.
00:45 The intro to the show in PIP9 is out.
00:47 What are we on, like PIP30?
00:49 I don't know.
00:49 I haven't paid attention.
00:50 Well, they went from...
00:51 It's past 20, for sure.
00:53 They went from Semver to Calver, so it's hard to count.
00:57 It's still been a long time.
00:58 Yeah.
00:58 Absolutely.
00:59 All right.
00:59 Well, anyway, happy birthday to us.
01:01 Let's jump in.
01:04 Yay, we said we're at cake.
01:04 I know.
01:05 Cake.
01:05 We have to use cake emojis somewhere today, I suppose.
01:08 All right.
01:08 So I want to tell you about something that really touches on the cybersecurity, pen testing,
01:16 you know, red team, blue team sort of hacker side.
01:19 And I don't know if people are aware, but Python is used a lot for the pen testing security side
01:27 of the world.
01:27 We've had some guests on the show here before that talked about their work, right?
01:31 We're like, we don't understand this.
01:32 You got to come share this with people yourself.
01:34 So it's awesome.
01:35 But we're not worthy.
01:37 But there's a really interesting set of research.
01:40 And this research came from Sofian Yadmani and Robin Thay and Olga Gadiataska.
01:48 Sorry if I butchered everyone's name there.
01:50 But it is the title of the official academic articles is out of Norway, I think.
01:56 How Security Professionals Are Being Attacked, A Study of Malicious CVE Proof of Concept Exploits
02:02 and GitHub.
02:03 Have you run across this?
02:04 No.
02:05 Interesting.
02:06 So it sounds like it doesn't totally apply as maybe a Python programmer thing.
02:11 But here's the deal.
02:12 In order to, when these CVEs, these vulnerabilities come out and get announced, a lot of times people
02:18 are like, oh my gosh, there's some problem.
02:20 But like, what does it manifest like?
02:21 If I'm going to write some code to explore it, to understand it, to do all the various things,
02:27 how do I get started, right?
02:28 A lot of these are super complicated.
02:30 And so what people will do is they'll post a simple proof of concept.
02:34 Like, imagine you've got a sandboxed web browser and it shouldn't be able to access, like, for
02:39 example, your processes and other parts of your file system.
02:42 So if I went to a web page, I could make it pop up, I don't know, notepad with the text.
02:47 No, no, no, no, no, no.
02:48 We got you.
02:49 You know, something silly like that.
02:50 You're like, oh my God, it opened notepad.
02:51 Well, these people did some research and they found 47,000 posted proofs of concept.
03:00 And let's see, somewhere it's in the article.
03:04 They talk about the actual language breakdown.
03:06 Here you go.
03:07 So when they said, what languages are these written in?
03:10 HTML, 300, Ruby, 300, Go, 400, C++, 1,000.
03:15 Python, 8,000.
03:17 So that's a lot, right?
03:20 So Python is, by a factor of eight, the most common language that they are able to determine
03:25 the language of the exploit.
03:27 So it's something that really kind of applies to us.
03:30 Of the, how many were there?
03:32 There was like 47,000 of them.
03:35 And out of those, 4,800 or 10% were malicious, which sounds like, so what?
03:41 It's a proof of concept of a malicious thing.
03:43 No, it's like a meta malicious.
03:45 So here's the deal.
03:46 It says, we will show you how you can break into Active Directory on this new exploit.
03:51 What it really does is installs ransomware on your computer.
03:53 So if you as a person are like, I want to try this out and see if our system is vulnerable.
03:59 Like instead of it doing what it said it would do, it just takes over your computer.
04:04 And there's various ways in which it does it.
04:06 It might contact like a known malicious.
04:08 No, I know.
04:09 There are some lulls in there to be sure.
04:12 But the idea is there's some, it'll like take your, you know, your SSH keys and like
04:18 upload them to some malicious, you know, pastebin type place.
04:21 Or it will install crypto miners or it'll install, you know, ransomware encryption types of things.
04:28 And a few of them say, you shouldn't have just run code off the internet.
04:32 What are you doing?
04:33 And it'll like rickroll you.
04:34 But the majority of them take, take over for real.
04:38 So there's, isn't that nuts?
04:39 Yeah.
04:40 Yeah.
04:40 Yeah.
04:41 So.
04:41 Rick rolls are hilarious.
04:42 I don't know.
04:43 Just saying.
04:43 They are.
04:44 In the, they are.
04:45 Even in the paper, there's actually some, some Python proof of code.
04:50 So here let me show you down here.
04:52 Like pull this up.
04:53 I don't know how to link to a code listing inside of a PDF.
05:00 So I'm just going to cruise.
05:01 Here we go.
05:02 So for example, over here.
05:03 So here it says, this is an example of one of these proof of concepts that shows you how things might work.
05:08 And what is it going to do?
05:10 It's going to go and say, it's going to sleep for a second, get your host name, create a user thing, da, da, da, da, da.
05:15 And then oddly, instead of saying the URL is a thing, the URL is a base 64 decoded, encoded bunch of garbage, right?
05:23 What is this?
05:24 This, this is the malicious website that they're going to send your information to.
05:29 But when you look at it, it doesn't look like here's the virus.
05:32 It's like, oh, is it just decoding this text?
05:34 I see.
05:34 No, no, no, no.
05:36 This is the virus right there.
05:37 And there's way more complicated examples, but you know, pretty nuts.
05:40 Yeah.
05:41 Anyway.
05:41 Plus the formatting is gross.
05:43 They should really run black on this.
05:44 I know they totally, they totally should.
05:47 You deserve what you get if you run that.
05:48 No, this is a pretty interesting thing.
05:50 And if you're in the security space, you know, if there's a 10% chance of just checking out one of these proof of concepts that you'll get owned, you know, just be aware.
05:58 I mean, you consider the audience of the people creating these.
06:01 So I guess, you know, a bunch of hackers are like, hey, I made this code.
06:04 You should try it.
06:05 No, but actually we should have like a search thing or something like that.
06:09 Because that base 64 decode thing is a classic.
06:12 Just don't touch it sort of thing.
06:14 Especially if it's going into a URL or something.
06:17 This is, it's not good.
06:19 Yeah.
06:19 They did come up with a way to automatically test for things.
06:22 They said, look, if it's contacting a well-known malicious command and control type IP address, which there's a listing, a database of these types of things.
06:32 It's like, you know what, that's a problem.
06:34 And here's a proof of concept that should have nothing to do with the internet.
06:36 And it's uploading data.
06:38 That doesn't seem like it should.
06:39 Right.
06:39 Or it's downloading this data from somewhere else.
06:42 So, yeah.
06:43 Yeah.
06:43 I like that Kim has got the, he's got the glass half full.
06:47 A base 64 encoded URL is surely completely safe and nothing to worry about.
06:51 And Marco is concerned about the SSH keys.
06:54 Kind of got it.
06:55 Yeah.
06:55 And thanks for the happy birthday wishes out in the audience as well from everyone.
06:59 Yeah.
06:59 Yeah.
07:00 Thanks, people.
07:00 All right, Brian.
07:01 That's all I got.
07:02 But there's a really cool paper.
07:03 There's some proof of concepts in there.
07:04 There's a couple of write-ups on it.
07:05 It's worth checking out.
07:06 Okay.
07:06 Cool.
07:07 Well, I actually want to talk about something completely sort of different.
07:11 So, if you've, let's just, I'll go to us for a second.
07:17 If normally I get a lot of my news from people on Twitter.
07:22 But Twitter kind of is in the news lately because things are kind of going weird with Twitter.
07:27 So, what are people doing?
07:29 Well, a lot of people, a lot of people actually are checking out Mastodon.
07:34 So, I'm calling this the great Mastodon experiment because tons of us, Python people, and actually tons of tech people and tons of other people also are trying out this Mastodon thing.
07:45 And in the back of our mind, it was, well, like, yeah, Mastodon seems kind of interesting.
07:51 It's like a sort of maybe alternative to Twitter, but not many people there.
07:55 Now, there's a lot of people there.
07:57 Like, tons of people.
07:59 I don't know what the numbers are compared to Twitter, of course.
08:02 But anyway, so, I am part of this.
08:05 I'm part of the people that have switched.
08:07 But if you, like, we're showing the Mastodon, like, join Mastodon.org site.
08:13 And the first thing you want to do, okay, I want to try this.
08:16 So, I have to, okay, I have to create an account.
08:18 So, the first thing you're hit is, well, which server do you want to use?
08:22 I was stuck here for a while, and I'm like, I don't know what to do.
08:24 So, I went ahead and used Twitter, and I asked.
08:28 And Will was there.
08:29 From, Will said he's on Mastodon.social, Will McGoogan.
08:34 And I just asked, I'm still stuck on the Choosers server.
08:37 What are people using?
08:38 And I got one reply right away saying, well, Mastodon.org has Anthony Shaw and a bunch of other people.
08:45 And I'm like, good enough for me.
08:47 So, I went ahead and picked it.
08:48 So, I am now on Fostadon also.
08:52 And then I'm just trying stuff.
08:54 I'm like, just trying it out, playing it, playing with it, following some people, commenting, whatever.
09:00 And so far, I kind of like it.
09:03 It's nice.
09:04 Now, now that I've kind of like, I got the basics down, now I'm ready to learn some more.
09:09 And so, I put together, went through and found some tutorials.
09:13 So, if anybody else wants to try this also, I found some kind of fun tutorials.
09:18 There's one that's called the Increasingly Less Brief Guide to Mastodon.
09:21 It's big.
09:22 But it's so, that's nice though.
09:25 It starts out with like short answers.
09:30 Like, you know, what is it?
09:31 How is it like Twitter?
09:32 How is it not like Twitter?
09:34 Stuff like that.
09:35 And one of the things, comparisons that confused me a bit was, how is it like email?
09:40 But I didn't get the analogy at first, but I kind of do now.
09:44 So, the idea is you have to pick a server, but you can still follow people on other servers.
09:49 Just like if you have a Gmail account, you can still email people that are not in Gmail.
09:53 Works.
09:54 So, there's that.
09:55 There's everything I know about Mastodon.
09:57 Sorry, but it reminds me a little bit of like BBSs.
10:00 Remember, like you go to BBS and write email and then they would like sync at night.
10:04 And then you might get email from some other BBS.
10:06 Well, yeah, that's something I also noticed.
10:09 At first, I was a little annoyed because like it's not as zippy sometimes.
10:13 Like, it's growing a lot.
10:15 So, a lot of these servers are like adding capacity.
10:18 And so, occasionally, like the other day, the Fostadon server was down for a couple hours.
10:24 And I'm like, oh my God.
10:26 Actually, I'll be fine if I don't use a social media app for two hours.
10:30 Just chill.
10:32 And so, yeah, it's interesting.
10:36 There's a lot of stuff I've learned so far.
10:38 Like, it's not filtering what I'm seeing.
10:41 I actually just see everything that people write that I'm following.
10:44 Actually, isn't that what I wanted?
10:45 So, I'm pretty okay with it.
10:48 So, I put together, I'll go through a couple of these.
10:50 There's everything I know.
10:51 It's targeted towards data science people.
10:54 But there's a lot of great info there.
10:55 And then Simon Willison, he's trying this out too, said, Mastodon is just blogs.
11:04 So, I was confused by that.
11:07 But he describes how it's like it uses this active pub feature and gets into a little details.
11:14 But I think he knows what he's talking about because he wrote his own.
11:17 He's on his own server.
11:18 So, you can have your own Mastodon server.
11:21 But some of the people trying it out at the same time, we've got some big names.
11:26 Lucas Lange, he's trying it out.
11:28 He linked to a couple of things that he's learning about.
11:32 You know, it's really supposed to repost in multiple places.
11:35 Things like that.
11:36 I've got Brett Cannon figuring it out.
11:37 So, a lot of us over here having a little bit of fun with Mastodon.
11:42 That's fantastic.
11:43 Yeah.
11:43 So, fosstodon.org is the free and open source software Mastodon one, right?
11:50 Yeah.
11:50 But a lot of people are on, so like a lot of people are on Mastodon.social.
11:54 Here's a cool article.
11:56 Oh, yeah.
11:59 Clients-wise, there's a whole bunch of iPhone clients, too.
12:03 But you can use it on the web or anything.
12:04 Lucas is on, or Lokesh, I'm sorry, is on Mastodon.social also.
12:11 Brett's on Fosstodon.
12:13 But there's a whole bunch of others as well.
12:14 Yeah.
12:15 You have to apply to get in there.
12:17 So, I applied, but I have not been let in yet.
12:20 So, hopefully, they will find me worthy and I can join you.
12:23 Okay.
12:24 Let's see.
12:25 Well, I know some of them.
12:27 So, some of them are, since these are private things, there's got like people running their
12:31 own servers, there's funding models on each of them.
12:36 And like Fosstodon, for instance, said they want to make sure that they always have six months
12:40 of running time or something like that.
12:42 And that's cool enough for me.
12:45 So, anyway.
12:45 Yeah.
12:46 I'd be happy to pay a dollar or two a month just to have no ads and have a well-curated,
12:51 somewhat not terrible space.
12:54 You know, yeah.
12:55 I wasn't really getting to get into the politics of it, but the whole $8 a month thing.
12:59 Actually, if I could have got rid of ads and actually got some other cool features, I probably
13:04 would have paid it anyway.
13:05 I just don't want to pay it now.
13:07 I'd be like two months ago.
13:08 I probably wouldn't have been up for it, but I don't want to do that right now.
13:11 Yeah.
13:11 I don't know.
13:12 I have no intention of leaving Twitter at the moment.
13:14 There's still like a really valuable community for the podcast listeners and stuff.
13:18 But I do think it's also super interesting to reach out to these other spaces.
13:23 Mastodon is one.
13:24 It's kind of interesting in that there's a bunch of little islands.
13:27 And the thing that's cool about Twitter is you go to the continent and then you find your
13:32 space within that.
13:33 It's like, here you got it.
13:34 What is the place I go to?
13:37 I'm telling you, this is like BBSs.
13:38 What BBS has the place where there's kind of cool conversations and good games I can play?
13:43 You dial that one up.
13:45 Or we could just go back to like, you know, Planet Python and RSS feeds for everybody.
13:49 Yeah.
13:50 Nothing wrong with RSS.
13:51 Cool.
13:52 Well, thanks for bringing that up.
13:53 I have some more thoughts on this as well later.
13:56 But for now, for now, maybe we could talk about our sponsor.
13:59 What do you think?
13:59 We should talk about our sponsor because it's cool that we have one.
14:03 But also, it's Microsoft.
14:06 So this episode of Python Bytes is brought to you by Microsoft for Startups.
14:11 But starting a business is hard.
14:14 Most startups go out of business within the first year, which is totally lame.
14:18 So Microsoft for Startups set out to understand what startups need to be successful and created
14:24 a digital platform to help you overcome those challenges.
14:27 And they came up with Microsoft for Startups Founders Hub.
14:30 The Founders Hub provides all founders at any stage with free resources to help solve startup
14:35 challenges.
14:36 The platform provides technology benefits, access to expert guidance and skilled resources,
14:41 mentorship and network connections, and so much more.
14:44 Unlike others in the industry, Microsoft for Startup Founders Hub doesn't require startups to
14:49 be investor backed or third party validated to participate.
14:52 Founders Hub is truly open to all.
14:54 You can speed up development with free access to GitHub and Microsoft Cloud.
14:59 And there's other partners that they've partnered with, such as OpenAI.
15:05 You can get discounts through there.
15:07 So you'll have access to those extra resources, but you also get access to their mentorship network,
15:13 which includes hundreds of mentors across a range of disciplines.
15:16 Need advice on marketing, fundraising, idea validation maybe.
15:20 Tons of topics that you might need help on, including management and coaching, and you'll
15:24 be able to book a one-to-one meeting, one-on-one meeting with mentors, many of whom were former
15:30 founders themselves.
15:30 It's no longer about who you know.
15:33 Get critical support you need from Microsoft for Startups Founders Hub.
15:37 Make your idea a reality today.
15:39 To join the program, visit pythonbytes.fm Founders Hub 2022.
15:44 And that link is in the show notes.
15:46 And I know you can find this on your own by Googling, but using that link in the show
15:50 notes will help them know that you found it through this podcast.
15:53 Thanks.
15:53 Yeah, absolutely.
15:54 Thank you, Microsoft.
15:55 Oh, you're on mute.
15:56 I am.
15:57 Thank you, Microsoft.
15:58 And yeah, let's move on.
16:01 A couple of these things are about continued journeys.
16:04 Sometimes we're on a journey, you know?
16:06 Yeah.
16:07 And, switch it over, Thiri, over on Twitter, not Mastodon yet, sent us a message and said,
16:14 hey, nice episode.
16:15 You know, remember I was on this, I talked about like Panix, SSH, a thing called Prompt,
16:23 and some of the other ways I was trying to like, well, how do I just take my iPad and no keyboards
16:27 and no extra stuff and just have a little DevOps-y coding environment, right?
16:32 So, Thiri says, you should check out Gitpod.
16:35 Have you heard of Gitpod?
16:36 No.
16:37 No.
16:37 Pod as in pods from Kubernetes.
16:40 But here, he says, you know, basically I'll just pull up and show you what it is.
16:46 So, if you go over here, the idea is, it says, always ready to code.
16:51 Like, that sounds cool, right?
16:52 And I love, look at this little graphic, right?
16:53 Okay, you're like, your chair is an enter button.
16:56 I love it.
16:57 Oh, I didn't notice that right at first.
16:59 That's cool.
16:59 Yeah.
17:00 And by the way, they just, this happened, I think, since this got sent over, they just
17:04 scraped a $25 million Series A round.
17:06 So, there's a good, you know, there's a lot of effort behind this, right?
17:09 Gitpod is, I believe there's an open source version and then like a hosted version as well.
17:16 So, the idea is, what you can do is, I can go and it'll create a Kubernetes Docker type
17:24 image that I can configure.
17:26 So, basically a Linux machine that's isolated for me, which is nice.
17:30 And then, I can log into it one of two ways.
17:33 I can log into it in the browser.
17:35 And just like if you go to github.dev, which is what I suggested before, in the browser, this
17:40 connects to your own environment, which the thing that's cool about this is it's that environment,
17:45 you have root access to do whatever you want to it.
17:48 So, if you got to pip install something that's weird or whatever, like, you're not like, oh,
17:52 well, sorry, you can't install this dependency.
17:53 Too bad, right?
17:54 It's just, it's yours.
17:55 You do whatever you want with it.
17:56 And that's in the browser.
17:57 So, on your iPad browser, for example, or if you happen to be on the desktop and what
18:01 you want is just like a, I'm on an ARM machine.
18:03 I want an x86 machine or I want a Linux machine that's like production and that is not just my
18:09 Mac or my Windows machine.
18:10 You can actually connect to it with a full-on VS Code or even PyCharm.
18:14 You can plug directly into it and remotely edit locally on PyCharm locally, but then like
18:20 debug and run your environment there.
18:23 Wow.
18:23 What is that?
18:24 That's really cool.
18:25 Yeah.
18:25 It also works for IntelliJ, the Go, basically all the VS Code and all the JetBrains IDEs,
18:32 which is like a huge long list.
18:33 And Vim, and also Vim.
18:35 Wow.
18:35 So, anyway, this is really cool.
18:37 And there's one of the recommendations or like the reasons for it.
18:42 It says, look, you can do multi-track development.
18:44 So if I'm working on a feature branch and I'm working on main dev and I'm trying to do a bug
18:51 fix instead of, you know, staging or stashing and then checking out and then try that, then
18:56 unstat, you know, check over to the other thing, unstat, like, you know, juggling one working
19:00 environment.
19:01 You can have multiples of these Git pods, one for each part of your project, even.
19:05 Bring it closer to your Linux and Docker runtime.
19:09 You can even do like paired programming on it, which is kind of interesting.
19:14 And here they got an example of it running on an iPad.
19:19 And apparently you can install like a bunch of different extensions and stuff and like,
19:23 you know, configure up your thing.
19:24 So there's an open source version, which is free from big tech influence.
19:29 But there's also, you can get their version on the cloud or you can self-host it or whatever.
19:34 Right.
19:35 And so there is a paid component to this.
19:38 Like this, you know, they got $25 million, right?
19:40 It's not just like to set on fire, although maybe.
19:42 There's a free version, which gives you 50 hours of coding a month.
19:47 That's pretty good.
19:47 Or you can pay $9 a month for 100 hours or there's like other higher tiers, 25, 40 bucks
19:53 and stuff.
19:53 But it's open source and there's some free versions and reasonably priced versions.
19:57 And yeah, I don't know.
19:58 I think it's pretty cool.
19:59 So thanks, Theory, for sending it over.
20:01 And, you know, it's definitely an option out there.
20:04 Yeah.
20:04 And the self-hosted also looks like an option as well.
20:08 Yeah, exactly.
20:08 So you can self-host.
20:09 I think you basically probably set up a Kubernetes cluster and like it connects and goes against
20:14 that.
20:14 Oh, yeah.
20:15 Just throw up a Kubernetes cluster.
20:17 Yeah.
20:17 Exactly.
20:18 All right.
20:19 Well, I haven't.
20:21 I did play around with it and it worked pretty well, but I haven't done anything serious.
20:25 It still looks cool, though.
20:26 I like it.
20:27 Yeah.
20:27 Yeah, absolutely.
20:28 All right.
20:28 What's your last one here?
20:30 Oh, last one is a short one.
20:32 I just wanted to talk about terminal colors.
20:35 So I've got a little pytest plugin called pytest-check.
20:41 And it's got some terminal output.
20:43 but it does talk about failures.
20:44 But it does talk about failures.
20:45 And somebody completely reasonably submitted an issue and said, it'd be cool if these were
20:52 red so you could see them easier.
20:55 And I'm like, yeah, that would be cool.
20:57 So what should I do?
20:59 Well, I could, you know, Will, I want to let you know that the first thing I thought about
21:04 was I could throw a rich at it.
21:05 So I could use rich to put red in the terminal.
21:09 And but rich is now rich is awesome.
21:12 I love rich, but maybe it's a bit of a big hammer for for just adding one color.
21:18 I just had a red.
21:19 So I went looking around a little bit and there's term color and there's colorama.
21:26 There's other things I ended up.
21:27 I'm looking at colorama right now is what I'm playing with.
21:30 So colorama is used by a lot of applications.
21:34 And one of the reasons why is because it helps with the cross being able to use colors on both
21:42 both windows and everything else.
21:44 Windows is a little special.
21:45 It doesn't act like the other stuff.
21:48 So you have to do things a bit special.
21:49 And I was kind of glad I looked at this because one of the things that came up recently in one
21:55 of the new versions is colorama has a thing called just fix windows console.
22:02 It's just a from colorama import, just fix windows console.
22:05 And you call that.
22:06 And after you call that, then your window, if you're running your application on windows,
22:11 it acts just like a normal TTY terminal on Linux or Mac or something.
22:16 Oh, wow.
22:16 At least in terms of a lot of stuff.
22:19 The other thing that just fixed windows console, I think I got this right, is it's you used to
22:25 have to call a nit.
22:26 And now you call this other thing.
22:28 But you can you can call that on Mac also.
22:30 And it just doesn't hurt anything.
22:31 It's fine.
22:32 So you can.
22:34 And now after you've done that in it, and there's a whole bunch of text here that I just skimmed
22:38 really briefly.
22:39 I just wanted it to work.
22:40 Just call that.
22:41 And then you can use these these color codes like for four dot red, for instance.
22:46 That's what I wanted.
22:47 Some red text.
22:48 And there I've got it.
22:49 So after you change change stuff around, you also have to reset it.
22:53 So there's a reset code.
22:55 Now you can do the same thing.
22:56 And it has it on there, there read me is you can use the hex or whatever color code escape
23:05 sequences.
23:05 So backslash zero three three bracket.
23:09 31 M is red.
23:11 But I don't I think I'll go with the named ones.
23:15 How about some constants instead?
23:17 Yeah.
23:17 Yeah.
23:19 So this is pretty cool.
23:20 And I think I kind of think this is where I'm going to go with with adding red to my
23:26 test check.
23:27 So if you want just a little bit of color and nothing that you need rich for, colorama might
23:32 be what you want.
23:33 So nice.
23:34 Colorama is definitely a go to for me when I just want like this needs to be red or green.
23:38 It just needs to stand out somehow.
23:40 For sure.
23:41 It's very cool.
23:41 Yeah.
23:42 Cool.
23:42 Awesome.
23:43 All right.
23:43 Well, that brings us to our extras, huh?
23:44 Yeah.
23:45 Do you get any extras?
23:46 You know, I do.
23:47 Let's see.
23:49 Some of these are quick, some slightly more.
23:52 So Roman Wright, who often we find here in the live streams as well, maker of Beanie.
23:59 Love Beanie.
24:00 Beanie is powering Pythonbytes.fm, by the way, for various other things.
24:05 So super awesome.
24:06 He'd been thinking.
24:08 And so Beanie is Pydantic plus MongoDB async.
24:12 And so there's plenty of reasons why we might want a synchronous API.
24:15 I'm just in the middle of some script and I just need to talk to the database real quick.
24:19 Like, do I really need to upgrade this whole thing to handle async code?
24:22 Shouldn't there just be a way to call it?
24:24 There should.
24:24 And so he created a derivative or mirrored version that is like Beanie, but has a synchronous
24:31 set of APIs instead of asynchronous.
24:33 API is called Bunnet, which I don't know the word Bunnet, but I think it has something
24:37 to do with like something to do with a bean.
24:41 I'm not sure.
24:42 But anyway, Bunnet, it's similar to Beanie, except for you just don't await things, right?
24:46 You just use the pipe Mongo base instead of the motor client under the hood.
24:50 And then you just, you know, do thing insert or thing dot find one or whatever.
24:55 So people can check that out if they're into Beanie, but they don't want the async version.
25:00 Hmm.
25:01 Yeah.
25:01 So I just looked it up.
25:03 A Bunnet is a, it's, it's a type of hat.
25:08 It's like a Scottish hat.
25:09 Okay.
25:09 Well, that would explain the, the, the icon here.
25:13 Maybe it looks like a bean, but it's actually a hat.
25:15 Oh, Roman's here.
25:16 Hey, Roman.
25:17 So this is a Scottish word.
25:18 Fabulous.
25:18 And Will McGugan is a Bunnet is a hat worn by old Scottish men.
25:22 Lovely.
25:22 Cool.
25:24 Awesome.
25:25 And congrats Roman on getting that out there.
25:27 That's awesome.
25:27 PyCon, you brought up PyCon 2023 last week.
25:32 Yeah.
25:32 They've got this cool, like tile sort of celebration of history on their website.
25:38 And they tell you that it will be April 19 to 27.
25:41 There's a small problem with that though.
25:43 How actionable is it?
25:45 If I want to go to the conference and I want to go see the main talks, when do I book my travel?
25:50 Yeah.
25:51 The whole thing.
25:52 Just stay there.
25:52 It's awesome, right?
25:53 I can come to the tutorials and do the week of sprints after.
25:56 I don't know.
25:57 That's a lot.
25:58 And so I reached out to Twitter and Marietta says, tutorials are on Wednesdays and Thursdays.
26:04 Talks, keynotes, expo halls are Friday to Sunday.
26:07 And from Monday onwards, those are the sprints.
26:09 Perfect.
26:10 Perfect.
26:11 So yesterday, while I was getting studded winter tires put on my car so I can go to the mountains
26:17 and not die, I decided to go ahead and book my travel and I'm going to go to the conference.
26:22 We talked about maybe we'll go, maybe not.
26:23 I'm going to go for a whole week.
26:24 I'm going to show up on Thursday and leave on the next Thursday.
26:27 Maybe be part of the sprints, but definitely do a ton of podcasting while I'm there and try
26:31 to just make it like a, other people will be sprinting out.
26:33 Okay.
26:33 I'm going to be sprinting on podcast episodes.
26:35 I got to decide what I'm going to do.
26:38 I haven't decided yet.
26:39 I'll probably go.
26:39 Flights are still pretty cheap right now.
26:41 They might be like hotels and stuff.
26:43 I think there are really a lot of variations.
26:46 Like there was, I was like, oh, maybe I'll stay at the Hilton.
26:48 $3,300.
26:49 Like, yeah, maybe I won't stay at the Hilton.
26:50 What else?
26:51 So I think people are starting to book it out.
26:53 Okay.
26:54 Yeah.
26:54 Anyway.
26:55 Thank you, Marietta, for sharing that information.
26:57 It makes it much easier for us to plan about participating or even just watching PyCon online.
27:03 Yeah.
27:04 Cool.
27:04 Yeah.
27:04 All right.
27:05 Quick shout outs to GeForce Now.
27:08 Have you heard of GeForce Now?
27:09 No.
27:10 So my daughter's really into gaming these days.
27:13 Plays a bunch of like horse riding games and Minecraft and Planet Zoo.
27:19 And there's like a cool Jurassic Park thing that's like a Sims, but for dinosaurs.
27:25 Most of these games run on Windows and we have an Alienware computer, but it's like all set
27:29 up for my SimRacing.
27:31 So it's kind of hard to play games on that don't involve a steering wheel.
27:33 And she's like, how can I play these games on my PC?
27:36 I'm like, or my Mac, right?
27:38 She has a MacBook Air.
27:39 Like, I don't know.
27:41 She's like, how could I play if I'm not at home and I can stream?
27:44 So we try out GeForce Now.
27:46 Basically, they'll give you a high-end Windows computer and like a GeForce 3080.
27:52 And it just streams like Netflix to your PC.
27:55 And it is super low latency.
27:57 I mean, it's like you're really just playing it there, but you're not.
27:59 It's pretty awesome.
28:01 Oh, so you can play a game on a remote computer then?
28:06 Yeah.
28:06 Or I mean, you can play it on your iPad or you can play it on your iPhone or Android or
28:11 on your Mac or whatever.
28:12 And they've got a completely 100% free tier.
28:15 So it's pretty nuts.
28:16 We should check that out.
28:17 Anyway, that was a cool techno experience.
28:20 Two new YouTube videos I've released.
28:22 One five days ago.
28:24 One five hours ago.
28:24 How about that for timing?
28:25 Nice.
28:26 So as part of this sort of social media, Twitter madness and various other things, I've been
28:32 thinking about this for a while.
28:32 Anyway, I'm like, I really want to try to build up my presence on other areas that are not just
28:38 Twitter.
28:39 And so like, well, YouTube might be one fun place to sort of build up a community.
28:42 So I'm starting to add more videos there.
28:44 Right.
28:44 So like I've done in the past couple of weeks, I've done four videos.
28:47 But the last two is a walrus meets a python, which is fun.
28:51 That's about the walrus operator.
28:52 And then the one that came out today is Python GC settings, which shows some insane stuff
28:58 you can do to tweak the GC a little bit and get crazy better performance.
29:01 Nice.
29:02 The GPC being the garbage collector, right?
29:04 Yes.
29:05 Not reference counting, which does like 99.9% of Python memory.
29:08 The 0.1% or the 0.1%, whatever's left over.
29:12 Like that actually, you often can turn that down because you don't really have cycles that
29:16 much that get lost.
29:17 And it turns out to have some pretty interesting effects.
29:20 We talked, we think we covered, was, was it Instagram?
29:24 I think, I think they wrote an article called dismissing the garbage collector where they
29:27 literally turned it off in production.
29:29 It was either that or, or I can't remember which one, which company did it, but this is
29:33 kind of like a, well, let's don't be so aggressive like that, but kind of, you know, and it's,
29:38 it's pretty, yeah.
29:39 Nice.
29:39 People can check those out.
29:40 yeah.
29:41 So one of the things, that I, the only extra I've got is, I really liked this
29:46 article, from Simon and Wilson about what to blog about.
29:50 So a lot of, so people are, you have a presence somewhere other than Twitter, like, and maybe
29:55 write, start writing your blog more.
29:57 and I like this, what to blog about with the, he goes through a couple of things.
30:01 One of the things is the today I learned.
30:03 And I, you know, I actually, at first, when I first encountered the TIL thing, I first was
30:09 like, why not, why do you need that?
30:11 Can't you just like, just write what you learned anyway?
30:13 But a lot of people have this paralysis of if I write how to do something, people are
30:18 going to think it's a tutorial and I don't know how to do everything with this tool.
30:22 I just learned this little thing of how to do fix my thing.
30:24 So, the T to D the TIL at least is a tag that people will know.
30:30 It's, it's not a full tutorial.
30:32 It's just a little snippet of somebody learned about this thing.
30:35 And, and I think this is a great way to go about, writing it.
30:38 It can be, it can be short and simple, or it can be longer.
30:41 Plus also, if you build up a lot of these around a topic, it might turn into a tutorial
30:46 later.
30:46 So, cause you can, you, now that you've learned a ton, you can write a blog or longer
30:51 blog post about it.
30:52 I also just want to tell people that it doesn't have to be a, like a full tutorial.
30:56 You don't have to compete with real Python or other places.
31:00 You can just do a short thing you learned about.
31:02 It doesn't have to be.
31:03 Okay.
31:04 The other thing he talked about was projects is to write about projects that you've done.
31:08 and, and I think that's a great idea.
31:12 And, but I also want to make sure that people understand also the things you're working on,
31:17 right?
31:17 Right.
31:17 As you're building stuff, this can be part of the TIL, but it could just be, this
31:22 is the fate.
31:23 And it's also another way to limit the scope, like, color in the terminal.
31:27 I don't want to write about all of color in the terminal, but maybe I could write about
31:31 the, just fixing this one bug or this one feature request.
31:35 What I went through to figure out how to figure out how to use colorama and, and then how
31:40 do I detect whether it's a TTY terminal or not?
31:42 things like that.
31:43 That can be a decent article just to write about that.
31:46 and so I think these, this, these are great tips for, unblocking yourself.
31:51 The other thing I want to tell people about is, you, if, is, if you covered it, you've
31:56 learned it from somebody else's blog also already, but you, it didn't quite meet your needs
32:01 and you looked at other places.
32:02 that means that there is a tutorial out there that's missing and it's the one that
32:08 kind of myth fits your brain.
32:10 You can rewrite something that is, is similar to what other people have written about and
32:15 just write it in a different way that fits you better.
32:18 And that'll maybe fit other people better too.
32:20 So there's nothing wrong with that.
32:21 It doesn't have to be completely unique.
32:23 Yeah, absolutely.
32:23 Definitely.
32:24 It doesn't.
32:24 I like it.
32:25 That's all I got.
32:26 Came out there.
32:26 Yeah.
32:26 Came out there.
32:27 Says TILs are also handy to reread from time to time and remind yourself of things you've
32:32 figured out than forgotten.
32:33 Yeah.
32:33 Like you can see the search engines with stuff that you knew.
32:36 And then when you forget it, you can find it again.
32:38 And you know, that's how I started blogging and I didn't call it TIL.
32:41 I would just, I had a blog, nobody was reading and I would just, throw up stuff
32:45 like, commands that I looked up like commands from a tool.
32:48 Like, I always forget how to change my commit message if after I've committed too
32:54 fast.
32:54 so throwing up a little post about get commit amend would be fine.
32:59 Yeah.
32:59 So yeah, absolutely.
33:00 All right.
33:01 Well, this has been a fun episode, but it's still good sometimes to just take a moment and
33:05 relax.
33:05 Right.
33:06 Yeah.
33:06 Yeah.
33:07 I mean, some people, I took my dog for a walk in the woods during sunrise.
33:10 There was like this fog that some, for some people getting out in nature is amazing.
33:14 But as software developers, a lot of times you want to get kind of close to the
33:18 code or like close to the heart of technology and what, what speaks heart of technology
33:24 more than the server.
33:25 This is crazy, man.
33:27 Yeah.
33:27 So, so here's a thing you can play.
33:30 It's on YouTube.
33:30 I'll show you in a second.
33:31 And it says pure relaxation server sounds.
33:34 And we can come over here and it actually has tracks.
33:36 So like it starts with desktop in the doldrum, entering the engine in the engine room, the
33:41 far side of the cloud.
33:43 I find co-location ventilation to be especially relaxing facing, facing the cloud.
33:49 And finally spacewalk.
33:51 So I just want to play a little bit of this for people, Ryan.
33:54 Okay.
33:54 I think, I think they're going to enjoy it.
33:56 Maybe.
34:03 It's amazing, right?
34:04 So relaxing.
34:05 So anyway.
34:07 You shared it with me before we started though.
34:09 And I got to say it's hilarious.
34:11 So I'm going to go check this out.
34:13 I mean, keep in mind, a lot of people have to wear like big earmuffs sound protection to
34:19 go in this room.
34:19 So it might be the opposite of relaxing, but you'll see.
34:22 You'll see.
34:22 Okay, cool.
34:24 Nice find.
34:25 All right.
34:25 Yeah.
34:26 Thanks.
34:26 Just here to help people be more productive, you know?
34:28 Maybe not with this though.
34:30 Well, and some of these people that used to be around all these server farms are now working
34:34 from home and they might miss that sound.
34:36 So that's true.
34:37 Good.
34:37 Roman out there points out that the scary part is actually if the server room is quiet.
34:41 Yeah.
34:44 You go, no, why is it quiet?
34:46 This is not good.
34:46 Yeah.
34:47 All right.
34:48 All right.
34:48 Well, thanks a lot for, as always, and thank everybody for watching and showing up and listening.
34:55 We love you.
34:56 Yep.
34:56 Thanks everyone.
34:57 It's been an awesome six years and we'll keep going.
34:59 Yeah.