Transcript #332: A Python, a Slurpee, and Some Chaos
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to
00:04 your earbuds. This is episode 332, recorded Tuesday, April 18th, 2023. I'm Michael Kennedy.
00:12 And I am Brian Okken.
00:13 And this episode is brought to you by InfluxDB from Influx Data. We will tell you more about them
00:19 later. Connect with us over on Mastodon. We're all on Facedon, at Mkennedy, at Brian Okken,
00:25 and at Python Bytes. And if you want to be part of the live show, pythonbytes.fm/live.
00:31 Crush that bell and you'll get notified when we go live, usually Tuesday, 11 a.m. Pacific time,
00:37 like it is now.
00:38 Well, just a reminder that I think it's really important for people to subscribe because
00:42 sometimes it's not at Tuesday at 11, usually, but sometimes it's not. So get notified. First,
00:50 I want to talk about, I don't know, H-U-A-K. It's a project. I think it's HWAC.
00:56 HWAC?
00:56 I would have guessed HWAC.
00:57 Yeah.
00:58 HWAC.
00:58 HWAC? I'm not sure. But it was suggested to us by Owen on Mastodon. So thank you, Owen.
01:06 And I gave a look at this. So this HWAC is a Python package manager written in Rust. So we've got a lot
01:16 of tools in Python now getting written in Rust. And I think it's cool. I mean, why not?
01:22 So anyway, it's inspired by Cargo. And actually, so my first, I've tried this twice so far. And
01:29 my first take on it was not as, was sort of lukewarm, but I tried it again today. And there's
01:36 some really cool stuff here. So I want to like highlight a few things. There's some decent
01:44 documentation, but it's just, it's just the early stages of the project. I don't know how
01:49 old it is, but they have a disclaimer that it's in an experimental state. But I think there's
01:54 a bunch of it that's already quite usable. You can, it's just a pip install, but it installs
01:59 the Rust tools and stuff with it. And you can create a new project and init a project. And
02:04 that's where like the people are picky about what goes in your project Toml. So, or PyProject
02:10 Toml. And I, I am picky also. So it isn't, the init isn't quite exactly what I would want,
02:16 but it's pretty good. So it's a, it's a decent mix where it's initializing, but there's so much
02:22 more you can do. So if I go to the, let's go to the main documentation. These are all the
02:26 workflows.
02:26 I just want to comment on something right there. Notice the walk distinguishes between library and
02:33 application, like projects, projects default to library type, but you can pass a --app
02:38 flag. And I think that is pretty excellent because so, so many of these tools, they either have a,
02:44 a tendency for, you know, like hip ENV seems to have a tendency for apps where some of the others
02:50 have tendencies for libraries and you don't really want to say, well, my tool can only be
02:55 used for building libraries, but not apps, right? Like pinning specific versions versus greater than
03:00 type of versions and that, that kind of stuff in your file. So I think that that's a cool aspect
03:05 they've considered here.
03:06 It is. And I'm, I'm, I'll be curious to know what, what that, what that affects,
03:11 what it affects downstream. So we'll have to play with that. There's even like, so apparently there's
03:17 a no VCS flag so that you can generate projects without get, which is cool, but the assumption is
03:25 it's going to be get. And the assumption is it's a, well, right. You said assumption is a library,
03:29 but it can, can do applications too. Nice. So the, yeah, there's, so things like,
03:36 once you have it initialized, there's other stuff that I didn't even think that a workflow tool would
03:41 be good for. But this is pretty cool. Like adding a dependency. I know poetry does this sort of a thing
03:48 where you can say, you know, you know, add some dependency and it adds it to your PI project,
03:53 Toml. This does that, but it's, it's nice that it's a, I don't know. It's just sort of the workflow
03:59 seems nicer to me. You can activate a virtual environment, even if you didn't create it with this
04:06 tool. just pretty nice. you can use, I'm going to go through the list. The list is pretty
04:11 big. you can add a dependency. You can build your project in it. I tried the build and it, it
04:17 builds it. It like creates a new virtual environment and builds it in a fresh virtual environment. So
04:22 that's a really clean way. It's like building with talks almost. it's a real clean way to build.
04:27 It's kind of cool. completion said generating a shell completion. I'm not sure I
04:32 need that, but oh, well, cleaning everything when you're working with projects, sometimes you
04:37 just have tons of stuff around. So a clean option is pretty nice. linting and fixing linting and
04:43 fixing lints. And so I tried this. I like, I'm like, okay, I have this new project, tried linting.
04:48 And at first, one of the things that did it installed, rough, right off the bat
04:53 and then ran it, which is cool. Oh, the other thing I thought was pretty neat when I added
04:59 something. So I added pie test to a project and that added pie test to the dependency list, but it also
05:05 installed it in my virtual environment. It's like, so it figures you don't have it yet. Let's install
05:11 it. So there's a whole bunch of these things like, publishing. so it's kind of a, it's kind
05:16 of a poetry like thing, but if poetry doesn't really float your boat, maybe this does.
05:21 most of this works for me and actually, to be honest, the stuff I've worked with so far,
05:26 I think this is as, this is as close as, as reading my mind as any, workflow tool has
05:33 gotten so far. So this is pretty cool, pretty close to what I was thinking about as a cool thing,
05:38 even lists Python versions. So if you say, walk, I got to understand the name
05:45 because my brain, even if I don't talk about it, my brain needs to know what to call it.
05:50 and, so if you say Python list, it'll list all the Python versions on your, on your machine
05:55 that it can find. So it's kind of cool. Yeah. Cool. It also has update to update the project's
06:00 dependencies, which is pretty neat, which probably the pin, pin numbers and stuff like kind of like
06:05 pip-tools, pip dash compile. Yeah. I tried update first and I said, you don't have any dependencies
06:10 yet. So I'm like, okay, well I'll add some dependencies. So yeah, nice. Pretty cool. Oh,
06:16 yeah. I can get behind checking this out. This looks pretty neat. And it's kind of a theme. It's
06:20 going to be a bit of a theme on this show with what I got coming up as well. Although we didn't
06:25 coordinate this. It's, it is, painful out there, by the way, just has a bit of a nightmare. It's about
06:30 pre-force when here's no get that could also go for source safe or any of these other types of
06:36 systems that like lock a file, you know, the centralized version control. Someone locks a
06:41 file cause they're editing it. Then they go on vacation. That's always a good time.
06:44 Yeah. Yeah. The, the, the no get part is, I it's important to me for somebody trying
06:51 stuff out because if I'm just trying a bunch of stuff out, playing with a project,
06:56 sometimes I want to see how the whole build and the whole workflow works without actually
07:00 setting up a get repo. Yeah. So I'm cool with it. Yeah. Anyway. Cool. All right. Well,
07:06 we're not going to start with more packaging. Let's start with law. And I suppose as usual,
07:12 we should say we're not lawyers. Don't take our advice, but that's certainly not mine, but I'll tell
07:17 you, there's a blog post written by PSF over on pyfound.blogspot.com. It still kind of blows my mind
07:25 that PSF doesn't have its own domain for blog posts. But anyway, the EU proposes proposed CRA law
07:33 may have unintended consequences for the Python ecosystem. So we've talked about this before,
07:39 just bringing awareness to what that law, the cyber resilience act, basically holding companies
07:46 liable for shipping bugs and vulnerabilities in their code in Europe has for the open source ecosystem.
07:52 And so the PSF has come out with a strong statement of this is broken. If you don't fix it,
07:59 bad, bad things are going to happen. I'll, I'll jump ahead just a little bit before we go along.
08:04 It says, let's see if I can find the phrase here. This as written would make it impossible in practice
08:11 for the PSF to continue to provide Python and the PyPI ecosystem to the European public. Sound bad?
08:18 That sounds kind of bad to me. Like, Hey Europe, how about we just cut Python off? Ironically, dear Python,
08:25 you were invented there, but too bad because you hate it. So let's go through what the PSF says. I've already,
08:32 highlighted this, some of these issues. And I think maybe even Penfield was the one that sent this over.
08:37 I can't remember exactly who sent it over the beginning, but so their blog post starts out and says,
08:43 the PSF has found issues that put the mission of their organization and the health of the open source
08:49 software community at risk through the cyber resilience act. CRA says, if the proposed law is
08:57 enforced, as it's currently written, the authors of open source components might bear legal and financial
09:03 responsibility for the way their components are applied in someone else's commercial project.
09:08 So let me give you something really simple, Brian, that just came to mind. Suppose I write the most
09:13 awesome SQL library ever, ever. So here's what you can do. It takes, it takes a connection string and it
09:20 connects to the database. Okay. And then you can issue SQL commands to that database. And I've got all the
09:27 security patched. I've got, I made sure that there's no like SSL vulnerabilities and it's underlying
09:34 communication. Somebody goes and writes that and they write the query select star from users where
09:41 username equals quote plus inputted username, right? Yeah. That would be a SQL injection vulnerability
09:48 just waiting to happen. Is it my fault? They, they concatenated user input and then pass that as trusted
09:56 commands to their database. No, I can, there's no way I could have known that. And yet I, as the writer of
10:02 this awesome, it's called MK SQL, whatever library, I'm now on the hook companies that are, and individuals
10:11 who were, had their data exposed can now sue me directly for providing MK SQL to the world. That's
10:18 what this law says. No. Yeah. And as, and, and so says the existing language makes no differentiation
10:26 between independent authors who have never been paid for the supply of software and corporate tech
10:31 behemoths selling products in exchange for payment to end users. We, the PSF believe that increased
10:38 liability should be carefully assigned to the entity that has entered into a commercial agreement with
10:43 the customer, not the open source people who built the software. Right. So that is.
10:49 I like, I'm going to go, this is terrible. So somebody goes off and like, at looking at a new tool and
10:57 see a typo or something and do a fix or, or even just like, you know, actually help out for a while
11:02 and then move on. They're still going to be liable forever. Like this doesn't make sense.
11:07 That's exactly what it says. So Brandon has the same thought that I had actually out there.
11:12 So I see a new open source license coming and saying that this can be used anywhere but the EU.
11:16 Yeah. I mean, I have 250 GitHub repos. Many of them are private. Some of them are public. Good chunk of
11:22 them are public. And I have a couple of things on PyPI. They're all minor, nothing, you know,
11:27 notable or anything, but they are being used. If this goes into effect, there's a reasonable
11:32 expectation. You know what? Those small libraries, it's not even worth having them. They're just,
11:36 I'm yanking it from PyPI. I haven't come to that decision, but like, why would you want to risk it?
11:42 Yeah. It's a, this is, yeah. So here, that's why we put like this, this software provided as is with
11:48 no warranties. Yeah. And I was actually wondering about that as well. And this kind of goes back to
11:53 what Brandon said and what you just said is, doesn't the license that's a, that's also a legal agreement,
11:58 right? And so when the CRA clashes with the Mozilla open source license, for example, or MIT license or
12:07 whatever, it says kind of what you said, who wins, you know? So it says the PSF does not sell software.
12:14 We provide, but we provide a public square for developers to download code, talk about code
12:19 and host components so that other entities may include it in their software. And so specifically
12:25 people may be wondering like, well, okay, it's all vague. They call out two activities that could be
12:31 affected by the CRA. It says we host and provide the core Python programming language, standard library,
12:36 interpreter to any who wish to use it free of charge. By the way, downloaded over 300 million
12:42 times a day, which is, I had no idea it was that much. That's insane. We host the Python,
12:47 we host PyPI, right? And nobody pays us to do this. None of that. But that's the way the law is
12:55 stated. It's a problem. Let me see if I can find the actual. Yeah. So here we go. We believe there
13:02 are two phrases in the CRA that cast too wide of a net. In article 16, a natural or legal person
13:09 other than the manufacturer, the importer or distributor that carries out substantial modifications.
13:15 So I guess a typo is not it. Substantial modifications of a project with digital elements
13:20 shall be considered a manufacturer for the purpose of this regulation and hence held responsible.
13:25 Secondly, by providing software platform through which the manufacturer monetizes other services
13:32 is not specific enough, right? For example, they say, well, what if you have, you create an open
13:38 source thing, you don't charge for it, but maybe you have classes on it or other types of things,
13:43 right? Then in a sense, in the indirect sense, you're making money and modifying the software.
13:49 So there's just, it's, it's a little bit, I don't know, it feels to me, especially this,
13:56 this line above where they talk about like it, it was, we believe you should distinguish between
14:03 unpaid and independent open source contributors and corporate tech behemoth selling products.
14:10 To me, the GDPR felt very much like we're going after Fang. We're going after Facebook, Google,
14:17 Apple, Microsoft, these big companies that are just harvesting our data reselling. I'm clearly,
14:22 obviously not them, but it was, you know, targeted very much at these large organizations,
14:26 but had consequences for everybody. This seems a little bit similar, right? Not exactly the same,
14:33 but like, look at these huge tech companies are making billions. There's most valuable companies
14:37 in the world and just, they're unleashing viruses on people and they should take, there should be some
14:41 accountability. Yeah. That doesn't, that doesn't really seem to have taken into account like,
14:47 oh, it could also be an extinction level event for open source in Europe. Sounds bad.
14:52 Yeah. Well, I mean, and I don't know where they were coming from, but I kind of, I mean,
14:57 I kind of get the idea of like, let's say for instance, the Google play store or the Apple store
15:02 where, these companies are, are like provided, they're just hosting stuff written by other people,
15:10 but they're taking a 30% cut or more. So it's, I think it's reasonable for customers to expect
15:18 that the stuff they get is not horrible, like a virus or stealing stuff or whatever, or unintentional
15:26 stealing at least. but the, that doesn't, I mean, it seems like this to the two models are the
15:33 same, but they're not, we're not PSF isn't taking it there. Well, they are taking a 30% cut of free.
15:39 but exactly. Yeah. Yeah. I think another area where they probably had this in mind is like
15:47 hardware vendors that have a software component that just let them turn into garbage immediately.
15:52 Like I've got this streaming video camera that'll tell me if something's happening on my house and
15:59 within two weeks it has a vulnerability. There's no updates ever, or I get a router and after a year,
16:04 it's no longer supported and it gets hacked and take over, you know, those kinds of things.
16:09 Totally reasonable. Holding every open source contributor who touches software liable seems
16:16 stupid. Like genuinely, I don't understand what the Eagles, yeah, I don't get it.
16:21 Yeah. So, all right. That, well, anyway, not the best news, but I think it's important to let people
16:30 know, right? Like, at the bottom, there is a call to action that says PSF members and Python
16:37 users in Europe may wish to write to their MEP voicing their concerns about the proposed CRA law
16:45 before April 26th. While amendments that will protect the public open source repositories are
16:50 still being considered. So take action folks. can't really write to them cause I don't have a
16:55 representative in Europe, but I hope people do.
16:58 What's an MEP? I don't know. I have no idea. I'm sure it's like a congressman type of thing.
17:03 And the, the, the link, that we're going to provide in the show notes does have a link that
17:08 the bottom of the article has a, has a link to the, write your MEP. So.
17:12 Yep. Write your MEP. Cool.
17:14 All right. Members of European parliament is that acronym we're looking for.
17:19 What is not trying to wipe out the open source community is our sponsor. In fact,
17:24 quite the opposite. So this episode is, Python Bytes is brought to you by influx data,
17:29 the makers of influx DB. Influx DB is a database purpose built for handling time series data at a
17:36 massive scale for real time analytics and developers can ingest store and analyze all types of time
17:43 series data metrics, events, traces in a single platform. So dear listener, let me ask you a
17:49 question. How would boundless cardinality and lightning fast SQL queries impact the way that
17:54 you develop real-time apps? Influx DB processes, large time series data sets and provides low latency
17:59 SQL queries of not the kind with the plus name, just time series, making it a go-to choice for
18:07 developers building real-time applications and seeking crucial insights for developer efficiency.
18:12 It helps you create IOT analytics and cloud applications using timestamp data rapidly and
18:18 at scale. Influx DB is designed to ingest millions of data points in real time with unlimited cardinality.
18:23 Influx DB streamlines building once and deploying across various products and environments from the
18:30 edge on-premise and to the cloud. So try it for free at pythonbytes.fm/influx DB.
18:36 The link is in your podcast show notes. Thank you to influx data for supporting the show.
18:41 Keeping our podcast going strong. Yeah, thank you. All right. Over to you, Brian.
18:45 Well, I want to create a little chaos.
18:49 Arms? I don't know. Anyway, so chaos engineering.
18:55 Don't be mucking around here, man.
18:55 Yeah, it's all the rage with all the Netflix kids. So chaos engineering is a style of taking down parts of your system or injecting issues into your system just to make sure that your system is resilient. There's a lot of experiment. There's a lot of books on it, articles on it. But how do you do it? What kind of tools do you use? And one of the tools is the chaos.
19:25 That's toolkit that we're highlighting. Now this is suggested by the maintainer. Sylvain. And I'm not going to attempt your last name, Sylvain. But thank you for suggesting this. It's an open source project. That is that works with Python. I don't know what it's written in. But it's a I think it's Python. But I don't know. So the idea is you can run experiments against your system. And you can write those experiments in JSON or YAML files. And so you can run experiments.
19:55 You can orchestrate and collaborate with people. And you can orchestrate through the code. So that's nice. It's extensible. You can build on it. It's got an open API that you can extend it. You can automate it through CI pipelines.
20:11 And like I said, it's all open source. There's a whole bunch of cool stuff you can do with it. I'm just touching the surface. But one of the examples in the documentation, which I can't find right now, but I was reading the other, there's installation tutorials and references.
20:27 But one of the ideas was that I'm like, you should totally, I didn't ever consider this is do an experiment where you have your system running, and then you artificially make an SSL certificate expire.
20:43 How does your system deal with that? And I think that's an awesome thing to highlight, because we've all been there with like a system that we're a third party project that we're using, or our own, we think it's fine. And, and then the SSL certificate expires, and the whole thing just doesn't work for and you lose all your customers until you fix that. So testing for that is great. But there's also other things to like taking down and taking out database or region or whatever. So yeah.
21:11 Yeah. And how do you unit test for that kind of stuff, right? Like, how do you unit test that the SSL certificate's no longer valid? And then it is again, you know, like that kind of stuff, that infrastructure level stuff is really hard. And chaos engineering, I think, largely originated around how do we break the cloud? So that, and then what happens to our app? Not how does our app break, but if the infrastructure pieces that our app expects to be there, if those start to go down in weird ways, like how do you
21:41 survive that?
21:42 Yeah, that's kind of net, I think that came out of Netflix, but maybe they weren't the original original, I certainly was popularized out of Netflix.
21:48 Yeah, so some really cool stuff. And it's at your fingertips with just like a pip install, I think so.
21:55 Excellent. Yes, it is 98% Python, 1% Docker file, and 1% make file. So pure Python.
22:02 Yeah, yeah. So cool stuff. And lots of examples. And there's already examples there. And that's one of the ways they like people to help out is whether or not you extend the tool, extending examples for how to use it to test part of your system. I think that's pretty neat.
22:19 And one of the reasons why I wanted to highlight this is a lot of chaos engineering is around large corporations, like places like Netflix or big services. But there's little guys like Michael Kennedy that's running Talk Python training and a couple podcasts. And we would all be sad if something happened.
22:37 And he can't, he can't, he can't hire reams of people to, to test all this stuff. So having these tools available for, for everybody. And yeah, these things, these tools can be used for companies too. But it's, it's nice to have things like this around for people like you and me.
22:54 Yeah, absolutely. Thanks. I, I do also see it as kind of one of these things that brings like some of the tools and techniques from really large organizations that have a team that could build up custom tools like Netflix to do this kind of stuff.
23:06 You know, kind of like Docker and Kubernetes gives you crazy infrastructure DevOps abilities that used to just live at Google in places like that. Right. So it's a little bit like that for breaking things in your, in your cloud and your infrastructure.
23:19 Yeah. And I, I definitely want to get, I think this is a perfect topic to go deep in on, on test and code. So I'm going to try to get Sylvain on the, on the show to talk about it. We can jump in deeply. So.
23:30 Yeah. That sounds great. I definitely look forward to it.
23:33 Well, what you got for us next?
23:34 I got a pep. Now to be clear, this PEP is in draft standard and it is 12 days old. So it is not super old, but it is PEP 711. This is the tie back to what you started with Brian.
23:48 Sort of a little bit of packaging and managing and deploying Python things like libraries and stuff called PyBI, a standard format for distributing Python binaries.
23:59 So what that really is by Nathaniel Smith. And I'm actually going to have Nathaniel on talk Python in one and a half hours.
24:07 So if you're watching the live version of this and you care about this, you can drop in on that live stream about an hour after this show ends. But if not, if you're just listening, then, you know, check out talk Python.
24:17 If you want to dive into this for the, about the same timeframe. Anyway, the idea is so many of the tools that we work with, including walk.
24:26 I imagine assume that Python is installed and now how do we manage dependencies? How do we manage environments? How do we isolate environments? Right.
24:35 How do we update the dependencies of a given isolated environment? This is steps back a little bit and says, what if you don't have Python?
24:43 What if you have the wrong version of Python? How do we get that to you? What if you could pip install Python 3.11?
24:49 Oh, wait, no, pip install Python 3.12 and just express your runtime as a binary dependency, not download it, compile source like PyInv does, then takes forever.
25:01 Hope that your system is set up right. But how do you, how do you get Python on your system in a way that is kind of like Python wheels?
25:09 So have a bunch of prebuilt binary versions of Python on PyPI. So you literally install it over that. That's the proposal, right? That's the idea.
25:19 So the abstract is short and sweet. It says like wheels, but for prebuilt Python, instead of a prebuilt Python package, it's a prebuilt Python interpreter.
25:29 Okay. So that is pretty interesting. This is the end goal.
25:33 I want this.
25:34 I want it too. And I'll bring up a discuss thread here in just a second.
25:38 End goal pypi.org has prebuilt packages for all Python versions of on all popular platforms.
25:45 So automated tools can easily grab them and set them up. Right.
25:49 So wouldn't it be cool if we could just do that for the Python runtime itself?
25:53 That would also mean, I imagine, that you wouldn't have to be an administrator or have access to run sudo on your system.
26:02 Well, I hope, but maybe.
26:04 Because you can pip install --user, right?
26:08 Oh, yeah.
26:08 So you could just do that to like a local location because you get this isolated little binary.
26:13 And Jeremy Page out there points out that PyBI exists now. It can be installed with the POSI tool.
26:18 So yes, indeed. Jumping over to the announcement, PyBI and POSI by Nathaniel Smith.
26:24 So this is a, I would, looking in from the outside, I would say this is probably a proof of concept level version of this.
26:31 But really, you know, for the PEP to be accepted and for people really to leverage it, I would imagine, you know, you probably need Python.
26:40 Like the full buy-in of the Python folks themselves, right? The core developers and so on, right?
26:46 But anyway, so much like walk POSI, P-O-S-I, POSI, POSI, I don't know.
26:52 That tool would allow you to run CLI commands that initialize your system with the right version.
26:59 Not so much your system, but a particular localized, kind of like virtual environment, even though it doesn't use virtual environment, but give you one of these, right?
27:08 So it's riffing on Kushal's PEP582, which is the Dunder PyPackages folder.
27:18 Instead of having virtual environments, it could just be kind of like a NodePackages equivalent, which I still would like to see that.
27:24 That would be nice.
27:26 So he said, whoops, come back here, said, got me thinking historically, tools that have started with the assumption that you already have Python, now you want a management, means every tool needs to be prepared to cope with every possible way of installing and managing Python.
27:41 And the beginner workflows, beginner-friendly workflows, has to be the part of the interpreter, right?
27:47 So you've got to install the interpreter, make sure you have the right version of Python, and then you can start using, like, let's say, Hatch or Poetry or pip-tools or whatever, right?
27:57 And if your tester wants to use ToxNox, then you're on your own figuring out how to get all those interpreters installed.
28:02 If you use PyNV, that compiles it from source, so that's got to work on your system.
28:07 That's slow, right?
28:08 But what if we went the other way around and just uploaded CPython to PyPI so you could pip install Python?
28:13 So technically, pip won't work because that's part of Python, right?
28:16 So that's what this POSY thing is.
28:20 It lets you basically say, I want this version of Python.
28:23 And you could also build out projects.
28:25 So you can say, I'm going to use various packages, and I want this version of Python.
28:31 And it will bundle up a thing that, when you install it, has the right version of Python and the right packages.
28:38 So it's kind of a step in a pretty interesting direction, I would say.
28:42 You scroll down, down, down, down.
28:45 There are 71 replies in this announcement thread.
28:48 But Paul Moore, one of the core developers on PIP, says, this is beyond awesome.
28:53 I hadn't realized you were actively working on this.
28:55 That's pretty good.
28:56 Frederick says, really nice to see this.
28:59 The direction of the path per package is really the right direction.
29:04 The fact that it requires Rust, the way it is now, it requires having Rust installed, which is kind of just like kicking the having Python installed to a different corner.
29:16 You know, like, oh, you don't have to have Python installed to run this.
29:19 You just have to have the Rust compiler installed.
29:21 You're like, no.
29:22 Why?
29:22 I'm sure that you could compile a binary for a platform and hand it out and say, here's the one for macOS.
29:31 As long as you have this tool on your system, you can run it.
29:34 You don't need the runtime tools, right?
29:36 You could distribute that and let it kind of bootstrap your system, right?
29:39 I imagine.
29:40 Well, yeah, so I got lost with the Posey thing.
29:44 So I'll have to try to read up on this and try to understand what's going on.
29:47 But I guess I don't get it.
29:51 Are we not going to have Pip?
29:53 We're going to have Posey instead?
29:54 Or is this just a, we don't know?
29:56 I need to talk to Nathaniel more about this.
29:59 Okay.
29:59 But from reading this announcement and reading the things, the way to think of it is kind of like Docker.
30:06 Okay.
30:06 So with Docker, you don't create a Docker image and then run it as a container and then decide, oh, I want to make changes.
30:12 So you don't like log into the container and make changes.
30:15 You just shut it down, restart it, rebuild the image with new settings, and then you rerun the container.
30:21 They're a kind of real, right?
30:24 Yeah.
30:25 But this is some of the early phases of trying to figure out the workflows of all this and everything.
30:29 So that's great.
30:30 So what you would do here from what I've read is you would say, I have, I want this version of Python and these dependencies, and it has a lock file and everything.
30:38 You can sort of see down here in this section, it creates a pyproject.toml that describes the environment and some aliases to run it similar as hatch environments.
30:48 And then you run it.
30:49 Right.
30:50 And if there's some kind of change, instead of trying to actually change the environment.
30:54 So there's no virtual environment, for example, there's just, here's the thing you run.
30:57 You want to upgrade a request, say, it's in there.
31:00 You want to upgrade requests.
31:01 You just create a new one of these, a new build of this that has the updated dependency expressed in it.
31:07 And then you run that again.
31:08 Right.
31:09 So you rebuild the environment rather than edit it.
31:13 Right.
31:14 So what, what role is that going back to your question?
31:16 What role does pip have in that?
31:18 Probably less.
31:19 I'm not entirely sure, but maybe pip is involved in the building, but not in the distributing.
31:25 You know what I mean?
31:26 To build up the environment that you would get might, might involve PIP.
31:30 But anyway, it's pretty interesting.
31:32 There's a bunch of comments here that people can, can check out below.
31:36 And it's not universally.
31:38 Absolutely.
31:39 Everyone's like, yes, do this now.
31:42 But most of them are like, this certainly blew my mind.
31:44 Count me in on how, how we could explore to do this.
31:47 And Pimple also points out like, this is somewhat related to Conda, right?
31:52 So Conda is another way that people get different versions of Python and bring along the dependencies.
31:57 And so there's some, some talking here about how this might work together, maybe to be something
32:04 that Conda could use or how those two projects might work together.
32:07 So anyway, it is a PEP 7.11.
32:11 And there is this, I'm going to call it proof of concept.
32:15 Maybe I'm not categorizing that right, but this proof of concept with a POSY tool to make
32:19 this happen.
32:20 I just realized it was 7.11.
32:22 So there needs to be like a Slurpee logo for this.
32:25 Yeah.
32:26 I don't think PEPs generally have logos, but yeah, I certainly.
32:29 Sure.
32:31 I think we might just have some image art for our episode.
32:35 All right.
32:37 Anyway, nice, nice work.
32:38 Nathaniel, talk to you soon about this, but it looks interesting.
32:42 Oh, I'm looking forward to listening to that episode.
32:44 Nice.
32:44 Yeah.
32:45 Cool.
32:45 Is that it for all of our items?
32:47 I believe it is.
32:47 It is.
32:48 Got any extras?
32:49 Extras.
32:51 I just want to let people know that we're going to both be, the plan is, both of us in
32:56 a couple of days are going to be heading off to PyCon.
32:58 And so hopefully people will see us.
33:03 I think on, I think the plan is for Saturday that there's going to be a, a ask me anything
33:09 thing at the PyCharm booth.
33:12 And then following that, I, the current plan that things are, things may change, but the
33:16 current plan is that'll be set sometime Saturday.
33:18 And then also I'm going to be giving away some books.
33:22 So there's going to be some, pie test books giving away and, and I'll be signing
33:27 some.
33:27 So if you happen to be also, if you've got one of the old copies or new copies or whatever,
33:31 it doesn't matter.
33:32 If you want to bring your own for me to sign, go for it.
33:34 I don't know why people want me to write in their book, but sure.
33:37 I'll do it.
33:38 So also gotten some new stickers.
33:40 I'm looking forward to giving those out.
33:43 So, yeah, I don't, I don't have like, I'm not speaking, but if you see me, I'll
33:49 it's fine to interrupt whatever I'm doing and ask for some stickers.
33:52 So, and we will be doing some form of live Python bytes from there, which will not be
33:58 at the standard time because it's over on Tuesday, not on Tuesday.
34:01 It does not intersect any known Tuesday.
34:04 So, yeah.
34:05 So we're going to be doing that.
34:07 Absolutely.
34:07 I'll probably do some other podcast recording.
34:10 I'll be going around.
34:11 I'm also doing an ask me anything, giving away some courses.
34:14 So yeah, should be a lot of fun and do that at the jet brains booth and other live events
34:20 as well.
34:20 So come find us and try to, we'll try to live stream, assuming that the internet is good
34:26 enough there.
34:27 We'll try to live stream our recording.
34:30 There's the people who are not at the conference can still check that out.
34:34 Well, is it joke time?
34:36 Yes, it is joke time.
34:37 It is definitely joke time.
34:39 So, or do you have some extras?
34:40 I don't, good question.
34:42 I don't have any extras.
34:43 I have almost have an extra, but I'm not ready.
34:45 that'll be in the next, next one.
34:47 So, okay.
34:48 Good stuff.
34:50 so this one has to do with interns here and maybe try to describe what you're seeing
34:56 here in this picture, Brian.
34:57 So there's, there's first off, you see like, somebody from like their balcony or something
35:03 looking over at somebody else's balcony and somebody throws like some water or something
35:08 out of their window.
35:09 And then you pan over and there's like a, like a forest fire going.
35:13 A raging Canyon fire in somewhere like California or somewhere like that.
35:17 Right.
35:18 Yeah.
35:19 So there's, it clearly requires at least a fire truck, if not one of those airplanes
35:24 that come by and drops water.
35:25 So there's the, the water is just, you know, like a mixing bowl worth of water.
35:30 And the title is intern helping senior devs fix a severe bug in production.
35:36 Yeah.
35:37 It's like, it's, and also the, the, the other title is that it's the effort that counts.
35:42 So, and this is good and it is funny and make you laugh, but there are 43 really good comments.
35:49 So there's different things that says, okay.
35:53 So someone comments when I was an intern, I get paged during the night as an escalation when
35:59 the senior engineers couldn't fix production because they didn't know how.
36:02 Yeah.
36:03 It was a crappy company.
36:04 And then someone replies, plan A, check if someone supplied a solution on Stack Overflow.
36:10 Plan B, it was the intern.
36:11 Place the blame there.
36:13 I like, but it's not water.
36:16 It's gasoline.
36:16 Yeah.
36:17 It's not water.
36:18 It's gasoline.
36:18 That is actually really, really good.
36:20 I love it so much.
36:21 So another one follow up that is actually the intern knows way too much about the problem,
36:27 probably involved in causing it.
36:29 Yeah.
36:32 So anyway, it's, the joke is funny.
36:35 The conversations throughout the comments here on Reddit are, they're fantastic.
36:40 So I encourage you to go check out that joke.
36:42 Yeah.
36:42 Funny.
36:43 Nice.
36:43 All right.
36:44 Well, Brian, thanks for being here.
36:47 Thanks to everyone.
36:47 Thank you.
36:48 Who participated in the live stream and just for showing up and listening.
36:52 We really, really do appreciate it.
36:53 Yeah.
36:54 We do.
36:54 Yep.