Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book


Transcript #332: A Python, a Slurpee, and Some Chaos

Return to episode page view on github
Recorded on Tuesday, Apr 18, 2023.

00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.

00:05 This is episode 332, recorded Tuesday, April 18th, 2023.

00:11 I'm Michael Kennedy.

00:12 And I am Brian Okken.

00:14 And this episode is brought to you by InfluxDB from InfluxData.

00:17 We will tell you more about them later.

00:19 Connect with us over on Mastodon.

00:22 We're all on Fastadon, @mkennedy, @brianocken, and @pythonbytes.

00:27 And you want to be part of the live show, Python by set FM slash live, crush that bell, and you'll get notified when we go live, usually Tuesday 11am Pacific time like it is now.

00:38 >>Well, just a reminder that I think it's really important for people to subscribe because sometimes it's not at Tuesday at 11, usually, but sometimes it's not.

00:48 So get notified.

00:49 First, I want to talk about, I don't know, H-U-A-K.

00:53 It's a project.

00:54 I think it's WAC?

00:55 >>WAC.

00:56 I would guess walk. Yeah.

00:58 Walk.

00:58 Walk. I'm not sure.

01:00 But it was suggested to us by Owen on Mastodon.

01:05 So thank you, Owen.

01:06 And I gave a look at this.

01:09 So this walk is a Python package manager written in Rust.

01:14 So we've got a lot of tools in Python now getting written in Rust.

01:19 And I think it's cool.

01:21 I mean, why not?

01:21 So anyway, it's inspired by Cargo.

01:24 And actually, so my first, I've tried this twice so far.

01:29 And my first take on it was not as, was sort of lukewarm, but I tried it again today.

01:36 And there's some really cool stuff here.

01:37 So I wanna like highlight a few things.

01:40 There's some decent documentation, but it's just the early stages of the project.

01:48 I don't know how old it is, but they have a disclaimer that it's in an experimental state.

01:53 but I think there's a bunch of it that's already quite usable.

01:56 It's just a pip install, but it installs the rest tools and stuff with it.

02:01 And you can create a new project and init a project.

02:04 And that's where like the people are picky about what goes in your project TOML, or PyProject TOML.

02:11 And I am picky also.

02:12 So the init isn't quite exactly what I would want, but it's pretty good.

02:18 So it's a decent mix where it's initializing, but there's so much more you can do.

02:23 So if I go to the, let's go to the main documentation.

02:25 These are all the work.

02:26 - I just wanna comment on something right there.

02:29 Notice the clock distinguishes between library and application like projects.

02:34 Projects default to library type, but you can pass a --app flag.

02:39 And I think that is pretty excellent because so many of these tools, they either have a tendency for, you know, like pipenv seems to have a tendency for apps where some of the others have tendencies for libraries.

02:52 And you don't really want to say, well, my tool can only be used for building libraries, but not apps, like pinning specific versions versus greater than type of versions and that kind of stuff in your file.

03:04 So I think that that's a cool aspect they've considered here.

03:06 >>It is, and I'll be curious to know what that affects, what it affects downstream.

03:14 So we'll have to play with that.

03:16 So apparently there's a no VCS flag so that you can generate projects without Git, which is cool.

03:24 But the assumption is it's gonna be Git and the assumption is it's a, well, right, the assumption is a library but it can do applications too.

03:31 Nice.

03:33 So the, yeah, there's, so things like, once you have it initialized, there's other stuff that I didn't even think that a workflow tool would be good for.

03:43 But this is pretty cool, like adding a dependency.

03:46 Poetry does this sort of a thing where you can say, add some dependency and it adds it to your PyProject.

03:53 TOML, this does that, but it's nice that it's, I don't know, it's just the workflow seems nicer to me.

04:00 You can activate a virtual environment even if you didn't create it with this tool, which is pretty nice.

04:08 You can use, I'm going to go through the list.

04:11 The list is pretty big.

04:12 You can add a dependency, you can build your project in it.

04:15 I tried the build and it builds it, it creates a new virtual environment and builds it in a fresh virtual environment.

04:22 That's a really clean way.

04:23 It's like building with talks almost.

04:25 It's a real clean way to build. It's cool.

04:28 Completion generating a shell completion.

04:32 I'm not sure I need that, but oh well.

04:34 Cleaning everything.

04:35 When you're working with projects, sometimes you just have tons of stuff around.

04:39 A clean option is pretty nice.

04:41 Linting and fixing lint.

04:44 And so I tried this, I'm like, okay, I have this new project, tried linting, and at first, one of the things it did is it installed Ruff right off the bat, and then ran it, which is cool.

04:55 The other thing I thought was pretty neat when I added something, so I added pytest to a project, and that added pytest to the dependency list, but it also installed it in my virtual environment.

05:08 So it figures, you don't have it yet, let's install it.

05:11 So there's a whole bunch of these things like publishing.

05:14 So it's kind of a poetry-like thing, but if poetry doesn't really float your boat, maybe this does.

05:22 Most of this works for me.

05:23 And actually, to be honest, the stuff I've worked with so far, I think this is as close as reading my mind as any workflow tool has gotten so far.

05:34 So this is pretty cool, pretty close to what I was thinking about as a cool thing.

05:38 Even lists Python versions.

05:40 So if you say, Huac, I got to understand the name.

05:45 Because my brain, even if I don't talk about it, my brain needs to know what to call it.

05:50 And so if you say Python list, it'll list all the Python versions on your machine that it can find.

05:56 So it's kind of cool.

05:57 Yeah, cool.

05:58 Also, it has update to update the project's dependencies, which is pretty neat.

06:02 Which probably updates the pin numbers and stuff.

06:04 Kind of like pip tools, pip-compile.

06:07 Yeah, I tried update first, and it said you don't have any dependencies yet.

06:11 So I'm like, okay, well, I'll add some dependencies.

06:14 Yeah, pretty cool.

06:16 >> I can get by and checking this out.

06:18 This looks pretty neat.

06:19 It's going to be a bit of a theme on this show with what I got coming up as well.

06:24 Although we didn't coordinate this, it is.

06:27 Panful out there by the way just has a bit of nightmares about pre-force when here's no get.

06:32 I could also go for source safe or any of these other types of systems that like lock a file.

06:38 the centralized version control.

06:41 Someone locks a file because they're editing it, then they go on vacation. It's always a good time.

06:44 >> Yeah. The no Git part, it's important to me for somebody trying stuff out because if I'm just trying a bunch of stuff out, playing with a project, sometimes I want to see how the whole build and the whole workflow works without actually setting up a Git repo.

07:01 >> Yeah.

07:02 >> So I'm cool with it.

07:03 >> Yeah.

07:03 >> Anyway.

07:04 >> Cool. All right.

07:06 Well, we're not going to start with more packaging.

07:08 Let's start with law.

07:10 And I suppose as usual, we should say we're not lawyers.

07:13 Don't take our advice, but that's certainly not mine.

07:16 But I'll tell you, there's a blog post written by PSF over on pyfan.blogspot.com.

07:24 It still kind of blows my mind that PSF doesn't have its own domain for blog posts, but anyway, the EU proposes proposed CRA law may have unintended consequences for the Python ecosystem.

07:37 So we've talked about this before.

07:39 just bringing awareness to what that law, the cyber resilience act, basically holding companies liable for shipping bugs and vulnerabilities in their code in Europe has for the open source ecosystem.

07:52 And so the PSF has come out with a strong statement of this is broken.

07:58 If you don't fix it, bad, bad things are going to happen.

08:01 I'll jump ahead just a little bit before we go along.

08:04 It says, let's see if I can find the phrase here.

08:08 This as written would make it impossible in practice for the PSF to continue to provide Python and the PyPI ecosystem to the European public.

08:17 Sound bad?

08:18 That sounds kind of bad to me.

08:20 Like, hey Europe, how about we just cut Python off?

08:23 Ironically, dear Python, you were invented there, but too bad because you hate it.

08:28 So let's go through what the PSF says.

08:32 I've already highlighted this, some of these issues.

08:35 I think maybe even Pimple is the one that sent this over.

08:37 I can't remember exactly who sent it over in the beginning.

08:39 But so their blog post starts out and says, "The PSF has found issues that put the mission of their organization and the health of the open-source software community at risk through the Cyber Resilience Act, CRA." Says, "If the proposed law is enforced as it's currently written, and the authors of open source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial project.

09:09 So let me give you something really simple, Brian, that just came to mind.

09:11 Suppose I write the most awesome SQL library ever, ever.

09:16 So here's what you can do.

09:18 It takes a connection string and it connects to the database, okay?

09:22 And then you can issue SQL commands to that database.

09:25 And I've got all the security patched.

09:28 I've got, I made sure that there's no like SSL vulnerabilities in its underlying communication.

09:35 Somebody goes and writes that and they write the query, select star from users where username equals quote plus inputted username, right?

09:47 That would be a SQL injection vulnerability just waiting to happen.

09:50 Is it my fault?

09:52 They concatenated user input and then pass that as trusted commands to their database?

09:57 No, I, there's no way I could have known that.

09:59 And yet I, as the writer of this awesome, it's called MK SQL, whatever library, I'm now on the hook companies that are, and individuals who were, had their data exposed can now sue me directly for providing MK SQL to the world.

10:17 That's what this law says.

10:19 No.

10:19 Yeah.

10:20 And as, and, and so says the existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payment to end users.

10:35 We, the PSF believe that increased liability should be carefully assigned to the entity that has entered into a commercial agreement with the customer, not the open source people who built the software.

10:47 Right.

10:47 So that is, I like, I'm going to go, this is terrible.

10:53 So somebody goes off and like looking at a new tool and they see a typo or something and do a fix or, or even just like, you know, actually help out for a while and then move on.

11:03 They're still going to be liable forever.

11:05 Like this doesn't make sense.

11:07 That's exactly what it says.

11:08 So Brandon has the same thought that I had actually out there.

11:12 So I see a new open source license coming saying that this can be used anywhere, but the EU.

11:16 Yeah.

11:16 I mean, I have 250 GitHub repos.

11:19 Many of them are private.

11:20 Some of them are public.

11:22 Good chunk of them are public.

11:23 I have a couple of things on PyPI.

11:25 They're all minor, nothing notable or anything, but they are being used.

11:29 If this goes into effect, there's a reasonable expectation that I say, "You know what?

11:33 Those small libraries, it's not even worth having them.

11:36 I'm yanking it from PyPI.

11:38 I haven't come to that decision, but why would you want to risk it?" >> Yeah.

11:44 >> Yeah.

11:45 >> That's why we put this software provided as is with no warranties.

11:49 >> Yeah. I was actually wondering about that as well.

11:52 And this kind of goes back to what Brandon said and what you just said is, doesn't the license, that's also a legal agreement, right?

11:59 And so when the CRA clashes with the Mozilla open source license, for example, or MIT license or whatever that says kind of what you said, who wins?

12:10 So it says the PSF does not sell software, but we provide a public square for developers to download code, talk about code and host components so that other entities may include it in their software.

12:23 And so specifically, people may be wondering like, well, okay, it's all vague.

12:28 They call out two activities that could be affected by the CRA.

12:32 It says, "We host and provide the core Python programming language, standard library and interpreter to any who wish to use it free of charge." By the way, downloaded over 300 million times a day, which is, I had no idea it was that much, that's insane.

12:46 We host the Python, we host PyPI, right?

12:49 And nobody pays us to do this, none of that, but that's the way the law is stated, it's a problem.

12:57 Let me see if I can find the actual, yeah, so here we go.

13:01 We believe there are two phrases in the CRA that cast too wide of a net.

13:06 In article 16, a natural or legal person, other than the manufacturer, the importer or distributor that carries out substantial modifications.

13:15 So I guess the typo is not it.

13:17 Substantial modifications of a project with digital elements shall be considered a manufacturer for the purpose of this regulation and hence held responsible.

13:25 Secondly, by providing software platform through which the manufacturer monetizes other services is not specific enough, right?

13:34 For example, they say, well, what if you have, you create an open source thing, you don't charge for it, but maybe you have classes on it or other types of things, right?

13:44 Then in a sense, in the indirect sense, you're making money and modifying the software.

13:49 So it's a little bit, I don't know, it feels to me, especially this line above where they talk about, like it was, we believe you should distinguish between unpaid and independent open source contributors and corporate tech behemoths selling products.

14:10 To me, the GDPR felt very much like we're going after FANG.

14:15 We're going after Facebook, Google, Apple, Microsoft, these big companies that are just harvesting our data, reselling-- clearly, obviously, not them.

14:23 But it was targeted very much at these large organizations, but had consequences for everybody.

14:28 This seems a little bit similar, right?

14:32 Not exactly the same, but like, look at these huge tech companies.

14:34 They're making billions.

14:35 They're the most valuable companies in the world, and just they're unleashing viruses on people, and there should be some accountability.

14:42 that doesn't really seem to have taken into account, like, oh, it could also be an extinction level event for open source in Europe.

14:51 Sounds bad.

14:52 - Yeah, well, I mean, I don't know where they were coming from, but I kinda get the idea of, let's say, for instance, the Google Play Store or the Apple Store, where these companies are provided, they're just hosting stuff written by other people, but they're taking a 30% cut or more.

15:14 So I think it's reasonable for customers to expect that the stuff they get is not horrible, virus or stealing stuff or whatever, or unintentional stealing at least.

15:27 But that doesn't, I mean, it seems like the two models are the same, but they're not.

15:35 PSF isn't taking it, well, they are taking a 30% cut of free.

15:39 But.

15:42 - Exactly.

15:43 Yeah, I think another area where they probably had this in mind is like hardware vendors that have a software component that just let them turn into garbage immediately.

15:52 Like I've got this streaming video camera that'll tell me if something's happening on my house and within two weeks it has a vulnerability and there's no updates ever.

16:02 Or I get a router and after a year it's no longer supported and it gets hacked and take over.

16:08 You know, those kinds of things, totally reasonable.

16:11 Holding every open source contributor who touches software liable seems stupid.

16:17 Like genuinely, I don't understand what the ecosystem--

16:20 - Don't get it, what they're trying to do.

16:22 - So, all right.

16:24 That, well anyway, not the best news, but I think it's important to let people know, right?

16:31 Like at the bottom there is a call to action that says PSF members and Python users in Europe may wish to write to their MEP voicing their concerns about their proposed CRA law before April 26th, while amendments that will protect the public open source repositories are still being considered.

16:51 So take action, folks.

16:53 Can't really write to them 'cause I don't have a representative in Europe, but I hope people do.

16:58 - What's an MEP?

16:59 Is that something you already know?

17:00 - I don't know, I have no idea.

17:01 I'm sure it's like a congressman type of thing.

17:03 - And the link that we're gonna provide in the show notes does have a link at the bottom of the article has a link to the, right, you're in MAP, so.

17:13 - Yep, right, you're in MAP.

17:14 - Cool. - All right.

17:15 Members of European Parliament, is that acronym we're looking for.

17:19 What is not trying to wipe out the open source community is our sponsor, in fact, quite the opposite.

17:26 So this episode of PhytonBytes is brought to you by Influx Data, the makers of InfluxDB.

17:32 InfluxDB is a database purpose-built for handling time series data at a massive scale for real-time analytics.

17:39 And developers can ingest, store, and analyze all types of time series data, metrics, events, traces in a single platform.

17:47 So, dear listener, let me ask you a question.

17:49 How would boundless cardinality and lightning-fast SQL queries impact the way that you develop real-time apps?

17:55 InfluxDB processes large time series data sets and provides low-latency SQL queries not the kind with the plus name, just time series, making it a go-to choice for developers building real-time applications and seeking crucial insights.

18:11 For developer efficiency, it helps you create IoT, analytics, and cloud applications using timestamp data rapidly and at scale.

18:18 InfluxDB is designed to ingest millions of data points in real time with unlimited cardinality.

18:24 InfluxDB streamlines building once and deploying across various products and environments from the edge, on-premise, and to the cloud.

18:32 So try it for free at pythonbytes.fm/influxdb.

18:36 The link is in your podcast show notes.

18:39 Thank you to Influx Data for supporting the show and keeping our podcast going strong.

18:44 - Yeah, thank you.

18:45 - All right, over to you, Brian.

18:46 - Well, I wanna create a little chaos.

18:49 (laughs)

18:52 Arms, I don't know.

18:53 Anyway, so Chaos Engineering.

18:55 - Don't be mucking around here, man.

18:56 - Yeah, it's all the rage with all the Netflix kids.

19:00 But so chaos engineering is a style of taking down parts of your system or injecting issues into your system just to make sure that your system is resilient.

19:14 There's a lot of experiment.

19:15 There's a lot of books on it, articles on it.

19:19 But how do you do it?

19:22 What kind of tools do you use?

19:23 And one of the tools is the chaos toolkit that we're highlighting now.

19:28 This was suggested by the maintainer, Sylvain.

19:32 And I'm not going to attempt your last name, Sylvain.

19:35 But thank you for suggesting this.

19:37 It's an open source project that works with Python.

19:42 I don't know what it's written in.

19:43 But I think it's Python, but I don't know.

19:46 So the idea is you can run experiments against your system, and you can write those experiments in JSON or YAML files.

19:54 And so you can orchestrate and collaborate with people.

19:57 and you can orchestrate through the code.

19:59 So that's nice.

20:00 It's extensible, you can build on it.

20:03 It's got an open API that you can extend it.

20:09 You can automate it through CI pipelines.

20:11 And like I said, it's all open source.

20:13 There's a whole bunch of cool stuff you can do with it.

20:16 I'm just touching the surface, but one of the examples in the documentation, which I can't find right now, but I was reading the other, There's installation tutorials and references.

20:27 But one of the ideas was that I'm like, you should totally, I didn't ever consider this, is do an experiment where you have your system running, and then you artificially make an SSL certificate expire.

20:43 How does your system deal with that?

20:45 I think that's an awesome thing to highlight because we've all been there.

20:50 Like a system that we're a third party project that we're using or our own, we think it's fine.

20:57 And and then the SSL certificate expires and the whole thing just doesn't work for and you lose all your customers until you fix that. So testing for that is great. But there's lots of other things too, like taking down, taking out a database or a region or whatever. So yeah. And how do you unit test for that kind of stuff, right? Like how do you unit test that the SSL certificates it's no longer valid.

21:20 And then it is again.

21:21 That kind of stuff, that infrastructure level stuff is really hard.

21:24 And chaos engineering, I think, largely originated around how do we break the cloud so that, and then what happens to our app.

21:33 Not how does our app break, but if the infrastructure pieces that our app expects to be there, if those start to go down in weird ways, like how do you survive that, right?

21:42 That's kind of, I think that came out of Netflix, but maybe they weren't the original original.

21:46 It certainly was popularized out of Netflix.

21:49 - Yeah, so some really cool stuff.

21:51 And it's at your fingertips with just like a pip install, I think.

21:56 - Excellent, yes, it is 98% Python, 1% Dockerfile, and 1% Makefile, so pure Python.

22:03 - Yeah, so cool stuff.

22:04 And lots of examples, and there's already examples there.

22:08 And that's one of the ways they like people to help out is whether or not you extend the tool, extending examples for how to use it to test part of your system.

22:18 I think that's pretty neat.

22:19 And we've got, and one of the reasons why I wanted to highlight this is a lot of chaos engineering is around large corporations, like places like Netflix or big services.

22:28 But there's little guys like Michael Kennedy that's running Talk Python Training and a couple podcasts.

22:35 And we would all be sad if something happened.

22:38 And he can't hire reams of people to test all this stuff.

22:44 So having these tools available for everybody.

22:47 And yeah, these tools can be used for companies too, but it's nice to have things like this around for people like you and me.

22:54 - Yeah, absolutely, thanks.

22:55 I do also see it as kind of one of these things that brings like some of the tools and techniques from really large organizations that have a team that could build up custom tools like Netflix to do this kind of stuff.

23:07 You know, kind of like Docker and Kubernetes gives you crazy infrastructure DevOps abilities that used to just live at Google and places like that.

23:15 So it's a little bit like that for breaking things in your cloud and your infrastructure.

23:19 - And I definitely want to get, I think this is a perfect topic to go deep in on, on test and code, so I'm going to try to get Silvain on the show to talk about it.

23:29 We can jump in deeply.

23:30 - Yeah, that sounds great.

23:32 I definitely look forward to it.

23:33 - Well, what you got for us next?

23:34 - I got a pep.

23:35 Now to be clear, this PEP is in draft standard and it is 12 days old.

23:42 So it is not super old, but it is PEP 7.11.

23:46 This is the tie back to what you started with Brian, sort of a little bit of packaging and managing and deploying Python things like libraries and stuff called PyBI, a standard format for distributing Python binaries.

23:59 So what that really is by Nathaniel Smith and I'm actually gonna have Nathaniel on Talk Python in one and a half hours.

24:07 So if you're watching the live version of this and you care about this, you can drop in on that live stream about an hour after this show ends.

24:14 But if not, if you're just listening, then check out Talk Python if you wanna dive into this for about the same timeframe.

24:20 Anyway, the idea is so many of the tools that we work with, including WOC, I imagine, assume that Python is installed, and now how do we manage dependencies?

24:31 How do we manage environments?

24:33 How do we isolate environments, right?

24:35 How do we update the dependencies of a given isolated environment?

24:39 This is steps back a little bit and says, what if you don't have Python?

24:43 What if you have the wrong version of Python?

24:45 How do we get that to you?

24:46 What if you could pip install Python 3.11?

24:49 Oh wait, no, pip install Python 3.12 and just express your runtime as a binary dependency, not download it, compile source like pyenv does and then takes forever.

25:01 hope that your system is set up right.

25:03 But how do you get Python on your system in a way that is kind of like Python wheels?

25:09 So have a bunch of pre-built binary versions of Python on PyPI.

25:15 So you literally install it over that.

25:17 That's the proposal, right?

25:18 That's the idea.

25:19 So the abstract is short and sweet.

25:22 It says like wheels, but for pre-built Python, instead of a pre-built Python package, it's a pre-built Python interpreter.

25:28 Okay, so that is pretty interesting.

25:32 >> I want this.

25:34 >> I want it too, and I'll bring up a discuss thread here in just a second.

25:38 Ingolepypi.org has pre-built packages for all Python versions on all popular platforms.

25:45 So automated tools can easily grab them and set them up.

25:48 So wouldn't it be cool if we could just do that for the Python runtime itself?

25:53 That would also mean, I imagine that you wouldn't have to be an administrator or have access to run sudo on your system.

26:02 - Well, I hope, but maybe.

26:05 - Because you can pip install --user, right?

26:08 So you could just do that to like a local location 'cause you get this isolated little binary.

26:13 And Jeremy Page out there points out that PyBI exists now, can be installed with the Posi tool.

26:18 So yes, indeed.

26:19 Jumping over to the announcement, PyBI and Posi by Nathaniel Smith.

26:24 So this is a, I would, looking in from the outside, I would say this is probably a proof of concept level version of this.

26:32 But really, you know, for the PEP to be accepted and for people really to leverage it, I would imagine, you know, you probably need Python, like the full buy-in of the Python folks themselves, right?

26:44 The core developers and so on, right?

26:46 But anyway, so much like WOC, POSY, P-O-S-Y, POSY, POSY, I don't know.

26:52 that tool would allow you to run CLI commands that initialize your system with the right version.

26:59 Not so much your system, but a particular localized, kind of like virtual environment, even though it doesn't use virtual environment, but give you one of these, right?

27:08 So it's riffing on Cushall's PEP582, which is the DunderPi packages folder.

27:18 Instead of having virtual environments, it could just be kind of like a node packages equivalent, which I'm, I still would like to see that.

27:25 That would be nice.

27:26 So he said, whoops, come back here.

27:28 Said, "Got me thinking historically, "tools that have started with the assumption "that you already have Python, "now you want a management, "means every tool needs to be prepared "to cope with every possible way "of installing and managing Python.

27:41 "And the beginner workflows, "beginner-friendly workflows, "has to be the part of the interpreter, right?

27:47 "So you've got to install the interpreter, make sure you're the right version of Python, and then you can start using, like, let's say, Hatch or Poetry or pip-tools or whatever, right?

27:57 And if your tester wants to use ToxNOX, then you're on your own figuring out how to get all those interpreters installed.

28:02 If you use PyNV, that compiles it from source, so that's gotta work on your system, that's slow, right?

28:08 But what if we went the other way around and just uploaded CPython to PyPI so you could pip install Python?

28:13 'Cause technically, pip won't work 'cause that's part of Python, right?

28:17 So that's what this Posey thing is.

28:20 It lets you basically say, I want this version of Python, and you could also build out projects.

28:25 So you can say, I'm going to use various packages, and I want this version of Python, and it will bundle up a thing that when you install it, has the right version of Python and the right packages.

28:37 So it's a step in a pretty interesting direction, I would say.

28:42 You scroll down, down, down, down.

28:45 There are 71 replies in this announcement thread.

28:48 But Paul Moore, one of the core developers on pip says, "This is beyond awesome.

28:53 I hadn't realized you were actively working on this.

28:55 That's pretty good." Frederick says, "Really nice to see this.

28:59 The direction of the path per package is really the right direction." The fact that it requires Rust, the way it is now, it requires having Rust installed, which is just like kicking the having Python installed to a different corner, like, "Oh, you don't have to have Python installed to run this.

29:19 You just have to have the Rust compiler installed." You're like, "No, why?" I'm sure that you could compile a binary for a platform and hand it out and say, "Here's the one for macOS." Long as you have this tool on your system, you can run it.

29:34 You don't need the runtime tools.

29:35 You could distribute that and let it bootstrap your system, I imagine.

29:39 >> Yeah.

29:40 >> Yeah.

29:40 >> Well, yeah. I got lost with the Posi thing.

29:44 I'll have to try to read up on this and try to understand what's going on.

29:47 But I get that.

29:50 I guess I don't get it.

29:51 Are we are we not going to have Pip?

29:53 We're going to have Posey instead, or is this just a we don't know?

29:56 I need to talk to Nathaniel more about this.

29:59 But it it from reading this announcement and reading the things it the way to think of it is kind of like Docker.

30:06 OK, so with Docker, you don't create a Docker image and then run it as a container and then decide, oh, I want to make changes.

30:12 so you don't like log into the container and make changes.

30:15 You just shut it down, restart it, rebuild the image with new settings, and then you rerun the container.

30:22 There are kind of a read only, right?

30:25 >> Yeah. But this is the early phases of trying to figure out the workflows of all this and everything.

30:29 >> Right. So what you would do here from what I've read is you would say, I want this version of Python and these dependencies and it has a lock file and everything.

30:38 You can see down here in this section.

30:40 It creates a pyproject.toml that describes the environment and some aliases to run it, similar as Hatch environments, and then you run it.

30:49 Right? And if there's some kind of changes, instead of trying to actually change the environment, so there's no virtual environment, for example, there's just, here's the thing you run.

30:57 You want to upgrade a request, say, it's in there, you want to upgrade requests.

31:01 You just create a new one of these, a new build of this that has the updated dependency expressed in it and then you run that again.

31:08 Right.

31:09 So you rebuild the environment rather than edit it.

31:13 Right.

31:14 So what, what role is that going back to your question?

31:16 What role does pip have in that?

31:18 Probably less.

31:19 I'm not entirely sure, but maybe pip is involved in the building, but not in the distributing, you know what I mean?

31:26 To like build up the environment that you would get might, might involve PIP.

31:30 But anyway, it's pretty interesting.

31:32 There's a bunch of comments here that people can, can check out below.

31:36 And it's not universally, absolutely.

31:40 Everyone's like, yes, do this now.

31:42 But most of them are like, this certainly blew my mind, kept me in on how we could explore to do this.

31:47 And Penful also points out, like this is somewhat related to Conda, right?

31:52 So Conda is another way that people get different versions of Python and bring along the dependencies.

31:58 And so there's some talking here about how this might work together, maybe to be something that Conda could use or how those two projects might work together.

32:07 So anyway, it is a PEP 711, and there is this, I'm gonna call it proof of concept.

32:15 Maybe I'm not categorizing that right, but there's proof of concept with a Posey tool to make this happen.

32:20 - I just realized it was 711.

32:22 So there needs to be like a Slurpee logo for this.

32:25 - Yeah, I don't think PEPs generally have logos, but yeah, I certainly think we might just have some image art for our episode.

32:37 All right, anyway, nice work, Nathaniel.

32:40 Talk to you soon about this, but it looks interesting.

32:42 >> I'm looking forward to listening to that episode.

32:44 Nice.

32:45 >> Yeah.

32:45 Is that it for all of our items?

32:47 I believe it is.

32:48 >> It is.

32:49 >> Got any extras?

32:50 >> Extras, I just want to let people know that we're going to both be, the plan is both of us in a couple days are going to be heading off to PyCon.

32:59 And so hopefully people will see us.

33:03 I think the plan is for Saturday that there's gonna be a Ask Me Anything thing at the PyCharm booth.

33:12 And then following that, the current plan, things may change, but the current plan is that'll be sometime Saturday.

33:19 And then also, I'm gonna be giving away some books.

33:22 So there's gonna be some pytest books giving away, and I'll be signing some.

33:27 So if you happen to be, also if you've got one of the old copies or new copies or whatever, it doesn't matter.

33:32 If you wanna bring your own for me to sign, go for it.

33:35 I don't know why people want me to write in their book, but sure, I'll do it.

33:39 So also gotten some new stickers.

33:40 I'm looking forward to giving those out.

33:43 So I don't have like, I'm not speaking, but if you see me, it's fine to interrupt whatever I'm doing and ask for some stickers.

33:53 - And we will be doing some form of live Python bytes from there, which will not be at the standard time because it's over.

34:00 - Because it's not on Tuesday.

34:01 - Not on Tuesday.

34:02 It does not intersect any known Tuesday.

34:04 So yeah, so we're gonna be doing that.

34:07 Absolutely, I'll probably do some other podcast recording.

34:10 I'll be going around.

34:11 I'm also doing an Ask Me Anything, giving away some courses.

34:14 So yeah, should be a lot of fun.

34:17 And yeah, I'll do that at the JetBrains booth and other live events as well.

34:21 So come find us and we'll try to livestream, assuming that the internet is good enough there.

34:27 We'll try to live stream our recording there so the people who are not at the conference can still check that out.

34:34 >> Well, is it joke time?

34:36 >> Yes, it is joke time.

34:37 It is definitely joke time.

34:39 >> Or do you have some extras?

34:41 >> I don't. Good question. I don't have any extras.

34:43 I almost have an extra but I'm not ready.

34:45 That'll be in the next one.

34:48 >> Okay.

34:48 >> Good stuff. So this one has to do with interns here.

34:53 Maybe try to describe what you're seeing here in this picture, Brian.

34:57 - So there's, first off you see like somebody from like their balcony or something looking over at somebody else's balcony and somebody throws like some water or something out of their window and then you pan over and there's like a forest fire going.

35:14 - A raging canyon fire in somewhere like California or somewhere like that, right?

35:18 - Yeah.

35:19 - So there's, it clearly requires at least a fire truck if not one of those airplanes that come by and drops water.

35:26 So the water is just like a mixing bowl worth of water.

35:30 The title is, "In turn helping senior devs fix a severe bug in production." Also, the other title is, "It's the effort that counts." This is good and it is funny and it'll make you laugh, but there are 43 really good comments.

35:50 There's different things that says, okay, so someone comments, "When I was an intern, I get paged during the night as an escalation when the senior engineers couldn't fix production because they didn't know how." Yeah, it was a crappy company.

36:05 Then someone replies, "Plan A, check if someone supplied a solution on Stack Overflow.

36:10 Plan B, it was the intern." Place the blame there.

36:13 >> I like, but it's not water, it's gasoline.

36:17 >> Yeah, it's not water, it's gasoline.

36:18 That is actually really, really good.

36:20 I love it so much.

36:21 So another one follow up that is actually the intern knows way too much about the problem, probably involved in causing it.

36:29 Yeah.

36:32 So anyway, it's the joke is funny.

36:35 The, the conversations throughout the comments here on Reddit are, they're fantastic.

36:40 So I encourage you to go check out that joke.

36:42 Funny.

36:43 Nice.

36:44 All right.

36:44 Well, Brian, thanks for being here.

36:47 Thanks to everyone.

36:48 who participated in the live stream and just for showing up and listen, we really, really do appreciate it.

36:53 Yeah, we do.

36:54 Yep.

36:55 See y'all.

Back to show page