Transcript #377: A Dramatic Episode
Return to episode page view on github00:00 Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your
00:04 earbuds. This is episode 377, recorded April 2nd, 2024, so it's not an April Fool's joke.
00:12 And I am Brian Okken.
00:13 I am Michael Kennedy.
00:14 This episode is sponsored by Scout APM. Please listen to their segment later in the show.
00:21 If you want to connect with us, we're at Fostadon on Mastodon, at Adam Kennedy, at Brian Okken, and at Python Bytes@Fostadon.org.
00:30 And if you'd like to join us live for the live show, show up at pythonbytes.fm/live.
00:36 Actually, you can just go there anytime and it tells you when the next recording is,
00:40 so you can put it on your calendar.
00:42 And finally, if you want an artisanal, handcrafted digest of every week of show notes in your email,
00:50 so maybe you don't want to take notes while you're listening, or you miss an episode,
00:55 you can get it right in your email.
00:56 Just go to the pythonbytes.fm and look for "Friends of the Show" and you'll get an email too.
01:03 Yeah, that's a cool thing we just started doing.
01:05 So if you want to just, you don't have time to listen or you forget to show up for an episode,
01:10 it'll just show up.
01:11 I love the artisanal part, Brian. Well done on that.
01:13 It's very craftsman-like.
01:16 Yeah, anyway.
01:18 I just want to talk about Paths today. Can we just talk about Paths?
01:21 Yeah, just Paths. Nothing else.
01:23 Nothing, just Paths.
01:25 Actually, that's what it's called, just Paths.
01:27 Okay, so here's a tool that is built in Python and just, it's just a language.
01:33 It's 1.2% just.
01:35 I don't know, this is too meta.
01:37 Anyway, it's a quick CLI tool built with Python.
01:41 And when you hear that, the first thing you should think is, "PipX, install the thing,"
01:46 because that's how you install CLI tools for Python, right?
01:50 It gets managed on its own.
01:51 It gets, it's upgradable through PipX and all the things.
01:54 They made a little mistake here.
01:55 Like I should do a PR and put an X on the PipX install, just Path.
01:59 Okay.
01:59 So what is this thing?
02:00 What it does is it, it's for Windows and macOS, I believe is what it's for.
02:06 No, Windows Linux and macOS as well, because it basically pretends macOS is Linux.
02:12 And what it does is it will look at your path variable and see, help you determine if it's good.
02:19 So if you want to answer questions like, "When I type Python, I always get Python 2.
02:23 Why is that?
02:24 When I type Python, I get Python 3.10, but I have 3.12 installed.
02:28 Why is that?
02:28 When I pip install or PipX install a thing, it claims that stuff that gets installed by it
02:34 won't be in the path.
02:35 Wait, I thought it was.
02:36 Oh, no, wait, that was 3.11, not the 3.12 version of that." All these complicated little weird things that you run into all the time.
02:41 This is just a CLI tool that you just say, "Tell me how, how am I doing?
02:45 What is my path?
02:47 What stuff, like, do it, do I have something in my path that links to a directory,
02:52 but the directory is no longer there?" So for example, if I have Python 3.10 in my path, but I've uninstalled Python 3.10,
02:58 but it's still in my .cshrc or .bashrc file or Windows path environment variables,
03:05 whatever, right?
03:06 That kind of stuff.
03:06 Cool, huh?
03:07 Yeah, actually very cool.
03:09 Yeah, so it does a bunch of different things.
03:11 It can do just --raw to show you what it is.
03:14 You can just run it by itself and it gives you this colored output of each element in your path.
03:20 So it parses the path and then it goes line by line and tells you, "Green, this exists.
03:25 Yellow, it's a duplicate of something that was there before." So if you have something in your path multiple times,
03:31 maybe it's earlier and later and you thought it should be later.
03:33 So that's also a weird thing going on.
03:36 Or it'll turn it red if there are some that don't exist.
03:39 Yeah, so that's pretty cool.
03:41 You can ask for just the invalids, just for the duplicates.
03:44 You can ask it to follow symlinks and then resolve whether those are duplicates or not.
03:48 And then you can say, "Give me a corrected version as a string," or not as a string, as a list.
03:53 And then that will let you basically remove the duplicates, remove the missings, and go from there.
03:58 There's a little video here that's --is it a GIF here or something?
04:02 I don't know.
04:02 But if you want to watch the video, you can pull it up and you'll see what it looks like
04:07 when it runs and all the colors and stuff.
04:09 But it's super easy to try out.
04:11 So I recommend people check out JustPath.
04:14 I think it's handy.
04:15 I --my score is not that amazing.
04:17 I just ran it, Brian, 42 directories in my path.
04:20 12 do not exist.
04:21 Fully 12 of them.
04:22 And four of which that do are duplicates.
04:25 Yeah, I've got a bunch of problems with mine.
04:28 Okay.
04:28 Who knew, right?
04:30 Well, you know, you kind of like, you know, keep things around, you install stuff, change things.
04:34 Yeah, this stuff is right only, right?
04:36 Why would you take stuff out of your path?
04:38 You know, you just keep adding to it and adding to it.
04:40 But then, like you say, you uninstall things, stuff changes, etc.
04:44 Yeah, I have like added my user users, Aachen dot local slash bin.
04:52 Apparently, that doesn't exist anymore.
04:54 And I don't even remember ever using that.
04:56 So.
04:57 Okay.
04:58 Cool.
04:59 Interesting.
05:00 Yeah, it's easy to adopt and use.
05:02 You just pipx install it and you just run the thing and it tells you what's up.
05:06 Cool.
05:06 Well, that's exciting.
05:08 I have like, you know, doom and gloom next.
05:11 So no.
05:12 Yeah, the the XZ backdoor.
05:15 I'm I don't know if everybody's heard about this.
05:18 It just really sort of popped up last Friday.
05:21 So it's fairly recent.
05:22 Have you been keeping up on XZ?
05:24 Yeah, it definitely has caught my attention and makes me quite nervous.
05:28 I think we just missed this in getting released to basically every server on the Internet,
05:35 which is really good.
05:36 Yeah.
05:38 So if you've just sort of heard about it, I'm going to provide a there's a lot of articles
05:44 on it, and some of it has good information.
05:46 Some of it has dubious, a little bit, maybe opinionated stuff, which is fine.
05:51 But I'm linking to an article from Evan Bowen, but Evan Bowes, B-O-E-H-S.
05:57 Not sure how to pronounce that.
05:58 Anyway, everything I know about the XZ backdoor, and it's a fairly curated timeline of what
06:06 the backdoor is.
06:07 But it well, it's about the timeline of how it happened.
06:10 But the the gist, if you haven't heard about it, this is that there was a backdoor added
06:15 to I think it's XZ Utils.
06:17 XZ is a compression or like an unzipper zipper and zipper sort of thing and archive tool
06:24 for Linux and other Unix like distributions.
06:28 So it's a weird story that start this multi-year.
06:33 That's the part that's freaky is a little utility that's included everywhere that starting
06:42 in 2021, somebody well, they went by the name of Gia Tan, but nobody really believes that
06:48 that's really their name, started contributing to open source, added a patch and these patches
06:55 were added like in long, long times apart, and then ended up becoming a maintainer of
07:01 XZ and then creating in part of the test code.
07:05 And this, the there wasn't a vulnerability in the in GitHub, but there was in the distributed
07:12 tar release.
07:14 I don't know.
07:14 There's a lot of details that I didn't quite follow all of it over yuck and weird.
07:20 And so the part that I want to talk about really is one, you should just be aware of
07:24 this and we're going to link to a good article.
07:26 I think it's right before before you go on a little farther because before we watch this
07:30 the real basics of it, the basically this, this vulnerability was intentionally put there
07:37 as a backdoor to break open SSH connections.
07:41 So the idea was if you can SSH to your server, this was going to give other people SSH access
07:48 to your server, which is extraordinarily bad.
07:50 Yeah.
07:51 And SSH into it with root access.
07:53 So they have like full access really.
07:56 Yeah.
07:57 Terrible.
07:58 Would have been a terrible backdoor.
07:59 Glad it got caught.
08:00 So it got caught by like somebody at Microsoft, Microsoft Postgres team, I think looking at
08:07 some of their over like an update of XC causing or actually a slowdown in some of their I
08:14 think it was in their test suite or something.
08:16 They were running micro benchmarks and they saw like a 600 millisecond slowdown or something
08:21 like, geez, that's weird.
08:22 How about that testing for the wind, Brian?
08:24 Yeah.
08:25 And then also I guess Valgrind caught some problems with it as well.
08:30 So I guess good thing that people were paying attention to that and then tracked it down
08:34 fairly rapidly to a update of XZ.
08:39 But then some of the unraveling of this is just, okay, so there was a vulnerability.
08:45 It got caught.
08:46 People are updating.
08:47 That's good because you really don't want this here.
08:50 However, some of the ways in which this happened are disturbing.
08:56 And so that's why I think it's useful to read up on this a little bit, partly because this
09:02 XC utility was not, it's mostly maintained by one person over years.
09:08 Right.
09:09 So, and then somebody comes along and wants a patch and is sort of, there's some sort of
09:15 kind of not nice things said, including things like clearly don't do patches to this because
09:22 they're, they don't, the current maintainer has lost interest or doesn't care anymore.
09:26 Saying mean things like this kind of pressured, and this is way back in 2022, pressuring the
09:32 person into adding another maintainer.
09:34 Then, Hey, there's another maintainer ready and they're adding garbage to it.
09:39 So.
09:39 And they just happened to work for some state sponsored hacker group.
09:44 I'm sure they'll do a good job maintaining it for us.
09:46 Yeah.
09:47 Maybe.
09:49 And there's, you know, basically, I guess, watch out for this, but also I think, so one
09:56 of the things I wanted to talk about is how do we, how do we avoid stuff like this?
09:59 This is, I don't have an answer for it, but there's a lot of people discussing like, what
10:04 do we do about it?
10:05 Including a glyph whose answer may have been just is I'm willing to link to his article
10:11 called software needs to be more expensive.
10:13 Essentially we hit a lot of free software.
10:16 Maybe we should start paying the maintainers so that people, I mean, burnout is a real
10:20 thing, but you pay people, they will work on stuff or somebody else will.
10:24 However, don't think that's this.
10:26 That's quite one of the interesting thing, his idea.
10:29 I'll just mention this because I think it's interesting is he's got an idea called just
10:35 JGMM, just give maintainers money.
10:38 And his idea is not to have companies try to figure out who to give money to.
10:42 It's, it's his idea is just give every software engineer with your company a discretionary
10:48 budget of like, say 50 bucks a month or whatever you want to do.
10:51 And, and they can distribute that money to open source maintainers however they want.
10:56 Interesting idea.
10:58 I don't think if, even if that was in place, I don't think that it, which I think is a
11:01 good idea.
11:02 I don't think it would be have gone to XZ really.
11:07 Because I would have thought things like, you know, Django or, you know, Python, but
11:12 would I give money to a little zip utility?
11:16 Probably not.
11:17 Anyway.
11:17 So I think this is a good thing to keep up on.
11:21 And, and I do this idea of like bringing on maintainers, you have to be able to do that,
11:27 but you have to, how do you tell somebody is going to be malicious a couple of years
11:31 from now?
11:32 I don't know.
11:32 That's, that's how do you, I don't think you can check for that.
11:35 It's tough.
11:37 Yeah.
11:37 That person, that person played the long game for sure.
11:41 Yeah.
11:41 So I thought, well, okay, well, I don't run any servers, so I'm fine.
11:45 But then I ran across Jeff triplets article called upgrade, update and upgrade homebrew
11:52 and the XZ versions.
11:53 I'm like, what?
11:54 Yeah.
11:55 So if you, you should, if you run homebrew on your Mac, you should run brew info XZ.
12:00 And if, if it shows up at five dot six X you need to update.
12:06 And sure enough, I had the vulnerability on my machine.
12:09 I checked it and I was, I was out of date or actually I was, I had upgraded to the new
12:15 one and.
12:15 Thanks.
12:17 Yeah.
12:17 I just checked.
12:17 I don't seem to have it, which is very good.
12:20 But the thing is you probably didn't install XZ.
12:23 You probably installed the other thing, which depended on something, which depended on XZ,
12:28 which is all parts of the supply chain problems, which is scary.
12:31 Yeah.
12:32 But I guess thanks dude at Microsoft that found this.
12:37 Yeah, indeed.
12:38 You know, you say probably would think that the 50 bucks wouldn't go to XZ, but I really
12:43 like glyphs article.
12:44 First of all, well done glyph.
12:46 That was a very nice article you wrote and I enjoyed reading it.
12:50 It's also a very thoughtful idea.
12:52 I think his idea is basically instead of trying to get large companies to come on and be
12:57 sponsors of open source projects, usually that's a huge negotiation and there's all
13:03 sorts of stuff and right.
13:04 It's just not easy.
13:05 Just give everybody 50 bucks a year or a month.
13:07 I can't remember.
13:08 I think it was maybe a month.
13:09 Anyway, give people a card and they could just, just donate it to whichever open source
13:14 project that they would like.
13:15 And I agree if there's a thousand people that did that, Brian, that XZ wouldn't probably
13:20 wouldn't make it, but wouldn't it be awesome if there was a world where there were so many
13:25 people who were just donating to open source that it became super lucrative that second
13:29 tier projects were even potentially full-time things like rockstar developers, you know,
13:34 like ballers are rolling up in their Ferrari cause they, cause they're running FastAPI
13:38 or, you know, Sebastian is doing that.
13:41 I mean, that would be really cool thing.
13:43 How much more open source should I get created if it was sort of a gold rush as well.
13:47 So yeah, I think it would be neat.
13:50 And also even not necessarily a full-time job, but just to be able to say, even if I
13:55 have to take the time unpaid from my normal job, if I took like a, like a day, a week
14:01 off to, and just worked on open source, my open source project instead.
14:06 And sometimes it's not even adding features.
14:08 It's just going through issues, doing all of the, the bookkeeping and the maintenance
14:12 and everything.
14:12 There's a lot.
14:14 Yeah.
14:14 Or maybe you're a consultant.
14:16 You take one for your clients on something like that.
14:18 Right.
14:19 Yeah, exactly.
14:20 So thanks.
14:20 Pretty cool.
14:21 Yeah.
14:22 Yeah.
14:22 I'm glad you covered this.
14:23 well, we would like to thank Scout APM for sponsoring this episode.
14:27 Thanks Scout.
14:27 Let me tell you real quick about Scout APM.
14:32 They're big supporters of Python Bytes.
14:34 So we appreciate that very much.
14:36 So if you are tired of spending hours trying to find the root cause of issues impacting
14:41 your performance, then you owe it to yourself to check out Scout APM.
14:45 They're a leading Python application performance monitoring tool, APM, that helps you identify
14:51 and solve performance abnormalities faster and easier.
14:54 Scout APM ties bottlenecks such as memory leaks, slow database queries, background jobs,
14:59 and the dreaded N plus one queries that you can end up if you do lazy loading in your
15:04 ORM, and then you say, Oh no, why is it so slow?
15:07 Why are you doing 200 database queries for what should be one?
15:10 So you can find out things like that.
15:12 And it links it back directly to source code.
15:13 So you can spend less time in the debugger and tailing logs and just finding the problems
15:18 and moving on.
15:19 And you'll love it because it's built for developers by developers.
15:22 It makes it easy to get set up.
15:24 Seriously, you can do it in less than four minutes.
15:26 So that's awesome.
15:27 And the best part is the pricing is straightforward.
15:31 You only pay for the data that used with no hidden overage fees or per seat pricing.
15:36 And I just learned this, Brian.
15:38 They also have, they provide the pro version for free to all open source projects.
15:44 So if you're an open source maintainer and you want to have Scout APM for that project,
15:48 just shoot them a message or something on their pricing page about that.
15:51 So you can start your free trial and get instant insights today.
15:55 Visit pythonbytes.fm/scout.
15:58 The link is in your podcast player show notes as well.
16:00 And please use that link.
16:01 Don't just search for them because otherwise they don't think you came from us.
16:05 And then they'd stop supporting the show.
16:07 So please use our link pythonbytes.fm/scout.
16:09 Check them out.
16:10 It really supports the show.
16:12 Indeed.
16:13 All right.
16:13 Now, Brian, let's talk about some fast stuff.
16:17 Okay.
16:17 El Python.
16:18 Have you heard of El Python?
16:19 No.
16:20 This is news to me.
16:21 So El Python is a high performance type Python compiler.
16:25 So basically if you type annotations or type hints on your Python code, it can aggressively optimize and compile your Python code.
16:33 And it uses multiple backends, which is pretty interesting.
16:38 So you can compile it using LLVM.
16:40 You can compile it to C.
16:41 You can compile it to C++.
16:43 Or you can compile it to Wasm, WebAssembly.
16:45 That's wild, right?
16:46 Yeah.
16:47 Yeah.
16:47 So right now, just a heads up before people get too excited.
16:50 It's an alpha stage.
16:51 So it's not quite ready for maybe adoption.
16:55 But if you're curious about it, you should definitely check it out.
16:58 You can play with it and so on.
16:59 And so it's starting to pick up speed.
17:02 It's got a little over 1,000 GitHub stars.
17:03 And you can try it in your browser.
17:06 Let's try the browser, huh?
17:08 Before I move on, though, let's say it's fast.
17:10 It's built from the ground up to translate primarily data science-y code,
17:14 because that's primarily where things get slow and actually matter in Python.
17:18 But numerical array-oriented code into simple, readable, and fast code.
17:22 Basic math.
17:23 So it knows about, you know, sized integers, for example, n32 and so on.
17:30 It has just-in-time compilation, which you can get if you don't want to run a compiler itself.
17:36 You can just put an @lpython decorator onto a function, and it'll just compile at a runtime, which is kind of cool,
17:42 because then I guess you probably don't need to distribute binary versions
17:45 on your packages, your wheels, and so on.
17:47 It's interoperable with CPython.
17:50 So basically, you can call all the CPython functions.
17:53 And it's also, if it works in CPython, it works here, it'll work in CPython, basically.
18:00 Is it a subset, I guess, in a sense?
18:02 And open source.
18:03 All right, let's play with it for just a second.
18:04 So if you go to dev.lpython.org, it loads up in the browser.
18:08 And you can notice it loaded pretty quickly, although I have gigabit internet, it still loaded pretty quickly.
18:12 See this picture here on the screen?
18:15 This is the Mandelbrot set, which I don't know how many people have done fractals,
18:19 but it's drawing two different copies of the Mandelbrot set.
18:24 And what is that?
18:25 A 600 by 600 image, maybe?
18:27 Got a black and white one and a color map one.
18:31 It says it took a little under half a second to compile it, and 80 milliseconds to generate those two images.
18:37 And you can come over here and you can say, like, all right, what I'm going to do is-- what is that number?
18:41 I'm going to make this, let's say, 355 iterations.
18:45 And then we'll run it again.
18:47 And 100 milliseconds.
18:49 Right, if I make this something really silly here, like--
18:52 oh, no, why did that go away?
18:54 Back button is not supposed-- or the delete button is not supposed to navigate backwards.
18:58 Hold on.
18:58 Ooh, really big.
18:59 There we go.
19:00 All right, there we go.
19:01 OK, so if I run it again, though, watch how fast this is.
19:04 Like, boom, that's it.
19:05 And then I'll put it back to-- what was it before?
19:07 I'm a little weird the way it's, like, capturing my mouse.
19:09 But anyway, people can come check this out and see it running.
19:12 It runs super fast as Python.
19:15 And you think all this iterative generating, a ton of paralyzed computation in WebAssembly,
19:22 in the browser, with Python, I'm pretty impressed.
19:25 Yeah, that's pretty cool.
19:26 Hey, who's behind this, do you know?
19:28 Mr. L. Python?
19:29 I have no idea, honestly.
19:30 It's by L Compilers, is what it says at the bottom.
19:34 So what is that?
19:36 Lcompilers.org.
19:38 Yeah, good question.
19:41 It has no public members.
19:43 But it is exciting.
19:44 So yeah, nor does it have a web page.
19:46 Hopefully it's not an APT crew.
19:51 Anyway, no, seriously, it looks like a cool project.
19:53 And people can check it out.
19:54 There's a lot of these ideas happening now.
19:56 But yeah, it's quite interesting.
19:58 Yeah.
19:58 Well, my last topic was kind of dramatic with the whole XZ thing.
20:05 So I'd like to continue the drama and bring it into Python.
20:11 And with the help of Trey Hunter, he has a way to make your Python more dramatic.
20:17 Actually, your Python output more dramatic.
20:20 With a-- I'm just kind of joking, but it's kind of fun with the name.
20:24 He's got a tool called Dramatic.
20:27 And what it does is it slows down the print output, which--
20:32 why would you want this?
20:35 I don't know.
20:36 It might be kind of fun if you're doing a demo or doing a presentation or something.
20:39 But it's just pretty fun.
20:42 There's a lot of ways you can use Dramatic.
20:44 Once you install it, you can just use a context manager so that it's only around certain print statements.
20:52 You can decorate certain functions so it temporarily does it.
20:56 And you can even-- there's a start and print to do it targeted.
21:03 One of the fun things-- and he's got examples on his readme how to do this.
21:07 One of the fun things you can do-- I'm not sure why he included this--
21:10 is you can do it outside the whole thing.
21:14 He's got a Dramatic interpreter.
21:16 So if you run Python-M Dramatic, it just slows down everything.
21:22 You can turn it off, though.
21:26 He's got a way to turn it off as well.
21:29 But you can do speed ups and make it-- anyway.
21:32 I think this--
21:33 You want your Python code to look like ChatGPT or something like that, right?
21:37 Yeah, as it's typing out and stuff.
21:39 I think it's kind of-- especially if you're running-- I think it'd be useful--
21:45 he gives an example of doing it.
21:47 Like, for instance-- I guess this isn't an example.
21:50 But if you're doing command line interface interactions with a user, I think it is helpful sometimes to have the output go slowly
21:57 so that it's visually interesting to have it not just pop up with a mountain of text for people to read.
22:05 But don't do it too slow because that's annoying also.
22:08 But anyway, I think it's kind of fun.
22:10 Fun thing.
22:11 Related to this, I thought it'd be--
22:15 when he submitted this the other day, I remembered somebody named Alan submitted a comment to us
22:23 that texture-- terminal text-- what is it?
22:26 Terminal text effects library is pretty cool.
22:29 And so I'll go ahead and link to that also.
22:31 That's a fun thing.
22:34 It's very dramatic.
22:36 That's quite dramatic.
22:38 You've got a whole bunch of cool effects.
22:41 There's a grid one where things show up gradually in a grid.
22:46 There's a bunch of great examples.
22:48 There's beams that pop back and forth.
22:50 This is beautiful.
22:51 Laser beams.
22:52 Laser beams.
22:52 I like that one.
22:53 Yes, let's do it.
22:54 The binary path kind of looks-- what is it?
22:58 Matrixy sort of a look.
23:00 I said, Neo, you can't go down there.
23:02 There was one that I really liked a lot.
23:05 The burn is neat.
23:07 Crumble is kind of--
23:09 These are all animated GIFs on the GitHub repo that Brian's linking to.
23:12 Yeah, yeah.
23:12 So I think it'd be cool for your--
23:16 I wouldn't do it all over the place.
23:18 But for instance, if you had a--
23:20 probably not a help, but an about.
23:23 And that's sort of where it's showing here, where you show the credits and who's worked on it
23:30 and some more info and stuff.
23:31 That'd be fun to do a fancy, dramatic output for that.
23:38 All right, with this terminal text effects thing, I think if you work in the movie industry
23:43 and you need to have a hacker breaking into a thing or somebody jacking into cyberspace
23:50 or whatever one of these weird things are, where you're going to show a terminal and make it dramatic,
23:54 oh my goodness, you could just basically do this for Hollywood.
23:56 Yeah.
23:57 Yeah.
23:58 Couldn't you?
23:59 Yeah, definitely.
24:00 What is this language?
24:02 Oh my gosh, this is VB6.
24:03 I know this.
24:04 I'm tracking his IP.
24:05 Like, wait a minute, what?
24:06 [LAUGHTER]
24:07 You could do this.
24:07 It would be a little bit better.
24:09 Yeah, it'd be great.
24:11 So anyway, that'd be fun.
24:14 If you use both this and textual to turn it into--
24:17 Oh, yeah.
24:18 --like a Vim clone or something like that with fun effects.
24:23 Ooh, that's fun.
24:24 The pour is neat.
24:25 Yeah, it's almost like the Tetris terminal, in a sense.
24:28 Not quite, but almost.
24:29 Anyway, I guess that is a fun wrap up of our topics.
24:34 But we have some extras.
24:36 Do you have any extras?
24:37 Go do yours first, since you got your screen up.
24:39 Yeah, OK.
24:39 So the only thing--
24:40 I mentioned textual a little bit.
24:42 I'll go ahead and say that textual has released a new version.
24:46 And I'm highlighting this because there's an inline feature, which is fun.
24:52 So with the inline feature-- let's see if we can get an example up.
24:56 You can kind of run textual in--
25:00 will it run?
25:02 It's not running for me.
25:03 But anyway, you can run it inline.
25:07 So normally, if you run a textual application, it takes up your whole terminal area.
25:12 But this will just take a subset.
25:15 So you can have a little input screen.
25:17 So you can have kind of like an input dialogue, maybe.
25:19 And it's very visual, but doesn't take over everything.
25:24 Yeah.
25:25 Yeah, anyway, kind of fun.
25:27 Textual Enriched, continue to impress.
25:29 Yeah.
25:29 How about you?
25:30 Any extras?
25:31 I've got a few.
25:32 Let's see.
25:33 Let's start with a broadcast straight out of the Philippines.
25:38 So my keynote, which was entitled "The State of Python in 2024," I gave two weeks ago at
25:46 PyCon Philippines, is out.
25:48 And the production quality is super high on this video.
25:51 So they did a really great job.
25:53 It was a fun conference.
25:54 But if you would have loved to hear me give a presentation on the state of Python in 2024,
25:58 but you weren't there, then you can still check it out now.
26:01 It's awesome.
26:02 And--
26:03 I really enjoyed it, by the way.
26:06 Yeah.
26:06 Yeah.
26:06 Oh, thanks so much.
26:08 A bunch of the people whose projects we talk about on this show actually get a shout out
26:12 there.
26:12 So all right, that's thing one.
26:14 Thing two, I just want to encourage people.
26:16 I'm not logged in my GitHub, so I can't unfortunately show it here.
26:19 But Brian, do you go to your GitHub and you know, there's that feed in the middle that
26:23 shows all the stuff that's going on and who starred this and who's doing that and stuff.
26:28 Do you ever use that thing?
26:30 No.
26:30 That's what I'm like, that's stupid.
26:32 This is like 80% of the page and it's in the way.
26:34 What is this?
26:34 How do I get past this?
26:37 I've started paying attention to it and I've found so many cool projects.
26:40 So I want to inspire people to follow people on GitHub.
26:45 You can follow Brian and me and see what we're starring.
26:47 But who's starred what, who's forked what?
26:49 I found probably three or four really interesting projects just last week by just kind of skimming
26:54 that for five minutes a week, you know?
26:56 So--
26:56 That's pretty cool.
26:57 Yeah, I was really surprised that that was useful.
26:59 I guess I need to follow more people.
27:01 I don't know how many--
27:02 Exactly, because I should as well, because I hadn't really been following more people
27:06 because why do you follow them?
27:07 Well, maybe this is why.
27:08 On to the thing that continues to perplex me, which is interesting, is that the official
27:13 way that Python works is through blogspot.com.
27:16 But nonetheless, important stuff for you all.
27:19 If you are living in the past, like when I ran JustPath earlier, it said your Python
27:24 3.10 thing is stupid because that doesn't exist on your computer anymore.
27:27 But if you have 3.10, 3.9, or 3.8, there are security updates for the older versions of
27:33 Python, but not the new one.
27:35 They call them boring security releases.
27:37 I never think of security releases as boring.
27:39 They either go from slightly interesting to, oh my gosh, you have my full attention, like
27:45 the XE thing.
27:48 Anyway, people can check that out and should probably upgrade if they're running one of
27:53 those versions, 3.10, 3.9, or 3.8.
27:55 And if you're running 3.7 or older, too bad, so sad, no updates for you.
27:59 They may be vulnerable, they may be not, I don't know.
28:01 And that's just the way it works if you're out of support.
28:04 That's why you should stay on some of the new stuff somewhat.
28:06 >> Like the new stuff's really been fairly easy to upgrade to.
28:09 I haven't...
28:10 >> It has been.
28:11 >> And a lot of, most of the part, well, maybe it's just my projects, but I haven't run into
28:14 any issues really.
28:16 >> I think if you stay one version behind, there's no effort at all almost to do it.
28:22 Going from 3.11 to 3.12 was actually the hardest upgrade I've ever done because there was quite
28:27 a few dependencies I had that used something that was removed as part of the dead batteries
28:31 thing or something like that.
28:32 And I can't, and it just wouldn't run.
28:35 And I'm like, oh my gosh, I got to, I was just waiting until some dependency of a dependency
28:39 got fixed, but it was slow for some reason.
28:42 I don't know why, but that got fixed within a few weeks, right?
28:44 So if you waited a little bit longer, it should be easy.
28:47 >> Yeah, so one of the questions I got while we're looking at this, how many, I used to
28:51 run a lot of versions of Python on my Mac, but I got a new Mac recently and I decided
28:58 to mostly push most, I only run a couple and then I push, do most of my multi Python version
29:05 testing in CI instead of locally.
29:07 How many do you have on your machine or regularly?
29:10 >> Let's see which Python, or one year Python rather, I think.
29:16 >> I'm sorry to put you on the spot there.
29:18 >> Oh, no problem.
29:19 You know, I think I have, I think I have 3.11 and 3.12 and that's it.
29:25 >> Yeah.
29:25 >> I think that I don't have 3.9, I don't have 3.10, I definitely don't have anything
29:30 else.
29:31 So 3.11 or 3.12, those are the ones that I got right now.
29:35 I'm with you.
29:36 I try to, I did not put too much stuff on there.
29:38 The only reason I really have older stuff on there is because I haven't gone to the
29:42 trouble of removing it because there's some, a bunch of virtual environments I've created
29:46 off it that I wanted to deal with.
29:47 But ideally, I would just have the latest.
29:49 >> Yeah, I think my normal, I don't know what I've got, but it's, well, with the packages
29:55 I maintain, I usually have the newest and the oldest that I maintain.
29:59 And so 3.12 and then however far back I wanted to go.
30:03 >> Yeah.
30:04 >> And then, so that talks can find those and I can find those locally, but yeah.
30:09 >> Yeah, you know what I might do?
30:10 I'm not doing it because I don't have a huge set of older Pythons I test for.
30:16 But if I was like you where I did that, maybe I would have Docker.
30:19 We have some Docker containers, so older ones, you can just do Docker run Python, this command,
30:23 you know, this file or whatever.
30:24 I don't know.
30:25 >> Yeah, maybe.
30:26 >> Keep it cleaned up.
30:27 >> Yeah, but they run side by side pretty well.
30:30 >> Yeah, they do.
30:31 >> Anyway.
30:32 >> Just got to keep your path in order.
30:33 So just path.
30:34 >> Just path, just path, just Jack.
30:36 So should we have some fun, something funny?
30:41 >> Ah, yes.
30:42 This one, actually, I got it pulled up, but this one is from you.
30:45 So I'm going to let you take the lead on telling us about this, Joker.
30:48 >> Okay, so I saw this on LinkedIn, actually.
30:52 It's from Matt Watson, don't know him, but it's pretty funny.
30:56 So we've got some definitions of some software definitions for you.
31:01 So starting, I've got a whole bunch of them.
31:04 So I'll try to go through them.
31:05 Technical debt, what technical debt is move fast and don't fix things.
31:09 Agile development is admitting you have no plan.
31:13 Test-driven development, guessing the future one test at a time.
31:16 I love that.
31:18 Open source is asking somebody else to fix it.
31:21 Yeah, it's not always working.
31:24 >> Maybe a slightly different term based on the topic I said this week, running someone else's code from the internet.
31:31 >> Yeah, right.
31:34 So CI/CD, automating your mistakes into production.
31:37 That's awesome.
31:39 API is also asking somebody else to do it.
31:42 DevOps, I love this.
31:43 DevOps is the belief that more tools fix any problem.
31:46 Microservices are creating enough small problems to avoid one big one.
31:51 Cybersecurity is playing hide and seek with hackers.
31:54 And serverless is pretending servers don't exist until the bill comes.
31:58 Oh yeah, Scrum, I like that.
32:00 Scrum is group therapy for being behind schedule.
32:03 >> Hi, my name is Michael, I'm blocked.
32:08 Hi, Michael.
32:12 >> I've been blocked for two months.
32:15 >> Yeah, that's great.
32:18 >> Yeah.
32:19 >> We have to do that.
32:21 Next, I'll have to try to incorporate that.
32:24 >> There you go.
32:25 Thanks, Brian.
32:27 >> Well, thanks a lot.
32:28 Thanks again for a wonderful episode.
32:30 And thank you everybody for making, helping to make Python Bytes a wonderful podcast.
32:34 And we don't ask this much, but if you find this amusing or helpful, please share with a friend.
32:41 And you can sign up for one of the great ways to do that is to sign up as a friend of the show,
32:46 get the newsletter, and then you can send that.
32:48 You can spam your friends with that.
32:50 We're not going to spam people, but you can.
32:52 So thanks.
32:52 >> Indeed.
32:53 Yeah, thanks.