Transcript #377: A Dramatic Episode
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:04 This is episode 377, recorded April 2nd, 2024, so it's not an April Fool's joke.
00:11 And I am Brian Okken.
00:13 I am Michael Kennedy.
00:14 This episode is sponsored by Scout APM.
00:18 Please listen to their segment later in the show.
00:21 If you want to connect with us, we're at Fostadon on Mastodon at Adam Kennedy at Brian Okken and at Python Bytes at Fostadon.org.
00:30 And if you'd like to join us live for the live show, show up at pythonbytes.fm/live.
00:36 Actually, you can just go there anytime and it tells you when the next recording is so you can put it on your calendar.
00:41 And finally, if you want an artisanal handcrafted digest of every week of show notes in your email, so maybe you don't want to take notes while you're listening or you miss an episode, you can get it right in your email.
00:56 Just go to the pythonbytes.fm and look for friends of the show and you'll get an email.
01:03 Yeah, that's a cool thing we just started doing.
01:05 So if you want to just, you don't have time to listen or you forget to show up for an episode, it'll just show up.
01:11 And I love the artisanal part, Brian.
01:13 Well done on that.
01:13 Very, it's very craftsman-like.
01:16 Yeah, anyway.
01:18 I just want to talk about paths today.
01:20 Can we just talk about paths?
01:21 Yeah, just paths.
01:22 Nothing else.
01:23 No, nothing.
01:24 Just paths.
01:24 Actually, that's what it's called.
01:26 Just paths.
01:26 Okay, so here's a tool that is built in Python and just is just a language.
01:33 It's 1.2% just.
01:35 I don't know.
01:35 This is too meta.
01:36 Anyway, it's a quick CLI tool built with Python.
01:41 And when you hear that, the first thing you should think is, PipX install the thing.
01:46 Because that's how you install CLI tools for Python, right?
01:50 It gets managed on its own.
01:51 It's upgradable through PipX and all the things.
01:54 They made a little mistake here.
01:55 Like, I should do a PR and put an X on the PipX install just path.
01:59 Okay.
01:59 So what is this thing?
02:00 What it does is it's for Windows and macOS, I believe is what it's for.
02:05 No.
02:06 Windows, Linux, and macOS as well.
02:09 Because it basically pretends macOS is Linux.
02:12 And what it does is it will look at your path variable and see, help you determine if it's good.
02:19 So if you want to answer questions like, when I type Python, I always get Python 2.
02:23 Why is that?
02:24 When I type Python, I get Python 3.10, but I have 3.12 installed.
02:27 Why is that?
02:29 When I pip install or PipX install a thing, it claims that stuff that gets installed by it won't be in the path.
02:35 Wait, I thought it was.
02:36 Oh, no, wait.
02:37 That was 3.11, not the 3.12 version of that.
02:38 All these complicated little weird things that you run into all the time.
02:41 This is just a CLI tool that you just say, tell me how am I doing?
02:45 What is my path?
02:47 What stuff?
02:48 Like, do I have something in my path that links to a directory, but the directory is no longer there?
02:54 So, for example, if I have Python 3.10 in my path, but I've uninstalled Python 3.10, but it's still in my .cshrc or bashrc file or Windows path environment variables or whatever, right?
03:06 That kind of stuff.
03:06 Cool, huh?
03:07 Yeah, actually, very cool.
03:09 Yeah, so it does a bunch of different things.
03:10 It can do just --raw to show you what it is.
03:14 You can just run it by itself, and it gives you this colored output of each element in your path.
03:20 So it parses the path, and then it goes line by line and tells you green this exists, yellow it's a duplicate of something that was there before.
03:28 So if you have something in your path multiple times, maybe it's earlier and later, and you thought it should be later, so that's also a weird thing going on.
03:35 Or it'll turn it red if there are some that don't exist.
03:39 Yeah?
03:39 So that's pretty cool.
03:40 You can ask for just the invalids just for the duplicates.
03:44 You can ask it to follow symlinks and then resolve whether those are duplicates or not.
03:48 And then you can say, give me a corrected version as a string or not as a string, as a list.
03:53 And then that will let you basically remove the duplicates, remove the missings, and go from there.
03:58 There's a little video here that's a giffy or something.
04:02 I don't know.
04:02 But if you want to watch the video, you can pull it up, and you'll see what it looks like when it runs and all the colors and stuff.
04:09 But it's super easy to try out.
04:11 So I recommend people check out JustPath.
04:14 I think it's handy.
04:15 My score is not that amazing.
04:17 I just ran it, Brian.
04:18 42 directories in my path.
04:20 12 do not exist.
04:21 Fully 12 of them.
04:22 And four of which that do are duplicates.
04:25 Yeah.
04:25 I've got a bunch of problems with mine.
04:28 Okay.
04:28 Who knew, right?
04:30 Well, you kind of keep things around.
04:33 You install stuff, change things.
04:34 Yeah.
04:34 This stuff is write only, right?
04:36 Why would you take stuff out of your path?
04:38 You just keep adding to it and adding to it.
04:40 But then, like you say, you uninstall things, stuff changes, et cetera.
04:44 Yeah.
04:44 I have added my user's Okken.local slash bin.
04:52 Apparently, that doesn't exist anymore, and I don't even remember ever using that.
04:56 Okay.
04:58 Cool.
04:59 Interesting.
05:00 Yeah.
05:00 It's easy to adopt and use.
05:02 You just pipX install it, and you just run the thing, and it tells you what's up.
05:05 Cool.
05:06 Well, that's exciting.
05:08 I have, like, you know, doom and gloom next.
05:11 Oh, no.
05:12 Yeah.
05:13 The XZ backdoor.
05:15 I don't know if everybody's heard about this.
05:18 It just really sort of popped up last Friday, so it's fairly recent.
05:22 Have you been keeping up on XZ?
05:24 Yeah, it definitely has caught my attention and makes me quite nervous.
05:28 I think we just missed this in getting released to basically every server on the internet,
05:35 which is really good.
05:36 Yeah.
05:37 Yeah.
05:38 Yeah.
05:38 Yeah.
05:38 So if you've just sort of heard about it, I'm going to provide a lot of articles on it,
05:44 and some of it has good information.
05:46 Some of it has dubious, a little bit, maybe opinionated stuff, which is fine.
05:51 But I'm linking to an article from Evan Bowen.
05:55 Evan Bowes?
05:56 B-O-E-H-S.
05:57 Not sure how to pronounce that.
05:58 Anyway.
05:59 Everything I know about the XZ backdoor.
06:01 And it's a fairly curated timeline of what the backdoor is.
06:07 But, well, it's about the timeline of how it happened.
06:10 But the gist, if you haven't heard about it, this is that there was a backdoor added to,
06:15 I think it's XZ Utils.
06:17 XZ is the compression or like an unzipper, zipper, unzipper sort of thing.
06:23 And archive tool for Linux and other Unix-like distributions.
06:28 So it's a weird story that start this multi-year.
06:33 That's the part that's freaky, is a little utility that's included everywhere that starting
06:42 in 2021, somebody, well, they went by the name of GIA Tan, but nobody really believes
06:48 that that's really their name, started contributing to open source, added a patch.
06:54 And these patches were added like in long, long times apart.
06:58 And then ended up becoming a maintainer of XZ and then creating in part of the test code.
07:05 And there wasn't a vulnerability in GitHub, but there was in the distributed TAR release.
07:13 I don't know.
07:14 There's a lot of details that I didn't quite follow all of it.
07:17 However, yuck and weird.
07:20 And so the part that I want to talk about really is one, you should just be aware of this.
07:24 And we're going to link to a good article.
07:26 I think it's-
07:26 Brian, before you go on a little farther, because before we watch this, the real basics of it,
07:31 basically this vulnerability was intentionally put there as a backdoor to break open SSH connections.
07:41 So the idea was if you can SSH to your server, this was going to give other people SSH access to your server, which is extraordinarily bad.
07:50 Yeah.
07:50 Yeah.
07:51 And SSH into it with root access.
07:53 So they have like full access, really.
07:56 Yeah.
07:57 Terrible.
07:57 Would have been a terrible backdoor.
07:59 Glad it got caught.
08:00 So it got caught by like somebody at Microsoft, Microsoft Postgres team, I think, looking at some of their over like an update of XZ causing or actually a slowdown in some of their, I think it was in their test suite or something.
08:16 They were running micro benchmarks and they saw like a 600 millisecond slowdown or something like, geez, that's weird.
08:22 How about that?
08:23 Testing for the win, Brian.
08:24 Yeah.
08:24 And then also, I guess, Valgrind caught some problems with it as well.
08:29 So I guess good thing that people were paying attention to that and then tracked it down fairly rapidly to a update of XZ.
08:39 And then, but then some of the unraveling of this is just, okay, so there was a vulnerability.
08:45 It got caught.
08:46 People are updating.
08:47 That's good because you really don't want this here.
08:50 However, some of the ways in which this happened are disturbing.
08:56 And so that's why I think it's useful to read up on this a little bit, partly because this XZ utility was not, it's mostly maintained by one person over years.
09:08 Right.
09:09 So, and then somebody comes along and wants a patch and is sort of, there's some, some sort of kind of not nice things said, including things like clearly don't, don't do patches to this because they're, they don't, the current maintainers lost interest or doesn't care anymore.
09:27 So, and then they're saying mean things like this kind of pressured, then this is way back in 2022, pressuring the person into adding another maintainer, then, Hey, there's another maintainer ready and they're adding garbage to it.
09:39 So.
09:39 And they just happened to work for some state sponsored hacker group.
09:44 I'm sure they'll do a good job maintaining it for us.
09:46 Yeah.
09:47 So maybe.
09:49 And, and there's, you know, basically, I guess, watch out for this, but also I think.
09:55 So one of the things I wanted to talk about is how do we, how do we avoid stuff like this?
09:59 This is, I don't have an answer for it, but there's a lot of people discussing like, what do we do about it?
10:05 Including a glyph whose answer may have been just is I'm willing to link to his article called software needs to be more expensive.
10:13 Essentially.
10:14 We, we get a lot of free software.
10:16 Maybe we should start paying the maintainers so that people, I mean, burnout is a real thing, but you pay people, they will work on stuff or somebody else will.
10:25 However, don't think that's this.
10:26 That's quite one of the interesting, his idea.
10:29 I'll just mention this because I think it's interesting is he's got an idea called just JGMM, just give maintainers money.
10:38 And his idea is not to have companies try to figure out who to give money to.
10:42 It's, it's a, his idea is just give every software engineer with your company a discretionary budget of like, say, 50 bucks a month or whatever you want to do.
10:52 And, and they can distribute that money to open source maintainers however they want.
10:56 Interesting idea.
10:57 I don't think if, even if that was in place, I don't think that it, which I think is a good idea.
11:02 I don't think it would be, have gone to XZ really.
11:07 Cause I would have thought things like, you know, Django or, you know, it's Python, but, but would I give money to a little zip utility?
11:15 Probably not.
11:16 Anyway.
11:17 So I think this is a good thing to keep up on.
11:21 And, and I do this idea of like bringing on maintainers.
11:26 You didn't have to be able to do that, but you have to, how do you tell somebody who's going to be malicious a couple of years from now?
11:31 I don't know.
11:32 That's, that's how do you, I don't think you can check for it.
11:35 It is tough.
11:36 Yeah.
11:37 That person, that person played the long game for sure.
11:40 Yeah.
11:41 So I thought, well, okay, well, I don't run any servers, so I'm fine.
11:44 But then I ran across Jeff Triplett's article called upgrade, update and upgrade homebrew and the XZ versions.
11:53 I'm like, what?
11:54 Yeah.
11:54 So if you, you should, if you run homebrew on your Mac, you should run brew info XZ.
11:59 And if, if it shows up at 5.6 X you need to update.
12:05 And sure enough, I had the vulnerability on my machine.
12:09 I checked it and I was, I was out of date or I actually, I was, I had upgraded.
12:14 To the new one.
12:15 Thanks.
12:16 Yeah.
12:17 I just checked.
12:17 I don't seem to have it, which is very good.
12:20 I don't know.
12:20 But the thing is you probably didn't install XZ.
12:23 You probably installed.
12:24 Yeah.
12:25 Other thing, which depended on something, which depended on XZ, which is all parts of the supply
12:30 chain problems, which is scary.
12:31 Yeah.
12:32 But I guess, thanks dude at Microsoft that found this.
12:36 Yeah, indeed.
12:38 You know, you say you probably would think that the 50 bucks wouldn't go to XZ, but I
12:43 really like Glyph's article.
12:44 First of all, well done Glyph.
12:46 That was a very nice article you wrote and I enjoyed reading it.
12:50 It's also a very thoughtful idea.
12:51 I think his idea is basically instead of trying to get large companies to come on and be sponsors
12:58 of open source projects.
12:59 Usually that's a huge negotiation and there's all sorts of stuff and right.
13:04 It's just not easy.
13:05 Just give everybody 50 bucks a year or a month.
13:07 I can't remember.
13:08 I think it was maybe a month.
13:09 Anyway, give people a card and they could just donate it to whichever open source project
13:14 that they would like.
13:15 And I agree if there's a thousand people that did that, Brian, that XZ probably wouldn't
13:20 make it.
13:20 But wouldn't it be awesome if there was a world where there were so many people who were
13:25 just donating to open source that it became super lucrative that second tier projects were
13:30 even potentially full-time things like rockstar developers, you know, like ballers are rolling
13:35 up in their Ferrari because they're running FastAPI or, you know, Sebastian is doing that.
13:42 I mean, that would be really cool.
13:43 Think of how much more open source to get created if it was sort of a gold rush as well.
13:47 So yeah, I think it would be neat.
13:50 And also even not necessarily a full-time job, but just to be able to say, even if I have to
13:55 take the time unpaid from my normal job, if I took like a day a week off and just worked
14:04 on open source, my open source project instead.
14:06 And sometimes it's not even adding features.
14:08 It's just going through issues, doing all of the bookkeeping and the maintenance and everything.
14:12 There's a lot.
14:13 Review PRs.
14:13 Yeah.
14:14 Or maybe you're a consultant.
14:16 You take one for your clients on something like that, right?
14:18 Yeah, exactly.
14:19 So thanks for that.
14:21 Very cool.
14:21 Yeah.
14:21 Yeah.
14:22 I'm glad you covered this.
14:23 Well, we would like to thank Scout APM for sponsoring this episode.
14:26 Thanks, Scout.
14:28 Let me tell you real quick about Scout APM.
14:31 They're big supporters of Python Bytes, so we appreciate that very much.
14:35 So if you are tired of spending hours trying to find the root cause of issues impacting your
14:41 performance, then you owe it to yourself to check out Scout APM.
14:44 They're a leading Python application performance monitoring tool, APM, that helps you identify
14:51 and solve performance abnormalities faster and easier.
14:54 Scout APM ties bottlenecks such as memory leaks, slow database queries, background jobs, and
14:59 the dreaded N plus one queries that you can end up if you do lazy loading in your ORM.
15:05 And then you say, oh, no, why is it so slow?
15:07 Why are you doing 200 database queries for what should be one?
15:10 So you can find out things like that.
15:12 And it links it back directly to source code so you can spend less time in the debugger and
15:16 tailing logs and just finding the problems and moving on.
15:19 And you'll love it because it's built for developers by developers.
15:22 It makes it easy to get set up.
15:24 Seriously, you can do it in less than four minutes.
15:26 So that's awesome.
15:27 And the best part is the pricing is straightforward.
15:30 You only pay for the data that you use with no hidden overage fees or per seat pricing.
15:36 And I just learned this, Brian.
15:38 They also have they provide the pro version for free to all open source projects.
15:43 So if you're an open source maintainer and you want to have Scout APM for that project,
15:48 just shoot them a message or something on their pricing page about that.
15:51 So you can start your free trial and get instant insights today.
15:55 Visit by them by set of him slash Scout.
15:58 The link is in your podcast player show notes as well.
16:00 And please use that link.
16:01 Don't just search for them because otherwise they don't think you came from us.
16:05 And then they'd stop supporting the show.
16:07 So please use our link by them by set of him slash Scout.
16:09 Check them out.
16:10 It really supports the show indeed.
16:13 All right.
16:13 Now, Brian, let's talk about some fast stuff.
16:16 Okay.
16:17 L Python.
16:18 Have you heard of L Python?
16:19 No.
16:20 This is news to me.
16:21 So L Python is a high performance type Python compiler.
16:25 So basically if you type annotations or type hints on your Python code, it can aggressively optimize and compile your Python code.
16:33 And it uses multiple backends, which is pretty interesting.
16:37 So you can compile it using LLVM.
16:40 You can compile it to C.
16:41 You can compile it to C++ or you can compile it to WASM WebAssembly.
16:45 That's wild, right?
16:46 Yeah.
16:46 Yeah.
16:47 So right now, just a heads up before people get too excited.
16:50 It's an alpha stage.
16:51 So it's not quite ready for maybe adoption.
16:55 But if you're curious about it, you should definitely check it out.
16:58 You can play with it and so on.
16:59 And so it's starting to pick up speed.
17:02 It's got a little over a thousand GitHub stars.
17:03 Cool.
17:04 And you can try it in your browser.
17:06 Let's try the browser, huh?
17:08 Before I move on though, let's say it's fast.
17:10 It's built from the ground up to translate primarily data science-y code because that's
17:15 primarily where things get slow and actually matter in Python.
17:18 But numerical array-oriented code into simple, readable, and fast code.
17:22 Basic math.
17:23 So it knows about, you know, sized integers, for example, in 32 and so on.
17:30 It has a just-in-time compilation, which you can get if you don't want to run a compiler
17:36 itself.
17:36 You can just put a at lpython decorator onto a function and it'll just compile at a runtime,
17:41 which is kind of cool because then I guess you probably don't need to distribute binary
17:44 versions on your packages, your wheels, and so on.
17:47 It's interoperable with CPython.
17:49 So basically, you can call all the CPython functions.
17:53 And it's also, if it works in CPython, it works here, it'll work in CPython, basically.
18:00 Is it a subset, I guess, in a sense?
18:02 And open source.
18:03 All right, let's play with it for just a second.
18:04 So if you go to dev.lpython.org, it loads up in the browser.
18:08 And you can notice it loaded pretty quickly, although I have gigabit internet.
18:11 It's still loaded pretty quickly.
18:12 See this picture here on the screen behind?
18:15 This is the Mandelbrot set, which I don't know how many people have done fractals, but it's
18:20 drawing two different copies of the Mandelbrot set in, what is that, a 600 by 600 image, maybe?
18:27 Okay.
18:27 About a black and white one and a color map one.
18:31 It says it took a little under half a second to compile it and 80 milliseconds to generate
18:36 those two images.
18:37 And you can come over here and you can say, like, all right, what I'm going to do is, what
18:41 is that number?
18:41 I'm going to make this, let's say, 355 iterations.
18:44 And then we'll run it again.
18:46 And 100 milliseconds, right?
18:49 If I make that, if I make this something really silly here, like, oh no, why did that
18:53 go away?
18:54 Back button is not supposed, or the delete button is not supposed to navigate backwards.
18:58 Hold on.
18:58 Ooh, really big.
18:59 There we go.
19:00 All right, there we go.
19:01 Okay.
19:01 So if I run it again, though, watch how fast this is.
19:04 Like, boom, that's it.
19:05 And then I'll put it back to, what was it before?
19:07 I'm going to be real weird the way it's like capturing my mouse.
19:09 But anyway, people can come check this out and see it running.
19:12 It runs super fast as Python.
19:15 And you think all this iterative generating a ton of paralyzed computation in WebAssembly,
19:21 in the browser, with Python.
19:23 I'm pretty impressed.
19:24 Yeah, that's pretty cool.
19:26 Neat.
19:26 Who's behind this?
19:27 Do you know?
19:28 Mr. L Python?
19:29 I have no idea, honestly.
19:30 Okay.
19:32 It's by L Compilers, is what it says at the bottom.
19:34 So what is that?
19:36 Lcompilers.org.
19:38 Yeah.
19:39 Good question.
19:41 It has no public members.
19:43 Okay.
19:43 But it is exciting.
19:44 So yeah, nor does it have a web page.
19:46 Hopefully it's not an APT crew.
19:48 Anyway, no, seriously, it looks like a cool project and people can check it out.
19:54 There's a lot of these ideas happening now, but yeah, it's quite interesting.
19:58 Yeah.
19:59 Well, my last topic was kind of dramatic with the whole XZ thing.
20:05 So I'd like to continue the drama and bring it into Python.
20:11 And with the help of Trey Hunter, and he has a way to make your Python more dramatic.
20:17 Actually, your Python output more dramatic with a, I'm just kind of joking,
20:22 but it's kind of fun with the name.
20:24 He's got a tool called Dramatic.
20:27 And what it does is it slows down the print output, which, you know, why would you want this?
20:35 I don't know.
20:36 It might be kind of fun if you're doing a demo or doing a presentation or something,
20:39 but it does, it's just pretty fun.
20:42 There's a lot of ways you can use Dramatic.
20:44 You can, once you install it, you can just use a context manager so that it's only around certain print statements.
20:51 You can decorate certain functions.
20:54 So it temporarily does it.
20:56 And you can even, there's a start and print that to do it targeted.
21:02 One of the fun things, and he's got examples on his readme how to do this.
21:07 One of the fun things you can do, I'm not sure why he included this, is you can do it outside the whole thing.
21:14 He's got a Dramatic interpreter.
21:16 So if you run like Python-M Dramatic, it just slows down everything.
21:22 So you can turn it off, though.
21:26 He's got a way to turn it off as well.
21:28 But you can do speedups and make it.
21:32 Anyway, I think this is...
21:33 You want your Python code to look like ChatGPT or something like that, right?
21:37 Yeah, as it's typing out and stuff.
21:39 I think it's kind of, especially if you're running, I think it'd be useful.
21:45 He gives an example of doing it.
21:47 Like, for instance, I guess this isn't an example.
21:50 But if you're doing command line interface interactions with a user, I think it is helpful sometimes to have the output go slowly so that it's visually interesting to have it not just pop up with a mountain of text for people to read.
22:04 But don't do it too slow, because that's annoying also.
22:07 But anyway, I think it's kind of a fun thing.
22:11 Related to this, I thought it'd be...
22:14 When he submitted this the other day, I remembered somebody named Alan submitted a comment to us that Terminal Text Effects library is pretty cool.
22:29 And so I'll go ahead and link to that also.
22:31 That's a fun thing.
22:34 It's very dramatic.
22:36 That's quite dramatic.
22:38 You've got a whole bunch of cool effects.
22:40 There's a grid one where things show up gradually in a grid.
22:46 There's a bunch of great examples.
22:48 There's beams that pop back and forth.
22:50 This is beautiful.
22:51 Laser beams.
22:52 Laser beams.
22:52 I like that one.
22:53 Yes, let's do it.
22:54 The binary path kind of looks kind of, what was it, matrix-y sort of a look.
23:00 Listen, Neil, you can't go down there.
23:02 There was one that I really liked a lot.
23:05 The burn is neat.
23:08 Crumbles.
23:09 These are all animated GIFs on the GitHub repo that Brian's thinking, too.
23:12 Yeah.
23:12 Yeah.
23:12 So I think it'd be cool for your...
23:17 I wouldn't do it all over the place.
23:18 But for instance, if you had a...
23:21 Probably not a help, but an about.
23:23 And that's sort of where it's showing here.
23:26 Where you show the credits and who's worked on it and some more info and stuff.
23:31 That'd be fun to do a fancy dramatic output for that.
23:38 All right.
23:39 With this terminal text effects thing.
23:40 Yeah.
23:41 I think if you work in the movie industry and you need to have a hacker breaking into a thing
23:47 or somebody jacking into cyberspace or whatever one of these weird things are,
23:52 where you're going to show a terminal and make it dramatic.
23:54 Oh my goodness.
23:55 You could just basically do this for Hollywood.
23:56 Yeah.
23:57 Yeah.
23:58 Couldn't you?
23:59 Yeah, definitely.
24:00 What is this language?
24:02 Oh my gosh.
24:03 This is VB6.
24:03 I know this.
24:04 I'm tracking his IP.
24:05 Like, wait a minute.
24:05 What?
24:06 What do you think about this?
24:07 It would be a little bit better.
24:08 Yeah.
24:10 It'd be great.
24:12 So anyway, that'd be fun.
24:14 If you use both this and Textual to turn it into like a Vim clone or something like that
24:21 with fun effects.
24:22 Ooh, that's fun.
24:24 The pour is neat.
24:24 Yeah.
24:25 It's almost like the Tetris terminal in a sense.
24:28 Not quite, but almost.
24:29 Anyway, I guess that is just a fun wrap up of our topics.
24:34 But we have some extras.
24:36 Do you have any extras?
24:37 Go do your first since you got your screen up.
24:39 Yeah.
24:39 Okay.
24:39 So the only thing I mentioned Textual a little bit, I'll go ahead and say that Textual
24:45 has released a new version.
24:46 And I'm highlighting this because there's an inline feature, which is fun.
24:52 So with the inline feature, let's see if we can get an example up.
24:56 You can kind of run Textual in, run?
25:02 It's not running for me.
25:03 But anyway, you can run it inline.
25:07 So normally, if you run a Textual application, it takes up your whole terminal area.
25:12 But this will just take a subset.
25:15 So you can have a little input screen.
25:17 So you can have kind of like an input dialogue maybe.
25:19 And it's very visual, but doesn't take over everything.
25:24 So anyway, kind of fun.
25:27 Textual and rich, continue to impress.
25:28 Yeah.
25:29 How about you?
25:30 Any extras?
25:31 I've got a few.
25:32 Let's see.
25:33 Let's start with broadcasts straight out of the Philippines.
25:37 So my keynote, which was entitled The State of Python in 2024, I give two weeks ago at PyCon
25:46 Philippines is out.
25:47 And the production quality is super high on this video.
25:51 So they did a really great job.
25:53 It was a fun conference.
25:54 But if you would have loved to hear me give a presentation on The State of Python in 2024,
25:58 but you weren't there, then you can still check it out now.
26:01 It's awesome.
26:02 And I really enjoyed it, by the way.
26:06 Yeah.
26:06 Yeah.
26:07 Oh, thanks so much.
26:07 A bunch of the people whose projects we talk about on this show actually get a shout out
26:12 there.
26:12 So all right.
26:13 That's thing one.
26:14 Thing two, I just want to encourage people.
26:16 I've not logged in my GitHub, so I can't unfortunately show it here.
26:19 But Brian, do you go to your GitHub and you know there's that feed in the middle that shows
26:24 all the stuff that's going on and who starred this and who's doing that and stuff.
26:28 Do you ever use that thing?
26:29 No.
26:30 That's the way I'm like, that's the thing's stupid.
26:32 This is like 80% of the page and it's in the way.
26:34 What is this?
26:35 How do I get past this?
26:37 I've started paying attention to it and I've found so many cool projects.
26:40 So I want to inspire people to follow people on GitHub.
26:45 You can follow Brian and me and see what we're starring.
26:47 But who's starred what?
26:49 Who's forked what?
26:49 I found probably three or four really interesting projects just last week by just kind of skimming
26:54 that for five minutes a week, you know?
26:56 That's pretty cool.
26:57 Yeah.
26:58 I was really surprised that it was useful.
26:59 I guess I need to follow more people.
27:01 I don't know.
27:01 Exactly.
27:02 Because I should as well.
27:03 Because I hadn't really been following more people because why do you follow them?
27:07 Well, maybe this is why.
27:08 On to the thing that continues to perplex me, which is interesting, is that the official
27:13 way that Python works is through blogspot.com.
27:16 But nonetheless, important stuff for you all.
27:19 If you are living in the past, like when I ran JustPath earlier, it said your Python 310 thing is stupid because that doesn't exist on your computer anymore.
27:27 But if you have 310, 3.9 or 3.8, there are security updates for the older versions of Python, but not the new one.
27:35 They call them boring security releases.
27:37 I never think of security releases as boring.
27:40 They either go from slightly interesting to, oh my gosh, you have my full attention, like the XZ thing.
27:47 Anyway, people can check that out and should probably upgrade if they're running one of those versions, 310, 3.9 or 3.8.
27:55 And if you're running 3.7 or older, too bad, so sad, no updates for you.
27:58 They may be vulnerable.
28:00 They may be not.
28:00 I don't know.
28:02 And that's just the way it works if you're out of support.
28:04 That's why you should stay on some of the new stuff somewhat.
28:06 Like the new stuff's really been fairly easy to upgrade to.
28:09 I haven't.
28:10 It has been.
28:11 In a lot of, most of the, well, maybe it's just my projects, but I haven't run into any issues really.
28:16 I think if you stay one version behind, it's, it's, there's no effort at all almost to do it.
28:21 Going from 3.11 to 3.12 was actually the hardest upgrade I've ever done because there was quite a few dependencies I had that use something that was removed as part of the dead batteries thing.
28:31 Or something like that.
28:32 And I can't, and it just wouldn't run.
28:34 And I'm like, oh my gosh, I got to, I was just waiting until some dependency of a dependency got fixed, but it was slow for some reason.
28:42 I don't know why.
28:42 But, you know, that got fixed within a few weeks, right?
28:45 So if you waited a little bit longer, it should be easy.
28:47 Yeah.
28:48 So one of the questions I got while we're looking at this, how many, I used to run a lot of versions of Python on my, on my Mac.
28:55 But I got a new Mac recently and I decided to mostly push most, I only run a couple.
29:01 And then I push, do most of my multi Python version testing in CI instead of locally.
29:07 How many do you have on your machine or regularly?
29:10 Or do you?
29:11 Let's see.
29:12 Which Python?
29:14 Oh, we're here.
29:14 Python rather.
29:15 I think.
29:16 Oh.
29:17 I'm sorry to put you on the spot.
29:18 No problem.
29:19 You know, I think I have, I think I have three 11 and three 12 and that's it.
29:25 Yeah.
29:26 I think that I don't have three nine.
29:28 I don't have three 10.
29:29 I definitely don't have anything else.
29:31 So three 11 or three 11 or three 12.
29:34 Those are the ones that I got right now.
29:35 So I'm with you.
29:36 I tried to, I did not put too much stuff on there.
29:38 The only reason I really have older stuff on there is because I haven't gone to the trouble
29:42 of removing it because there's so a bunch of virtual environments I've created off it that
29:46 I wanted to deal with.
29:47 But ideally I would just have the latest.
29:49 Yeah.
29:50 I think, I think my normal, I don't know what I've got, but it's, it's the, well, with
29:55 the packages I maintain, I usually have the newest and the oldest that I maintain.
29:59 And so three 12 and then however far back I wanted to go.
30:03 Yeah.
30:04 And then so that, so that talks can find those and I can find those locally, but yeah.
30:09 Yeah.
30:09 You know what I might do?
30:10 I'm not doing it because I don't have a huge set of older pythons I test for.
30:16 But if I was like you where I did that, maybe I'd have Docker.
30:19 We have some Docker container, so older ones, you could just do Docker run Python, this
30:23 command, you know, this file or whatever.
30:24 I don't know.
30:25 Yeah, maybe.
30:26 Keep it cleaned up.
30:27 Yeah, but they run side by side pretty well.
30:30 So.
30:30 Yeah, they do.
30:31 Anyway.
30:32 Just got to keep your path in order.
30:33 So just path.
30:34 Just path.
30:35 Just path.
30:35 Just Jack.
30:36 So should we have some fun, something funny?
30:41 Ah, yes.
30:42 This one, actually I got it pulled up, but this one is from you.
30:45 So I'm going to let you take the lead on telling us about this joke here.
30:48 Okay.
30:48 So I saw this on LinkedIn, actually.
30:51 It's from Matt Watson.
30:53 Don't know him.
30:54 But it's pretty funny.
30:56 So we've got some definitions of some software definitions for you.
31:01 So starting, I've got a whole bunch of them.
31:04 So we'll try to go through them.
31:05 Technical debt.
31:06 What technical debt is move fast and don't fix things.
31:09 Agile development is admitting you have no plan.
31:13 Test driven development, guessing the future one test at a time.
31:17 I love that.
31:18 Open source is asking somebody else to fix it.
31:21 Yeah.
31:22 It's not always working.
31:24 Maybe a slightly different term based on the topic I said this week.
31:29 Running someone else's code from the internet.
31:32 Yeah.
31:32 Right.
31:33 Yeah.
31:33 Right.
31:33 Right.
31:34 So CICD, automating your mistakes into production.
31:37 That's awesome.
31:39 API is also asking somebody else to do it.
31:41 DevOps.
31:42 I love this.
31:43 DevOps is the belief that more tools fix any problem.
31:47 Microservices are creating enough small problems to avoid one big one.
31:51 Cyber security is playing hide and seek with hackers.
31:53 And serverless is pretending servers don't exist until the bill comes.
31:58 Oh, yeah.
31:59 Scrum.
31:59 I like that.
32:00 Scrum is group therapy for being behind schedule.
32:03 Nice.
32:06 Hi.
32:07 My name is Michael.
32:08 I'm blocked.
32:09 Hi, Michael.
32:11 I've been blocked for two months.
32:17 Yeah.
32:18 That's great.
32:19 Yeah.
32:19 We have to do that.
32:22 Next, I'll have to try to incorporate that.
32:24 There you go.
32:25 Thanks, Brian.
32:27 Well, thanks a lot.
32:28 Thanks again for a wonderful episode.
32:30 And thank you, everybody, for helping to make Python Bytes a wonderful podcast.
32:34 And we don't ask this much, but if you find this amusing or helpful, please share with a friend.
32:41 And you can sign up for one of the great ways to do that is to sign up as a friend of the show.
32:46 Get the newsletter, and then you can send that.
32:48 You can spam your friends with that.
32:49 We're not going to spam people, but you can.
32:52 So thanks.
32:53 Indeed.
32:53 Yeah.