Transcript #388: Don't delete all the repos
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:05 This is episode 388, recorded June 18th, 2024.
00:11 I am Michael Kennedy.
00:12 And I'm Brian Okken.
00:13 And this episode is brought to you by Scout APM.
00:16 Check them out.
00:17 We'll tell you more about them as we get further into the show.
00:20 Brian, you, me, the podcast, we're all Fosstodonians and folks who want to come hang out on Mastodon.
00:27 Doesn't have to be Fostadon.
00:28 Talked about that last week.
00:30 That's the whole idea of Fostadon.
00:32 Go wherever you want, but we're happy to invite you to Fostadon if you want.
00:35 Yeah, find the links to connect us over there or even on X these days as well if you wish.
00:42 A lot of people are still just hanging out over there.
00:44 And listen, watch, participate live in AM Pacific Time on Tuesdays, typically.
00:51 Links in the show notes or on the website.
00:54 Finally, if you want a handcrafted, artisanal Brian Okken special summary and set of links of whatever we talk about, even if you don't listen to that episode, pythonbytes.fm.
01:05 Click on the newsletter.
01:06 Put in your information.
01:07 We won't share it.
01:09 Just want to tell you about what we're up to and keep in touch with you.
01:11 So that's pretty awesome.
01:12 That list keeps growing and people are enjoying it.
01:14 So good work on that, Brian.
01:16 There is a newsletter link.
01:17 That's cool.
01:18 Yeah.
01:18 How about that?
01:19 Nice.
01:20 We also kind of put it under the Friends of the Show thing, but that's a little more indirect, you know?
01:25 Like, okay, you want to sign up for the newsletter?
01:27 Click the newsletter button.
01:28 You can sign up for the newsletter even if you don't like us.
01:31 That's fine.
01:32 Yeah, that's true.
01:33 Yeah, you can just mock the links we put in there everywhere.
01:36 It's pretty much like that.
01:37 The show, too.
01:38 Everyone's welcome.
01:38 There probably are, actually.
01:41 All right.
01:43 Well, what have you brought today?
01:45 All right.
01:46 I want to talk about the PSF election.
01:49 So the Python Software Foundation has elections every year.
01:51 In order to vote, we're going to talk about a little bit around what's going on with this.
01:56 But I want to highlight that you, even if you voted last year, you can't just vote again without doing something.
02:03 And it's not difficult.
02:04 You just have to affirm your membership status.
02:06 So we've got a link in the show notes.
02:09 You just head up.
02:11 We'll talk about the dates a little bit.
02:12 I think maybe the dates are here.
02:14 No, there's another link.
02:16 We have lots of links for you for this.
02:18 But there is the, what are we doing?
02:21 What are we voting on?
02:23 We're voting on the new board of directors.
02:25 And then there's a few bylaws changes.
02:28 So head over to the first link.
02:30 Make sure you're either signed up.
02:32 So the deadlines are right around the corner.
02:34 So it's 25th.
02:35 June 25th is when you have to either sign up to be a member or, if you already are, affirm that you're going to vote.
02:44 So that's the 25th.
02:46 The board election, if you go to the board election, there's a blog post called, it's time to make nominations for the PSF board election.
02:56 It has the timeline.
02:57 This is a great, it's got mostly all that I'm talking about here.
03:01 Their nominations are open.
03:04 They opened on the 11th.
03:05 If you'd like to be nominated or nominate somebody, that is up until the 25th of June.
03:11 So the 25th of June is the close of board nominations.
03:14 It's also the cutoff date to affirm that you're going to vote or eligible to vote or whatever.
03:19 So that's June 25th.
03:21 Then we don't know who's in it because the candidate, it's still open.
03:25 Other people might enter.
03:27 And there's link, there's information in here on like what to include because you'll want some information about like who you are and stuff like that.
03:35 If you want to nominate yourself.
03:37 So the candidates are announced June 27th.
03:42 And then voting starts, voting is from July 2nd to July 16th.
03:49 So voting's in July, but we need to get everything ready in the end of June.
03:53 So that's what's going on here.
03:54 So there's, it's the nominations for the board of directors.
03:58 And there's links about what's going on.
04:02 Oh, there's, there's one other data I wanted to highlight.
04:04 Can't remember where I found this, but there is a, here it is.
04:09 Thinking about running for the board of directors, let's talk.
04:13 There is a June 18th session that you can, office hours where you can find out more information.
04:19 If you, if you're just curious and you'd like to know more, that's a great place to go.
04:24 There is, and then, so it's for the board of directors.
04:28 And then there's, there's also three bylaw changes proposed.
04:35 I think they make sense, but I'm not going to get into the depths of them, but there's a link here.
04:41 Go ahead and check that out about the, the three things.
04:44 So one of the things that I'm really kind of excited about is this.
04:47 The first one is merging, contributing and managing member classes.
04:52 And I think that's, I think it makes sense because I sometimes have forgot which is which,
04:57 what contributing and managing means.
05:00 And it, I think there's, there's, there's text on all of these.
05:04 So go ahead.
05:05 And then there's discussions going on around this too.
05:08 So anyway, elections coming up, make sure that you've affirmed your voter status.
05:13 If you'd like to vote.
05:14 So.
05:14 Okay.
05:15 Interesting.
05:16 Some of these shed some light on messages I've seen on social media.
05:20 What are, why are people talking about this?
05:22 Oh, okay.
05:22 I see.
05:23 Propose changes.
05:24 Got it.
05:24 Yeah.
05:27 So you know what I would propose, Brian?
05:29 What?
05:30 If you were working for a company and you were having HR issues, let's say, what would you
05:37 say exactly you do here?
05:39 Bob?
05:39 No.
05:41 You're having HR issues.
05:42 I'm a people person.
05:44 I talk to the people.
05:45 Then you just can't talk to the people.
05:46 No.
05:47 Yeah.
05:47 Something like that.
05:48 But anyway, if you were having issues with work and you got fired and you wanted to give
05:53 them the big middle finger on the way out.
05:55 One thing I don't recommend is going to all the GitHub repositories and permanently deleting
06:00 them or deleting the logs or then replacing them with code that mocks the existing employees
06:06 or anything like that.
06:07 There's this character and boys, he seemed like a piece of work.
06:12 Let me tell you.
06:12 Mick Lewis, Daniel Brody, a real, real piece of work.
06:16 Cloud, cloud engineer.
06:17 I don't know what a cloud engineer is.
06:18 I don't know what software developers are.
06:20 I know what.
06:20 Anyway, he's a cloud engineer.
06:22 He was sentenced to two years in prison and a restitution of over half a million dollars
06:28 for wiping the code repositories of his former employer in retaliation to being fired from
06:34 First Republic Bank.
06:35 Wow.
06:36 Wow.
06:37 So probably some kind of discrimination thing or something.
06:42 He really had a reason to be upset.
06:43 No.
06:44 Why was this guy fired?
06:45 The court documents state that Brody's employment was terminated after he violated company policies
06:50 by connecting a USB drive containing pornography to the company computers.
06:55 And then when they tried to get the work computer back.
06:58 You know, after he's done all this stuff to it, like deleted all the things and so on.
07:03 He then reported the laptop stolen.
07:06 Wouldn't give it back.
07:08 Huh.
07:08 Anyway, he may be not having a great time.
07:12 A couple of things he did.
07:14 He ran a malicious script named dar.sh to wipe the FRB servers, deleted Git logs, and Git commit history for that particular script.
07:23 You know, props to him for a little covering of the tracks there with the Git history.
07:26 That was clever.
07:28 I don't know how they figured that out, given that he-
07:30 Not too clever.
07:31 Nah, exactly.
07:33 Exactly.
07:34 I mean, you delete the repo and you still get that figured out somehow.
07:36 Anyway.
07:37 He accessed the GitHub repositories and deleted hosted code.
07:41 He inserted taunts in the code.
07:45 Yeah.
07:45 Anyway, I just thought this was, one, an amusing story.
07:48 A little bit of schadenfreude.
07:50 But also, people, if you're upset with your company, it is not worth it.
07:54 Two years of prison, half a million dollars.
07:56 Just walk away.
07:58 Just walk.
07:59 Just let it be.
08:00 It's not worth the revenge.
08:01 Anyway, let me leave you with that, huh, Brian?
08:03 What do you think of this?
08:04 Is this crazy?
08:05 I think it is, but I also, one of the things I really, okay, I'm not like taking sides here or anything, but something that drives me nuts is a thing that some companies do that say that, like, there's standard non-disclosure agreements for exit interviews.
08:22 And some of them are generally, you can't talk about what you worked on at this company for, say, like a period of six months or a year or something like that.
08:31 Just because you might have proprietary information.
08:34 The thing that drives me nuts is things that say, we're not going to give you any of your severance or a portion of your severance unless you promise to not ever disparage the company forever in the future.
08:49 Things like that are just insidious and like a blight on free speech.
08:55 It's disgusting.
08:56 Yeah.
08:57 I don't like it.
08:58 I know it's a standard practice, but I don't like it.
09:00 I don't like it either.
09:02 I am really happy to hear the non-compete stuff getting shot down.
09:06 I know it's not the same as NDA, but it's in the same category, I feel like.
09:09 Do they do that for people getting fired?
09:12 No, no, no, not for, but, you know, when you get hired, there's traditionally been a lot of non-competes.
09:20 And I think it was getting kind of out of control, like bakery workers or something silly like that, right?
09:25 You know, like really, really stuff that you wouldn't think would be under that purview.
09:30 But I believe that that got federally shot down or is it just California?
09:34 I can't remember.
09:35 But yeah, anyway, maybe this kind of stuff you're talking about, Bill, as well.
09:38 But I don't have a ton of sympathy for this character.
09:41 Yeah.
09:42 Reminds me a little bit of the guy who took down all the JavaScript folks with the NPM left pad.
09:50 Yeah.
09:51 And then later was arrested for making bombs.
09:53 You know, it's like, oh, there's that theme here, I see.
09:54 Yeah, not good.
09:57 Yeah, I'm pretty sure that's the same person.
09:58 There's definitely a person with the same name in the same area.
10:00 Okay.
10:01 Hey.
10:01 You know what is awesome and is not going to get you into trouble?
10:04 Scout APM.
10:06 Let's talk about it.
10:06 So if you are tired of spending hours trying to find the root cause of issues impacting your performance,
10:12 then you owe it to yourself to check out Scout APM.
10:15 They're a leading Python application performance monitoring tool, APM, that helps you identify and solve performance abnormalities faster and easier.
10:25 Scout APM ties bottlenecks such as memory leaks, slow database queries, background jobs,
10:30 and the dreaded N plus one queries that you can end up if you do lazy loading in your ORM.
10:36 And then you say, oh, no, why is it so slow?
10:38 Why are you doing 200 database queries for what should be one?
10:40 So you can find out things like that.
10:42 And it links it back directly to source code.
10:44 So you can spend less time in the debugger and healing logs and just finding the problems and moving on.
10:49 And you'll love it because it's built for developers by developers.
10:52 It makes it easy to get set up.
10:54 Seriously, you can do it in less than four minutes.
10:56 So that's awesome.
10:58 And the best part is the pricing is straightforward.
11:00 You only pay for the data that you use with no hidden overage fees or per seat pricing.
11:06 And I just learned this, Brian.
11:08 They also have, they provide the pro version for free to all open source projects.
11:13 So if you're an open source maintainer and you want to have Scout APM for that project,
11:18 just shoot them a message or something on their pricing page about that.
11:21 So you can start your free trial and get instant insights today.
11:25 Visit pythonbytes.fm/scout.
11:27 The link is in your podcast player show notes as well.
11:30 And please use that link.
11:31 Don't just search for them because otherwise they don't think you came from us.
11:35 And then they'd stop supporting the show.
11:37 So please use our link pythonbytes.fm/scout.
11:39 Check them out.
11:40 It really supports the show.
11:42 Indeed.
11:43 Brian, what's your second one?
11:45 I'd like to talk about imports right now.
11:49 So if we're just importing a package.
11:53 Is this like tariffs and stuff?
11:54 What are we talking?
11:54 No, no, no.
11:55 Importing code into your own code.
11:57 So imports are normally difficult.
11:59 You just say import and the package name you want to import.
12:02 No, no, no.
12:03 The package has to be installed already or a standard library thing, of course, like import
12:07 or math or something.
12:10 I'm blanking right now.
12:11 It's terrible.
12:14 There is a blog post called Adam Johnson, which is talking about like, what if you don't
12:21 want to just use the import?
12:22 If you want to import it as an object or something.
12:23 And let's say you have a string to describe the package that you want to import.
12:28 There's a thing that I didn't know about called the packageutil.resolve name.
12:34 And this is actually pretty cool.
12:37 So what you do is it's in packageutil is part of the standard library.
12:42 And you say packageutil.resolve name.
12:44 And then you give it a string.
12:45 And it's got it's like it's like a package name that is also something that's installed
12:51 or in something in it, like a top level item, like like the example is path lib and capital
12:57 path, the path object.
12:59 But I tried it on one of my own projects of just like, let's say I've got some third party
13:04 code that I want to import just something from it.
13:07 But I don't want to import it into the namespace.
13:08 I want to just import one thing out of there into an object.
13:12 And this is really cool.
13:13 The whole thing resolves and it's from a string.
13:15 So you give it a string with this colon in the middle and it creates it.
13:21 It creates you've got an object.
13:23 Why is this helpful?
13:25 Well, I don't know how other people are using it, but I'm using it for things like testing
13:31 and stuff that I don't want to like clutter the entire namespace.
13:33 I just want one object from something.
13:35 So so there's that.
13:36 Now, there's a note here that says the thing that you're you're importing.
13:40 Importing can be it can be a class from the package or a function or module or really any
13:46 top level thing object within the package.
13:50 You can just resolve that and bring it in.
13:52 If you're doing if you're going to grab the whole module, you can also use import lib import
13:57 module, of course, you can use that as well to import a thing.
14:01 And it's a little bit different syntax.
14:03 You just give it the give it the name of the package.
14:05 So there was a note at the top that says Django and some other frameworks allow you to do things
14:13 like this to configure something based on a string.
14:15 And I think this is pretty cool.
14:18 I'm one of the places where I'm considering.
14:20 Yeah.
14:21 Anyway, I've got lots of places and tests that I'm considering using this.
14:24 But but I guess I didn't know about it.
14:27 It's pretty neat.
14:27 So, you know, one area that might be useful that comes to mind outside of testing or in
14:31 addition to testing would be some kind of like plug in extension system.
14:35 So you say any any package that gets listed in this JSON file, we want it to be available.
14:42 And if you configure the app, it'll actually import it and use it.
14:44 But it might not import them.
14:46 The app doesn't know about them.
14:47 That can't be coded into it.
14:48 So you could just sort of parse that thing, pry it or, you know, even scan all the packages
14:53 somehow and see if they exist or whatever.
14:56 Right.
14:56 So some sort of dynamic thing like that as well.
14:59 Yeah.
14:59 Yeah.
15:00 Pulling dock strings out of a bunch of stuff to do a list of that.
15:04 Yeah.
15:05 Nice.
15:06 Lots of stuff you could do.
15:07 And you sure could.
15:08 Now, this last item from me here comes from Alex.
15:11 Monaghan just gave us a shout out and said, you know, that DuckDB thing, right?
15:17 DuckDB is a little bit like SQLite-ish type stuff and in process based on files rather than
15:24 separate servers, all those sort of things.
15:26 Well, that thing's getting some traction, up to 4 million downloads a month off of PyPI.
15:31 But the news is it's released version 1.0 of DuckDB.
15:37 And by the way, the cloud-hosted product, Mother Duck, also opened up general availability.
15:42 But the news is the announcing a 1.0.0.
15:47 And interesting, there's a lot of conversations like, well, we could have just called it 1.0
15:51 as soon as we made it public on GitHub, you know, 10 years ago or whatever it was, or not
15:56 quite 10 years ago, 8 years ago.
15:57 But focus is really on we want to make it super clear.
16:02 They want to make it super clear that they're focused on stability.
16:05 What's here is kind of what's going to stay.
16:08 So examples that they give, you know, as that thing has evolved, as DuckDB has evolved, they've
16:14 changed the file format around.
16:16 And that's created incompatibilities from different versions.
16:19 And so, for example, they're now committing to more stable back and forth
16:25 stability on the file system and things like that.
16:28 So very cool.
16:29 If you're looking for an interesting SQL-like database to include into your projects, this
16:36 one, you know, is quite popular.
16:38 20,000 stars.
16:40 A really analytical and process database rather than relational database focused, right?
16:46 You can do cool stuff like integrate it with pandas and other things like that, which is
16:51 pretty cool.
16:51 Yeah.
16:51 Like, for example, select star from a parquet file or a CSV file and so on.
16:55 So not meant to replace SQLite, but that's kind of the mental model people should have.
17:00 But more on data science.
17:03 Select star from a CSV file.
17:04 That sounds fun.
17:05 Anyway.
17:06 And by the way, this guy, Alex, Alex Monahan is in the audience.
17:10 Here's a backwards compatibility for the files.
17:12 So you can just leave those files around and not have to like manage the upgrades of them
17:17 and so on, which is especially tricky if they're just local files associated with an app rather
17:22 than a single server that all the apps talk to where you can just manage that one thing,
17:26 you know, through an API.
17:27 Yeah.
17:27 Pretty cool.
17:28 Cool.
17:29 All right.
17:29 Thanks for sending that in, Alex.
17:31 And good job, DuckDB folks.
17:33 Brian, what else you got?
17:34 I've got a couple extras.
17:36 Let's hear.
17:37 One of the extras that I wanted to talk about was just like, I guess, a shout out to everybody
17:43 that sends us topics.
17:45 I really appreciate it.
17:46 We appreciate hearing what's new.
17:48 Don't assume that we've heard about it just because we do pay attention to a lot of stuff,
17:52 but there's a lot to pay attention to.
17:54 So if you think it's important, let us know.
17:56 Yeah, Brian, I would say a lot of times people start messages like, I'm sure you've heard
18:00 of this.
18:01 And we're like, I have no idea what this is.
18:02 No.
18:03 I'm sure we have not heard of this.
18:05 I'm sure we have not covered it either.
18:06 But also it helps if like three or four people send in to say, this is exciting, then that
18:12 also helps us know that it is exciting.
18:15 Yeah.
18:15 It's pretty much guaranteed to be in on the show.
18:17 You can send it in anytime.
18:19 But the one request is if it's timely and it really needs to go in this week, if it
18:25 shows up at all, try to send it before Tuesday because, you know, sometimes we already have
18:30 our topics anyway.
18:32 That's right.
18:32 Yes.
18:33 So right after Tuesday, a Wednesday is a fantastic day for recommendations.
18:36 Really, anytime is great for me.
18:41 But anyway, so a couple new 2.0 releases I just wanted to shout out.
18:46 We talked about this last week, but NumPy 2.0 is out now.
18:50 So NumPy 2.0.
18:51 So and there's a scientific on the scientific Python blog.
18:55 There's a discussion about it.
18:58 So you can read up on all the NumPy 2.0.
19:00 And this is kind of exciting.
19:02 I just heard about this yesterday.
19:03 HTMX 2.0.
19:05 I don't.
19:05 Oh, you have my attention.
19:07 So I haven't read any of this, but it should be so there's major changes and we'll see.
19:14 I'm not sure what broke or what.
19:16 Wait a minute.
19:17 Why the 2.0?
19:18 But I'm not sure I can switch to this.
19:20 This release ends the support for Internet Explorer.
19:22 Oh, my gosh.
19:23 Just kidding.
19:25 The interesting bit about this, though, is they're not marking 2.0 as the latest on NPM until January of 2025 because they'd like to have everybody, you know, have a smooth transition to there.
19:39 So anyway, any extras on your side?
19:42 A few.
19:43 First of all, partnered with the folks over at PyCharm.
19:46 And now if you are taking a course at Talk Python Training, you can get six months of PyCharm Pro for free.
19:53 That even works for our free courses.
19:55 So if you just come over and take a course, sign up and check that out.
19:58 Only works for new accounts at JetBrains.
20:01 It doesn't work for renewals.
20:02 So this is the best I can do, folks.
20:05 But it's still pretty awesome to be able to get a good chunk of the users free access to PyCharm Pro.
20:11 Also, other item is we have a awesome new course on data science coming to Talk Python.
20:17 Its release is imminent.
20:18 It awaits a marketing landing page, basically.
20:21 And then it's out.
20:22 So we have a new course called Reactive Web Dashboards with Shiny.
20:28 Shiny for Python, not Shiny for R.
20:30 So partnered with Posit folks to put this course together.
20:34 And it's super cool to build interactive dashboards and web apps for your data science things with Shiny.
20:41 Shiny, of course.
20:42 Very cool.
20:44 Indeed.
20:44 It's a Shiny brand new course.
20:46 All right.
20:46 It will be Shiny for a while.
20:49 How about a joke?
20:51 Are you up for it?
20:51 Yes.
20:52 Okay.
20:53 So we all, you know, you're sitting around, you're in a relationship.
20:55 You have these thoughts that just kind of run through your head and you always don't know.
20:59 So here's a young couple laying in bed.
21:01 The woman is thinking, I bet he's thinking about another woman.
21:04 That guy is just laying there.
21:05 What would happen if I add a gitignore into the gitignore file?
21:09 She's like, she's giving him way too much credit.
21:12 What would happen?
21:14 I know the title is I Can't Ignore the gitignore.
21:17 What would happen if I add the gitignore to the gitignore file?
21:20 No.
21:22 Well, there's the joke.
21:28 This is what I got for you, Brian, this week.
21:30 I don't know what to tell you.
21:32 Now I've got to try it to see.
21:33 Exactly.
21:34 I don't know.
21:35 If you do that, you might take GitHub down.
21:37 I wouldn't, I don't know if I'd check that in.
21:39 Well, not GitHub, but local.
21:41 Well, I mean, it has automation.
21:42 It could explode.
21:44 It could.
21:44 Dependabot will just stop working for everyone after that.
21:47 Yeah.
21:48 All right.
21:49 All right.
21:49 Well, that's it.
21:51 Well, everyone, thank you for listening.
21:54 Scout APM, thank you for supporting the show.
21:56 And Brian, thanks as always.