Transcript #411: TLS Client: Hello <<guitar solo>>
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:04 This is episode 411 recorded. We got the 411 today. 411 recorded November 25th, 2024.
00:12 And I'm Brian Okken.
00:13 And I'm Michael Kennedy.
00:15 And this episode is brought to you by us.
00:18 So we have links in the show notes, but check out Talk Python Training and Pythontest.com for some courses.
00:25 And Patreon supporters, thank you for sticking it out with us.
00:29 Also, we have lots of links in the show notes for connecting with us on social media because we've got links for Fostadon on Mastodon and also Blue Sky for all of us here.
00:43 We've got Python Bytes and Brian Okken and M. Kennedy.
00:47 M. Kennedy is at mkennedy.codes.
00:49 So check that out on Blue Sky.
00:51 But all the links are in the show notes.
00:52 And thank you, everyone, for showing up for the live show.
00:55 I love having you guys here and commenting.
00:58 If you're listening later, we thank you also.
01:01 But if you'd like to listen sometimes.
01:03 It's usually 10 a.m. Pacific time, sometimes other times.
01:08 And you can go to pythonbytes.fm/live to get that.
01:12 And finally, if you are listening and you're wondering about any link that we cover in the show, you can go to our page, the notes page on pythonbytes.fm.
01:25 But you can also click on the link to get in the newsletter.
01:28 And we'll just send you those links right in your email inbox.
01:31 I have two more thoughts in there really quick, Brian.
01:33 We haven't talked about this before.
01:35 Okay.
01:35 I think the newsletter is awesome.
01:36 People seem to be really enjoying it and connecting with it, the people who are subscribers there.
01:40 But I don't even want to necessarily say this out loud to encourage it.
01:43 But if you don't listen to the show, you maybe miss one or something.
01:46 You're still going to get those in your inbox.
01:48 And you can just peruse through real quick.
01:50 Oh, look at these two interesting things that they found.
01:52 That's number one.
01:52 Number two, this is also all of the stuff.
01:55 Our show notes are super detailed.
01:57 And so people put our RSS feed for the podcast into their regular RSS reader.
02:03 It's real similar as well.
02:05 So there's reason to add this RSS feed to maybe reader or whatever feed bin or whatever you're using outside of just listening to the podcast.
02:13 That's a great hack.
02:14 I like that.
02:15 Speaking of hacking, you want to talk about hacking?
02:18 Yeah, you hacked some website.
02:20 I hacked some website hard.
02:22 I hacked it hard.
02:23 And Python Bytes is on the docket to get the same hacking.
02:27 So for as long as there has been a Talk Python and for as long as there's been a Python Bytes, they've been running on Pyramid.
02:35 The Pyramid web framework created by Chris McDonough.
02:37 Super cool framework.
02:39 I really, really love it.
02:40 But the truth is, the sad truth is, it's just not getting updates these days.
02:44 So if you want to do async programming, you have to do async programming.
02:48 Sometimes it's hard to avoid it.
02:50 It's not supported.
02:51 It doesn't support types.
02:52 It doesn't do a lot of things.
02:53 And even though it's great and simple, it felt kind of like a bit of a liability to be having all of our code written on frameworks that don't really get updates.
03:03 So I rewrote Talk Python.
03:05 First, talkpython.fm.
03:07 Not the courses.
03:07 Not Python Bytes.
03:08 Just Talk Python.
03:09 Because it's a medium-sized level of complexity.
03:12 More complex than Python Bytes.
03:13 Way less complex than the course section e-commerce website.
03:17 Just to see how would that go.
03:19 Is this a good idea or a bad idea?
03:21 Turns out it's a pretty awesome idea.
03:23 So I rewrote Talk Python.
03:24 This is the topic.
03:25 In court.
03:26 And I wrote up a long post of my thoughts on it.
03:30 Why did I do this?
03:31 What did I consider?
03:32 A lot of people are like, why didn't you consider framework X?
03:34 You're crazy not to consider that.
03:36 I'm like, I did consider that.
03:37 And I wrote it down why I didn't end up picking it.
03:40 So if people are thinking about changing frameworks, here's a nice write-up of an example.
03:45 Even if you're thinking about async flask, aka court, for now, until those get merged, if they ever get merged.
03:51 It's really cool.
03:51 Like, for example, our database layer is Beanie, which is Pydantic plus MongoDB.
03:56 Super awesome.
03:57 It only supports async code.
03:59 That's it.
04:00 Pyramid only supported synchronous code.
04:02 So I had to write this janky translation layer that would curry every request over to an async thing, wait for its response, and then turn it back into async request.
04:11 There was, like, weirdness that was there, right?
04:14 And I'm just like, could I just not do this?
04:15 You know?
04:16 And so I went to solve that technical debt issue that's been dragging around for a long time.
04:21 Chose court.
04:22 So a few things.
04:23 First of all, what did I consider?
04:25 I considered FastAPI, Litestar, as in lightstar.dev, super cool framework.
04:30 If you wanted something like FastAPI but kind of batteries included, like Django, Litestar is the winner.
04:37 Litestar was really close.
04:38 FastAPI was a real contender.
04:40 Django, you always got to consider Django, but decided not to go with that.
04:43 Hugo, actually, I consider, like, what do you think, how much of our site do you think we could rewrite in just a static site generator like Hugo?
04:50 I think a lot of it.
04:51 Yeah, I was actually thinking about doing testing code over again in Hugo at some point.
04:56 Yeah.
04:56 By the way, this site that we're looking at here with the blog post, this is a sub-Hugo site within the court site in Talk Python, by the way.
05:04 Wow.
05:05 I think it's really great.
05:06 But there's certain things, like on Talk Python, there's a guest list, and there's all the episodes, and there's the analytics of who downloaded which episode, and then who sponsors those different episodes.
05:17 And there's ad dashboard.
05:18 There's, like, a bunch of stuff that's not real obvious when you're looking at it from the outside.
05:22 Oh, it's just like a blog kind of with attachment.
05:24 Like, it's actually way more complicated on the sort of iceberg part that people don't see, and I decided not to do that.
05:30 And, of course, Flask, which is interesting.
05:32 So, anyway, I think FastAPI is awesome, but it's really focused on APIs, though you can make it work for websites.
05:38 I don't think it's primarily the thing for websites, right?
05:41 One of my goals here, by the way, was I want a super popular framework.
05:45 I want one where if you say, hey, I wrote my website in this.
05:50 What framework did you choose?
05:51 There's a real good chance somebody says, me too.
05:53 You know, and Pyramid, just as much as I love it, didn't check that box these days.
05:57 And I also would have put Cord in that category, except for the fact that it's really maintained by the Flask people now.
06:04 Yes, exactly.
06:05 I almost didn't consider Cord at all, and I ended up going with it.
06:09 And that's because I talked to David Lord about how it's been brought into the same organization as Flask.
06:14 They're working, like, they're both contributing to both.
06:17 There's attempts to sort of bring Cord into Flask properly.
06:21 So maybe one day they'll go over.
06:23 And if I change my mind, literally all I have to do is find and replace lowercase Flask and uppercase Cort with uppercase Flask.
06:31 And it's back to Flask, right?
06:32 It's a very, very small tie-in.
06:34 You know what I mean?
06:35 So for that reason, I felt like Cort was worth consideration.
06:39 Okay.
06:39 So FastAPI, awesome, obviously, but too API-focused.
06:43 Same thing for Litestar, also not as that popular.
06:46 It's more popular than Pyramid, but it's not in the, of course you're using that.
06:51 Django is awesome.
06:52 I mean, it's actually, I learned by doing this research, going through the PSF, JetBrains, Python developer survey, that if you look at the most popular framework, Flask is to a decimal point more popular than Django.
07:04 But if you look at web developers who use a web framework, Django is more than twice as popular than Flask.
07:12 That's pretty interesting, right?
07:13 Yeah.
07:13 Yeah, so a lot of machine learning models or something running there.
07:16 Anyway, I go through why I'm not a huge fan of, didn't want to adopt.
07:20 Django, you can read that up if you care to.
07:22 I think Hugo's sites will be so neat.
07:24 They're like, they can't go down.
07:26 Technically, the data center can go down, but there's no runtime reason that a static site goes down, and that's pretty glorious.
07:32 So I did the upgrade in two steps.
07:35 I first said, let's go and rewrite everything in Cort, but just keep the synchronous code there.
07:42 Because one of the big challenges is to rewrite the entire stack to be async, right?
07:46 And so let's just get it running the way it is, but on the Cort framework, aka Flask, not Pyramid.
07:52 So that took about a day, maybe like a long day, 10 hour day or something, you know?
07:57 Got that bad boy knocked out.
07:59 And then, you know, that was 2,280 lines changed, 3,000 lines of code deleted for that part.
08:06 That is a good chunk.
08:07 And then I rewrote it in async.
08:10 After I got that all tested and deployed, like immediately, that's another 1,600 lines of code, 1,700 lines of code changed.
08:17 But yeah, awesome performance.
08:19 Okay, so about a day to convert to Cort, and then you went to async.
08:25 How long to do that?
08:27 I'd say maybe eight hours, a slightly, six hours, six to eight hours, let's say six hours.
08:31 Less than a hard day, like a regular day of work.
08:34 Not a, I'm done for the day.
08:37 But yeah, we're talking, you know, five times faster performance.
08:41 That's pretty, that's pretty awesome, actually.
08:43 That's pretty good.
08:44 Yeah, it's really, really nice.
08:45 And I was able to get rid of that.
08:47 And a lot of that, like half of that speed is from this, okay, you've got a request.
08:50 Send it over to some async background thread that can async run it.
08:54 Wait for the response.
08:55 Okay, I got the response stash.
08:56 Grab the response back and then send it back over to the sync reverse version to return.
09:01 Like all of that coordination added a lot.
09:04 Not a lot of CPU pounding overhead, but just delays here and there, you know what I mean?
09:09 Yeah.
09:09 Anyway, that's it.
09:11 And finally, if you have a whole bunch of different pages, you want to make sure they're not broken.
09:15 The way that I tested that most of it wasn't broken was I just went to the sitemap, which
09:20 has a thousand pages in it.
09:22 And I just wrote a Python program to just request every single URL in the sitemap and make sure
09:27 it didn't 404 or 500 or anything like that.
09:29 The all passed, push to production.
09:30 Let's go.
09:31 So did you already have a list of all the links or did you?
09:35 Yeah.
09:35 Because you generally want a sitemap for SEO and Google and Bing and all those things because
09:41 that's what they use to discover like how much of our site can we index and what might we
09:45 miss if you're not directly linking to it, but you want to make it known basically, right?
09:49 So over here in the sitemap, we've got like, you know, check out the scroll bar.
09:53 You can just grab all the links out of there.
09:55 Exactly.
09:55 So I take each one of those.
09:56 So here's the one catch.
09:58 One person ran into an issue.
10:01 Oh man, I missed that one.
10:02 And it's when you submit forms, right?
10:05 The page that is shown when something is processed and submitted.
10:09 I got one or two errors there.
10:10 One little admin thing that only affected me, but somebody signed up for the mailing list.
10:15 The mailing list has a page that's special if you sign up successfully.
10:17 So thanks.
10:18 And here's a few other things.
10:19 Somehow I forgot to check the result of that.
10:22 And there was some kind of bug in there that was easy to fix, but hard to discover.
10:26 Ooh, links not in the sitemap.
10:28 Yeah.
10:28 Yeah.
10:29 Or they might even be there, but you've got to do an HTTP post with data to discover them.
10:33 Not a get because get will show the form, but it won't process the form.
10:36 You know, that was what it was.
10:37 Okay.
10:38 I forgot to await something in the resulting post handler, basically, is what it was.
10:43 Oh, nice.
10:44 You have an interactive user base so they can let you know.
10:48 Exactly.
10:48 Century sent me a little message that said, you know what?
10:52 There's a crash.
10:54 Oh, okay.
10:55 Yeah.
10:56 Anyway, very cool.
10:56 So hopefully, you know, I kind of want an extra detail because, yeah, I think it's just on its own.
11:02 It's interesting, but I think more so the reason I wanted to cover this is I think it's relevant for other people who are like,
11:07 oh, you know, we are on, you know, cherry pie and maybe we shouldn't be anymore.
11:12 Maybe we should pick another one of the top three out of the list like Michael did.
11:16 And I don't know, I'm sure it'll help some people on this journey.
11:19 Yeah, cool.
11:20 Nice.
11:20 Thanks.
11:21 Well, I want to talk about PyPI a little bit.
11:23 PyPI now supports.
11:26 You want to make an attestation about it?
11:27 I don't even know what that word means.
11:29 But PyPI now supports digital attestation.
11:33 Yeah, okay.
11:36 What does that mean?
11:36 Well, I'm not sure what it really means, but it's a supply chain thing.
11:39 So PyPI package maintainers can now publish signed digital attestations when publishing.
11:46 In order to further increase trust in the supply chain security of their projects.
11:50 That sounds cool.
11:52 Additionally, there's a new API to new APIs available for consumers and installers to verify published attestations.
12:02 Oh, my God.
12:02 This sounds like a lot of work.
12:03 Fortunately, it's not.
12:06 So if you are a package, we're going to link to the Python package index blog.
12:14 And this is written by Dustin Ingram.
12:15 Talking about this, there's some discussion about why they didn't do signed identity key pair things.
12:26 But the gist is, if you're already using GitHub Actions and trusted publishing, and you're using the GitHub Action PyPI publish, a little hook thing for GitHub Actions, it'll just work for you.
12:41 You just need to make sure that there's a...
12:42 The version is, I think it's...
12:44 Well, there's another article that I looked at.
12:46 I think it's 11.
12:47 Let's peek over there.
12:48 So this other article, there's another article, PyPI introduces digital attestation to strengthen PyPI packaging security.
12:56 This is written by Sarah Gooding.
12:58 And the gist of it here is, oh, yeah, version 1.11.0 is the one that you need to use.
13:05 Now, what if you want to use something else?
13:07 If you don't use...
13:09 If you don't like GitHub Actions, you're using something else.
13:11 Well, there is plans for other trusted publisher environments are planned.
13:18 And then if you don't even want to do that, if you want to do it manually, it's not recommended, but you can do this manually.
13:25 So you're not locked into GitHub Actions.
13:28 It's just...
13:28 I think that was a reasonable choice for them to implement first.
13:32 You got to have...
13:33 One of them has to be first.
13:34 So that's what they did.
13:35 Like I said, there's another article by Sarah Gooding.
13:39 Also very good.
13:40 It also walks through what the...
13:42 What the...
13:43 The viewing the UI for the new API for viewing what the file looks like.
13:48 And the cool thing about this is, okay, this seems sort of technical and okay, like, you know, security on supply chains and all that.
13:55 Yeah, yeah, yeah.
13:56 But really, like, who cares?
13:58 Well, we all care, really.
14:00 But also, one of the things that I realized is there's links on PyPI for projects to say where the source code is.
14:08 But we just...
14:09 You just put that there.
14:10 It's not guaranteed to be linking.
14:12 Now, this is where the attestation makes it so that PyPI can verify that the object really is from the source code.
14:21 So there is...
14:22 You're not lying.
14:23 Like, there's nobody in the middle lying about it and publishing a package that it really isn't from that source code from something else.
14:30 And that's what we want.
14:31 We want our open source projects to be available, easy to install, but also that we can find the source code really readily available.
14:38 So that's what that's all about.
14:40 There's also a cool are we PEP 740 yet that just shows you different, some of the top packages.
14:47 Let's see, the 360 most downloaded packages and whether or not they're supported yet.
14:54 And this is pretty new.
14:55 So there's not that many supported already.
14:58 But Wheel is supported, for instance.
15:00 So you can check that out.
15:01 Yeah.
15:01 Pydantic.
15:02 Pydantic.
15:02 Good job.
15:03 Pydantic people.
15:04 Good job, Pydantic people.
15:05 Just had Samuel Colvin on the show, by the way, on Talk Python.
15:08 So people can hear from the Pydantic folks themselves very soon.
15:12 Yarl?
15:13 What's Yarl?
15:13 I got to check that out.
15:14 I've seen that in my dependencies.
15:16 I don't know what it is.
15:17 It's one of those things that comes along.
15:19 Something.
15:20 Yeah.
15:20 Something library.
15:21 Markdown library?
15:22 I don't know.
15:22 I have no idea.
15:23 I'm making this up.
15:24 And 360, because it's a wheel, there's like a visualization that is a wheel onto little
15:30 slices to show you which ones are there, which ones aren't.
15:33 Yeah.
15:34 Nice.
15:34 360 degrees.
15:36 That's pretty cool.
15:36 They picked 360.
15:37 It is.
15:38 All right.
15:38 A couple of comments.
15:39 Sean Tibor at there.
15:40 Hey, Sean.
15:40 Glad the cryptography package is there.
15:43 Do a test.
15:45 The tested status is for sure.
15:47 And Christian says, trusted publishing is great.
15:50 It's never been easier to publish on PyPI.
15:52 If you're using GitHub, that is.
15:54 Indeed.
15:54 And Brian, you said when I talked about UV build, UV publish last time, time before, whenever,
15:59 you said that you're not even doing that.
16:01 You just let GitHub do it.
16:02 Yeah.
16:03 Yeah.
16:03 How's that go?
16:03 How do you make that happen?
16:05 Well, we go through this thing, this, what do we call it?
16:10 The package.
16:11 Trusted package provider or something?
16:13 Yeah.
16:14 The trusted publishing.
16:15 There's a, there's, there's like a doc on how to do that.
16:19 Trusted publisher.
16:20 You have to have an API token.
16:22 You like link tokens between GitHub, your GitHub project and, and PyPI.
16:28 So they know about each other.
16:30 And then the, then kind of just add a GitHub action, PyPI publish step.
16:34 So nice.
16:35 I should set that up.
16:36 There's lots of ways to do it though.
16:38 Workflow wise.
16:39 I found personally that my, my favorite way is to, to do the publishing as part of the tag.
16:47 So I'll, I'll do another version.
16:51 That's just like, I'll, I'll publish to, I don't publish everything that I pushed up IPI,
16:55 but, but, or push to GitHub.
16:58 But when I push a, push a tag, then a build is done and the publish happens.
17:02 So it pushes off a tag.
17:05 So just tack it locally.
17:06 Push it and then magic.
17:07 Yeah.
17:07 Nice.
17:08 Awesome.
17:08 Yeah.
17:09 That's a good question though.
17:10 I think we might want to revisit that and, and put an article up, find an article on that
17:15 whole process.
17:15 Yeah.
17:16 Are you looking for a topic for a blog post?
17:18 You feel a little bit rusty.
17:21 I mean, that's what we got to talk about.
17:21 Are you feeling rusty with your blog?
17:23 Django's feeling rusty.
17:24 Django's feeling super.
17:26 I mean, a lot of Pythons feeling rusty.
17:28 That's what I was talking to Samuel Colvin about.
17:29 However, I want to highlight project that is very early in its life, but I think maybe deserves
17:35 some love, some attention anyway from Lily foot Django rusty templates.
17:41 So all of these web frameworks have some variation of templated programming.
17:45 So you've got your HTML and then you'll have some kind of expression, like loop over all of
17:50 my blog posts and like put out the title and the contents in this little wrapper deal or whatever.
17:56 Right.
17:57 They all have them.
17:57 They're all variations.
17:58 They're not as varied as you might imagine.
18:01 And I'm going to actually come back to this whole template thing at the end of the show
18:05 as well.
18:05 However, this one re-implements the Django templating one, right?
18:11 We've got Django, got Jinja, Mako, Chameleon, probably others.
18:16 There's that whole PEP 750 maybe that's bringing templating into the language itself, all this stuff.
18:22 Right.
18:22 So this one re-implements that Django variant of that in Rust with the goal of 100% compatibility
18:28 on output, not necessarily input or the way you program it, but output at least.
18:33 And then error reporting that is at least as good as Django.
18:36 And obviously, why would you do this if you weren't looking for improved performance over
18:41 Django's pure Python implementation?
18:43 These templates can be slow.
18:44 One of the things that can make your website literally suffer to startup if it's under heavy
18:50 load is to restart it and it has to reparse all the templates.
18:54 I go to the extent that I have an app that will see that I can run against the website and it will
19:01 request a representative subset of all the URLs to make sure that the template is loaded and parsed
19:08 because it's a difference of hundreds of milliseconds versus tens of milliseconds, right?
19:13 It could be up to one second to load the page the very first time it hits one of these complicated
19:17 things.
19:17 Yeah.
19:18 And you want your pages fast.
19:20 So when Google and other things hit it, they'll go, oh, that page is fast.
19:23 We'll put it a little higher in search, you know?
19:24 So anyway, this could be interesting.
19:26 So caveat for the world.
19:29 It is net ready for full release and therefore is not on PyPI yet.
19:33 You can check it out if you want to live dangerously or contribute.
19:36 Okay.
19:37 They should push it.
19:38 That's what XeroVerse for.
19:40 Exactly.
19:40 I was shipping stuff that was 0.02 on vacation.
19:45 Come on.
19:46 Yeah.
19:47 Come on.
19:48 Anyway.
19:48 No, that's fine.
19:50 People can do what they want, but.
19:51 Of course.
19:52 Sounds fine.
19:52 I guess it depends.
19:53 Do you feel like it's even anywhere close to potentially usable or is it just you're still
19:58 working on it before it even makes sense?
20:00 Yeah.
20:01 They want.
20:02 You don't want to be, you don't want a bunch of bugs saying this doesn't work yet.
20:05 I know.
20:06 And I said not to use it.
20:07 Yeah.
20:09 But also people, I think it's a cool idea.
20:12 And if you want to help out and help out.
20:14 Yeah, absolutely.
20:15 Nice.
20:16 Are we, I don't want to get too dry, but I want to talk about another pep.
20:21 So PEP it up.
20:22 Pep it up.
20:22 It's a PEP talk.
20:23 Pep talk.
20:25 So Brett Cannon announced.
20:27 So I, this is the first time I'd heard of this.
20:30 When did this post come out?
20:31 This is November 13th.
20:33 That PEP 639 is now supported by PyPI.
20:36 This pep, this is a PEP that lets you specify the license for your code using SPDX expressions.
20:43 Who can't get excited about SPDX expressions?
20:47 And it's easily, it's, and easily include all your licenses with your code.
20:52 Okay.
20:52 I have no idea what SPDX is, but let's jump in a little bit.
20:56 The why am I excited about this is because the last way to be able to do, specify your license
21:01 was you did a little license string thing to say MIT or whatever.
21:05 But then you had a link, maybe a link to license.txt file.
21:09 But there wasn't like, wasn't clear understanding what you should do.
21:13 But you really had to, in order to get the license to show up on PyPI, you had to have a
21:17 trove classifier.
21:19 And I'm not really a fan of trove classifiers.
21:21 I think they're weird.
21:22 So you don't have to do trove classifiers anymore.
21:26 So Brett linked to E Durbin's, or E's PEP 639 is now live.
21:33 So that's just the same thing, but I'll link to it anyway.
21:35 So let's look at this.
21:37 The cool thing about this, I think, is, like I said, you don't have to use the trove classifier
21:44 anymore.
21:45 I'm going to jump down to like, really, what does it look like?
21:48 So we have, there's reasons why and all that stuff.
21:51 But really, it was confusing before, and it's easier now.
21:54 So all you have to do is do something like you have license, a license field, and you can put
22:00 MIT or something.
22:01 So that's the, that's pretty easy.
22:03 And then, but there's like, and so if you have, you can do logic in here.
22:07 You can, if you've got multiple licenses in there.
22:09 And the other thing was projects really, a large project might have more than one license
22:14 because there might be, you may have vendored in part of the system that is, or part of another
22:20 library that is licensed under a different license.
22:23 What do you do there?
22:24 Well, that's one of the great things about this is that there's that logic in there, but you
22:28 can also do the license files key.
22:30 And the license files key is great because you can just, there's more than one.
22:34 You can have more than one and you specify where they all go.
22:37 And it's just a, it's just a list of strings with, with what are those wild cards and stuff
22:45 so that you can regular, with sort of regular expressions so that you can, you can find different
22:50 files through there.
22:51 And you can even have like, I like this version.
22:53 It's got a main license.txt at the top and then a licenses directory.
22:58 So you can have a directory full of licenses for sub components or something.
23:02 Wow.
23:02 It's like creating a list, a set of, set of arguments from a list.
23:07 So you say star args and it explodes it out into positional arguments.
23:10 It's like kind of like that, but for a Toml file.
23:12 That's wild.
23:13 Or is that a YAML?
23:14 I don't know.
23:14 I'm not.
23:15 Well, it's a, it's SPDX or whatever.
23:19 So this, this is a pretty exciting to me.
23:24 I asked Brett like, well, this is still, it's not like, it's not finalized.
23:28 I guess it's provisional.
23:30 PyPI supports it, but they say that it's going to be, they need, it's an implementation of the
23:37 PEP with, in two build backends.
23:39 I don't know what the two build backends.
23:41 That would be like hatchling or poetry or something like that.
23:45 I believe.
23:45 Oh, right.
23:46 Definitely hatchling would, or set up tools or something like that.
23:50 And an implementation, implementation of the PEP and PyPI, which is done.
23:54 So I'm pretty sure this is done.
23:56 Yeah.
23:56 And the first link that you clicked on the discuss, the discourse thread or whatever.
24:00 Yeah.
24:00 Yeah.
24:01 See that second thing?
24:02 Carolina Suma wrote the PDM backend supporting this since such and such version and hatchling
24:09 since another version.
24:10 I believe the conditions have been met.
24:11 Okay.
24:12 So I think this is going to be changed from provisional to something else.
24:16 Hopefully.
24:17 Whatever comes after provisional.
24:19 Probably accepted or whatever.
24:20 Probably accepted.
24:21 Hey, I just want to make a little to Philip and crew in Carolina as well.
24:27 Just, you know, the file that you create for this is license underscore file.
24:32 No extension.
24:33 Think of an extension, please.
24:35 So we can have a default.
24:36 So you can double click it and open it.
24:38 Rather than have to figure out an editor, go into it, drag it into it.
24:41 Right.
24:41 Because without an extension, you can't set a default editor to edit the license file in
24:45 Mac or Windows at least.
24:46 Oh, like say license.txt or something?
24:49 Yeah.
24:49 Or MD or YAML or TOML.
24:51 Or I would say YAML or TOML probably makes the most sense if it has that structure.
24:55 Because then the editors, if you open it in PyTron or VS Code, they'll apply linting to
25:00 it based on the format.
25:02 Whereas right now, it's like, well, whatever.
25:04 Good luck with that.
25:05 Right?
25:05 It's just text.
25:06 Well, so this, like this, these changes that I'm showing are, they're not, they're like YAML
25:11 or TOML or something like that because they're part of the PyProject.toml file.
25:14 Oh, are they?
25:15 Well, somewhere it talked about the license key file or the, yeah, right.
25:19 And there's a license underscore, right there.
25:21 Go back up.
25:22 Stop.
25:23 license dash files.
25:25 Oh, that's just the key in the file.
25:26 That's not actually a file.
25:27 Okay.
25:27 Then I don't know what I'm talking about.
25:29 Forget that.
25:30 That's the key.
25:31 And so I think that they're usually.
25:33 No, it's fine.
25:34 It'll be picked up by PyProject.toml.
25:36 Yeah.
25:37 But I usually, I used to just have it be raw, but I like the idea of doing a .text file.
25:43 Yeah.
25:44 Anyway.
25:44 Something that applies, that makes the tool apply the linting to it if it's reasonable,
25:49 that would already know how to do that.
25:50 Yeah.
25:51 Do it like a, like a Word doc.
25:53 As.
25:53 Come on.
25:56 I'll have an Excel.
25:57 Come on.
25:57 And not like a doc X.
25:58 Do it, do it like, you know, from like 1995.
26:01 Straight doc.
26:02 Let's go.
26:03 Okay.
26:03 Anyway.
26:04 I think that's where those are items.
26:06 Those are.
26:07 Okay.
26:07 Well, do you have any extras?
26:10 I have a couple of quick ones here.
26:11 I'll go through for us.
26:12 I'll let you do yours.
26:13 Really quickly.
26:14 Python 314.
26:15 Alva 2 was released last week, just after we did our show last week.
26:20 So kind of the most recent one we could talk about, I believe.
26:22 Anyway, it continues on with its PEP 649 deferred evaluation annotation of annotations on Python
26:30 configuration C API and no longer having PGP signatures and improved error messages, among
26:37 other things.
26:37 So check it out if you're interested in that.
26:39 You want to test against it.
26:41 Remember, there will be seven.
26:42 So it's pretty early in there.
26:43 But, you know, you'll be able to influence the direction if you so want.
26:46 Blue sky.
26:47 Brian, we have personalities.
26:48 Python personalities are invading blue sky.
26:51 And I would say I'm really happy with the engagement and how much people are participating
26:56 over there and all those kinds of things.
26:58 It seems really, really great.
26:59 Right?
27:00 Yeah.
27:00 Yeah.
27:01 So we have links for all of our accounts on blue sky over there.
27:04 But the thing I want to highlight is I created a starter pack.
27:07 And I think these starter packs are actually one of the magic growth hacks of blue sky.
27:12 And also a good way for people to get started.
27:14 So here's the common social problem, social network problem is you join and it's crickets.
27:20 And then you follow stuff that you don't care about because it's like you've got no followers.
27:23 So here's a bunch of horrible stuff that you don't want to see.
27:26 Oh, great.
27:26 People ranting about this or that.
27:29 I want none of this.
27:29 I want to just get back to my communities that I care about.
27:32 So for each community, you can create people can create what are called starter packs,
27:36 which is like up to 250 people.
27:38 You can just click one button and say, boom, I'm going to follow those people.
27:41 It's a quick jumpstart.
27:42 So I created a Python personality one.
27:44 I don't know.
27:45 I think it has 60 people, maybe more.
27:46 I'm not sure.
27:47 I'll be able to show you in a second.
27:48 But it's, you know, it's got whoever created it.
27:50 And then it's got who you put like Nina Zakarenko, Dr. Becky, Chris Williams, Cecil Phillips,
27:55 Savannah, Simon Wilson, Peter Wang, and so on.
27:58 So you're in here somewhere, Brian.
27:59 Brett Cannon, who were just covering his article and his PEP and so on.
28:03 See, there you are.
28:04 And so I just want to encourage people, hey, go find some of these starter packs.
28:08 Consider mine.
28:08 Give it a click and so on.
28:10 And how do you do that?
28:11 Well, Will McGugan pointed out that there's this blueskydirectory.com that has all the starter
28:17 packs.
28:17 And you can search for like Python starter packs or motorcycling starter packs or skating
28:22 or whatever you're into.
28:23 So you've got, I don't know who these people are.
28:25 There's some people who created some.
28:26 Like down here a little bit further, you can see like here's the one I created and different
28:31 folks.
28:31 Python core team by Hugo, I believe that is.
28:34 So on, right?
28:35 So there are actually 572 starter packs.
28:37 But I suspect a lot of overlap intersection here.
28:40 Yeah.
28:40 And one of the things I appreciate about checking these out is, is being able to like that.
28:46 Some people are keeping me like keeping these up a little bit, which I appreciate.
28:50 Like Luciano.
28:51 Wait, no, it wasn't Luciano.
28:53 It was, oh, Reuven Lerner has one also that he's trying to keep up.
28:57 And, and I, because I've been on Blue Sky for a while.
29:01 So I like went out and looked for Python people early on and there's a ton of Python people
29:05 jumping on the bandwagon right now.
29:07 Right.
29:07 And just yesterday, a bunch joined, you know?
29:09 Yeah.
29:10 So, so it's good to, to look like I was just looking through your list and there was probably
29:13 five or 10 that I hadn't, that I hadn't followed yet.
29:16 And there are people I want to follow.
29:18 So.
29:18 Yeah.
29:19 And I just added somebody two hours ago to it.
29:22 So it's, it's being maintained to the limit till it hits this limit.
29:26 Then I have to start to make tough decisions.
29:27 If, if someone ejects someone else, I don't really want to do that.
29:30 But right now there's 61 people in mind and this directory thing shows you how big the
29:34 list is.
29:34 Care about that.
29:35 All right.
29:36 Part, another really quick thing.
29:39 No, I'm going to save this one until next time.
29:41 Just for, for sake of time, we'll cover that one next, next week.
29:44 All right.
29:45 Well, I've got a few extras.
29:46 I didn't cover this because I didn't really, I don't know if I'm smart enough to cover this,
29:52 but I'll link to it anyway.
29:54 There's a article from Armin Roeniker titled playground wisdom threads, beat async and await.
30:02 And he's not really talking about Python threads.
30:04 He's really talking about, or, or Python async and await.
30:08 I think he is, but also just in general, like programming languages, thinking about threads
30:14 versus thinking about async and await.
30:16 And, and it's just an interesting read in a good article talking about how like we should
30:22 really be making concert concurrency really easy to the point where we don't actually talk
30:27 about concurrency.
30:28 It just works.
30:29 And that seems ludicrous in some respects, if you're used to a low level language, but
30:34 they, his example at the top just sort of like blew me away in thought process of thinking
30:40 about, about the, the scratch programming language for kids.
30:44 And if you, if you have like, he has an example of like a, a cat and a mouse sprite having code
30:51 that like just, you know, moves 200 times while, or like wild, while mouse X is less than
30:58 200 update the X position by five and sleep for 10 seconds.
31:03 And then do that or do that for a cat also.
31:06 So you got a cat and a mouse chasing each other.
31:07 and the question is really, do those run at the same time or one after another?
31:13 And in scratch, it just is each of these are, are their own thread, their own thing that's
31:18 running.
31:19 And there's no async and await here.
31:21 It just is there.
31:22 And, and I'm not saying that we should all go out and write our frameworks in scratch.
31:25 Now.
31:26 I'm saying it's, it's an interesting idea to, to, to realize that it can be made easy.
31:31 and I, I both agree and disagree in interesting ways here.
31:37 So I, I really like what Armin's been doing on his blog lately.
31:40 He's been writing some very thoughtful posts and has me shaking my head in agreement a lot.
31:45 So well done Armin.
31:46 However, I think some of the pushback, I have not read this.
31:51 So it's so easy on me, but I'd like to read it.
31:53 It's on my reading list.
31:54 But I think part of the pushback of, ah, async's having a bit of a, it's just not quite is I
32:00 think there's foundations of async that have not been built yet.
32:02 That should be built.
32:04 Like for example.
32:05 so you're this example here, create a function called move mouse, create a function called
32:09 move cat.
32:10 If this was async and this was C# and you called run, you wrote, you wrote that
32:15 code in C#, but the word async was applied to the functions.
32:17 Basically it would just run like it is like there's nothing left to do.
32:21 And async and await handles that.
32:22 But Python doesn't have the concept of a background management thing that runs all the async stuff
32:29 and keeps it going.
32:29 Right.
32:30 You've got to go to the loop and say, Hey loop, here's another thing to run.
32:33 Start this, please.
32:34 Whereas in a lot of other languages, you, the act of calling an async function coordinates
32:39 behind the scenes in ways you don't have to think about that.
32:41 Start and run that you're given a task of a, object of a running task that's already
32:47 been handled in something you pre-configured.
32:49 Whereas in Python, you're like, I know you think you ran it because it has parentheses like
32:53 a function, but now you've got to go find a place to actually run it.
32:56 And a lot of that, that finding the place is always janky.
32:59 It's like, Oh, asyncio dot get, get event loop exception.
33:03 No event loop.
33:03 Darn it.
33:04 I'll create one some other time.
33:05 Create event loop exception.
33:07 There's already event loop.
33:08 It's like, why, what is going on here?
33:10 Why am I always battling this?
33:12 Or I, there is a loop, but it's, I need to get to it from another thread and it's thread
33:16 local.
33:16 And I, I, how do I connect these two things through variables?
33:20 And I want to use globals.
33:21 Like there's just all this stuff that makes it tricky.
33:24 Whereas there could be a little infrastructure behind the scenes that just, I don't know if it's
33:28 just, I don't know if it might be, it's too late, which would be super unfortunate, but
33:31 it could be.
33:32 I think it can be built on top of it.
33:34 Yeah.
33:34 Maybe.
33:35 Maybe.
33:35 Anyway, I think that that is part of the problem is the challenge is like, it's, it's your job
33:41 to connect the pieces of the plumbing more than it should be.
33:44 That's what I think.
33:46 I've also used, so I've used a, this is in C++, but a concurrency framework that had,
33:53 the default is easy.
33:54 Like the, the generic, the, the, there is a general thread pool that it's easy to use,
34:01 easy to add things to.
34:02 It's just sort of happens.
34:03 And then there's, and then there's, if you want like a separate thread pool, that's
34:09 just managed separately.
34:10 There's more, more who can go and create it and put it in sort of connecting pieces.
34:14 Yeah.
34:15 So I think that's awesome.
34:16 Right.
34:16 Rather than you always have to do the hard way.
34:19 Yeah.
34:19 Yeah.
34:20 We need a, at least in for simpler cases, there is an easy way that exists.
34:25 And anyway, but I'm also kind of talking out of my hat because I haven't run, I haven't
34:29 written a lot of async Python yet.
34:31 Yeah.
34:32 I'll give you a really, really, really quickly to wrap the show up.
34:35 But in court, you've got, there's an async event loop managed by the web framework, or
34:42 maybe it's even managed by the, the app server that then starts the framework.
34:46 But there's a dedicated asyncio event loop for processing requests.
34:49 It doesn't exist until after all of your startup code is done.
34:54 And so if you have any async code to call before you're actually, you're, you're just like
34:59 everything set up, all of the things have been populated, run the start processing requests.
35:04 You basically almost can't do it.
35:06 If like, for example, so for the eight, for Beanie, you have to say, initialize the database
35:12 and get all the connections and stuff going.
35:14 So if you write code to do that and then try to use it in the, in a web view, in a web
35:19 request, it'll crash and say wrong event loop.
35:22 It was initialized on this event loop, but it's running on the court event loop.
35:26 And you're like, well, but how do I start it?
35:28 How do I ask a database question before the web request to start it?
35:33 You know, like I, maybe I want to do something different if the database is initialized or
35:37 not.
35:37 Or I, I want to, I don't know.
35:38 It's just like, there's all this juggling and there are mechanisms to say, okay, well,
35:42 like you can have some startup code run in a different time, but it's just, it's just
35:46 hard.
35:47 Yeah.
35:47 Anyway, I hope I keep harping on this.
35:49 I'm hoping someone will go like, okay, we're at the core developer language summit.
35:53 Can we simplify?
35:54 Okay.
35:55 Please.
35:55 Okay.
35:56 And then I got a few more, but I'll do them quick.
35:58 The, the Python test community is now on discord that the, the, the launch happened in a couple
36:06 of days last, last week.
36:08 And it's going well.
36:09 We've got like 89 people in there so far.
36:12 If you'd like to be a part of it and you're not already, if you, if you're part of the
36:15 community, you got, would have gotten an email.
36:17 If you want to be part of the community and you didn't get the email or you haven't bought
36:22 one of my stuff things before you can head over to courses.pythontest.com.
36:26 And you don't even need one of the courses.
36:27 You can just grab the discord community.
36:30 One it's there and it's on sale.
36:32 It and everything else on the site is on a, on a black Friday sale, 20% off using Turkey
36:38 sale 2024.
36:39 And that's just right on the side.
36:41 I'm posting that.
36:42 It's not a secret.
36:42 However, there is a secret on the book.
36:44 So Python testing with pytest is a 40% off right now.
36:49 And you, you just need to use the black Friday code, which is also the same code Turkey sale
36:55 2020.
36:55 I just wanted to be easy for people to remember.
36:58 So learn pytest easily through sales.
37:02 Test your thing.
37:03 Yeah.
37:04 Enjoy the turkeys.
37:05 Yeah.
37:05 And I'm, I'm having fun with discord.
37:07 I've had to have had to embrace the, the dancing logos and stuff.
37:11 And I, I know you can turn them off, but I'm actually realizing that I kind of like them
37:16 now.
37:17 These little doohickey things.
37:18 Yeah.
37:18 It's fun.
37:19 The little giffies or whatever.
37:20 Very funny.
37:21 Yeah.
37:21 Talk Python is going to also have a black Friday sale.
37:23 I don't have it launched yet, but that is my goal for the day.
37:27 So I'll put it in the show notes.
37:29 People can check it out.
37:30 I don't, I'm not a hundred percent on the final, final details, but I'm finalizing that today.
37:34 I can't believe November's almost over.
37:35 What even?
37:36 Exactly.
37:37 This is my problem.
37:38 I do not accept that November is almost over, but Hey, it's, it's one, one month less of
37:45 rain for us.
37:46 We're closer to sun again.
37:47 So let's go.
37:47 Yeah.
37:48 All right.
37:48 Are you ready for a joke?
37:49 Yeah.
37:49 So this joke, just everyone, Brian has not seen or heard this.
37:54 This joke.
37:55 Remember we had the AI, the sad girls, AI sing song, sing the MIT license terms.
38:01 Yeah.
38:02 This is like this, but this is a heavy metal rock band singing the verbose output of a curl
38:10 command.
38:10 So if you say curl dash V for verbose, HTPS, Google.com, there's a whole bunch of stuff that
38:17 comes out, a bunch of tech things.
38:18 So we're going to have a heavy metal jam session of this.
38:20 And I want to point out one of your volume is high.
38:23 Turn it down to, if you really hate heavy metal, hard rock, just go ahead and stop here.
38:28 There's, we're not covering anything else.
38:29 I don't want to use it.
38:31 Seriously.
38:31 This is kind of like some intense rock, but it's also pretty funny.
38:34 And I would also like to add on the videos on YouTube, the video I'm linking to the, there's
38:39 a comment that says, hi, I'm the creator of curl.
38:41 And I wholeheartedly endorse this amazing, this masterpiece.
38:46 With that said, if you hate, if you hate hard rock, you're not going to love it.
38:49 So just go ahead and skip ahead.
38:51 Everyone.
38:51 Here we go.
39:14 DLS 1.3 in DLS Handshake Certificate DLS 1.3 in DLS Handshake Certify DLS 1.3 in DLS Handshake Sinist DLS 1.3 out DLS 800 take cyphers back DLS 1.3 out DLS Handshake Sinist
39:37 Well there you have it folks the actual real song is at three and a half minutes and I couldn't I
39:48 couldn't do it I couldn't play the whole thing for you so it's a taster hit the full show um I love it
39:53 DLS Handshake hello nice all right everyone Brian see ya