Python Bytes - #113 Python Lands on the Windows 10 App Store
Episode Date: January 18, 2019Topics covered in this episode: [play:1:01] Advent of Code 2018 Solutions [play:2:37] Python Lands on the Windows 10 App Store [play:7:06] How I Built A Python Web Framework And Became An Open Sour...ce Maintainer [play:11:46]* Python maintainability score via* Wily [play:13:03] A couple fun awesome lists [play:16:32] fastlogging Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/113
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 113, recorded January 16th, 2019.
I'm Michael Kennedy.
And I'm Brian Harkin.
And this episode is brought to you by DigitalOcean.
Check them out at pythonbytes.fm slash DigitalOcean.
Get $100 free credit for new users.
Brian, how you been?
I am great.
Nice, me too.
Cold though.
Yeah, I don't know what happened.
It's like winter, mid-January. I guess it's supposed to be cold. But yeah, it's cold. Nice. Me too. Cold though. Yeah. I don't know what happened. It's like winter, mid-January.
I guess it's supposed to be cold.
But yeah, it's cold.
Maybe.
My daughter said this morning, like, when are we going to get snow?
And I said, well, I hope never because I don't have snow tires yet.
I just bought snow tires for my car so I can drive up to the mountains and go skiing real easy.
So I'm ready.
It can snow whenever.
But yeah, if it's not going to snow, let it be a little warm.
So speaking of wintry type things, advent calendars, those are a type of things that
folks use a lot in December, right?
Yeah.
And actually, this last December, I totally meant to do the advent of code thing, but
I didn't.
And also, one of the things I'm doing this upcoming year is I'm trying to, I read a great
article about practicing programming. I want to try to incorporate more practice outside of just doing my own work at work,
but practicing extra things.
And there's challenges and code things and little snippets and everything,
but sometimes I just want like 20 minutes of reading something.
And this is great.
So I ran across this.
It's from Michael Fogelelman it's the advent of
code 2018 solutions and it's uh pretty much he just talks through all the different he went
through all of the the advent of code for 2018 and then he solved them in python and a lot of people
have posted their solutions on github this is a nice write-up that he has to describe how he solved
them and there's some nice code comments. It's really put together well.
Yeah, I like it. You just sort of cruise through and see the problem, see the solution,
see what you think. I find looking at other people's solutions of fairly simple programs,
especially compared to your own, it's a pretty interesting experience. Like,
oh yeah, I totally solved this. And then you look you look like oh wait they did that in two lines and mine took 10 or why did they do it that way versus this it's
pretty cool yeah looking over reading code is one of the ways to get better so it's a good way to
practice is reading other people's code yeah and it's not like read the django source code or read
the request source code and it's like a huge undertaking right these are 10 20 25 lines of
code yeah yep definitely so i dropped this in because i think i'm going to start trying to
incorporate let's sprinkle in some reading reading of these into with my daily practice yeah i think
that's a good idea do you know what the most popular platform that python runs on is brian
probably max a lot of mac a lot of mac laptops a lot of stickers on them that's what
you'd believe if you were at a conference like pycon or something everyone's running around with
their apple logos glowing or sadly no longer glowing on the new max but nonetheless it feels
like when you're in those environments it's mostly mac and some linux and obviously server-side linux
but really a lot of the surveys say most of the
users by a pretty wide margin are actually on Windows. So we're talking students, we're talking
corporate environments, a lot of folks who don't show up necessarily carrying those around at
conferences, but that's where it is, right? Yeah. So the big news is that the PSF broadly,
and specifically Steve Dower, one of the core devs,
who works at Microsoft,
has released Python 3.7 as an official app on the Windows 10 store.
Nice.
So there's all sorts of stuff that is really awesome from that.
So that means you can just go to your Windows store
and search for python and say yeah
i want that you can actually already do that for like ubuntu subsystems and stuff so you can do
that for linux distribution surprisingly and run those as like subsystems and windows but not python
and some of the stuff that's really cool is it automatically takes care of a couple of problems
that were incompatibilities between Windows
and the other operating systems.
So for example, Python 3 is a command
in the Windows 10 App Store version,
but not the one you actually install separately.
So now if you see instructions like type Python 3,
this, that, like that now works on Windows too also.
That's nice.
Yeah, so it's a little more similar.
It automatically puts that stuff in
the path i believe the place where you pip install stuff no longer requires admin access to do it
because it's under your user profile as part of the store stuff so a whole bunch of good things
have you talked to anybody to find out when we're going to get to the point where the default python
is going to be python 3 anyway that would be sweet sweet, wouldn't it? You know, all the stuff I've seen about it is like,
it would be great, but it would also cause a lot of problems.
We saw that Red Hat Enterprise Linux
is actually moving away from having a Python command at all.
So now it's either Python 3 or Python 2,
and you have to be super explicit everywhere.
So I would love to see that, but I don't see it.
On my systems, Python means Python 3,
because I've changed the path around so that works that way,
but not everywhere, you know?
Yeah, you recently talked about this
and a lot of other things on TalkPython, right?
Yeah, I had Steve Dower come over onto TalkPython
and talk about his retrospective of Python's journey at Microsoft,
which is actually really interesting.
It sort of matches the open source journey
from a very closed source company to way more open source.
And there's a lot of cool stuff going on there.
They have a ton of core developers working at Microsoft, actually.
It's pretty neat.
Yeah, that was a really interesting conversation.
Yeah, thanks.
So there is one limitation on the Windows Store version of Python
that maybe is worth throwing out there while we're talking about it is they don't have full write access to shared locations.
Like, for example, the registry or SQL and backslash program files or stuff like that.
Right.
So it's kind of only has access to your user profile stuff, whatever you can do without raising your permissions at UAC stuff.
So that's a limitation that you may run into
because the Windows Store apps are more locked down than regular apps.
But still, I think this is super cool.
You can go and just say, hey, you don't need to be an admin.
You just go to your Windows Store, you click this little button,
and you also have Python 3 as a command.
It's quite nice.
Can you write stuff that's outside of your little environment?
Not write stuff, but read it.
Yeah, I'm pretty sure you can.
Like you could read the registry, would think things like that whatever you would be able
to do without that little this program would like to use admin rights yes no dialogue pop-up i
suspect you'll be able to do yeah i think that's a good idea anyway so it's going to be in the app
store yeah exactly so you know i would actually love to see that on mac os right if python 3 was
an option on macOS,
because the auto-updating feature is pretty cool.
Like, you just wake up one day, and boom, you have the next version of Python.
Of course, that could cause its own problems, but it wouldn't be bad.
Python 5? What's that?
Oh, my goodness.
It's amazing, and nothing works anymore.
What happened?
No, that's pretty cool, though.
I'm happy to see it getting some serious attention over there.
Yeah.
Definitely.
All right, well, what's next? There's a project so new that came in in November this last year But that's pretty cool, though. I'm happy to see it getting some serious attention over there. Yeah. Definitely.
All right.
What's next?
There's a project so new that it came in in November this last year.
It's a project called Bocadillo.
Yeah, that's how I would say it as well.
Yeah.
Bocadillo.
Yeah.
Yeah, I think so. The tagline is a modern Python web framework filled with asynchronous Salsa.
But I'm not really going to talk about that.
I'm going to talk about an article that the maintainer, it's Flormund Manka, wrote an article called How I Built a Python Web Framework
and Became an Open Source Maintainer. And it's this really fascinating article talking about
pretty much what he went through. He knew that there were a lot of other web frameworks already,
but he built this to try to learn the internals of how to build a web framework and then just did it in the open. But there's some really great advice. One of the
things he credits from somebody else called Funky Bob is reinventing the wheel is an awesome way to
learn. And sometimes what you learn is just how much are your existing frameworks are doing for
you. I thought that was cool. That is very cool. This thing went from like just inception to building it to putting up docs and getting extra maintainers in like the course of
a month in November. And now it's still going, but there's like one of the discussions in the
article is talking about how he tried to put as much in the readme as possible right off the bat,
like a change log and contributing guidelines and how to work it and everything much in the readme as possible right off the bat like a change log and contributing
guidelines and and how to work it and everything but the readme got huge so he um that migrated to
a github pages static site generator doc site and then also one of the things is um he had all of
his to-do items of what he wanted to work on next in a Trello doc in Trello, but nobody else can see that.
So he moved Trello issues to GitHub issues.
And this process of trying to do a new project in a way that is open and encouraging other people to help out.
And then at the end of the article, it goes through, I'm not going to go through all of these,
but there's a whole bunch of tips on what to do with the project to make it encourage other people to get involved. And
this is like a goldmine of information for people wanting to start an open source project.
Yeah. If you're thinking about an open source project or how to make it grow,
there's, you're right. There is an incredible amount of tips. I mean,
there's probably 45 specific things like this helps, this helps, this helps, right?
So that's really awesome.
Yeah.
If all this information at the bottom, he could have written a book on this and maybe he will.
Yeah, maybe he will.
But thanks, Flormund, for putting this together.
Yeah, it looks great.
And the framework looks pretty nice as well.
I like it.
I feel like a lot of these web frameworks are like slight derivatives of the Flask API.
They seem to all be centering around Flask for some reason.
But Flask is pretty good, so that's cool.
Speaking of cool, I heard Kubernetes is cool.
Kelsey Hightower told us it was.
It definitely showed us a cool demo at PyCon.
Yeah, I believe anything Kelsey says.
Yeah, for sure.
So Kubernetes is a way to basically orchestrate containers, right?
Often you don't want to just run one container.
You want to run multiple ones, one with a database,
a couple of web run-ins, things like that.
And it's a really nice way to do zero downtime deployment
on top of that and so on.
So DigitalOcean, who's sponsoring the show, of course,
has just officially publicly released, no longer preview status, their DigitalOcean Kubernetes service.
So it's like a managed service and you can basically sign up for it and configure a Kubernetes cluster in a couple of seconds and provision it and log in within a couple of minutes.
So it's super easy to scale. You take inbound traffic
and just access your data over block storage,
pass it through your load balancers.
It's all great.
So they also say they saw a 2.4 times,
not percent, times better price to performance
compared to other providers.
So I can definitely believe that DigitalOcean is awesome.
So anyway, if you're thinking about this,
check them out at pythonbytes.fm slash DigitalOcean.
Get $100 free credit from your users
and try your hand at some Kubernetes clusters.
Nice.
Yeah, indeed.
You could even probably serve up Bocadillo on Kubernetes.
That'd be fun.
Yeah.
Cool.
Well, one thing that we talked about recently,
and so this is a little bit of a follow up is the maintainability score would you remember what we were talking about with the
maintainability score it was like a sub idea of something that we were covering recently i totally
remember but i don't remember the main topic i don't it's always so many things we cover every
week but yeah it's one of the projects and was like hey this has a maintainability score of a
and we're like wait where did you get that score so front of the show and was like, hey, this has a maintainability score of A. And we're like, wait, where did you get that score?
So a friend of the show, Anthony Shaw, sent over, you know, he's done this project called Wiley.
Did you guys talk about it on your show?
We talked about it briefly, yeah.
Yeah.
So Wiley is a Python app for tracking and reporting on timing and complexity and tests and things like that. So what you can do is you can point this at your project and tell it to analyze it and then generate a bunch of reports. And it has two types
of reports that are relevant to this maintainability index. It has just a number, like a percentage,
and I think higher is better there. And also as a rank from like A to F, like a grade score on it.
So you can run this against your code and ask it,
and you can even graph that kind of stuff over time.
So it's getting, on the reports, it'll say,
ah, it's lost some maintainability,
or it's gained some maintainability,
which I thought was pretty cool.
Yeah, that is cool.
Yeah.
So check out Anthony's project.
I'll link to it, of course, in the show notes.
And you can see how well or not well Wiley thinks your app is doing.
Even has a GitHub pre-commit hook, as all the cool things do these days.
Yeah, that's a fairly new project, too.
Wiley's only been around for a couple, two, three months or something.
Yeah, absolutely.
It's pretty new.
Would you say it's awesome?
I would say it's awesome.
I think so, yeah.
What else is awesome?
I kind of like the awesome lists.
So awesome lists.
So awesome lists, if you're not familiar with them,
they're usually on GitHub, but they're basically,
the readme is filled with links to a whole bunch of other projects of a particular type.
There's two awesome lists that I came across recently.
One of them is awesome Python security resources,
and the other one is Awesome Flake 8 Extensions.
So as far as security resources, it covers tools and education resources and then a couple companies also.
The very first one that it has listed here is secure.py, which we talked about just I think last week or just recently.
Yeah, and I think we've talked about Bandit also for static analysis.
Yeah.
Some of these we've talked about Bandit also for static analysis. Yeah. Some of these we've talked about.
And then I really liked that it also included some education resources
if you want to learn more about security for your software.
So this is a nice place to go for security stuff.
And then I like Flake 8 anyway just as a tool by itself for static code analysis.
But I like that it has a plug-in system with it.
And so there's lots of different extensions to Flake 8.
So, Brian, for the couple of folks out there
who don't know what Flake 8 is,
give them a quick elevator pitch.
I don't know the elevator pitch.
It's not PEP 8 anymore.
It's like PyCode style or something like that.
Yeah, it's basically the formatting conventions
of the language, right?
Yeah.
Flake 8 itself runs the checks for those, but it, and I think the 8 is because it checks
a whole bunch of other things.
What it does cyclical, some complexity algorithm and gosh, you're putting me on the spot here,
man.
No, no, that's close enough though.
But so basically it analyzes the quality of your code, right?
But it only does so much. It's definitely a static analysis. It's just looking at it just
without running it. So you found a couple of plugins for it? Yeah, the extensions,
there's a whole bunch of them. There's some security ones that actually overlap. The other,
the security resources in the previous list, you can run them from Flake 8. So like the static analysis
that's available for security, like Bandit, I think there's a Flake 8 Bandit.
There's also a couple of my favorites are, this is interesting,
there's a Flake 8 PyTest extension that I want to try this.
It doesn't actually run your PyTest. What it does is it checks to make sure that
you've got PyTest-style assertions.
So one of the benefits of PyTest is just regular assertions
and not like the unit test stuff.
If you've converted from unit test to PyTest,
you might still have some of those other assertions laying around,
and this one will try to get rid of those.
Yeah, one that pops out to me is like flake8-docstrings,
which actually checks the doc string code for you, which is pretty awesome.
Validates this restructured text of your documentation.
That's sweet.
Oh, that's nice.
Yeah.
Yeah.
And there's just so many in here.
Yeah.
And there was, I didn't write this one down.
There was one that like checks for, it checks to make sure that you're not mocking things that didn't exist.
So the point of mock is to fake out existing functionality so that you do something different.
One of the things that you can muck up with is you can be mocking the wrong function name,
and it'll work just fine in your tests.
Your code won't run.
This plugin will check to make sure that you're mocking
real existing methods and not made-up methods.
Yeah, cool.
Well, these are great.
These are awesome finds, right?
Yeah.
Another thing that's awesome is logging.
So remember a couple weeks ago we talked about LogGuru?
Yeah.
LogGuru?
LogGuru?
Wait a minute.
We'll just try all the variations until one of them hits, I'm guessing.
And of course, just kind of...
It rhymes with kangaroo.
It does.
And so just like when we talked about GUI frameworks,
we're like, oh, here's like a couple of them.
And then just people are like,
oh, and did you know?
Did you know?
So here's another really cool logging framework
that Robert Young sent over to us to say,
oh, you talked about LogGUI.
You should definitely check this out.
So this is called Fast Logging.
So Fast Logging is a replacement
for the standard login module,
and it's mostly compatible, which is pretty cool.
But would you guess from the name that it's faster?
I should hope so.
So basically the point is,
logging can be kind of slow, it turns out,
in the standard login module.
But this one is faster, and not just like 20% faster.
It's like five times faster
for a regular file.
And if you're doing rotating log files,
it's actually about 13 times faster.
So if you're doing a lot of logging
and it's turning basically the login
and slowing down your app,
think about fast logging.
Yeah, nice.
Yeah, it has a bunch of cool features.
So like if you install Colorama,
which is a great color way to do output on the
console it'll actually do colored logging when it's logging to print you know standard out
you can set the maximum file size and rotating a lot of options on the rotating stuff it'll also
like log guru compress the older file older log files which can be 10x or more savings like those log
files compressed really really well you can do like only log every so often based on domains
different files like all sorts of stuff you get callbacks one thing that's kind of cool is it'll
do uh logging on background threads per file which is pretty cool if you configure it so
if you're like i want to log this stuff but I know that might slow down my app and I don't want any slowdown.
So this will basically push it off to a background thread,
which will eventually pick it up and write it.
So you can keep stuff flowing right along,
maybe in a web request or something like that.
It's pretty cool.
Yeah, very nice.
Yeah, so thanks, Robert, for sending that in.
That's a good one.
Brian, that's it for our official items. Got anything else? I actually don't. Not right now. All right, right on. Yeah, so thanks, Robert, for sending that in. That's a good one. Brian, that's it for our official items.
Got anything else?
I actually don't.
Not right now.
Nope.
All right, right on.
How about you?
Well, I have two things that I'd like to just throw out there really quick.
First of all, I'm doing a live webcast, but it'll also be recorded,
over on January 24th at 11 a.m. Pacific time.
Basically working and showing async and await in Python and building a little app that
that uses that. So if you got a got a free hour, and you want to drop in, check that out, put the
links in the show notes there. And we already talked about Anthony Shaw and his Wiley, but he
also sent over a heads up, which I also got from GitHub, to watch your YAMaml yaml apparently had some pretty decent security
vulnerability like i don't know how many people know but you can actually just straight up execute
arbitrary python code in a yaml file that's bad right so like yeah so hey upload your configuration
file we'll just run it for you and like the configuration file is like username is this password is that database
format is this bang python format the system or do other bad things right like it was really crazy
that the the yaml format just lets you embed code into what is otherwise supposed to be a static
file all right so the warning is that you're supposed to use what's it called safe underscore
load instead of load but they've fixed some stuff to make that
and basically make that more obvious
and with a new version of PyEmmel.
So if you're using PyEmmel,
GitHub will give you a warning about this.
Anyway, it seems like it could actually have
a lot of consequences if you don't update that.
So check that out.
Yeah, but also if you're using PyEmmel,
updating to the newest version should fix that, right?
Yes, you should.
But what's weird is, we talked about ZeroVer.
The way you fix the PyYaml problem is you take an official 1.3 release and you upgrade it to a beta release.
So you have to install the beta version to not have the security problem, which, I don't know, take that for what it is.
Yeah, okay.
Come on, PyYaml people. That's right.
Alright, do you have a joke for us this week? I don't.
Alright, I have a joke.
This is an oldie but a goodie.
It's about Python, which is pretty sweet.
So, if you're out there,
and you type Python on your terminal
command prompt, and then you just
import anti-gravity, like the command,
right? Import anti-gravity. Like the command, right? Import anti-gravity.
It turns out, have you done this, Brian, before?
Yeah, but it's good to bring it up because some people don't know about it.
Yeah, exactly.
This is one of the better things built into the Python repo, honestly.
And so what it does is it actually opens up an XKCD comic,
which is a great joke about Python's packages and libraries.
So there's this picture.
There's a stick figure flying up in the air,
and the stick figure on the ground,
obviously amazement on his blank face, stick face,
says, how are you flying?
He says, Python!
I just learned it last night.
Everything's so simple.
Hello world is just print hello world.
The guy on the ground says, I don't know,
dynamic typing, white space. The guy in the air says, I don't know, dynamic typing, white space.
Guy in the air says, come on, join us.
Programming is fun again.
It's a whole new world up here.
But how are you flying?
I just typed import anti-gravity.
That's it.
I also sampled everything in the medicine cabinet for comparison, but I think it's the Python.
It's a little bit of goody, right?
Yep.
Yep.
And while you're playing on the command line, it's not a joke, but import this.
It's another hidden Easter egg.
Not very hidden, but that it'll show you the Zen of Python.
Yep.
That's awesome.
I'm going to save another import joke that you can do on the terminal or in the REPL
for next time or time after.
Okay.
Yeah.
I really love it that these kind of jokes and humorous things are built in there.
It's not like Python has been sterilized of all humanity.
Yeah, and anti-gravity connects Python with XKCD, which is kind of neat.
And one of the things I like, I can't remember where to get these,
but one of the things I like about XKCD is they often talk about things that you might not know about.
There's another place that I can't remember
where it discusses why it's funny.
So you can read about things you don't know about.
Yeah, absolutely.
Absolutely.
Well, thanks for recording this week.
You bet.
It's always fun and I always learn something.
So thanks a bunch.
Bye.
Thank you for listening to Python Bytes.
Follow the show on Twitter via at Python Bytes.
That's Python Bytes as in B-Y-T-E-S.
And get the full show notes at PythonBytes.fm. If you have a news item you want featured, just visit PythonBytes.fm and send
it our way. We're always on the lookout for sharing something cool. On behalf of myself and Brian
Auchin, this is Michael Kennedy. Thank you for listening and sharing this podcast with your
friends and colleagues.