Python Bytes - #222 Autocomplete with type annotations for AWS and boto3
Episode Date: February 24, 2021Topics covered in this episode: boto type annotations How to have your code reviewer appreciate you REPODASH - Quality Metrics for Github repositories * Extra, extra, extra, extra, hear all about i...t* testcontainers-python The Python Ecosystem is relentlessly improving price-performance every day Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/222
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly
to your earbuds.
This is episode 222, recorded February 24th, 2021.
I'm Michael Kennedy.
And I'm Brian Ockett.
And I'm Greg Herrera.
Hey, Greg Herrera.
Welcome, welcome.
We have a special guest.
Thank you.
Welcome.
Part of the Talk Python team and now part of the Python Bytes podcast.
It's great to have you here.
Happy to be here.
Thank you.
Yeah, it's great.
Also making us happy is, and many users throughout the world, is Linode. Linode is sponsoring this
episode and you can get $100 credit for your next project at pythonbytes.fm slash Linode.
Check them out. It really helps support the show. So Greg, you want to just tell people
really quickly about yourself before we dive into the topics? Yeah, before I joined the team at Python Bytes, I had run a data analytics consulting firm where we built data warehouses and did
data science type things. It was called business intelligence at the time. And as I was learning,
we started running into a lot of open source users, in particular Python. And so I dove into the Python
ecosystem when I sold that company to get up to speed on how things are going to be done in the
future. That's awesome. One of those Wayne Gretzky moments, right? Yes, exactly. Cool. Well, awesome.
It's great to have you here. So I want to jump right into our first topic. We have a lot of
things to cover today, so I'll try to not delay too long. But I've got jump right into our first topic. We have a lot of things to cover today,
so I'll try to not delay too long. But I've got to tell you, I'm a big fan of AWS S3,
big fan of some of the services of AWS in general, right? Don't run the main stuff over there, but many of the things, many of the services and APIs I use. That said, I feel like the S3 or the Boto API, the Boto 3 API rather,
is one of the worst programming interfaces I've ever used in my life. I mean, it is so
frustratingly bad. The way you work with it is you go through and you say, I'd like to talk to
Amazon. And then you say, I would like to get a service. And instead of creating a class
or a sub module or something like that, there'll be very natural in Python. What you do is you go
to a function, say, give me the service and you give it a string. Like I want quote S3, or I want
quote EC2 or quote some other thing. And then you get a generic object back and you have no idea
what you got back, what you can do to it. You start passing stuff over to it. Sometimes it takes keyword arguments, but sometimes you just put
dictionaries, which are one of the values of a keyword. There's just all this weirdness around
it. So every time I interact with them, like, oh, I'm just probably doing this wrong. I have no
idea of even what type I'm working with because it's like this bizarro API that is like levels
of indirection. It's because it's generated at runtime or at least dynamically, right?
There's not static Python that is it like looks at the service you're asking for
and then like dynamic up thing.
So I feel like there's a lot of work over there that could be done to just,
you know, put a proper wrapper at a minimum on top of those types of things.
That said, wouldn't it be nice if your editor knew better
than AWS is willing to help you
with? So we've got this really cool library that I want to talk about. This was sent over by Michael
Lerner. And the idea is you can add type annotations as an add-on to the Bodo library. So then you get
full-on autocomplete. So let me give you a little example here. For those who are in the live stream,
you can see it, but those are not, you can just like, I'll just describe it. So for example,
if I want to talk to S3, like I said, I say boto3.client, quote S3, as opposed to quote EC2.
And what comes back is a base client, figure it out. It can do things, it can get a waiter
and a paginator, and it has the possibility to see exceptions about it. And that's it,
right? That's all you know. And this is the API you get when you're working with things like PyCharm and VS Code
and MyPy and other type annotation validators, right?
Lenters and whatnot.
They get nothing.
So if you go and use this Bodo library,
this Bodo type annotations,
there's no runtime behavior.
It just reads, I think they're PYI files.
I can't remember what the final letter is,
but it's like these, kind of like a C++ header file.
It just says these things have these fields,
but no implementation.
They actually come from the Bodo library.
So we just go and import from Bodo3 type annotations
dot S3 import client.
And we say S3 colon client equals this weird factory thing boom all of a sudden you
get all the features of s3 you can say s3 dot and it says create bucket get object create multi-part
upload hey guess what here's all the parameters that are super hard to find in the documentation
thank you michael for sending this over i already rewrote one of my apps to use this
it's glorious nice what do you guys think so does it you said you rewrote the app
does it really change no i well let me rephrase that i wanted to make a change in the way one of
my apps that was extremely s3 heavy it basically shuffles a bunch of stuff around and like on using
s3 and some other stuff and i wanted to change it but before i changed it i'm like well let me
fancy it up with all these types and then
it'll tell me whether i'm doing it right or wrong and whatnot so now if i have a function i can say
it takes an s3 dot client and my pi will say no no no you gave that an s3 service locator or whatever
the heck there's like all these different things you can sort of get that will do similar but not
the same stuff so uh yeah anyway anyway, fantastic, fantastic addition.
Because this really should be coming from Boto3.
I just don't, I feel, you know, maybe it was a little bit harsh on them at the beginning.
But the reason, it's like one of these things where you write a function, you just say,
well, take star args, star star kwargs, and you don't bother to write the documentation.
You're like, well, how in the world am I supposed to know what to do with this?
Like there's, it could so easily help me.
And it's just like, not right.
Like those could be keyword arguments with default values or whatever.
So, uh, like I feel like, you know, a company as large as Amazon, they could probably justify
writing like typed wrappers around these things that, that really help people and help my
pie and all these other like validation tools.
But until then bota3 type
annotations awesome yeah oh and uh dean also uh threw out really quick before we move on to the
next item brian um that bota types can literally well not literally save my life yes i agree dean
it's like oh sorry did i like take down that ec2 machine i didn't mean that i wanted something
else i wanted to delete the bucket. Sorry.
Anyway, awesome.
Interesting, literally, transition, actually.
Yes, yes, indeed.
So, yeah.
So I want to cover code reviews.
Brian, you're such a romantic.
So this was suggested by Milos, I think,
and written by Michael Lynch. And it's an article called uh like how to make
your code reviewer fall in love with you and just oh my gosh it's got great content but the title
yuck um uh maybe you're not a romantic i mean come on well i mean i just easy i like my co-workers
but you know uh anyway even in the in in the article, it says, it says
even, uh, your reviewer will literally fall in love with you.
I'll, um, they won't literally fall in love with you.
They might figuratively appreciate your code review.
I mean, they may, but it could be an HR issue.
Um, anyway, uh, but I do want to cover it.
There's, there's some really great tips in here.
Because actually, being nice to your reviewers will help you immensely.
And one of the things he covers is just value your reviewers' time.
And I just put a code review in this morning just to try this out, try some of these techniques.
And it only takes like an extra 30 seconds, maybe a minute
to do it right. And, and it saves everybody on your team time. So it's worth worth it. So let's
cover a few of these. One of them is a don't just check for mistakes. Imagine that you're reading
the code review for the first time. So you need to be the reviewer of your code first uh so that's that's actually
really important and i i encourage that with everybody on my team because there's times where
the just you know it just doesn't uh there's stuff in there that's not it doesn't make sense
and why is that why is that related to the thing i guess we'll get there okay well and you can also
you know if you're in a rush what you say can come across feeling unkind or inconsiderate. And
you're just like, I didn't really mean to be inconsiderate. I just like, I've got four of
these and I have 20 minutes. I just got to get it, you know, but that's not how it's received.
You know, it may be received really differently. So, you know, from that perspective, right?
Yeah. And even, even if the code review itself only takes somebody a few minutes to review your
code change, it's interrupted their, their day by a half an hour at least so respect that entire time uh one of the next suggestions is uh write clear change log
description so uh right and and and he he describes this a little bit one of the things is um it's not
just what you changed but it it's what your change achieves and why you made the change.
The why is always way more important than what you did.
I can look at the code change.
I should be able to look at the code change and know what you changed.
So don't describe that too much in the list at the top.
Next, narrowly that I want to talk about, narrowly scope your changes.
So I think I skipped down.
Here's what I did this week.
Yeah.
Have a look.
Yeah.
Now.
It's easy to do that.
Like I haven't checked in for a while.
So here's what I did.
Yeah.
No, no, no, no.
And actually this is something that I even caught myself doing yesterday.
I noticed that a test really kind of needed refactored because I needed to add a test
to a test module and there was um
there was there was the way the entire test module was arranged i could rearrange the uh the the
fixtures so that it would run like three times faster um if i i changed the setup and common
setup and stuff like that i really wanted to do that but that's not what i really needed to do
what i really needed to do was just add a test.
So I added the test and that code review went through this morning.
And then today I'm going to do a cleanup of trying to make things faster.
So separating them is important.
Also, another thing is separating functional and non-functional changes.
So you're like in this case, you're going to you're adding a test to a module.
You got like um uh you
notice that the the formatting is just a nightmare um just write that down on your to-do list either
do that merge first clean it up and then merge it and then add your change or add your change and
then clean it up do them in two merge requests it'll be a lot easier for people to figure out
uh break up large change lists.
If you've been working for a while,
maybe you should merge them in a few pieces.
If it's like a thousand lines of code and 80 files,
that's too big.
That's just way too big.
And then there's actually quite a few chunks in there
that talk about basically being a nice person.
So respond graciously. I'm just going
to pick out one. Respond graciously to critiques. And that's the hardest one for me. If somebody
picks apart your code, they're not attacking you. They're talking about the code and they want to
own the code also. So think about those as the reviewer wanting to make the code theirs as well as yours and try to respond well and don't get too defensive about it because fights in code reviews are not fun.
Yeah, and often there's a power differential, right?
A senior person is reviewing a junior person's type of work.
So that's always true.
Yeah.
Yeah, for sure. As someone who's relative to, say, Brian and me, a little bit newer at Python, what are your thoughts on this code review stuff?
I mean, I know you don't necessarily write a lot of code in teams that gets reviewed, but do you see this as helpful, stressful?
Yeah, yeah.
It's important to do that.
If you have the interpersonal part of it right, like both they trust each other, the reviewer and the reviewee, it's going to go a lot more smoothly.
It's, we're in this together, a shared fate.
And it'll go as opposed to a conflict.
It's going to be much easier.
Yeah, for sure.
Brian, quick comment from Magnus.
I believe a code review should really review the current code, not just the diff line. So the whole code comes out better after review. Yeah. Yeah, definitely. It depends
on how big it is, right? Like maybe like that little sub module or something, right? It could
be too massive, but yeah. Yeah. And actually this is, this is one of the times where I kind of put
it on the brakes and just say, you're right. We do need to fix that and, and put it on the to-do
list, but it shouldn't stop a merge
just because things are... Yeah. Brian, does your team do internal PRs or do you just make changes?
No, everything goes through a PR. Yeah, I vary, right? Sometimes I do. All right, Greg, you're
up next on repos. Yeah, thank you. Speaking of repos and merges and PRs and all that stuff. We thank Hector Munoz for sending this suggestion in.
It started with a response to a blog on Tidelift by Tidelift about, hey, if I'm making a decision on which library to use, how could I gauge the maturity of that library?
Yeah, that's a question I get all the time from people like, hey, I'm new to Python.
I want to know which library I should use.
How do I know if the library is a good choice or a bad choice?
And so there's a lot of different metrics you might use, but maybe they're hard to find, right?
Exactly. made this library repo dash available so that you can track the metrics
that give a clear indication of the health of the project.
You got your opened issues over any timeframe.
This actually captures it within the time range
that the user specifies.
So how many items were open, how many issues are open,
how many closed in that timeframe is still open. And it will give you a much better feel for
the level of maturity and activity. Yeah, this is cool. Like how long issues have been
setting that are open or total number of open issues over time that like how fast should it
be enclosed versus being opened versus unassigned.
Yeah, all those kinds of things are really important.
Another one, probably in here somewhere,
I just haven't seen it yet,
is the number of PRs that are open.
Like a real red flag to me is I go to a project
and there's significant number of PRs
that are both open and maybe even not responded to
and they've been there for like six months.
You're like, okay, whoever's working on this, they've kind of lost the love for it.
Yeah. Yeah. And yeah. And tying it together, it's, it's might be the signal of where you
need code reviews if you're, if you're stuck somewhere. Yeah, that's right. I mean, that's
basically what a PR is. It's like a, it's waiting on a code review more or less. Yeah. Yeah. Awesome.
All right. Well, this is really cool. And I think it'll help people who create repos or create projects, make sure that their repo
is getting sort of the health of what they're doing.
But then also for people who are new or new to a project, they could quickly look at it
and go, uh, red flags or, you know, green flags, which is it?
Yeah, certainly.
If you're doing the things that are making your product, it's all part of transparency.
We're the real deal over here on this team.
Yeah, and they even have a cool little categorization bar chart
of the types of issues that are open,
like feature requests versus good first issue
versus bugs and so on.
That's cool.
So, Ryan, what do you think?
Well, I guess I don't know if you covered this already,
but I'm a little lost.
Is this a service or is it something I add to my repo?
Do you know?
I think it's something you run.
You point it at a repo and you run it.
Okay.
That's my understanding.
Yeah.
I haven't used it, but I believe so.
Yeah.
So it's a CLI thing.
You just point it at some GitHub repo and you say, tell me how they're doing.
Would I want to depend on this thing?
Yes or no?
No, I think that's cool.
I like it.
Yeah.
You know what else is cool?
Sponsors.
Sponsors that keep us going.
Thank you.
Thank you.
And Linode is very cool because not only are they sponsoring the show, but they're giving
everyone a bunch of credit, $100 credit for just using our link.
And, you know, you want to build something on
Kubernetes, you want to build some virtual servers or something like that. Here you go.
So you can simplify your infrastructure and cut your cloud bills in half with Linode's Linux
virtual machines, develop, deploy and scale your modern applications faster and easier.
And whether you're working on a personal project, or some of those larger workloads,
really should be thinking about something affordable and
usable and just focused on the job like Linode. So as I said, you'll get $100 free credit. So
be sure to use the link in your podcast player. You got data centers around the world. It's the
same pricing, no matter where you are. Line up, tell them where your customers are and you want
to create your stuff there and that's pay the same price you also get 24 7 365 human support oh my
gosh i'm working on another some something else with someone else and this would be so appreciated
right now but not and if it was a little no they'd be helping me out but oh my gosh uh don't get me
on a rant about uh other things anyway so you can choose shared or dedicated compute and scale the
price with your need and so on and use your your $100 credit even on S3-compatible storage.
How about that?
You could, you know, use Boto3
and the type annotations that change
where it's going and point it over there.
So yeah, if it runs on Linux, it runs on Linode.
So use pythonbytes.fm slash Linode.
Click the Create Free Account button to get started.
So Brian, I'm not covering two topics this week like normal.
You're not?
No, because I have so many.
I can't even possibly deal with it.
So it's all about extra, extra, extra, extra.
Hear all about it.
Okay.
The first one, you may know what a CVE is.
If it applies to your software, you don't like that.
So this sounds more scary than I believe it is,
but let me just do a quick little statement here.
We're reading from nist.gov. Python 3 up through 3.9.1, which was the latest version of Python until five days ago,
has a buffer overflow in PyC arg repper, D types, which may lead to remote code execution.
Remote code execution sounds bad. That sounds like the internet taking my things and my data
and other bad stuff.
When you're accepting a floating point number.
Oh, wait a minute.
A floating point number, like I might get at a JSON API.
Somebody posts some data and here's my floating point number.
But this one hacks my Python web app with remote code execution.
That sounds bad, right?
Yeah.
Yeah.
Now, it turns out the way it has to be used, it's a very narrow thing.
It shouldn't send people's hair on fire running like, I've got to update the server, right?
But you should still probably update it.
So what do I do?
I log into the various servers, Linux servers, Ubuntu, latest version of Ubuntu that I want.
And I say, oh, my goodness.
I heard about this.
Please update, you know, do an app update.
There better be an update for Python 3. Oh, no, no, there's no update for Python 3. In fact, it's still running 385,
where this was fixed, I think in 388 or something like that. And a week's gone by and there's still
no update for Python on Ubuntu by default. Now, what I can do is I can go to this like place that
seems semi-official, but not really official, called Dead Snakes and add that as a package manager endpoint for apps.
But I don't really want to do that either.
That sounds like maybe even worse than running old Python.
So that sends me down item number two of my extra, extra, extra, extra.
And that is building Python from source on a boodoo because uh i really don't want to be running the old python in
production even if it is unlikely you know unlikely yourself over dead snakes okay i well
no what i originally wanted to do maybe yes but originally what i wanted to do was use pi env
because pi env lets you install all sorts of different versions, right? Yeah, yeah. Well, the only one available that was 3.9 was 3.9.1,
which was the one with the bug still.
And then locally, I use Homebrew on my machine
and it just updated yesterday, I think it was.
But it was a little bit behind, but that's updated.
So yeah, I guess I do.
Anyway, so I've found a cool article
that walks you through all the building, the stuff.
And then the thing that makes me
willing to try this and trust this, but also related to the next extra, extra, extra is you
can go instead of doing make install, which is the compile step takes a while, but then magic Python
comes out the other side, you can say make alt install. And what it'll do is it'll install the
version of Python under like a version name. So I can type Python 3.9
and get Python 3.9.2 with no vulnerabilities.
But if I just type Python or Python 3,
it's just the system one.
So that one didn't seem too dangerous to me.
Oh, yeah.
Yeah.
And then I just create a virtual environment
for my stuff that runs on the server.
Python 3.9-mvenv.
Create that and then off it goes.
And then it's just running this one from here.
So pretty good. That worked out quite well. And then it's just running this, this one from here.
So,
um,
pretty good.
Uh, that worked out quite well.
So anyway,
I've been doing that for a week and the world hasn't crashed or blown up or
anything.
So apparently this works.
One has,
yeah.
One heads up though,
is like,
I have a bunch of machines that are all the same version of Linux.
They all seem to have different dependencies and ways of dealing with this.
Like one said,
Oh,
the SSL module is not installed as a system library, like apt install libSSL type thing.
Another one, it had that,
but it didn't have some other thing,
some other aspect that I forgot.
But like, they all seem to have different stuff
that you also got to add in.
So that was a little bit wonky in the beginning,
but it's all good now.
All right, that's extra number two.
Extra number three,
really probably should have preceded that
because to make all that work, I wanted to make sure that I had it just right.
And so I wanted to do this on Ubuntu 20.04 LTS.
And yet I cannot run Docker, which is exactly the place where you would do this sort of thing, to test it out.
I couldn't do Docker on my Apple M1.
Oh, no.
OK.
Now, Docker says it runs.
Docker says you can run a Docker prototype on your M1. Oh no. Okay. Now Docker says it runs. Docker says you can run Apple, a Docker prototype
on your M1, but I've installed it. And all it does is sit there and say, starting, starting,
starting, starting, starting indefinitely. And it will never run. I've uninstalled it. I've done
different versions of it. Like it just won't run. People who are listening said, oh, what you got
to do is you probably installed parallels or this other thing. And it caused this problem and you
could fix it this way. Like, nope, the problem isn't there because i didn't install any of those things i can't change
so long story short i uh go ahead no i was just laughing yeah yeah and so what i ended up doing
is i saw a really cool trick right not trick technique i put this in the show notes you can
just say uh basically two lines on the command line prompt or to uh Docker to say, you know what, if you want to
just do Docker stuff, don't do it here, do it over there. And so I have my Intel MacBook pro that
that's running a Ubuntu and a virtual machine. So I just turned that on and I just said, Docker
contacts, create that thing over there. And then Docker contacts use. And after that, every Docker
command without thinking about it, remember it just automatically runs over on that
machine. And I know it's working because my Mac one, my Mac M1 mini is super quiet. You never
hear it or anything. But when I work with Docker, I can hear the thing grinding away over in the
corner. So that's, I know it's working. All right. Really quick. I know I'm running low on time. The
last one is people have heard me whinge on about Dependabot and how it's such a pain. And I'm sure
they're thinking like, oh, Michael, why are you whinging about this? Why are you like just complaining?
You know, it can't be that bad. So look what is on the screen here. Dependabot
merge conflict with itself. Like, so these are the things I have to do on Monday morning. I have
to log in and it says there's a merge conflict. Dependabot put cryptography equal, equal three,
four, six, when it had unchanged for months,
cryptography equal equal three dot four dot three. It's like, though, it's one line. It's
conflicting with itself. Like, this is crazy. So anyway, this is not a big deal. But people are
like, why does Michael keep complaining about Dependabot and merges? Like, because I have to go
and like the one line it changes merges with itself. Like this is not all right oh no we're not looking at that one yet that's for later all
right i guess that's it oh final shout out though i'll put this in the link in the show notes anthony
shaw along with one of his co-workers whose name i'm sorry i forgot built a github bot that will
automatically merge all those things for you for specifically for dependabot so i'll cover that
more later when he writes it up but he did a a little shout-out about it on Twitter, so I'll link to that since it's related.
That was a lot of extras.
Yeah.
I got a short one.
It's an extra tool also.
It's also about Docker.
Yeah, yeah.
This is quite related.
Nice follow-on.
So Josh Peek suggested, and I'm not sure what he was listening to,
but we were just wondering if we'd heard about it,
that one of the things people talk about with testing
is whether or not they should mock
or stub activities to the database.
And even if, and then I've, you know,
I've talked with a lot of people about that.
And even if you've got a database
that has in-memory setup,
so you can configure it to be in-memory
during your testing and stuff,
it's still a different configuration.
So one of the suggestions that we've gotten from a lot of people is stick your database in a Docker container and then test it.
So then Josh Peek suggested this library called testcontainers-python.
And this is slick.
I mean, this thing really is.
You've got, you just install this thing and you can,
it covers what Selenium grid containers, standalone containers,
MySQL database containers, MySQL, MariaDB, Neo4j, OracleDB, Postgres,
Microsoft SQL Server even, wow.
And then just normal Docker containers.
Yeah, it also even does MongoDB, even though it's not listed.
I saw some of the examples that had Mongo as well. oh that's great i was i was curious about that so after you
install this thing you can just it provides context managers it probably has other stuff
too i didn't read all of it but this is just really not that much code to create a uh a docker
container that you can throw your connect and fill put your dummy data in or whatever i love
it it's like uh i want to i want to use docker to help test stuff in isolation but i don't want to
know about docker or be able to use docker or care about docker right right so i know python
what it gives you is um it gives you a sql alchemy friendly url um that you can uh just um just connect to connect my sql alchemy or whatever
but you you just get this url out so if you have if you're configuring your where your database is
through url um that you can throw that in whatever configuration environment or variable or whatever
and test as you run with that and it's pretty neat that's so cool yeah just with
my sql container give it some connection string you want or some um like host uh address or
whatever as my sql and then you just off you go right just the docker thing exists while the
context is open yeah and i didn't specifically see any documentation in here talking about pi
tests but if anybody's curious um i'm sure it'll work with that because uh even
if you have to write your own uh fixture you can you can return the context manager items in a
fixture so that'll work yeah yeah yeah super cool you know uh i was that's exactly what i was thinking
when you were talking about as a pytest fixture that maybe loads it and then fills up with test
data and then hands it off to the test or something like that. Yeah. Yeah. Greg, what do you think? I like it. Yeah, it's neat, right? Hey, I got a quick,
a quick follow-up from the last one. Magnus on the live stream asks, will using Pydantic
mitigate the floating point overflow bug? Using Pydantic definitely makes exchanging JSON data
really nice and does some validation, but I suspect it probably doesn't. That said,
people really wish I could find this conversation. There was
a conversation with Dustin Ingram and I think Brett Cannon talking about this and how it's
really not that severe because I believe you got to take the input and directly hand it off at the
C layer in Python, like passing it to float parentheses in Python, I don't think is enough
to trigger it. You've got to like go down into something like NumPy or something super low level.
So it's not as dangerous
but you know there's a lot of things that you see later so who knows what's going on down there um
so that's why i'm building from source for the moment anyway i should also throw out there really
quick i was also just frustrated that the latest version i can get is 3.8 which is over a year old
and i was like why am i on a year old version of python when i could just you know take an hour and
be on the new version of python there's more to it than just the bug. All right. I guess, Greg, we'll throw it back to you for this last one. I don't
have a graphic for it, I don't think. Yeah. Thank you. The context on this was I had been in data
science in pretty much the proprietary world, proprietary software using SQL Server and Tableau
and Cognos and those different tools. We started noticing, we're a Bay Area based company, we started noticing that customers were leaving that proprietary world and going to Python.
And that actually is one of the things that led me to myself to start going in and understanding the industry. And just in the time that I've been with TalkPython, which is just a short of a year now,
I'm seeing a relentless march
towards more and more adoption in the Python ecosystem
for businesses that had traditionally
always relied on proprietary software.
And it's reaching top of mind
to a level that I didn't expect that it was going to happen so fast. You know, you follow the, the Jeffrey Moore, the world moving looking at python as a means of
looking moving away from excel even and um oh yeah uh it's it's it's just it's reaching top
of mind because more and more decision makers are hearing from their technology teams that
they can deliver solutions at unprecedented price performance and that's always i mean you
you were talking this realm like we should talk Gartner, right? So there
was a Gartner study about why companies are moving to open source. And it was really interesting
because a lot of people say, well, you're going to move to open source because it doesn't
cost money. So it helps the bottom line. And so many of the companies that were interviewed
by Gartner were like, it has nothing to do with price. I mean, price, it's a benefit.
We'll take not paying less. That's fine.
But this is about higher quality, higher visibility, and so on.
And I think that's a real interesting inherent advantage in the community. Right.
And in the case of Excel, you're hitting up against limitations in Excel, you know, the size limitations, most notably.
And now you're able to handle it.
It happens to be open source
the solution but you really the pain was the limitations and uh now you're able to do without
it there's got to also be maintenance too because we i mean sometimes i've heard pearl referred to
as a write-only language but but it's got some regular expressions yeah yeah it's it's got
nothing over trying to edit somebody else's spreadsheet full of macros right oh yeah yeah it's it's got nothing over trying to edit somebody else's spreadsheet full
of macros right oh yeah yeah if they put some vba in there it's the kiss of death for sure
yeah that's like those are like go-to statements it's insane yeah and uh so what we're seeing is
you know even though it feels like there's a heavy adoption uh it's still relatively small
inroad compared to what we're going to see in the future. It's like water rapidly collecting behind a weak dam. And we've seen that happen in the
industry before. I think that's a really great thing to highlight, Greg. I talked with Mahmoud
Hashemi, who at the time was at PayPal, about Python for enterprise software development.
I think this is the fourth episode at TalkPython.
I was certainly right at the beginning in 2015.
I remember that one.
Yeah, thanks.
And it was like a big question.
Like, well, does it make sense?
Should people be using Python for these company stuff?
Does that make it like, now it just seems, yeah.
It seems just like so obvious.
There's one thing I was actually going to cover this
and I'll cover it again in more depth
because I had so many extras already.
So I made room.
But one of the interesting things that Google came on to sponsor the PSF at,
they say, they probably don't say this is like a friendly one,
but there was another article.
This is just the sort of press release from the PSF,
but they came on and they're now sponsoring the PSF as a visionary sponsor,
which I think is over 300,000 in terms of how much there's,
and they're also sponsoring
a core developer,
particularly for things around
like security and PyPI and whatnot.
So a lot of interesting stuff.
I'll come back to that later,
but in another show.
But yeah,
seems worth giving
a little shout out about that.
Yep.
And then a quick comment,
Greg, from Magnus.
I read an article
about the reinsurance
industry also moving from Excel to Python. Yeah. I can imagine. Awesome. Thank you, Magnus.
Yeah. All right. I guess that's it for our items. Now, Brian, how about some extras?
Well, I know that you've been using Firefox for a while, right?
I did notice over on your stream that looks a little Firefoxy over there. What happened, man?
Yeah.
So the thing that convinced me is this announcement.
They just released Firefox 86, and it's got this enhanced cookie protection.
And I don't understand the gist of it, but mostly it seems like they just said, you know, whatever site you're on, they can.
Because, you know, sometimes I've heard people say I turn off cookies.
Well, like sites don't work without, cause some of them just don't.
Yeah.
You want to log in?
Well, you're going to need a cookie.
Yeah.
So, um, or just saving stuff.
I don't, there's times where I just don't, there's nothing private there.
I don't want to log in every time, but I don't want you to share it with other people either. So this, this, this enhancement is just keep the sites cookies to themselves. So they have like a cookie jar or a storage area for cookies. That's
individual to each site. And you can save as many as you want for your site. And then the,
another site gets another one. And there's the, the, the obvious, like you were saying,
login stuff. I used, you know, different login providers providers there is an exception for that so you
can you can use uh login providers and it allows that but these are these are non-tracking cookie
uses so yeah i'm super excited about this as well basically if you were to go to cnn.com
and then you were to go i'm not for sure about this right but likely then you going to go, I'm not for sure about this, right? But likely, then you're going to go to The Verge.
And then you're going to go to Chewy.com and buy something for your pet.
Like, very likely, they're using some ad network that's put a cookie that knows you did that sequence of events.
And oh, by the way, your login is so-and-so over on that one.
So on all the other sites, we now know that so-and-so is really interested in Chewy toys for a medium-sized dog, but a puppy, not a fulcrum.
Right? is really interested in chew toys for a medium-sized dog, but a puppy, not a full-grown, right?
You know, and it gets to the point where people think,
oh, well, all these things are listening to us on our phone,
but they just like track us so insanely deeply.
And so the idea is, yeah, let that third-party thing,
let it set a cookie.
But when they get to Chewy.com from CNN.com and they ask for the cookies there, like, yeah, sure,
you can have your third-party cookie,
but it's a completely unrelated brand new one.
As if you like deleted your history and started over, which is beautiful.
I'm super excited about this as well.
Yeah.
And Robert Robinson says that CNN better not try to sell him doggy toys.
I'm with you, man.
I'm with you.
Doggy toys from the doggy toy site.
News from the news site.
Sometimes they're hard to tell apart, but you never know.
Stay in your lane. Stay in your lane know stay in your lane stay in your lane all right uh yeah so that was the one thing you wanted to cover right yeah yeah i did my extra extra extra extra so i've already covered that so i feel like uh
greg anything you want to throw out there before we uh move on to a joke no it can't get in the
way of a joke no i know this is good so sometimes sometimes we find an interesting joke or a funny thing out there,
and sometimes we strike gold, right? Like Brian, pie jokes. I mean, PipX install pie joke. Come on.
Like the CLI is now full of dad developer jokes. Well, I kind of feel like I got one of those here
as well. So there's this place called, article called 56 funny code comments that people actually
wrote.
Nice.
I don't want to go through 56, but I feel like we may revisit this.
So I want to go through four here.
Okay.
I linked to the real article in there, but I pulled them out separately. So I'm showing on the screen here, like I'll, I'll read the first one and we can take turns
reading.
There's only four or five here.
But the first one is, is it a big like header at the top of a function in a comment?
It says, dear maintainer, once you're done trying to optimize this routine and you've realized what a
terrible mistake that was please increment the following counter as a warning to the next guy
total hours wasted here equals 73
is that awesome or what yeah oh man that's beautiful isn't it yeah i've had i've had code
that were every like the next like one out of five developer that gets to it says oh i think
we can make this cleaner and they don't nope they just make it stop working then they have to fix it
and then it goes back like it was all right brian you want to do the next one? Sure. Sometimes I believe compiler ignores all my comments.
That's a comment.
Sometimes I believe the compiler ignores all your comments, like probably all the time, hopefully.
Oh, this next one's my favorite.
All right, Greg, that was you.
Greg.
Drunk.
Drunk.
Fix later.
I can totally see that one.
Honesty, honesty.
Also, this one is nice.
Probably this came from Stack Overflow,
the partial level of understanding.
The comment is, magic, do not touch.
Yeah, definitely, yeah.
Brian, you want to round us out with this last one?
Because sometimes the best part about comments is if they're accurate or not. Is they're wrong, definitely. Yeah. Brian, you want to round us out with this last one? Because sometimes the best part about comments is if they're accurate or not.
Is they're wrong.
Yeah.
I've heard people refer to comments as future lies.
And this one is, there's a routine called, it's a Boolean, it returns a Boolean.
It's called is available.
And it returns false.
It's just a single statement return false.
But the comment that says always returns true.
I love it. I'm telling you, there's going to be a lot of good jokes coming from this, this article here. So yeah, pretty good. All right. Well, thank you, Brian, as always,
Greg, thank you for being here. Thank you for having me. Yeah,
it was definitely great. And thanks everyone for listening. See y'all later.