Python Bytes - #228 Supreme Court decides API copyright battle
Episode Date: April 7, 2021Topics covered in this episode: How to make an awesome Python package in 2021 Kubestriker wasmtime Depend-a-lot-bot Supreme Court sides with Google in API copyright battle with Oracle RedisAI Extra...s Joke See the full show notes for this episode on the website at pythonbytes.fm/228
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 228, recorded April 7th, 2021.
I'm Michael Kennedy.
And I'm Brian Akin.
And I'm Guy Royce.
Hey, Guy, welcome. Special guest Guy Royce here to be part of the show this week.
Thanks for having me.
It's exciting.
I know that's what they all say, right?
It's great to have you here though. You know, we met on a panel at the Python
web conference and we recently had Calvin Hendricks Parker here from who was organizing that as well.
So, you know, a little bit, a little more Python web conference going on. Yeah, it was a good event.
Absolutely. You want to tell folks a bit about yourself before we jump into the topics?
Yeah, sure. You know, you can see my name right here on the screen,
but for those listening to the podcast, my name's Guy.
Yes, it's my real name.
I sometimes get asked if it's short for something.
It's not, in fact, short for Guy Tholomew.
It's actually just my name, Guy.
I work for Redis Labs.
I'm a developer advocate there,
and I've been doing developer relations type of work for,
you know, I've been paid to do it for about five years,
been doing it unpaid of work for, you know, I've been paid to do it for about five years.
Been doing it unpaid as an unpaid just fan of doing community things for about 10 years on top of that.
So a lot of different tech stacks.
I'm not really a Python person by trade.
I tend to spend more time in the vile, vile JavaScript space.
But I know a very popular language these days. It is. But I know a lot of different things.
I'm a bit of a generalist. So I do Python as well. Fantastic. How do you enjoy being a developer
evangelist? It seems like a really fun job. Well, I like to joke that the best thing about
being a developer advocate is that it lets me monetize my narcissism. But the reality of it is it's I mean, it's actually a lot more work than you think.
It is fun, but there's a lot of challenge there.
You know, I spent a lot of my time making content, advocating with the product group for, you know, the ways that we should change Redis and our clients and that kind of stuff.
And also going out and speaking at events.
This obviously has been a very weird year for that.
Yeah, it has.
But, you know, that's a lot to balance.
It's actually kind of a lot of hats to wear.
And there's a degree where being a generalist is very useful.
Like today, I'm spending a lot of time working on a.NET course,
helping someone out with that because I've got some.NET experience.
But, you know, it's...
But then I'm doing stuff in JavaScript and then, oh, let's look at graph databases and so you i'm just looking at
different things and you got dragged into this python podcast as well yeah and then someone
thinks i know python and put me on this podcast you got a couple good items to talk about i think
all right well cool uh welcome brian you want to kick us off here i can't believe it's already
march april i was gonna say it's almost March and it's actually blown out.
So yeah.
So here's an article called
How to Make Awesome Python Package.
How to Make an Awesome Python Package in 2021.
And this is, I really love this article
because it's kind of my workflow.
I've just never written it down.
And so I'm really grateful for Anton for writing
it down. I'm also grateful to John Mitchell on Twitter to post that to, so that I could see it.
So it's great. I really love it anyway. Well, so what is this? It isn't about how to make an
awesome package. It's all of the extra stuff. It's the workflow. So we, he starts and he starts just
like at the basics basics just stubbing a
package and i really actually really like that this is this is where you start so uh the start
was in in using just grabbing a directory and stubbing it out and then having an uh a dunder
init file and a an initial file that just does like has one function you can call just so that it's something
there um and it actually throws a uh not not implemented yet exception which is that's a
great thing to throw right um and then uh yeah pardon the birds like anyway brian's recorded
from hawaii he didn't like the forest so it's fine yeah he's got a virtual background to make it look more uh more uh tropical birds
yeah yeah so then using flit to uh to to package it up and then go ahead and publish not publish
for real publish to the test pi pi uh repository which i love this workflow if you're gonna plan
on sharing something just go ahead and do this right away. The one thing missing there is
go ahead and check the real PyPI to make sure your project name isn't taken already, or else
the test might work, but your real one won't. So adding that in is a good step.
But then I'm blown away at some of the Python packages that are still available,
like secure, right? I mean, that's not available now, but there was a thing that
got to just call it, call itself secure. Like a like a couple years ago how is that still a thing right oh my
god yeah so one of the one of the tricks with uh doing the test pi pi though is getting your um
is uh getting the pi pi rc correct so it he talks about how to do that. And then publishing using Flip Publish.
And then, you know, adding more detail,
like now you actually have to implement it.
So an implementation of something
and then push to the real repository.
And then, you know, then everything else is like extras.
Then he lists them as appendices almost,
like adding a readme and a changelog.
And then, you know, linters and testing.
You should maybe test earlier than this,
but setting up talks and make files and cloud building
and the whole gamut.
So this is a really great comprehensive article.
And what I like is you can start at the beginning,
and if you're not even publishing publicly,
if you're just publishing in-house, this still makes sense up to a certain point.
So this is great.
Yeah, it looks like really good advice.
I love having well-structured projects where if I have a problem or there's something I want to do, I know right where to go.
I don't need to go through all the coders.
Like, here's the 50 lines of code that could possibly be about this.
Let me go find it and get started.
Guy, what do you think?
I like that it's an awesome Python package, and it's not about the contents. could possibly be about this let me go find it and get started guy what do you do uh i this is
i like that it's an awesome python package and it's not about the contents it's about the stuff
around it right this is the kind of stuff that is just noobs need this right yeah it's just these
are exactly the sorts of resources i like to find it's the here's the canonical way to do this thing
uh well right a lot of times the tutorials are like well create the one file and that's what you do. And then off you go. And I feel like that kind of leads people down the
wrong path a lot of times. So yeah, love it. All right. Well, I think I got the next one here,
Brian. Okay. Cube Striker as in Kubernetes. So this is a security tool for anyone who is running
or being a tenant on a Kubernetes cluster. So it's a really fast
way to audit an existing Kubernetes clusters for best practices. And like all beautiful repositories,
it has an animated GIF, so you don't have to read anything. You just watch it for a little while,
like, oh, this is what it does. That's kind of cool. Maybe I'll use this.
Yes, we love that.
For those who are listening, there's an animated GIF on the screen right now.
That's right. Absolutely. You should screen right now. That's right.
Absolutely.
You should totally see it.
It's amazing.
Yeah, Guy.
I mean, sometimes we cover, they'll be like UI frameworks.
Like, oh, we built this whole UI framework where you do this thing.
And there's like no screenshot or no way to see what it looks like.
You're like, well, if it's about the UI, we should probably see some pictures.
So Brian and I are always on a bit of a kick about this.
Yeah. Yeah, so it performs a bunch of in-depth analysis
on self-hosted Kubernetes on Amazon EKS, Azure EKS.
I suspect pretty much you name it, the EKS.
And it'll do it.
Let's see if I can find where it talks about the things that it does.
Yeah, so it scans your infrastructure, like I said.
It checks for various services and open ports,
tells you if they should
or shouldn't be open. It looks for insecure things or read-write, or you can even set it up to be
read-only and it can check, you know, give it like lower permissions and it'll still do that.
It'll look for misconfigured IAM settings, identity from Azure, sorry, AWS, misconfigured containers,
pod security policies, network policies, and extra privileges, all that kind of stuff.
So running containers is pretty easy.
Running containers in Kubernetes is pretty easy.
Running a Kubernetes cluster, not easy.
There's a lot going on if you're the one running the Kubernetes cluster.
And so here's a really nice tool that you just point at your cluster and say, how am I doing?
Give it a quick check to see if anything's wrong.
Yeah.
Yeah.
This is exciting.
Yeah.
Thanks.
You guys got to do anything with Kubernetes or Docker or things like that?
I do basic developer things that developers tend to do with Docker.
Containerization isn't necessarily my jam.
I mean, you know, I certainly will spin up a Redis instance, for example, using Docker or
something like that, because that's super convenient. But beyond using some basic Docker
compose, I don't do much of anything. Yeah, same, same here. I feel like every time I start to work
with it, I go, this is really neat, but it feels like I'm just moving code complexity to DevOps
complexity. And I'm better at code than I'm at DevOps. So let me not do that. You got to write
it down somewhere, right? At the end of the day. Exactly. Exactly. All right. So Guy, you got this next one here. This
is something I'm pretty excited about. I'm a big fan of the possibility of WebAssembly.
Sounds like you are as well. Yeah, I'm an enormous fan of WebAssembly.
And I mean, there's a couple of reasons for that. Some of it's that it kind of reminds me of the
early days, like in the 80s, when I was learning programming, I got into 6502 assembly language. So that low level machine level coding has got a nostalgic joy to it. And so WebAssembly, just to put context around it, WebAssembly is bytecode for the browser.
That's where it started.
The idea is you can take some code, write it in C or Rust or some higher level compiled language.
And then you get a bunch of bytecode, a binary file that can be downloaded and run from the browser.
So that's WebAssembly in 30 seconds.
Yeah, people have done really crazy stuff with things like asm.js, where they're like, oh, let's take some code and send it over to some fancy javascript that then will compile it in java and there's just all this
wild stuff that you can do and it's really really impressive but this is like you know if you're
going to do that let's make this an actual thing that's actually expected to be this runtime uh
this low-level runtime and yeah it's cool well and it turns out it's actually a lot more performant
too um i mean i've seen benchmarks say as much as 20 faster all the way up to 20 times faster but low level runtime. Yeah, it's cool. Well, and it turns out it's actually a lot more performant too.
I mean, I've seen benchmarks say as much as 20% faster
all the way up to 20 times faster,
but regardless,
they always say faster,
which is good.
And smaller, probably
coming down as binary bits
and probably loads faster.
It doesn't have to jet it
when it gets there.
Well, and it's just another file
that can be served
from the file server.
So, or from the web server.
So it can be cached
and all the other things
that you would do with any web content.
So lots of advantages and optimizations to be had.
Right, all right.
So what's this thing that you're telling us?
So Wasmtime says,
hey, we built this bytecode for the browser.
Wasmtime said, you know,
what if we put the bytecode wherever we want it?
And so in much the way that Node
brought JavaScript to the server side,
WasmTime brings WebAssembly to the server side by adding IO capabilities and by adding a command
line tool that can run it, by adding runtimes that you can load up in other languages. So
WasmTime, it is simplest just as you've got a WebAssembly module and you say Wasm time space in that module on the command line and it just runs it and does whatever it does.
And there's different languages supported, right?
Right.
So and this isn't language support from a take that language and compile the WebAssembly.
This is take WebAssembly modules and run it in those environments. requirements so in rust python go.net and in c although it's not listed here on the screen uh
there are run times that you can load up um load a web assembly module from whatever you know read
it from the file system read it out of whatever right uh and instantiate that web assembly module
and run it and so uh yeah so if i found like a cool library it happened to be written in rust
and it has a web assembly version I could then use that in Python.
Absolutely.
I've actually done WebAssembly text format, which is the assembly language to go with WebAssembly.
I've used that to compile simple modules and just like add numbers and stuff like that.
And then loaded that up from Python code.
And I actually even run it inside of Redis. But yeah, so now all of a sudden it brings that those compiled chunks of code that that
are really just data.
You can hand them around any way you want and bring them into all these different platforms.
That's pretty cool.
Yeah, this is really neat.
Brian, what do you think?
Just the intermediate part to where you can you can have a group of people, like even
if it's not some third
party package it's just within one company that can write in whatever language they want to write
in and then have an intermediate language that you can you can glue it all together down the
pipeline um i think that just makes people more efficient i'd like to see that that sort of take
off i think it's a neat neat place to go yeah guy could i use this to say if i had like a dot net library a go library and a rust library and i was writing
in python could i bring those all together to interoperate with this thing uh in theory i mean
there's a lot of a lot of work to be involved to do that uh and there are limitations uh out of the
box web assembly just like out of the box j JavaScript, didn't have any kind of I.O. because you don't need I.O. in a browser.
You have fetch, right?
You know, that's all the I.O. you get.
WebAssembly is the same way, but WasmTime supports the WASI standard.
All these things start with W. They're actually kind of hard to say. And what I see is the WebAssembly systems interface, which gives you a file IO and will
eventually give us network IO. Right now it will support reading and writing sockets, but it won't
support opening a socket, which is tantitizingly frustrating. That extra ability though, that
actually kind of scares me a little bit. And I i'm concerned about the security part since you're grabbing some binary blob or it's a sem web assembly blob it's still not human readable
right so how do i know it's not going to be a virus or something like that yeah that's that's
actually a totally legitimate concern um it's it's honestly echoes the same concerns that we
had with uh node uh js when it first came out it's like, cause, cause in the browser, it's all nice and neat and sandboxed. Right.
And as soon as JavaScript escaped the browser and got under your server
side, everyone's like, well,
but we can pull JavaScript code and call you Val on it from anywhere.
It's like, well, yeah, you could. And so it's the same.
I think we end up in the same situation where it's got the same caveats.
Once we go there, you know, you know, I guess the advice is don't run strange code.
Right, yeah.
But these are particularly,
like a JavaScript, you can look at it
and say, no, I see what's going here.
And I suppose if it's minified,
that's not that easy.
But with WebAssembly, it's actually just bytes
and it's even more opaque.
Yeah, there's so much stuff going on the supply chain space now right ipi there was the php itself got a backdoor
put into it but luckily never got into any of their releases but yeah i mean it's a good concern
brian or a valid certainly it is still cool yeah absolutely else you know what else is cool brian
this episode is brought to you by you and me this time so all the cool things we're doing i want to It is. Still cool. Yeah, absolutely. You know what else is cool, Brian? What?
This episode is brought to you by you and me this time.
So all of the cool things we're doing,
I want to tell people if they want to take some Python courses,
they can check out talkpython.fm and just click on courses.
And we've got a bunch of new ones and about to release a brand new free course
that people will be able to check out as well.
Probably I'll be able to talk about that next time,
but it's on the data science side.
That'll be a lot of fun.
And then people want to test things. they should probably test it with a pi test so they can check out your book as well yeah yeah that'd be great i can't
wait to get the best sponsors thanks yeah and i can't wait to get back to conferences so i can
get back to handing out stickers and stuff that was so great fun. Great. Yeah, I know. Imagine that with other people. So crazy.
Yeah.
I hand them to myself,
but you know,
I'm at risk of becoming agoraphobic at this point.
Yeah.
Yeah.
Um,
so I wanted to talk about something cool that Anthony shot put together.
So,
um,
he,
he,
I just saw about this.
I think he,
don't you use a depend about,
um, I, Oh yeah this. I think, don't you use Dependabot?
Oh, yeah.
My Monday morning means go in and close 20 PRs,
and about four of them are conflicting with Dependabot,
where Dependabot was the other PR that also did the PR that I conflict with. So, yeah, I've got this special relationship.
But I'm still very glad to have it there because it's fantastic to know
there's a security problem for this thing. Fix it uh that's really good to know yeah so okay so i
probably am a bad one to introduce the the dependabot side so this is we're actually talking
about but depend a lot bot but dependabot if people haven't heard it like the 90 times we've
talked about it um it it tell me what it does it goes goes out and checks to... So it looks at, it supports different
languages. The Python world, that means if it sees a requirements.txt or it sees like a
pyproject.toml or whatever, it will look in there for pinned versions. If they're not pinned, it will
pin it to the current version and then submit that change to the requirements.txt as a PR.
If they are there and it sees there's a new version of that library,
it will do a PR.
And in the PR, it'll say things like,
here's the change log and all the commits
since the last time you used this library.
Here's the release notes around this library.
Click this button to apply the new, you know, upgrade your pinning.
So, you know, requests equal, equal,
something higher than it is currently
automatically to your system.
So that's the Java Dependabot.
The thing, the complaint is that
if I've got a requirements.txt file
with 30 packages in it,
and 10 of them change,
I get 10 PRs
instead of one PR with 10 changes.
Yeah, it's...
Okay.
Yeah.
And they conflict with each other
because they're all right by each other.
And as you accept them,
they start to get merge requests.
You got to...
Or merge conflicts, you got to resolve.
Anyway, that's the deal.
But that's what it is.
So this dependalotbot
is a bot that looks at all of this
and decides...
And you create a list to say,
some of my dependencies can be automatically figured out.
And then like, say, talks.
So you're using talks, but you're not really using it.
You're using it to test and stuff.
You're not using it for everything.
So like, that's an example.
And the depend-a-lot bot makes sure
that the PR request from dependent bot if it
passes the tests it goes ahead and merges it so that's really all it does and i think that's cool
to just because that's what i would do if i got one of those pr requests i would make sure it all
works fine and then probably in some of them i would probably just push through if i trust the
where it comes from and stuff.
Yeah, exactly.
It's a well-known package.
The chances are it's going to be fine, right?
Like Bodo from AWS, it's fine.
Just take it.
Yeah, and especially the tools around your project or you're only using a little part of something.
As long as your tests pass, it's probably going to be fine.
Things like updating Django.
You may want to have some more manual procedures for that, but something, something, some minor thing, like I'm only using, you know,
a fraction of a package, go ahead and update it and see if the test passes.
Yeah, exactly. I totally agree. Guy, if one space has more dependencies than Python,
it's gotta be JavaScript.
Yeah, ain't that the truth. Yeah. You know, my interaction would
depend about the vast majority of my repos online are sample codes to go with talks and videos and
that kind of stuff. And I always get Dependabot notifications for, hey, this project that you
did a year and a half ago that you forgot about. That tends to be my interaction with Dependabot.
I can see how something like this would be very useful. I don't know that,
I don't know.
It might be something I could use to just,
I have to think about those old packages anymore.
It seems like this could be really helpful.
Yeah.
I do like that the guys,
the developer's name is Tony Bologna.
That's a fantastic username,
by the way.
Yeah.
He's,
he's been on the show.
He's a great friend of the show.
Yeah.
It's a good,
I've never met him.
I just think that's really funny.
Kudos. Yeah. This is really really cool i want to check this i'm definitely thinking i'm
putting this i'll probably do it like for example things like talks and pi test and my testing tools
and linters and stuff like that i definitely want to just update those like and try and if it doesn't
if i'm always going to update those
if there's a new one
and everything passes.
Yeah, just roll it back
if it doesn't work.
Yeah, and tangentially related,
Dean out there says
he can't seem to be able
to pip install dash e dot bracket extra,
but then he quickly posted
his own little fix
that, oh, in ZShell,
you got to escape the brackets.
Anyone else that is trying to do that?
That's great.
But yeah, well done on this, Tony, Anthony.
This is really, this
could be a dream. If this works the way
I see it working, I would be so
happy. My Mondays won't be like,
well, here's the next hour of merging PRs and
resolving its own self-conflicts.
So I'm excited.
Very cool. All right. Well, what is the next one?
I want to take us a little bit, like take a step back just a little bit from low-level tech and talk about the Supreme Court of the United States, Brian.
I want to talk about this too.
I also want to take you back to the early 2000s.
I mean, this is like early days in my programming career, honestly.
But here we are with a ruling about something that happened in the early 2000s.
And what it is, is that way, way back,
Sun created Java, Google, where they created,
I actually, whoever created Android,
I think before Google bought them,
created Android and said,
you know what would be cool
is if we could program this with Java
and use the API of Java.
So the common ways to like write files and open sockets,
all that kind of stuff.
Just make it exactly what the Java runtime libraries do.
But they did not actually take Java.
They actually re-implemented it from scratch.
So none of the runtime details had anything to do with Java,
but the API, the way you talk to it,
looked just like the Java base class library,
hidden library. So Oracle buys Java. Oracle thinks that's not super cool. We want part of that action.
Sues Google for copyright infringement by using the Java APIs. And so then this throws a huge
uncertainty into the space of basically all these libraries, right? What if I want to create a new
web framework and the way it works is a little bit like Flask, but it turns out that Flask the space of basically all these libraries right what if what if i want to create a new web
framework and the way it works is a little bit like flask but it turns out that flask copyrighted
you know the way it uses decorators you know app.route or whatever and then i get sued that
seems i don't know that seems weird right yeah but so does this mean that yeah go ahead guy so
does this mean uh that uh this ruling mean that you can't copyright an interface in essence?
Yes.
Well, the ruling's interesting
because it didn't actually address
the copyright ability of APIs.
They said potentially they still could be copyrighted,
but the use of the API,
as I described it in the beginning of like,
this is the way you talk to it,
not the implementation,
but the way you speak to the thing.
They said that that is fair use.
So when things are copyrighted,
you're allowed to speak about them in limited ways.
You're not allowed to take a movie and publish it,
republish it,
but you're allowed to take a scene of it and analyze it
and maybe have that soundtrack,
that 30 second soundtrack or something like that, right?
So that'd be fair use.
And so they said the way in which they're using APIs is like fair use. And they, they talked about the knowledge, having a
thing, you might copyright the thing, but having knowledge, how to operate the thing that you can't
copyright. So like knowing how to drive a car, you can't copyright that. And so having the API
without the implementation is kind of like the knowledge of how to operate the thing
that the API goes to, but the API itself is fair use, which is pretty interesting. So I guess just
sort of put the bow on it is the Supreme Court ruled that Oracle suit is dismissed. They cannot
sue Google. And it stopped actually a huge wave of lawsuits that would have followed around all
sorts of different things for all different sorts of people.
So I think I'm happy with this.
I think I am too, actually.
I mean, if I were to sum up everything I just heard, what I heard is reverse engineering is fair use.
Yes, that sounds about right.
It feels like the Twitter version of this ruling.
You know, the example that came to mind for me, and this is the thing,
like this exact example that was in the lawsuit, it seems really clear to me that it shouldn't
really, I don't think that should be a thing. But on the other hand, you know, AWS was hosting,
like reselling the open source free version of MongoDB as a service without paying any money
to the MongoDB folks who actually created and maintained it, they changed their license.
And so what AWS did was kept the API for MongoDB identical, but re-implemented the database
server in their own version.
I feel like that's a real interesting example.
That's a little more close to the edge.
It's like, well, here's an open source project that built something neat.
Here's somebody who was literally running it and taking profits off of it exactly.
And then they sort of changed it to this mode and now it's okay. And I think it probably is okay.
Although I feel like Redis could get itself into the same situation probably unless the license
already explicitly says that you can't do that. The only licenses we have that specifically explicit that
are the ones for the modules which extend Redis.
Redis itself is open source.
And so Amazon does have an implementation of Redis that they sell.
Okay, yeah.
Tal out there in the live stream says,
another example would be AWS could sue all the other places like Linode
and DigitalOcean and stuff
that offer S3 compatible storage.
That's such a good point.
Yeah, right?
Like they both, both Linode and DigitalOcean
have something that's like, like S3.
And you literally can talk to it with a Boto3 API
because it, on the surface, it is S3.
And so there's another example of something
that is spared being destroyed in the courts.
I hope this holds up.
I really want APIs to be something
that you can't copyright.
I think this is it.
I think this is it.
I mean, it actually, Google won,
and then it was overturned by a higher court and then Google won again. Then it was overturned by a higher court, and then Google won again.
Then it was overturned by a higher court, and it literally worked its way all the way to the Supreme Court, and then this is it.
And the Supreme Court operates so much on prior rulings and precedent and stuff that it's very unlikely that it could be changed at this point.
The entire story of Java is just riddled with these gross lawsuits.
And I just have to shake my head about it.
It really would be nice
if it had a nicer history.
I think people would be
trashing Java a lot less at this point.
We come up with other reasons.
It wouldn't be a problem.
That's right.
Ben Thompson from Stratechery had a really interesting analysis taking apart what the Supreme Court said.
And one of the things they focused on was the meaning and the essence of copyrights.
Like the reason to have copyrights is so that somebody might invest 10 years in something that could easily be copied but doesn't yet exist and sort of drive innovation. And they talked a lot about, the Supreme Court talked about, does this application of copyright
actually benefit or restrict innovation?
And it was interesting that they were actually thinking of those terms, not just like, well,
what is the legal definition of copyright?
But they're like, this would be very harmful to so many people if it went the other way.
And so we've got to consider that as well.
And let's see, Dina uh so java lost this closed
case i guess the case is now public static void it's final yeah it is it's final exactly exactly
cool apparently we have a supreme court factory so you know yeah yeah we got an i supreme court
and the supreme court factory generates i supreme court implementations and we got a Supreme court factory manager. Yeah. Oh gosh. Yeah. That's a, no, I don't know. That's, that's going a bit down too far, too far down.
It's a bridge too far, isn't it? Yeah, it definitely is. It definitely is. All right. Guy, you got the last one here and I'm not sure I pulled it up. Let me make sure I got it pulled up here. Here we go. Yeah. So you already talked about how segue, is Redis has modules, which are things you can use.
They're like plugins to extend what Redis can do.
So you can use a module that's a graph database.
And so now, boom, we've got some new types and some new functionality.
We can do graph databases or time series or whatever.
And one of the modules that Redis Labs, and this is part of Redis,
it's standard, anyone can create a module.
There are lots of open source ones out there. Redis Labs has a few that we've created. One of those of Redis. It's standard. Anyone can create a module. There are lots of open source ones out there.
Redis Labs has a few that we've created.
One of those is Redis AI.
And Redis AI turns Redis into a model server.
So the idea is that I can take the binary output of a model,
whether it's TensorFlow or whether it's PyTorch or whether it's an Onyx model.
And for those who don't know what ONNX is,
that's the Open Neural Network Exchange,
which is a standard Microsoft put together for models.
So it's sort of like a universal model standard.
And just like in XKCD,
it's like there's too many standards.
We need a new one to bring these all together.
ONNX has created yet another standard.
Yeah, exactly.
This is what always happens, right?
But Redis supports those three model types.
So you can take an Onyx model, for example, and load it into Redis, and then you can use
Redis commands to execute that model.
And so it provides a nice little abstraction.
And the thing that's cool here, I think, is that normally if you want to bring AI into
your application as a developer,
you got the data science team, they build, they do their thing,
they build their models and you get these binary files out and then you need to bring them into your application some way.
And there's a few ways to do that, right?
You can just wrap it up in, you could containerize it
and make a little flask app around it, which is a really common solution.
There are other model servers.
You can just put it right in your application, but then you have to use Python, which is a really common solution. There are other model servers. You can't just put it right in your application,
but then you have to use Python,
which is, well, not a terrible problem.
It can sometimes be a problem.
If you're not using Python,
you might see it as a, like, wait a minute,
this is going to be a big change.
And so the thing that gets me excited about Redis AI,
which is kind of not the thing that gets my bosses excited,
but it's the thing that gets me excited,
is that because we support ONNX, the data science team can build their model and convert it to onyx and they sort
of have a universal standard so they can pick whatever tech stack they want as long as they
can spit out an onyx model and then redis redis being redis it's got a client for every language
under the sun so if you're you know using haskell for example you know there's a redis client for
i don't know that there's a redis client for, I don't know that there's a Redis client for Haskell, but I would assume there is. Odds are there is. Then you can get to
that model from whatever language you're at, regardless of what that data science, you know,
how amenable to data science tooling that platform is. And so it creates a nice architectural layer
of abstraction. And so that's actually what I think is kind of cool about Redis AI.
It just provides that abstraction that makes the developers and the data science folks both not have to, well, speak the same language in a lot of ways.
Yeah, that's really neat.
And it sounds to me a lot like what HTTP APIs did previously, right?
And if you wanted to talk to somebody instead of directly plugging in that library or exchanging some binary data, you like, all right, everybody's going to just agree on JSON.
Why didn't they agree on dates?
But come on.
Other than that, it's working out just fine.
We're just going to exchange this and that'll be the way we can talk to it.
And nobody worries about what language you're using to consume the API.
It's like, that's your problem.
Hopefully your language has a nice way to do that.
Yeah, it's like that's your problem hopefully your language has a nice way to do that yeah it's it's it's a similar thing uh the other thing it does which i think is kind of interesting
is that it introduces a new data type so the models as inputs and outputs take tensors
you can put a couple tensors as input your model or one or however many you need and then your
output would be whatever tensors make sense and um and the tensor is just a you know i don't i
think i think the word tensor is,
I'm going to say pretentious.
I'm probably going to anger a lot of people by saying that.
But because really what a tensor is in practical terms
is just a multi-dimensional array, right?
You know, you got a tensor that's got a particular shape.
It's just like, well, this is an array
that's 10 by five by three.
And it's made up of ints.
And that's all a tensor is.
And so it sounds all mystical,
but it's really just a multidimensional array that's being handed in.
But because tensors tend to be the things that are put into
and taken out of machine learning models,
Redis AI has a tensor data type.
And so you could use that capability in Redis as well.
If you needed to store multidimensional arrays in Redis,
you've got a type that does that now.
And so even if you didn't care
about the data science,
the predictive capabilities,
the model hosting,
that's the word I'm looking for
in Redis AI,
you can still use the tensors
for various data storage uses.
Yeah.
So, yeah.
OK, interesting.
Yeah.
So you kind of hijack
the data type as well.
Yeah.
So this looks really interesting.
I think it's,
yeah, people should check it out if they're doing machine learning and sharing
their models across different technologies or processes.
Yeah.
I'm obviously excited about it.
Yeah.
So I'm excited.
Cause I,
I use multidimensional arrays and now I can call myself a data scientist.
That's right.
There you go.
Awesome.
All right.
Quick follow-up before we get to the the extras and the joke
i'm more more of a mad data scientist yeah yeah
student army captain says sorry i'm late uh doesn't depend upon optionally auto merge
if ci passes yes but you got to have ci running on that project and so like if you've got like i
have a 30 40 repositories that have courses, I don't
set up CI for the course.
Like what does it even mean to have CI for the courses?
But I get Dependabot stuff all the time on that because, you know, it's checking the
repository for the requirements file.
So even, you know, sometimes you can get it to auto merge, but you know, there's certainly
circumstances where it doesn't, if it would just put it in one PR, here's the 10 changes.
I put that actually as an issue on the pin about itself.
And people upvoted it, commented like, yes, this please.
But apparently not yet.
Anyway, what Anthony's done is pretty excellent.
Hi, Brian.
That's it for all of our main items, right?
Unless I lost track.
Yeah.
Got any extras you want to throw out there?
I don't.
I've just been working a lot.
How about you? I've got't. I've just been working a lot. How about you?
I've got extras.
I've got plenty.
So I recently did a cool episode over on TalkPython
about diving into the.git folder
and all the internals of what git does there
and what all those pieces mean.
If you want to go in there and look and see how,
basically understand how git itself works
and then all the storage stuff,
like how they all come together.
And one of the things that got a nice shout out there
is git for Windows at git get for windows.org there's like a special
version to install for i get i think this actually might have come from chris moffitt even uh some
sort of follow-on conversation or something but wherever it came from if you're doing windows you
want to install get this is kind of a cool way to do it as well if you're not doing something like
i use it every day and it's get for windows yeah it's requirement yeah nice yeah very cool uh jupiter lab 3 is released so this one
comes to us from alan hansen and thanks for pointing this out it's a little bit a little
bit old couple couple months but still very cool that jupiter lab 3 is out you can check it out and
see all the the new changes that along, including a debugger.
A debugger.
How about that?
Table of contents,
multiple languages,
all sorts of cool stuff.
So this looks like a major release.
And if people who love Jupiter Lab
should check it out.
It won't be too long
until it's PyCharm.
Yeah, that's right.
It's on its way.
And speaking of PyCharm,
I've got some on that.
Brian Skin also did a follow-up to
not the previous episode maybe the one before that where we were talking about like you know
really it's great that I think this is when we had Sebastian Ramirez on and we were talking about
Google becoming a visionary sponsor of Python which is great and it's really cool that a couple
of companies have done that but then we also pointed out that Bank of America has insane amounts of stuff that they depend upon.
JP Morgan Chase, their core trading engine, some of it is all by like some of these companies that
make huge amounts of money and fundamentally depend upon Python itself generally don't
support Python. I mean, I don't know the degree to which those two companies do, but you don't see them at the top of those sponsorship lists. And Google's with
something like $300,000 a year. That's the biggest corporate sponsor in the world. Couldn't we do
more? So Brian Skin said, hey, I wrote a letter for people. And he shared it where it just said,
as a mere recipient, Given the appreciable business value
that we derive from Python
and its related scientific tooling
over the last few years,
at no direct cost to the company,
would there be room for, bracket,
company to contribute financially
to the 501c3 organizations
that support these tools?
Here's a list.
Here's how.
And basically, it wrote like a template letter
that you can send to your company decision makers
to help encourage them to support Python
and other open source projects.
Yeah, this is great.
So well done, Brian.
That was pretty cool.
All right.
Django 3.2 long-term support releases out.
So if you're on a slow roll with Django,
you're ready to roll on the new version.
So this is something you can safely adopt for the next three years and stay happy, but on a brand new version of Django, you're ready to roll on the new version. So this is something you can safely adopt for the next three years and stay happy, but
on a brand new version of Django.
So check that out.
PyCharm.
There you go, guy.
I told you it would come out.
PyCharm 2021.1 is out.
And they've got some really cool stuff in here.
Really neat things, including the Code With Me stuff is now out.
So Code With Me is, i fire up pycharm or
any of the the intellij based things and i say hey i would like to say program with brian brian
could you help me work on the python bytes website so i could send you a link and we would both have
like like google docs but in pycharm like where we see each other typing we can follow each other
along you can debug the code but it's running on my machine, for example, even as voice call,
video call built into PyCharm
alongside that.
Really?
It's like a Skype client?
You know.
It actually looks like Skype.
I couldn't be sure
because I haven't tried it yet,
but I looked at the UI
that you get.
It's like a little in a panel.
It looks like an embedded Skype.
Interesting.
Yeah.
Yeah.
All right.
Well, those are all the extra things
for me as well.
Well, I wanted to bring up,
so you reminded me of the Google
fund thing when adding Google
gave PSF a bunch of money. What the PSF is doing with it
is they're hiring a developer. I'll drop the link.
PSF's hiring a developer in residence to support CPython.
This is a good thing.
Yeah. Awesome. is a good thing. Yeah.
Awesome.
That's really cool.
Ding Langsom also says PyCon IL is in a month.
So, yep.
Awesome.
Check that out.
And then he also asked about, what about the in-browser PyCharm, which we did cover, but
that was in some kind of experimental phase.
I would definitely, if possible, recommend this code with me thing over that
because then you get the real PyCharm.
It just happens to be like this live exchange.
Whereas the other one, there's a lot of setup and whatnot.
And it had the, this is a private,
not necessarily private, but this isn't a beta,
don't depend on it sort of way.
But this is officially this other thing is released.
Guy, anything else you want to throw out there
for the world, for the listeners while you're here?
Nothing really comes to mind, but thanks for having me.
I see on our schedule we have a joke coming next. Is that true?
We do have a joke coming next. We actually have two, I believe. I'm going to fire up mine first.
I have a joke as well, if you don't mind. Don't worry, it's safe.
That was perfect. All right. So, Brian, you're a fan of him, right?
Yes. Okay.
So, Anthony Shaw, same Anthony Shaw as the Depend-a-Lot-Bot we were just talking about,
wrote a little one-liner that fits nicely in Twitter.
Vim, colon, the original escape room.
That's an old joke.
I love it, though.
I love it.
And, of course, he put it on April 1st because you got to do something funny then, right?
Yeah.
And how about you?
You got one here?
Oh, yeah.
I just added it.
So this is awesome.
So the H in software development stands for happiness.
Nice.
Yeah.
Dean also just wants to point out that IL is israel which i i did think that was
but i wasn't 100 sure so i wasn't sure if that was israel or illinois yeah yeah uh israel perfect
i would love to go there but probably not traveling right now i will get to go there
eventually that's actually where redis labs is headquartered so oh is it interesting yeah i've
had some really great vacations in tel aviv hanging on the beach that I can't wait to get back.
I thought you were excited to go to Illinois.
Yes. You know, Chicago would be nice, maybe.
Oh, yeah. I just can't wait to get to Peoria.
Yeah. Well, I actually spent a lot of time in Peoria, but I probably hit my lifetime limit.
I don't need to go. I wouldn't take a vacation there.
It's a nice place,
but I wouldn't go travel to it.
Yeah.
So,
so my,
my joke is,
well,
it's for you,
for you all.
What's a,
what'd be a pirate's favorite programming language?
Pirate's favorite programming language.
See?
Ah,
you ruined it.
You had to ask me, I'm sorry. So the way it's supposed to go is i say what would be a pirate's favorite programming language
and you both in simultaneously go r right r right because yeah and then the response for me is i you
might think it'd be r maybe but his first love be the C. Oh, man. Oh, the audience of the course is calling
out R.
It works great live
because you get an audience,
they'll shout back the answer
because they just can't
help themselves, and then you surprise
them with the twist.
Well, it was a trick question because R's not a programming
language.
Well, it's been nice talking with you, Brian.
It's not one I would want to work in, honestly.
I mean, I know it's popular, was popular in data science tech, but it's, I mean, it's got one-based arrays.
I mean, that's right up there with VB6.
I've never even tried it.
I haven't made anybody mad today, so I needed to fill my quota.
It does have web clients and stuff like that, so you can build web servers.
It's a full-fledged language, but I've never done anything more than attend a one-hour talk on the language.
Yeah, I haven't either.
All right.
Well, Guy, thanks so much for being here with
us and brian as always great to get by them with you good to talk yeah thanks for having me yeah
thanks thanks everyone's live stream as well bye all see ya