Python Bytes - #263 It’s time to stop using Python 3.6
Episode Date: December 15, 2021Topics covered in this episode: Django 4.0 released python-minifier It’s time to stop using Python 3.6 How to Visualize the Formula 1 Championship in Python nbdime: Jupyter Notebook Diff and Merg...e tools Using AI to analyse and recommend software stacks for Python apps Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/263
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to earbuds.
This is episode 263, recorded December 15th, 2021, and I'm Brian Ocken.
I'm Michael Kennedy.
And I'm Laís Carvalho.
Welcome, Laís. Before we jump in, could you tell us who you are?
Absolutely. So, first of all, thank you so much for having me. Thank you for the invite. And so my name is Laís Carvalho and I'm a developer advocate for QuantSight. And I also do a little bit of voluntary work for, I'm not familiar with it.
What do you guys do there?
It sounds a little bit like maybe Quant Finance, maybe some ML stuff.
Yeah, so we do everything.
So QuantSight is a consultancy company.
So basically our CEO is one of the main guys behind NumPy.
And yeah, basically do consultancy and everything you need.
Yeah, sounds fun.
Brian, you know what else is fun?
What is fun?
Websites.
Yeah.
Yeah.
And if you think about websites,
what web framework in Python is used more than Django?
Flask?
Maybe Flask.
I think they're right on the boundary,
but certainly Django is at the top.
And I hear so many stories from people who say they got into Python not because they love Python,
but because they wanted to do Django.
And I even had a guest recently describe themselves
as a Django developer who learned Python
because they just wanted, they came for the Django
and they stayed
for Python, which is cool. So Django has been on a bit of a tear lately in terms of its speed. So I
actually went back and looked, if you look at a release for Django 1, that was in May 2010. I think
it came out before then, but that's as far as the release history goes back in dates. So 1.0 was in 2010.
Seven years later, 2.0 came out in 2017.
It seems like that just happened.
Time's flying.
And then in 2020, three years after 2 was 3.
And then now we have Django 4.0.
So it's going seven years, three years, one years.
You know, who knows?
So do we get like five in march yeah
exactly maybe maybe maybe but it's it's cool django 4 is out it's not a super huge release in terms of
what's covered but some of the highlights over there include i think i mentioned this that it
was coming but now it is here the new redis back in. So there have been previously ways to plug in
or use Redis as a cache back in inside of Django,
but now it's just,
you just use Django's caching implementation
and you tell it, by the way,
here's the connection string to Redis,
and that happens.
So that's pretty cool, right?
Yeah.
Another thing that Django does for you
is it will render forms and stuff
based on various things like models and whatnot.
And so they've changed how that works to ease customizations of forms and form sets and errorless.
They are now rendered using the template engine.
So you have more control over how forms and stuff look.
And some changes to do with the time zone as well.
It's now using Python's time zone.
So I guess it used a different one before. I never really paid that much attention to which time zone as well. It's now using Python's time zone. So I guess it used a different one
before. I'd never really paid that much attention to which time zone it used. But so with the release
of 4, 3.2 has now reached the end of mainstream support, which is interesting. And Liza, what
you're going to talk about later, actually, this is relevant as well, right? I know the thing you're
covering talks about Django and versions and upgrades and so on. So that's it. Django 3.2 is a long-term support release. So we'll receive
security fixes until April 24, but there's no more features coming to 3.2. All the new features and
improvements and whatnot are going into 4.0. So that's pretty cool. And let's see if you go over the release notes. It now supports only Python 3.8 to 3.10,
which I think is pretty cool.
That's interesting.
Yeah, that's no messing around, right?
They're like, nope, we spent too long supporting 2.7.
We're not doing that anymore, right?
Yeah, I think most frameworks are now supporting 2 anymore.
There's a lot still supporting 3.7, though.
So it's interesting that 3.7 is out as well.
Yeah, well, they've got the 3.2 one that still supports that if you want to kind of be on the slow burn.
Let's see what else.
There's a few things.
I'm not going to go through it, I guess.
One more highlight maybe is you can create composite indexes really easily with the unique constraint.
So you can have a uniqueness
constraint that has the first name and the last name. So you could have the same first name or
the same last name as somebody in the database, but not the same first and last name. That's
pretty interesting. They upgraded the password hasher to script. I have no idea what the script
password hasher is, but it's more secure than the PBKDF2 hashing algorithm. You never want those to be too
easy because if you can brute force guess them, that's bad news. However, if you want to be using
this better password hasher, you have to enable it because it requires OpenSSL 1.1 or higher
on the system and they don't assume that you have that, right? So you've got to basically do some
work to
make that happen and then there's a bunch of things about what was added what was deprecated
and again sort of leading ahead there's some backwards incompatible changes things that are
breaking changes and there's also deprecation of some features that were not previously deprecated
so you want to be on top of that as well. So
Django 4. Yeah, we're going to get Django 5 in March or something, I'm guessing, right, Brian?
Yeah, I think so.
And can we take a moment to just say thank you for the amazing documentation that Django has
like all over. It's so good. Like I'm a newbie and every time I open, I don't really use Django
that much, but every time I open their documentation,
like sometimes I actually use their documentation
to just check stuff about web development because it's just so, so good.
So thank you very much, maintainers of Django documentation
because it's really, really good.
Indeed, indeed.
Sam Morley on the audience says,
I'm always impressed by how much jingo managed to
cram into each release indeed and mark pender says howdy all from ireland hello nice right on
cool cool all right brian what do you got i got python minifier actually so this was um this was
a suggestion from lance reinsmith so thanks lance for sending it up. But he also sent some reasons. My first reaction was,
we don't need a minifier for Python.
What's up?
This isn't Java or something.
So, but he gave a couple of reasons.
The docs for minifier
have this sort of convoluted reason.
Apparently AWS CloudFormation,
I don't know any of the details of
this, but AWS cloud formation templates can have AWS Lambda functions source code embedded in them,
but only if they're 4k or less. So a small amount of code. So that's one of the reasons why I wrote
this package. Lance, the person that sent it in said his reason for using it is Adafruit boards,
which is a cool idea. I didn't think about that with, with like, you know, Adafruit boards or
CircuitPython, you, you've got less space to work with. So minifying your code might be a good idea.
That's pretty cool. Decent idea. So what does this do?
There's an example on the page of just normal Python code.
It's maybe not the best Python code, but normal-ish.
And then it replaces it with, like, you know,
replaces the variable names with A, B, C, things like that.
Some of your typical renaming things.
So it has like a whole bunch of different, um, uh, techniques that it uses.
Um, I'm going to go to the docs, um, has, uh, combines the imports.
So instead of on multiple lines, you just combine them all together, saves a little
space, uh, removes passes, which is interesting.
It removes them to just assigns it to to zero uh in a function
that's interesting i didn't know you could do that um hoist literals that's an interesting thing
and that's just if you if you've got a literal that's a bunch of different places it just defines
a variable and defines it at the top kind of kind of interesting it uses a lot of semicolons that's wild yeah um uh remove
annotations so type annotations you probably don't need at runtime for something like this so you can
remove them local renaming a whole bunch of stuff to to and you know renaming globals and literals
and sometimes you like if it's an api or if something else is using it you don't
want to rename the globals because those are those are the api so you you can turn any or all of this
stuff off um i guess you wouldn't turn all of it off because why would you use it but you can turn
off stuff that doesn't work so i would suggest if you're using minify uh test your code of course
and uh remove what you need um and And actually for something like a circuit Python
and stuff like this, this might be an interesting idea.
And I'm curious.
Let me put out another idea about where it may be useful.
Can you go back to the example?
So just that code sample you had?
Yeah.
So if you look at it,
one of the things you often have to do,
and I'm not suggesting this is really a good idea,
but it could be applied this way. One of the things you often have to do and I'm not suggesting this is really a good idea but it could be applied this way
one of the things you have to do if you
want to ship your Python code around to be used
with places is to share your
source code right and sure you could
send a PYC file but it's
basically the same thing right
so what about if you go
in here and
run this against something that you want just a little
bit more obfuscation,
you don't want people poking around it,
that definitely looks less easy to read to me.
Yeah.
I mean, it could go farther, right?
It could rename like create certain and whatnot,
but maybe those are like standard library things.
But certainly if you're trying to obfuscate your code as well,
there could be some sort of use case there,
although it's not super obfuscated
so yeah it seems like that was a java thing i don't even know if they do that anymore obfuscators
but yeah i don't know i haven't been in that world for a long time either uh it might help also if
you're playing uh golf uh you know coding golf um you know just just write one of these yeah indeed
what is coding goals?
Sounds like a thing that Black should have, maybe a flag.
That's a terrible idea.
Yeah, I don't know what coding golf is either.
Really?
Okay, so you have like a coding... I just go to the driving range.
I don't actually do any more things with golf, so I'm not very good with it.
Coding golf is like the lowest score is the best, right, in golf.
So it's coding challenges that you solve with the minimal characters.
So minimal lines of code, minimal characters.
And it's, yeah, that's what coding golf is.
So you just throw the Zen of Python out of the window.
Exactly.
It's not easy to read code.
Okay. Got it. All right. Sounds fair. and exactly it's it's not easy to read code but okay got it all right it's outspent may the best men win or the best person win sorry indeed yeah also one of the things it does
is that it doesn't advertise is it throws away all your spaces and replaces them with tabs
um and uh oh interesting yeah it does look very tab-filled in the –
Well, it makes sense.
You know, four spaces versus one tab.
It's a 4X reduction right there.
Yep.
Sam says, Elias, you're in for a treat.
CodeGolf Stack Exchange is fascinating.
I can only imagine.
Yeah.
Indeed.
All right. Yeah, indeed.
All right.
Well, your topic is up next.
This is the one I was alluding to earlier,
talking about Django and support for old things and so on.
Yes.
Yes, indeed.
Thank you so much for the tip as well. So then this is, it's time to stop using Python 3.6.
So in one week and one day,
Python is dropping support for, well, Python 3.6. So in one week and one day, Python is dropping support for Python 3.6. So
there's not going to be any more releases after that. So basically, well, you should update Python.
If you are using Ubuntu, then you can say, well, I don't really
have to update right now because Ubuntu has long-time support.
But it doesn't necessarily work like that because, well,
the Python dev team is not going to support your Python 3.6
anymore, which basically means that.
MARK MANDELMANN Exactly.
Yeah.
MARK MANDELMANN That's what we were just talking about with Django, right?
Like, just because you might be on an LTS version of Ubuntu that will still let you use 3.6,
well, you're going to have to give up all the new libraries, like,
so long to Django 4.0 and probably FastAPI and all the things, right? Yes, exactly.
So you have your dependencies that are going to need um to be updated anyhow so
you should update but then i have a question so no be here um i looked around when we were
preparing the notes for the show i looked around and i tried to because i'm using 3.7
so i'm still okay um but i was looking i wanted to try the 3.10 new stuff because I listened to a few podcasts ago and you're talking about the wonders of Python 3.10.
And I was like, okay, so let's update.
Then I couldn't find the best way to update from 3.7 or let's say 3.6 to 3.10.
I saw some people saying that it would be better to just update gradually.
So go from 3.6, 3.7, 3.8, 3.9, and then 3.10
because you could fix the dependencies easier like that.
But then a lot of people just say,
just go straight to the version you want
and then just deal with the problems when you get there.
Just rip the bandaid off.
Yeah, I don't know.
Yeah, I'm with Brian too.
Go as far ahead as you can and then see if it works.
All right.
So just go 3.10 straight away.
Okay, cool.
That's what I would say.
But the question is still open.
How do you do that, right?
It depends, I think, on what OS you're on.
For example, on Ubuntu, 3.9 is really about as far as you're going to get without some jumping around.
Like that's the latest Python 3 that it'll give you.
On Mac, you only have two.
So you got to install something, but you could download the installer from python.org.
You could homebrew it or you could do other things.
You could do PyENV like Brandon Brainerd out in the audience is suggesting.
I got started with PyENV.
It makes this kind of thing trivial, true, except for I can't get it to work on my Mac. Maybe it's an M1 thing or an Apple Silicon thing,
but it just won't install anything. So it's, it's not trivial for me, but when it works,
you can just say PyEV, give me three, six, and you can be very specific. Like give me
Python 3.11 RC2. I want that one. And it'll put them all side by side.
So, mate, what do you think, Brian?
I think I'm on PyENV now, but it's because I test a lot of things.
For normal people that have an application and they just want to upgrade,
I say unless you're on Ubuntu or Linux,
I say just go to python.org and download
the latest one and install
it. It works on Windows and Mac
usually. On Windows, there's
the Windows installer. You can go
to the Windows store. That works.
But the python.org
one works too.
Usually.
Of course, I'll try and I'll let you know how it goes on Twitter. fan.org one works good too. So usually. Yeah. All right. Yeah. Indeed. Cool.
So I'll try and I'll let you know how it goes on Twitter.
Right on.
Give us a report of what you've found to work.
Because I threw the question on Twitter as well.
And then I got a bunch of people saying,
no,
don't go 310.
Yes.
It's not great for production.
Go 3.9.
And then other people just say,
no,
just rip the bandaid as you did.
Yeah.
So,
okay.
The Aachen doctrine. I mean, Iaid as you did. Yeah. So, okay. The Aachen doctrine.
I mean, I only support little tiny projects, though.
So, in Python, I support big things in C++.
But I would run your tests, you know, upgrade, run the tests, make sure everything works.
Yeah.
Oh, Liza, your conversation's got a whole bunch of stuff going off in the audience here.
Alvaro says, NumPy is dropping support for 3.7 sometime this month, so that should push the data science community to update.
And then also on Ubuntu, you can install the Dead Snakes PPA and you'll get now versions of the latest version of Python.
Okay, that's interesting.
Yes, I saw the Dead Sn next VPA. Yes, indeed.
And I saw that in Ubuntu,
that's really easy to do it.
But still, you can find tutorials saying go gradually
and then in other tutorials,
it says just go straight in.
Yeah, Sam says just compile from source every time.
That's what I do.
That's what I'm doing in production,
but I'm doing homebrew on my Mac.
All right, maybe that's enough.
How to get the latest version of Python? But you were going to make a comment
about Java. Is that right? Oh, yes. Yes, that's true. So, um, cause I saw, uh, I was doing a
little bit of research for this and then, um, there was a little bit of, um, a discussion of
the third-party libraries and the frameworks that will drop
support for Drupal 6 soon enough, as Alvaro just mentioned.
So then I saw on Twitter someone mentioning, let me put it here, that using the Java, the
new Log4j problem, Let's put it like that.
Log4j, that's so bad.
This is so bad.
Yeah, so using it as an example for how, like,
you should upgrade your version,
the version of the programming language that you're using.
And then they talk about, yeah,
so they say that you should upgrade as soon as you can.
Yeah, what an interesting example they gave because this log for shell thing that I'm going to actually talk about a little bit later.
But the problem is you have to upgrade log for J to a patched version.
The patched version only works on Java 8.
So if you've been dragging your feet, in a sense, and staying on an old version of Java,
well, now all of a sudden,
it's not just replace a library.
It's completely upgrade the Java you're running on.
And if you were dragging your feet that hard,
there's probably some kind of reason
that it's a pain and not well-maintained or something.
And so instead of just going,
oh, we got to quick fix this problem
because it's a super, a super big deal.
It's now all of a sudden,
you've got to do a major upgrade
when you weren't planning on it, right? That's bad.
And then you
have to have this meme.
Wonderful meme.
Your next task
is to figure out
which applications in your organization
is using log4j.
You have 10 minutes.
Go. Oh, that's good i didn't catch the meme yes so then i think uh michael it's you know it is it is awesome well yeah thanks for for highlighting that article
that's a good one by uh itamar trower turning turning trower trower turning yes uh okay so what do i got next here for us
not jango but something fun we just had what was probably the most contentious formula one season
in 10 years at least and one of the most wild ones for sure the championship was decided on the final lap of the final race. Like literally
the two people were contending for it, Hamilton and Verstappen, they were literally tied on points
going into the final one. So, and the final move was done in the final lap. So I wanted to highlight
this article here called how to visualize the Formula One championship in Python using the AirGast API
in Seaborn. So for people who are in data science, I know if you're learning it,
one of the challenges I have of learning those tools is I don't have a great professional need
for them. I don't use that kind of stuff to analyze data that I work with that frequently.
So my chance to learn Seaborn, for example, it's pretty limited. So finding some example or some fun project you can do, that turns out to be
super important. So I thought I'd pull this up as something people could do to learn to play with
this kind of data. Now, if you're not yet into this stuff, check out the Drive to survive season three. I think I got the wrong link here, but I put the trailer
to it in, in the show notes. So Netflix did a great series that is really good for people to
just sort of get into it. And also there's like a eight minute highlight of the last race, which
was absolutely crazy. But what I want to talk about is some cool stuff that Jasper, just goes by Jasper, no last name, over on Medium.
So introduces this thing called the AirGast API, which if you go over there, it's looking a little old school, but not very, how do you say, not very restful, for example. we could get details about the third race of the 2008 season
by just going API, F1, 2008, 3.
And it's going to come back with, well, a series of tables,
which is not necessarily that useful.
And I thought the way you get the JSON,
you might do an accept application slash JSON type
and not HTML or something.
But no, you say three dot JSON.
And that gives you the API there. So that's pretty cool. And you come through here and basically they talk about how to use pandas, numpy, seaborn and that API to just build some cool graphs that
actually show you the position of all the drivers across the entire season. So if you want to build this picture,
you see right at the top of the article,
play around with that data from that API,
then this is the way to do it.
One other thing that's pretty interesting from this article
that I had no idea about is over on PyPI,
we have fast F1 as a package, which
is a wrapper library for F1 data and telemetry APIs with
additional data processing capabilities. That's pretty cool. Yeah. So you go down here and they'll
show you how to build this really cool graph of lap by lap, the times, the various drivers. You
can see in the beginning, there's all sorts of chaos because there's people jockeying for
position. The cars are heavy
they're full of fuel so they go slower you sort of see as as things spread out as the cars lighten
up and stuff because they burn off 100 kilograms of fuel then they all kind of get faster and better
time so you can get like cool graphs and exploration of all this stuff here and the way you do it is
really interesting as you just go over to this fast F1 and you enable the cache because it
downloads some stuff and you don't want to have to download it twice. You can say, give me this
season, this Grand Prix, give me the race details, load up the laps, and then you can start just
working with the data in this really interesting way. So if I was into data science and I wanted
to learn some stuff, this might be a really cool real world data set that you can play with.
What do y'all think? I like it. I think I might actually try to know more about Formula One
just so that I can talk with Anthony more.
Exactly.
Anthony Shaw's a big fan.
Yeah, indeed.
As am I these days.
It's a lot of fun.
It was really a cool season this year.
And yeah, check out the highlights from the last race.
It was absolutely off the hook.
Liza, what do you think in terms of a data science project here?
A data science project?
Wonderful.
Like, especially if you actually like this.
I have no knowledge on F1.
I actually worked for a company
that was like the,
I think the founders of the company
were in love with F1
and that's how they got together
to found the company.
And I got to talk to them in one specific circumstance.
And I was like, oh, you like F1.
That's awesome.
I know nothing about it.
So please enlighten me.
If you're interested, check out the Netflix Drive to Survive series.
That's the easy way in.
It's lots of drama, not like the boring sort of 30 minutes in between the things that actually happen.
Okay.
What some of the people from the U.S. don't understand is that they can turn in two directions.
That's odd.
So odd.
However, Brian, just before we're off this, the U.S. Grand Prix for the first time, I think, was the most attended race ever, certainly for F1, but
they had 400,000 attendees in Austin, Texas this year. So apparently it's becoming a thing, like
soccer became a thing in the U.S. when it didn't used to be, and now it is. I think this is as
well. All right. Alvaro also says, interesting, about interesting libraries. Last week I found
DuckDB, super interesting for data science as well.
Yeah, definitely.
We've only touched on that a little bit,
but yeah, it's a great one.
DuckDB is like a new database,
like, I don't know, CoproachDB?
A different,
but I believe it has integration with like pandas and stuff.
If I recall correctly.
I think so.
I'll have to look it up, but yeah.
Cool.
I'll do some real-time follow-up, but Brian have to look it up, but yeah. Cool. I'll do some real time followup, but Brian,
tell us about in NB dime.
NB dime. So, um, a, another listener suggestion,
Henrik Finsberg, cool last name. Uh, he's, he said, uh,
we recently covered jute, uh, or jet Jupiter notebook.
Um, yeah. Jupiter notebook terminal viewer.
We covered that in episode 258.
He's correct.
But he said, hey, you should check out NB Dime because it's been around for a long time.
And it does something similar.
So I definitely did.
And I think this is a really cool set of tools.
So we've got not only does it do an NB show, which does a...
Right.
That's the JUTE equivalent is the NB show, which is cool.
Yeah, but this is a set of tools that is around the needs for diffing and merging notebooks.
So like if you're keeping notebooks in a Git repo, you'll have to do things like this.
And so it's got a bunch of tools.
It's got diff, it's got merge, it's got a bunch of tools it's got diff it's got merge it's got diff web
so you can have a rich rendered diff um nope diff of the notebook and uh nb merge web so web
three-way web-based merge of notebook tools um this just looks really cool and i definitely
think it's worth checking out if you if you work with notebooks and work with teams, you need to do things like this.
Oh, yeah, this looks great.
Yeah, diffing and merging notebooks is tricky for sure because the actual on-disk representation is basically a JSON document.
And then it embeds the output in there as well, right?
So if you ran it against live data and you got some output and you run it again, course that's going to be different but that's a you know straight get that's a merge conflict
right yeah i mean i'd be interested to know how they deal with that i haven't looked through this
but yeah it looks like it understands the the cells and then just the cells or something along
those lines probably so yeah they're super cool, this is a great one. Thanks for the recommendation as well.
All right, Lais, you're up next.
Yes.
So we found out,
so first of all,
this is a recommendation from Fridolin.
He works, he's a software developer at Red Hat.
So thank you very much for the suggestion.
And this is Project Thoughts. So basically, this is an open source cloud-based Python dependency resolver.
So we all know that PyPy just launched a new dependency resolver.
Yeah, that was a big deal.
There were some breaking changes to pip and stuff like that.
Yes. And well, show the first stone who never had a dependency resolving issues with pip.
I've spent so much time like, okay, so it's not this library, it's this other one.
No, it's not this version, it's this other one.
So this, um, Project Toth basically comes to solve this issue and it uses reinforcement learning to solve these dependency issues.
So basically, from what I understood, it's a smarter PIP.
So basically, it uses a few inputs from the developer, such as the speed of the execution of the code,
and if there was any errors, and your hard drive version etc.
Yeah, it's not just what version do you want like greater than 2.1, but you could say I would like one that's relatively stable or I would prefer security over recency or something along those lines.
So there's a lot of different inputs to this machine learning model that then will
give you the result of like pip install a thing.
Yes.
And then it pre-computes this, this whole dependency information and puts in a
database and then it just keeps track of it.
And then, uh, the logs that result from like actually installing your, the
dependencies of that environment, um, then I use to go into as input into that reinforcement learning algorithm.
And they use that then to create future resolutions.
So basically just make the whole process of dependency resolving much faster and much easier.
Yeah.
It sounds like a great thing.
And I tried testing but well I got
I got into a little bit of an issue with my Python versions. I was like oh I'll deal with all of this later.
Yeah exactly. Can you scroll down to the code sample where it's talking about
thamos or thamos I don't remember the term exactly. It's a little further down
it's like a code call out.
Keep going.
I've got a little bit right there.
So yeah, so the way you can use it is you pip install this themos thing
and then you configure environment
and then you add dependencies
with some suggested version,
like approximately flask one.
And then you ask it to advise you
on your current setup.
And it'll go through and it actually analyzes the code
and does a whole bunch of stuff.
And then it'll give you some information.
I don't remember exactly all the details
of what it would suggest,
but it'll give you information
about the various dependencies
that you have installed and so on.
And also give you suggestions on like hardware
and OS versions that you should be using.
And it's quite smart. I thought it was quite interesting. And also give you suggestions on hardware and OS versions that you should be using. Yeah.
It's quite smart.
I thought it was quite interesting.
And it's in beta phase.
So if anyone that is listening would like to try it,
and then maybe just give some feedback back to RedHash,
they'll be very, very, very happy to hear from the community as well.
Because it's an OpenStack project.
So please, collaborate.
Yeah, check it out.
It looks like it might have something to do with OpenStack and their whole cloud story
over there as well.
Although I don't believe it explicitly said it.
It doesn't seem to be tied to it, but it seems maybe motivated by that as well.
So yeah, cool.
That's a good one.
Interesting.
Brian, some real-time feedback here.
So we covered this article,
Efficient SQL on Pandas with DuckDB.
And one of the cool things you could do is create a Pandas data frame
and then do select queries on top of the data frame.
That's pretty cool.
Yeah.
So for example,
remember you have like a local variable and you say the name
of local variable in the query and it like reaches into the call stack and grabs that
out of the context and then works with it. So yeah. Anyway, this is one of the data sciencey
things.
Nice.
Yep.
Fine.
Brian, is that it for all of our items?
I think it is. Yeah.
I think you might be right. What about the extras? You got any? I do actually nice timing for today. So, um, pragmatic bookshelf, uh, they're the
publishers of the Pytos book. They're running a sale, uh, actually 12 days of Christmas sale.
So every, every day is something different. You don't know what it is. I don't know what it is,
but today my, my book is part of it. of it so it's uh you have to enter a promo
code and you get uh 50 50 50 off 50 spend so you gotta order a couple books because they're not
that expensive uh but anyway it's pretty cool cool yeah hopefully that does well lice how about
you got anything actually you want to give a quick shout out to while we're here oh yes of course so uh i am a volunteer for python island and python has a speakers coaching session
happening on the 22nd of january so it's basically re-offering uh for people that would
like to be a pro on giving talks we're offering a workshop it's the entire day
and you need to
say that you need to just
give us your words that you're going to give
as a talk, as like a practice
thing
but it's a very interesting
workshop thing
and if you would like
to be part of it, just go into
the meetup.com slash Python Ireland
and it's there, I guess, the 22nd of January.
Yeah, that's a cool service, I guess you would call it,
a cool option for speakers
because speaking is one of those things
that really can open doors and help get you connected,
but it's also super stressful.
The very first time you do it is in front of the audience
and it's being broadcast. And also like the tips on how to put a talk together, because there is
that anxiety as well. It's like, I have a talk, but I don't know if the thing that I want to talk
about is a good thing, or I don't know if my slides are good. I don't know if I know how to
actually convey the message. So we would love to help you with that.
And I won't be the one giving the workshop.
There is a proper person there that has experience on doing that.
So, yeah, I've done the workshop, though, and it's a great workshop.
Yeah, nice.
And then I have a few other extras, though.
Can I just go on?
Yeah, yeah.
Cover as many as you want.
As many as you got.
Cool.
So then I also found, I don't know how many newbies we have listening to us today.
But for people that, since we're talking a lot about data science as well,
there's a bunch of data scientists and other people around that don't really know how to deal with Git. And even for me as a person, my personal experience with Git initially was so hard.
Yeah.
Why do I have to commit it twice?
Why do I have to do that?
I just want to commit it.
What's this push about?
And then what do you mean, where am I?
I am here in front of my computer. Yeah.
So if you want to learn Git,
there is this website called learningprinting.js.org
that gives you a step-by-step with a visual manual
of how to actually get Git done.
So you have like lessons,
so you can click on the lessons
and then it gives you like an explanation with some best practices and that gives you snippets of code as well.
So you have like a thing that kind of moves.
It's, yeah, it's quite like straightforward and it's, it's quite interesting.
I don't know what happened here.
My computer, I think, stopped working.
Yeah. Anyhow. I don't know what happened here. My computer, I think, stopped working. Yeah, anyhow.
So it's very interesting.
And it's a very visual way of learning Git.
So if you're struggling with Git and you don't have time to read the book,
actually, first thing, read the book.
I think chapter 10 of the Git book is the most important one.
It teaches you the main things that
you need to know um but if you don't have time to do that then if you want to train a little bit
um with a gui just this is the most straightforward thing that i found around that yeah that's cool i
like how it's like a little fake shell yes and if everything was working i could show you the like
you have so you do you click here and it's like, it's very GUI based.
But then as soon as you get out of this thing, you need to train to pass the phase because it's kind of like a game.
Okay.
Then you need to type it.
Oh, I see. So it has you do some kind of branch thing or check out and then it watches to make sure that, say, the branch was created or something, huh?
Yes. Yes. Like you have a check. out and then it watches to make sure that say the branch was created or something huh yes yes like
you have a check um it's it's quite interesting and it's it's it's like good for money yeah oh
yeah nice if you could fake now we're good i don't know what's going on i'm sorry
but it's no worries it looks cool it's good suggestion. People can check that out in the show notes. Yeah.
So...
Yeah.
I like the visuals.
This is the one.
So you can type, let's say, git commit.
And you can see what happens and it tells you.
So, okay, so you did a commit and this is what happens.
And then you can go back to the instructions if you don't get it.
It's quite interesting.
And then just to close the extras.
So I started coding with Python for a very short period of time.
And then I switched when I started IT.
I switched to Java and then I did a few years of Java.
And then I went back into Python.
But then when I went back into Python, I was like, uh, well, I know Java now.
And what's going on?
What, what is this language that is not verbose at all?
And you can do whatever you want with it.
How do you, how do you do objectives?
There's no rules.
What's happening?
Exactly.
What's the story?
Um, and I struggled a lot to find a straightforward tutorial and a straightforward manual that'll tell me, so this is the comparison.
This is what Python does that Java doesn't do.
Or this is how to do things in Python.
And this is how to do things in Java.
This is the comparison and blah, blah, blah.
So then I found this real Python article that was just being published,
I think, maybe a few weeks ago.
I wish it was around when I started, but it wasn't.
Yeah.
It's only like five days old or seven days old or something.
So.
Yes.
Yes.
Uh, so it tells you like very straight, you know, very straightforward way, the
differences, the similarities between the two languages and, um, talks about the
Python data types and talks a little bit about as well, the design of Python and how we do things in Python
and how we do things in Java and then standard library
and then comments as well about apps and tutorials and documentation.
So it's very, very, very interesting
if you're starting with Python coming from a Java background.
Yeah, that's cool.
I think using your existing skills to level up
is a much better way.
Like I want to know how to talk to a database.
I can do that in Java.
How do I do that in Python?
Oh, I see.
Okay, now I got it, right?
Yes.
Cool, cool.
All right.
I got a few extras as everyone may imagine.
First, a quick follow-up
for people who are getting started with Git
and you want some more help, consider using OhMyZShell.
Why?
Because if you go into a Git repository here
and you type Git, you can hit Tab.
It'll give you all the top level features of Git,
so like branch, clone, checkout, commit, whatever.
So if you type Git branch hit tab though it'll actually
list give you tab autocomplete and arrow autocomplete for all the existing branches
for example and stuff so if you're having a hard time on the terminal and you want some help you
can just do z shell and it'll actually give you like super deep autocomplete on the terminal even
into say your project structure, your repo
structure. So that's cool. Don't go there without that. But for my actual things, I gave a talk at
Flaskon. So that talk is up, which is really cool. It was on HTMX and Flask and Jinja partials and
things like that. So people can check that out. That's good. Brian, I've talked about why Firefox is awesome
and people should be using it more
and not letting it fade into oblivion.
As everyone thinks,
Chromium is the core that we should all be building on.
And they just came out with a really cool idea
called RL Blocks
that would be applicable to other browsers as well.
So one of the problems with web browsers
is they accept all sorts of input
from random strangers on the internet,
which is generally not a good idea for security, right?
And it's not just the browser, it's the plugins.
So you've got things like the Ogg format
or Wolf is a font, parsing library,
and all these different things
that you might need to run inside
the browser, but you really get them from somewhere else, right? So for example, if there's a problem
with say the org parser, you load an org file, then you know, the browser gets hacked into and
there's things they've been doing to try to restrict that with like sandboxes and stuff.
So this thing, this thing, I'll just give a quick shout out to R blocks. What they're doing is insane. As somebody who does a little C++, tell me what
you think about this. So what they do is they use the, um, LLVM or no clang here, these clang,
and they take these libraries like org, they compile them to web assembly. And then there's
another thing called web assembly to see, and they compile it back to C and then they compile it into the system as if they hadn't done anything to it,
which sounds weird, right? Why would you do that? But what it does is it strips out a bunch of
intermediate steps where viruses could live and uses WebAssembly to like put those checks as part
of the system and then puts it back into C. Okay.
Yeah.
So anyway, this is a pretty wild thing that they came up with.
So just worth a quick checking out.
And then, Liza, you mentioned this log4j thing.
Yes.
We're all going to be suffering from this for so long.
This is so bad. So it turned out that log4j, the problem with log4j is, let me describe this in Python terms and just see what you all think. So Log4j has this ability to parse the strings you put or the IP address that I'm on, I can put
like a little symbol in the log file and Log4J will go, oh, what you need is you want me to say,
pull in the IP address locally and then write that in the log. That's maybe okay. They also
have this ability to run code that they don't know. I mean, you did some Java. They have this
ability to run code, not in the local class library,
but on a remote machine somewhere else out on the internet
called, was it JNDI, J-D-N-I?
I don't always swipe the order.
Well, it turns out you can put the J-D-N-I run code symbol
into your log file,
and then the log message will result in running code
from anywhere on the internet in the process of your thing that's trying to log. And it can come from anywhere.
It is so bad. If it's in a header file, if it's in the URL, if it's in the email address where
you expect an email address, you put in like dollar bracket, J and D I colon some path to the
virus. Literally the attempt to say this user with this email address failed to log in results
in running the virus.
It's anything that you may ever log, user agents, like you name it, run virus remotely
in this process.
And anything you might want to log in, you're typically logging bad inputs.
You can log attempts to hack your system.
There were like 850,000 hack attempts within the first couple, like day or two
of this. It's going to be not good, which made me think of just a quick little fun comment here
of an XKCD that someone put on Twitter after this, because it's all about this log4j that's
not really funded. So all modern digital infrastructure is like this Jenga tower.
And then at the very bottom, it's a project some random person in Nebraska has been thanklessly maintaining since 2003.
Pull that out, it all comes down.
So that's the world we live in.
Yeah.
Yeah.
Especially because there was this thing, this movement on Twitter of people just blaming the Log4J developers about it and some other people to show up.
Well, they haven't been getting paid
for all the work that they're doing
and everybody's using the application throughout.
There's certainly a conversation to be had
about how much energy and time
should these large companies be putting
into supporting open source stuff, right?
And I think there's so many little things like Log4J that nobody feels like they're using.
Sure, their web framework might use it, but they don't actually want to use it.
It just happens to be what their web framework shows.
But they are built on top of it as they're learning.
I'm sure there are many sleepless nights on this.
I don't know.
Not good.
As a Java person, what do you think about this?
As a representative of all Java.
No pressure at all, right?
No pressure whatsoever.
I can say as someone that has worked for open source for a while now,
that there is a big discussion to be had on that.
But there is also a big discussion to be had on how do we want open source
to be sustained from now on, because the way that it's going is not sustainable
when we all know it and we have big companies and we don't even need to
name the big companies, but we have really big companies. They have been using and are starting now
to do open source projects
simply because it's good for business.
Because it gets people hooked into what they're doing
and then, well, you're going to have to use
our open source packet now
and that's us taking the market.
But we need open source to be at least a tiny bit more sustainable
because the way it's going, it's not good for anyone.
Yeah.
I guess one final thought on this.
This was not a bug that was found.
This was a feature that was used in a way that people didn't expect.
I can expand variables.
I can run remote code.
I can run expanded remote code.
Oops.
All right.
But let's bring it back to Python with a joke.
What do you guys think?
Yeah.
All right.
Liza, you got the first joke.
Hit us with this one.
So we were talking about virtual environments
and how much fun it is to set up Python
and use all your virtual environments
because you have, well, FEMS and PPMs and
Condes and everything else.
And how much everyone always complains about having to set up their environment before
installing Python.
So I found this.
So apparently this would be society if you didn't have to use virtual and install Python
packages.
And it would be wonderful.
Let me try to describe this for the world
who is just listening.
It's like the most idealistic,
futuristic view of the world.
We've got like monorails
and there's just shining silver spaceships
zooming through the sky.
And it just looks like,
oh yeah, here's the perfect future
we all dreamed we were supposed to have.
Yes, that everyone types Python, everyone knows Python, but they don't have to use virtual arms to install their packages.
Imagine.
Are you telling me that virtual environments denied this from us?
No, this is the reason why we can't have these things is because people don't learn virtual environments.
That spaceship has its own environment.
The little house over there, that's running a different version. That spaceship has its own environment. The little house over there,
that's running a different version.
Yeah, because of its environment.
That's a good way to look at it, Brian.
I like it.
Yeah, me too.
Brian always thinks the other side of the thing
is like the data perspective.
It's wonderful.
Thank you, Brian.
Yeah, thanks, Brian.
All right, the joke I was going to cover
is actually that Jenga tower I already showed. So I'll just leave it at that. One real quick bit of follow up here,
because I think this will be helpful to people. Jeremy Page says, if you are on bash instead of
zshell, the package bash dash completion will also allow git command tags, branches, etc. to
autocomplete. And I never read a book. I think I read an article that's like the 10 get commands you need.
And I've been good since.
Yeah.
Oh, yeah?
Okay.
Mr. Waze Kids.
I catch.
Exactly.
And Brandon says, you don't need virtual environments if you just set up a new virtual machine for
every project.
That's true.
Yeah.
Docker will save the world.
That's right. Yeah, Docker will save the world. That's right.
I agree.
We could have the same picture with Docker,
but they'd all just be cubes just flying around.
Cubes, yeah.
Like, yeah.
Packet like that with those containers,
shipping containers everywhere.
There's also the pragmatic.
Exactly.
The pragmatic Mario says,
I click buttons on VS Code.
Go, GUI. All right, Brian, you click buttons on VS Code. Go, GUI!
All right, Brian, you want to take us out of here?
Yeah, sure. Thanks, everybody, for showing up for the show.
And it was really a lot of fun.
Thanks, Leaz, for showing up. It's been great.
Bye, everyone.
Thank you. Thank you for listening.
And thank you for the invite. Again, it was a pleasure.