Python Bytes - #268 Wait, you can Google that?
Episode Date: January 27, 2022Topics covered in this episode: (draft) PEP 679 -- Allow parentheses in assert statements Everything I googled as a dev PyCascades 2022! Strict Python function parameters mureq - vendored requests ...Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/268
Transcript
Discussion (0)
Hey there, thanks for listening.
Before we jump into this episode,
I just want to remind you that this episode
is brought to you by us over at TalkPython Training
and Brian through his PyTest book.
So if you want to get hands-on
and learn something with Python,
be sure to consider our courses over at TalkPython Training.
Visit them via pythonbytes.fm slash courses.
And if you're looking to do testing
and get better with PyTest,
check out Brian's book at pythonbytes.fm slash PyTest. Enjoy the episode.
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 268, recorded January 26th, 2022. I'm Michael Kennedy.
And I'm Brian Eichen.
And I'm Madison Swain-Bowden.
Hey, Madison. Great to have you
here. So fantastic to be here. Yeah, yeah. We talked to you before at PyCascades, where you
were on the hosting side. That's right. Tables are turned a little bit, yeah. They absolutely
have. So why don't you tell folks about yourself before we jump into the news? Thanks. Yeah,
I am a senior data engineer at a company called Automatic. We do WordPress, which is surprisingly, I recently heard that it backs 40% of the internet.
And so that was really surprising.
So much of the world is on WordPress.
It's unbelievable.
Yeah, and I work with the Openverse team there, which I'll talk about a little bit later in the show.
Yeah, fantastic.
Cool.
Yeah. So Brian, shall you kick us off on the first thing?
Yeah, sure. Something about parentheses. I like Python because it generally doesn't have that many parentheses, but you were going to tell us that it should have more.
Yes. Well, we have them with function calls, right? And tuples. So actually,
because there's function calls and tuples, both use parentheses, there's a in here but what happens currently is
if you if you call assert you're not supposed to use parentheses um you actually you can't right
now you can but it's wrong um so if you it's one of those princess bride things like that that
doesn't mean what you think it means it doesn't mean what you think it means so what happens is
is you you give assert asserts a statement within Python.
You give it an expression to evaluate.
And you can also give it a comment, like a string, to add a message if the failure happens.
But what happens is sometimes people think it's like a function and put those within parentheses.
And it looks like a function call.
And it looks visually fine but what
happens is um is it doesn't matter what the expression evaluates to uh because the this
it's a it's a two value uh tuple and especially if you got a string in there the string's not
non-zero um yeah so the tuple evaluates to a true value and your assert never fails.
And the tuple is never none.
And so you're good to go.
Yeah.
It's a good way to have some passing tests.
Yeah.
I feel like this is one of those like Python gotchas.
Like if you have one and if you assign a variable to one comma, then you get a tuple instead of just the one.
Right.
Yes. And particularly with print being changed from a statement to a function,
I think it makes a lot of sense for people to assume that assert is also a function.
And it's kind of an odd duckling in the language because it is just a keyword.
So this pep is just to say, let's allow both.
Let's go ahead.
Because right now, there's no real reason to pass
in a tuple as a full expression. It's always going to be true. It's a no-op. So let's go ahead and
add that to the language and allow people to call it as a function if they want to. And there's AST
around it to make it basically be the same thing. I think this is a no-brainer.
I think we should just get it done as soon as possible. Hopefully, we can get it into 3.11
or 3.12 or something like that. I wonder too if having it as a function
might help with autocomplete in some IDEs. Because I think right now when you do the assert,
you don't get that like suggested arguments
or suggested parameters that you do with a function.
And so it might help there, yeah.
Yeah.
Yeah, or if you're trying to put too many things in there,
it won't tell you that it's wrong, all those things, yeah.
Yeah, hopefully this will go through.
I hope so as well.
So let's talk about Local Ghost. So Local Ghost is a blog by, let me get
the name right here, by Sophie Kunin. And she blogged or wrote about everything I Googled
in a week as a professional software engineer. Oh, cool.
So I wanted to highlight this because there's a lot of folks out there who listen to the show
and just are in the industry who feel like they don't quite add up or they don't belong or whatever because they feel like they get stuck and lost and banging off things.
And I can tell you, we were just talking about it last time with a joke, right, Brian?
Like, I hate programming, I hate programming, I hate programming.
It works.
I love programming.
But the hate part, there's a lot of searching, a lot of Googling and bouncing around from that. And so here's just another pro software developer pro in the sense it's her job and she's
been doing it for a while. And it just talks about like, okay, what did I do? So the, what she
searches is slightly different than what we would search because she mostly is a front end and node,
mostly JavaScript type of developer, but it doesn't really matter.
You can sort of see,
there's some basic stuff.
NPM React testing library.
And what's nice is she puts a little comment
behind a lot of these,
like, why did she search for this?
Not just the words.
Like during a React upgrade,
looking at dependencies
to see the latest versions
and checking for breaking changes.
And then React Apollo release notes,
totally normal.
And then undo a rebase. Oops.
I think we've all been there.
Yeah, exactly. Or just silence warning, or maybe it's undo commit. No, what did I do?
I can't push this. Just silence warning. Don't judge me, okay? So there's a bunch of interesting
things and it kind of goes along there. So you all can look through. I don't judge me, okay? So there's a bunch of interesting things and it kind of goes along there.
So you all can look through.
I don't want to go through all the details
because there's just a lot of stuff.
What were you going to point out there, Madison?
No, it's just a lot of fun and interesting searches.
And I think like if we were all to do this sort of analysis
for ourselves, it would be kind of an interesting retrospective.
It would be super interesting.
Yeah, like what surprised you most about your search, Hidari?
Let's see, there's a few. I think on friday down here at the end of the week that was pretty yeah i put my notes i'll pull it up down here so one that i thought was interesting was
she sure she searched for expecting expecting a parsed graphql document perhaps you need to
wrap the query in a string quote g, GQL tag. And the content
of that's not super interesting, but what that is, is exactly an exception message, right? In some
sort of code. And for people who don't do this, you should take the error messages and put them
straight into Google or straight into DuckDuckGo or wherever you put search things. And it is so
good. With quotes. The problems.
With, yeah, exactly.
Maybe quotes on the really important bits, right?
Like I really want to make sure it's GraphQL and not some other document or something.
I would say half the time when I do that,
it takes me exactly to the GitHub issue
that describes the problem that I'm experiencing.
It's surprisingly effective, isn't it?
Absolutely.
It's like, why does this work so well?
The thing that blew my mind most once is I had a friend, this is way back.
I mean, we're talking like early 2000s.
He was using Outlook.
Don't judge him.
It was a long time ago.
And he was using Outlook and it was just stopped working.
It gave him some weird error that had almost no message, just a number.
So I just searched Outlook, that number, and boom, here's the exact fix.
It's just like, are you kidding me?
I love that. Yeah, I love it so much. A couple others, semantic HTML contact details. Wanted
to check if address tag was relevant here. I highlight that because here's somebody who's
a professional HTML developer basically doing front end stuff. And still they're Googling to
see, does this address tag match here? Like, should I use this block, this HTML tag in this situation, right?
So it's, even if you work in stuff day to day,
there's stuff that you just go,
like, I'm just gonna leave that to the search engine
and distributed cognition
and not have to memorize every detail
of what I'm working in.
And then finally, I just thought this was fun.
Editing host file.
This was the search, not the action.
Desperate times and it didn't even work.
Anyway, I think this is fun and I thought I'd just share it because I think it's interesting
for people to compare notes.
One of the things I noticed recently was I don't remember the exact way you're supposed
to get to GitHub repos.
So I usually just Google GitHub and then my repo name
just to get to the repo.
Exactly that, yeah.
Nice.
Well, and a lot of times I search for like a project
and then it brings up like PyPI
or some other, like the read the docs.
I was like, no, I want GitHub.
Take me to GitHub.
Yeah, I'm always like, all right, fine. I'll click the PyPI so I can click on the source code. Exactly. Exactly. How many links do
I have to go through just to get to the repo? Exactly. I know I'm two clicks away. That's
good enough. Let's do this. Yeah. I have a couple of thoughts on this. Yeah. Tell us.
First of all, localghost.dev is an amazing domain name. I absolutely adore that. And the second is, it's really great seeing
articles and posts like this. I see a lot of seniors, particularly like senior women and
others, underrepresented minorities, talking about this sort of thing. And I think it really
helps to dispel the myth that like, you have to be an expert who has every command for, you know,
every utility memorized in order to be a senior
dev. Like a lot of us are doing these sorts of Googles, right? We're like looking up the, uh,
the function signature for something that's like in the standard library, you know, we're all doing
this. And so I think it's, I think it's really valuable to share something like this, um, for
particularly for people who are new. Yeah. Some of the best skill acquisition isn't
memorizing things. It's remembering that the feature was there.
Exactly. Yes. Yes.
Right. Exactly. I need to know just enough that I can Google it to get to where I want to be.
Absolutely. And Johnny out in the audience also thinks this is interesting. Yeah. We all think
this is great. Fantastic. All right. I did give a quick shout out to PyCascades previously.
Madison, you want to tell us about your first item?
Yeah, I wanted to share about it.
So PyCascades is coming up in less than two weeks, which is really exciting.
We have another year of just excellent and diverse talks from an array of different subjects
and expertise levels.
Last year, we were online and we're going to be online again this year using the same
platform that we did last year. And a lot of people really enjoyed that platform. So we're
excited to use it again. We're hoping to do some watch parties in Seattle, Portland, and Vancouver.
But unfortunately, reality wanted us not to do that. We opted against that. But we're so excited to be doing this again this year.
And one of the things that I'm really excited about is that we have the PSF's diversity,
equity, and inclusion working group doing a meet and greet as sort of our first event on Saturday.
And so they have a form that they are sharing for just trying to understand the landscape around
diversity in the Python community. And so we have that linked in the show notes,
if you would like to fill that out. And we're going to have socials on Friday and Saturday night.
And we had a DJ last year, we're hoping to have a DJ again this year on Friday night.
And then we'll be doing sprints on Sunday. And tickets are still available. We'll be selling them throughout the event too. So
because it's a virtual event, it's not like NFTs. There's no digital scarcity with these. So please
feel free to buy a ticket whenever you have a chance. And we hope to see you there.
I don't. Yeah, it's a fun commerce. I've been sure I'd go into it when it was in person. So it's cool
it's still going. I can't wait for it to get back
to being actually in person.
I know, I know. We were
hoping to dip our toes into it
this year, but it just wasn't going to happen.
And I should also mention too, we're having
talks from
some well-known folks in the Python
community like Thursday Prom and Jay
Miller, who I know you had on Talk Python to talk Python to me recently. Yeah. Yeah. And we have, um, some
first-time speakers as well, like Joseph Riddle and Isaac Noss. So we're, there's a lot of really
great talks that, uh, that we're looking forward to. Yeah. Super cool. Cool. All right, Brian,
back to parentheses and stuff. Yeah. Well, maybe not parentheses.
Sort of. Stuff that happens between parentheses.
So this interesting article by Seth Larson that I ran across that says strict Python function parameters.
And I thought, strict? What do we mean by strict Python function parameters?
And the idea is, let's put everything together. So we have, um, we've
got keyword only parameters and that's, um, it's a little small on screen, but, um, keyword only
parameters is, is where you, you can put an asterisk in the middle of your key in your
parameter list. And it says that everything after that has to be a keyword it can't be uh you can't
pass that in as positional and i'm yeah i'm not sure exactly how that works really but um it's
kind of it's useful uh the um and then you can also put defaults in there of course uh for things
and it's just that separating of what where your keyword positional and keyword arguments go. And that's a, it's a cool thing. Um, that's helped, uh, allow people to, uh, add parameters before.
So this was a nice addition. And then also we've got, those are keyword only parameters. We also
have positional only. So with the slash, uh, you can say everything before the slash is a positional only. You can't pass it in as a keyword parameter.
And the natural progression is, you know, hey, let's just do both of them at the same time.
And I didn't actually, for some reason, I didn't realize you could do this.
I didn't either, yeah. Neither. Yeah. And so what, so then you're going to have your, uh, positional parameters first,
and then a slash and then a star, and then, uh, you'll have, um, and then all your keyword
parameters after that, what, what happens then is you're both of them are true. So you have to,
you have to have the positionals first and then the keywords after. And so what's the benefit?
This just looks like added syntax to confuse people.
But there are a lot of benefits.
One of the benefits is really that your documents and your code and your example code
and all examples people look, if they look up some other
GitHub repo or something using your API, all the examples are going to look kind of the same. And this is sort of something we're used to in other languages.
It's, uh, I was actually surprised in Python that you could rearrange your, your input arguments,
uh, especially the keyword ones, you can rearrange them and they work fine,
but it's confusing sometimes. And, uh, and I just actually think this is kind of a neat idea. I think that especially for API
or library API entry points, doing something like this might make complete sense. And it's
something I'm going to look into considering just to make sure people use something consistently.
The article also goes through a thing about empowering library authors to have flexibility to change
things. And it's a good thing to read up on. But I was curious what you guys thought about
if I ever had an API or you were looking at API and it had this slash star in the middle of
everything, what would you think? I mean, I really like this concept and I'm glad that it's a feature
of Python because of that uniformity that it can create. I've never had an opportunity where I felt like this was something
that I really should use, but I think that's a large part because all of the stuff that I work on
is usually internal tools. And so even if it is open source, there's not like a public API that
I'm building. And so that, right.
If you're consuming it versus creating it for others, it's very different, right?
Exactly.
Exactly.
Yeah.
And so I think it's always a good thing to keep in the back pocket when you like have a particular contract that you really want to enforce with how functions are used and
keywords and whatnot.
Yeah.
I, I also am glad that it's here.
And for the same reason as Madison, I don't use it very often because to the extent that I do make open source libraries, they're pretty basic and don't have tons of like tutorials or anything about them.
Maybe I should think more about this, honestly.
But I do like the idea that you can say, no, this is going to be like this specifically for certain things.
And say this stuff you cannot use as a keyword argument you
have to just pass positional this stuff you must it has to go at in this order and so on yeah i
like it yeah one of the things i see is um is is people looking at other examples um and uh um and
and saying like so if if you've got a key if you just have uh arguments, you can pass them in as keywords, even if most people use positional.
And then you can reorder the keywords and put them in a different order.
And then somebody else might look at your code, copy it, and then take off the keywords.
And now they're in the wrong order.
And that'll mess things up.
This is a Dean added comment of,
so def underscore, yeah, star.
This is a legit syntax.
That's funny.
I can't even read that out loud.
It's so confusing.
Looks like code golf is what it looks like.
Goodness.
So anyway.
I think it's like typing in the sense that
it's a good feature that's there and it can be helpful for making things more explicit in Python.
But part of the power of Python is that it's very versatile and approachable.
And so it's I think it's nice, too, that it's not like this is something that you are required to do for every function that you write.
Yeah. Yeah. Yeah. I do like the flexibility there. All right. Let me tell you about something that seems
a little bit contrary to the Python way, but I think people will find useful. So over on pypi.org,
we have 350,000 plus packages, which is utterly mind blowing. I remember when it was 75,000 and I'm like,
wow, look how many there are. It's insane. So a lot of the superpowers of Python is, you know,
the ability to use these packages. And people will say, I'm using Python because it's really
great at working with Excel files. Well, like Python's not actually good at working with Excel
files, but there are many libraries for Python, which that's true, right? And so you have this sort of spectrum of like, what do people mean when they say like Python is
great? But I do think these packages clearly are super important. So why do I bring this up to
start the section off? I want to talk about a way to not use PyPI, but still do some cool stuff.
There's this thing called Murex, as in small requests, over here. It's created by, I've got a name.
Yes, if it pulls up.
Shriaram.
So very cool project here.
And the idea is it's request-like, not a drop-in replacement for requests,
but like requests with limited features.
But if you're using a limited subset of what requests could do,
you could use this library and have zero external dependencies, no virtual environments required, no pip install dash
R or friends required, and just have like a real simple thing and not have to fall back
to just URL lib, which is pretty cool.
So it does standard stuff.
I would recommend maybe even from, you know, import Murex as requests and then request.get.
See what breaks. Yeah.
Yeah, exactly. I mean, and then see if it works or not. So it does have some limitations,
quite a few actually. It doesn't support connection pooling, for example. But if you
do request.get, neither does that. You have to create a client session and then use the session
to do get and so on
if you want connection pooling.
Apparently uses a lot less memory,
but the main reason besides just convenience of like,
I want to give you a Python file you can run
or a set of Python files you can run the top level one
without any external dependencies.
So that's pretty nice.
The other one is to avoid supply chain
attack vulnerabilities, right?
We've talked before about people putting malicious stuff into PyPI.
We talked about the guy, Marek, I believe it was, who had like sabotaged his NPM packages
and those kinds of things.
And, you know, the cascading change of like the super dependencies in the JavaScript world
meant that was really, really bad, right?
So here's a way you could put something that does request like things into your code and it doesn't have any dependencies.
It doesn't have, there's no way someone's going to take over that account and put something
malicious there. Or even maybe worse is like the dependency of the dependency of the dependency
is where the problem is. Yeah. So yeah, I think this is pretty interesting. Yeah. Security is in
a lot of people's minds recently with the log4j stuff.
And then yeah, all of these supply chain attacks that are happening, particularly in the JavaScript
space. It seems like a lot more happens in that area, more so than like Python. But I feel like
the packaging story is really similar in both. So it's useful to take the lessons learned from the JavaScript ecosystem, pull them back into Python. I think something like this is really similar in both. So it's useful to take the lessons learned from the JavaScript
ecosystem, pull them back into Python. I think something like this is really valuable,
particularly, I know some companies have just very difficult bureaucratic processes to like,
get requirements in. And so if you say like, this is just this one file, it has this license,
we just need this makes it a lot easier. We can review the one file. It has this license. We just need this. Makes it a lot easier.
We can review the one file.
It won't auto update.
Exactly.
It's going to, yeah.
So that's the good news.
There's a couple of things worth pointing out. One over in the PR section is a lot of the stuff inside
is not PEP 8 compliant or other stuff.
So if you drop it into your project,
it'll give you a bunch of warnings.
So you might want to run like black on it
before you put it in your project.
I did a PR that's suggesting that that should just be part of it. There's an ongoing
conversation about that. Also, it doesn't support a couple of the main methods like dot JSON for
consuming APIs and, um, raise for status, which if you don't get a successful status, it'll raise
an exception. So you don't carry on with bad data. So those two are really good. The race for status is supposed to be put in soon.
The JSON one is up for debate.
With all that said,
I have a branch that has all those fixes
as pet bait compliant.
F strings has those two functions
that you might use.
So people can use that as well if they want.
Did you put a PR to get those back in?
Oh yeah, yeah.
That's what I was pointing out before.
I absolutely did. Yeah, they're not, I'm debating with the author whether or not he thinks that those are appropriate to add to it. Maybe you could
rename it medium rec if medium size rec. So anyway, it's not super important. It's not that
big of a deal, but I mean, you know, the, the effect of actually adding those,
they're not huge amounts of code that you've got to add to make this happen.
Like the JSON one is literally one line of code.
No, you could take it.
I mean, do you count the function definition of the separate line?
It's two, if you've got to count the def, but it's like super, super small.
So if people can grab mine and they can add it or they can grab theirs and then add it,
whatever.
So, or that's the good news.
Fork the project and make Mewtwo rec.
So much more Mew.
Yeah, exactly.
Now here's the reality of what I found.
I have a lot of projects that have 10, 20 dependencies because they're, you know, tens
of thousands of lines of code and they do a lot of stuff.
Every single one of those where I thought, oh, this would be kind of fun just to like
cut down on the dependencies and the dependencies of code and they do a lot of stuff. Every single one of those where I thought, oh, this would be kind of fun just to like cut down on the dependencies and the dependencies of the dependencies.
Because what I do with the requests is real simple.
Usually call an API, get some JSON, get some values out of it.
It'd be nice to do something like this.
The reality is so many things depend upon requests.
Sentry, for example, depends on requests.
MailChimp's API depends on requests
and et cetera, et cetera, et cetera.
So by the time you get a project built up with other stuff,
it's already got requests required and installed and so on.
So it's like, this is for like a smallish app
that doesn't have really many other dependencies
that I think this makes a lot of sense for
because if you depend on a lot of things,
you're going to end up with requests
as a dependency real quick. Yeah, that's a really solid point.
Yeah, thanks. Lastly, for people out there listening, wouldn't it be fantastic if a request
itself offered an official mini request and HTTPX offered a single file version and AIO HTTP client
offered a single file version? Like, yeah, it only has 80% of the functions,
but if those functions don't have dependencies,
maybe just drop those in.
I don't know, it would be great.
One of the things I like about actually alternatives,
either within a project itself as an alternative
or these forked projects that have the same API
is they might have benefits.
And so, but you have to weigh those.
So it does encourage actually a nice software design of a couple of things. One of them is
isolate your dependencies to as few files as possible. So if you only have one of your modules
accessing requests, then you only have one place you need to change it to this new module import.
Yeah, absolutely.
The other thing is testing, testing your behavior. So instead of implementation,
so if you test your behavior and you've got it isolated, you can drop in a thing, run your,
run your CI, see if it all works, throw it to a couple, few beta people and run with it if it
works. So yeah, quite cool. Now, one thing that could be useful and also potentially extremely dangerous is some
Python-level capacity for shimming a module.
So like in the situation that you describe, Michael, where you have a ton of dependencies
that all require requests, you could pull in something like Murex and then just say,
like, this is a request. Python, I want you to think of this as requests. But obviously,
that has, I mean, it's just an idea. It has some pretty bad security implications with
people being able to usurp that. Yeah. It may cause some unexpected
behavior, but yeah, it's also, could be could be good all right just put your entire
application inside of a patch statement now i'm just kidding what i'm hearing is that we need to
make our entire application one file in every case and that will just solve all the problems
actually just one main it's perfect well you don't even need a function in python right
yeah okay yeah no functions.
Oh, gosh.
Yeah, it just runs once, top to bottom.
Let's go.
Now, I was dreaming of a world where, like,
there's a simple use case that you don't have to have a bunch of dependencies and dependencies,
but it's probably a little extreme
when you take it very far at all.
All right, Brian, what you got for the next one here?
Oh, this.
Oh, that's your extra?
No.
Madison, you're taking us out for a minute.
Yeah.
Yeah.
Welcome to OpenVerse.
This is not the metaverse, but everything is, you know, I say call the tech industry
a song because everything's averse these days.
But this is a search engine for openly licensed media.
This is something that the WordPress community is
supporting. And so what I mean by openly licensed media is images and audio. That's what we have
currently. But we're hoping down the line to have things like video, 3D models, text, all
assets and media that you can use without having to pay for them. And just some
licenses require attribution, others don't. A lot of them are free for remix and reuse.
And so this used to be called CC Search under the Creative Commons sort of purview,
but they've handed it off to us to help Shepard into the future.
And so if you are looking for content to use on your blog or your podcast or anything that you're creating, any sort of content that you're creating, your conference presentation,
your conference, your courses, whatever.
There's a lot of a lot of times I'm like, I need an image.
I need to be able to use it legally.
Or a snippet of audio to throw someplace. This is awesome.
Yeah. So I'll show an example here in the live stream. I'm going to type Jupiter,
and I have to spell it right. I typed Jupiter last time. And yeah, you just get a bunch of
pictures of Jupiter and then also different sound clips that we have mixed in if you want all of the
results. You can also filter by just
certain media types, like seeing just images or seeing just the audio results. And then when you
click on an image, you'll see the attribution for that image right there alongside it. And so you
can just copy that and put it in your website after you link the image. And we have over 600
million images in Openverse and more audio and more images and more just media in general to come.
Oh, and if we search, sorry, if we search Jupiter, there's some fun like conference-y,
you know, screenshots.
So there's, you know, lots to use here.
Cool.
Alvaro asks, can you search by license type?
Yeah.
So I'm sharing this in the live screen, but on the right, the first filter that we have
is by different license types.
And a lot of these are, I believe they're Creative Commons license, but not all of them are.
We have public domain markered licenses as well.
And then you can search by use too, depending on how you're using that.
So if you're using it commercially, that's going to have different licenses and implications for you versus modifying and adapting. And then we have, I mean, Openverse serves as like an aggregate for
different entities that host some of this openly licensed media. So things like museums,
NASA's photos, that sort of thing. And so you can also search by provider too. So if you're
looking for space photos and you say, I just want NASA's authority on this,
then you can sort of filter by that aggregate.
Very cool.
Yeah.
This is a constant challenge, and it's great.
It's a challenge for blogs.
It's a challenge for all these things, right?
But it makes perfect sense why WordPress
would be interested in this.
Totally, yeah.
And we're hoping to have it integrated into WordPress down the line. So like if you're working on a WordPress site and
you want to add an image, one of the blocks that you can pull up is just a search on Openverse and
then you pull it in and it will pull the attribution in with it and you don't have to do a whole lot
of extra work. So we're hoping that that's, um, that's going to be coming down the line too.
And yeah, it's so easy to just like go to Google images and find an image, but it's
harder to find the appropriate attribution for that.
And particularly, you can get into some very interesting legal spaces if you're making
money off of that photo too.
I mean, it makes perfect sense if you're like a high school student doing like a research
project.
Who cares, right?
But it starts to push the limit
if you're selling something or you're making a book or whatever yeah one of the things i think
is interesting is that the difference between uh free like non-commercial and commercial and
and we think of it like big companies or blogs or something and the it's not that cut and dry
because like you start say you're starting a podcast, you start getting sponsors and you're making like five bucks a week.
That's commercial, but it's not like I can afford a huge license.
So, yeah.
Right.
Exactly.
And I mean, maybe you started non-commercially and then it became commercial.
Yeah.
Right.
But you had already used it and stuff like that as well.
Yeah.
How about a real-time uh feature
request dean langston asks i will says i wish it had a this is a ping with a transparent background
like i hear it i hear it i use that feature all the time in google images yeah we actually just
finished a redesign of the site um we launched yesterday for this redesign which is really
exciting um but we have i mean we have lots of stuff that we want to start adding to this.
Turns out that making a search engine is not easy.
Surprise.
So there's a lot of work to be done.
But that's a great feature request.
All of this, too, is a great plug.
So thank you for that comment.
All of this is open source.
And so if
you just search Openverse GitHub, like we had mentioned earlier, because if you just search
Openverse, you'll actually get the site. You can go and make an issue on any one of the number of
repos that we have for describing this project. And on top of that too, if you know of a content
provider, like a museum or whatnot that has an API that could have its images added
to OpenVerse, we're trying to make it really easy to write those. We call them provider ingestion
scripts. So even if you just know of one, you can make an issue for us and we'll write the provider
script. But we also love public contributions if you have a source that you want to add and you
want to get it into open first.
Oh yeah,
that's great.
All right, Brian,
now are you ready for your extras?
I am.
Yeah.
So we were talking about security and supply chain for packages.
And so I noticed this actually,
gosh,
it just came out like yesterday to yesterday.
Brett Cannon announced that he's got a,
he has a GitHub actionub action that um called uh
pip secure install uh that he published and uh apparently vs code or the vs code python uses it
but the the thing is is is it just sort of if you pip install something with requirements file
it could have who knows what it all is in there and your requirements, and then they have
dependencies and they have dependencies. This secure install allows you to do through GitHub
actions, use a requirements file, but you have to have stuff in it. So you have to have no,
it doesn't pick up any dependencies and it requires hashes.
So you,
so you have to have a full requirements file with all of,
all of the dependency tree in there with the hashes to eliminate,
eliminate these like supply chain problems.
It doesn't eliminate them, but once you've tested a good package,
you can just put this in there.
So I just wanted to give a shout out for,
for this project by Brett.
So that was cool.
The second thing I wanted to shout out, which I'm like totally excited.
Basically, this is a shout out to everybody out there listening to this
that has supported the Python testing with PyTest book.
I was talking right before we started recording that today is the last day I get to touch it.
I get to my final edits are going in.
But because of all the beta, the beta purchasers,
it's supported the rewrite and just just been awesome support.
And right now it's at number two is the best seller on Pragmatic.
So that's pretty exciting.
Congratulations. That's awesome.
That's fantastic. Yeah.
Madison, back to you.
Anything you want to give a quick shout out to?
Yeah, a couple quick things.
One thing I forgot to mention about OpenVerse, it's also written mostly in Python too.
So if you're familiar with Python, you can help contribute.
But on top of that-
No, no.
Yeah, it's kind of interesting because most of WordPress is PHP and JavaScript.
But OpenVerse is a fun little extra blob on the side that runs in Python.
Yeah, beautiful.
Speaking of small Python web apps and whatnot,
some folks in Seattle recently launched a new police accountability and information tool.
And so this is just a tool.
It's spd.watch for the URL. And it's a tool that just allows you to search for police officers in the Seattle area and
get information on them.
So you know if you're interacting with an officer, sort of what their history is, how
long they've been with the force, that sort of thing.
And it can be really useful for community safety and also just accountability.
And you all had mentioned Just in episode 242.
I just wanted to give a shout out to it. I have been using this for every single project that I
have touched. When I go to a project that doesn't have Just, I get very angry. It's so fantastic.
I mean, the fact that you can add comments for different recipes,
your recipes can build on other recipes. There's a lot of complexity that you can have
in the Just file, which makes it easy for new people to come on and start contributing.
And so if you have lots of Docker containers that require certain specialization in some sense,
you don't have to write this big, long readme that describes all the steps.
You say, download Just, and then Just run.
And that's it.
It's so nice.
I totally forgot about Just.
So I'm glad you brought it up again.
It's so, I just, I can't sing its praises enough, honestly.
Although I do have to say its name does make it very difficult to do Google searches for.
And then lastly, I just want to give a shout out to the GitHub
Package Registry. That's ghcr.io for githubcontainerregistry.io. They do free
Docker image hosting for open source projects. And I'm not sure what the pricing is for,
or we could see the pricing. But yeah, they do, they do free for open source
projects, which Openverse is taking advantage of. And I've, I've used on a number of personal
projects and it's been incredibly helpful to just be able to build and push an image
for free with GitHub actions and then have that hosted for free on GitHub container registry.
Oh, that's cool. Yeah. It looks handy. Cool. Nice. How about you, Michael? I got a couple as well. Yeah, I got a couple.
Let me go back here.
So very kind message came out on Twitter saying,
here's a really cool way you can go to the transcripts for the podcast,
which is on GitHub.
And then you can do like a search across them using some nice GitHub search features.
Absolutely true.
Very nice.
I also wanted to point out a couple of things that we actually have some neat features that people can play with. First of all, we have a search engine.
You can click on the upper right. This is a look, we're live streaming. So the thing you can search
for, so I could search for like pie test and it would come up with the episodes and whatnot.
I could search for every single episode. Yeah, exactly. So we get like our Python on the beach.
So we did recently and whatnot. My search for just was very difficult, but through no fault of your own.
If you search for just, we get a whole bunch of stuff back.
There's a lot, yeah.
Yeah, yeah.
But it's pretty neat.
It also has a JSON API.
If people want to consume that, they can go and search for stuff and then it'll come up
with a JSON variant of results and whatnot.
Yeah.
So that has been there for a while.
So people can check that out and that's cool.
But I also wanted to point out something brand new, Brian.
I don't know if you even got a chance to play with this because I just did this.
I did.
It's so cool.
So good.
So if you go to the transcripts, so if you're on any episode, usually on the right, it'll
say, unless the screen is really small, then it might be the bottom.
It'll say full transcript.
And then you can go in here and there's transcripts which are searchable and there's a play thing but there's also now
a ability to click on any paragraph or sentence the little play button next to it and it'll just
start playing the episode at that time so if people want to go back and use what we've been
doing for four or five years whatever it's been as resources uh yeah that should make it a little bit easier. Did you back part this to like old episodes also?
Yeah, because this is,
so let me tell you how I did it.
Because the transcripts, if you look at them,
they just have a number,
they just have like a timestamp there.
Yeah.
So I use this really cool regular expressions 101
or regx101.com tool website
to build up the regx using named groups and let me just check this out which
is on the screen you guys you'll check out the link if you're listening you can put the thing
you want to search for and then the groups and the reg x it'll show if it's a match it'll actually
highlight and name the different elements and color code the syntax of your regular expression
elements into like name
sections and all sorts of cool stuff.
What do you think of that?
It's awesome.
If I, if I'm using, if I'm writing a regular expression, that's longer than like three
or four characters, then I'm using regex 101.
Like this site is so fantastic.
It is.
I totally agree.
It has the references in the bottom right too for the different, whatever the token is.
Yeah, Felix loves it as well.
And so it also gives you help.
So if I put it like on the D plus,
which means find one or more numbers,
it'll say exactly, you know,
what that kind of stuff means and so on.
So you can say like B down here
and it'll tell you, you know,
what is that doing and so on.
And that's a quick way.
Somewhere there's a search. But it was nice that it will actually show you which um sections and
give you extra information about it and and all kinds of neat stuff so and like full descriptions
too of like what each particular thing is doing is so great there you go so if you like hover over
the the backslash d plus or whatever i here, it says meta escape matches a digit equivalent to bracket zero to nine.
Here's a name group.
Here's just that matches the character.
And you just, as you hover, you know,
it starts the start of the text, right?
For a caret.
And as you hover over these things,
you get real time, like autocomplete
for like the meaning of that section.
And like a full explanation in the top right too,
which can be really helpful.
Absolutely.
Because so often when I look at this kind of stuff,
it's right only, you know,
like I got it working and then I can't decipher it again.
So you can put it back in here
and come to an understanding, which is cool.
All right.
One more thing real quick,
a new video on my Python short series that I'm doing.
Do you even need loops in Python?
People can check that out.
So it's really about list comprehensions and fun stuff you can do with list comprehensions and Python.
So I've been having a lot of fun with that. And the open verse sounds very interesting for grabbing
content to throw in some of those videos as well. Yeah, absolutely. All right. Well, that brings us
to our joke, I do believe. All right. You all ready for it? I have one. There's a, I found a
video. Sorry. This got shared in, speaking of Python loops,
I don't know that I'm going to be able to show it, but well, fingers crossed here.
This video was shared in a work channel recently and I'm not going to be able to show it, but it's
a snake that is moving around a box.
Oh, here we go.
Perfect.
Oh, I love it.
Speaking of Python loops.
So you really don't need these Python loops.
Yes, exactly.
Oh my God.
It's a Python slithering around a box, which is rotating in a circle.
Here's a simple loop with Python. And also the snake isn't moving anywhere because of the way that it's slithering.
So anyway, you really don't need loops.
I love it.
That's awesome.
Roller out there says,
the new Python short channel is great.
Thanks, Michael.
And Alvaro says,
I usually test my regex with set and grep
on the command line.
This seems easier.
That thing is awesome.
All right.
So I've got a joke that is not my joke,
but is from instead Josh Thurston.
He sent them in a little while ago.
So there's kind of three together in sequence.
So here we go.
How did the hacker get away from the police?
He just ran somewhere.
Boo.
Oh, that joke makes me want to cry.
Oh, my goodness.
Where do you find a hacker?
Indie Crypt. Oh oh they're so bad these are full full hold on i'll add them to the stream as well those are full-on dad jokes right there
that's um two thumbs down in a good way absolutely like overflows the bad buffer becomes good again
yeah wow fantastic all right well speaking fantastic, great to have you here,
Madison. Thanks so much for having me. It's good. You're welcome. So talk to everybody later.
Yeah. Thanks for listening to Python Bytes. Follow the show on Twitter via at Python Bytes.
That's Python Bytes as in B-Y-T-E-S. Get the full show notes over at PythonBytes.fm.
If you have a news item we should cover, just visit pythonbytes.fm and click Submit in the nav bar.
We're always on the lookout for sharing something cool.
If you want to join us for the live recording,
just visit the website and click Livestream
to get notified of when our next episode goes live.
That's usually happening at noon Pacific on Wednesdays over at YouTube.
On behalf of myself and Brian Ocken, this is Michael Kennedy.
Thank you for listening and sharing this podcast with your friends and colleagues.