Python Bytes - #299 Will McGugan drops by
Episode Date: September 3, 2022Topics covered in this episode: Careful with that PyPI email IEEE Top Programming Languages 2022: Python’s still No. 1, but employers love to see SQL skills Django 4.1 You Should Be Using Python'...s Walrus Operator - Here’s Why Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/299
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 299, recorded August 31st, and I'm Brian Ocken.
Hey, I'm Michael Kennedy.
And I'm Wilma Guggen.
Wil's also known as, usually, the topic of Python Bytes.
Time to time you mention me.
So, it's awesome to have you here.
But you're part of
textualize right or you are textualize um that's right i guess i'm part of textualize and we are
a company a very small company but we're a tech startup um we have three employees and we'll have
five in a few months nice yeah tell us a bit about it you know people know that's amazing
tell people about it they know about Rich and Textual perhaps
because we talk about all the things
that are adopting Rich,
but you actually have a company around that,
which is super fantastic, right?
So the model is we're building Textual,
which is going to be like a free,
an open source project distributed through PyPy.
And then somewhere down the line,
we're going to make this web service,
which takes those applications
and then serves them on the web.
And it'll be like a nice free tier,
but we'll be able to add services on top of that,
which we can charge a subscription for.
That's fantastic.
Like two E's as a service.
Two E's as a service, yes.
There you go.
A TAS, A TAS platform.
All right.
Cool.
Well, it's great to see all the progress there.
It is.
Brian, am I up on the first one?
You are.
So this one comes to us from John Hagen.
Thank you, John, for sending this in.
IPI has the warning is gone, but they were under a pretty heavy phishing attack and they wanted everyone to know they had this big banner that was letting anyone who maintains a package is really where the problem lies.
If you maintained a package like, say, Rich, the goal of this phishing attempt was to get your credentials so that you could then so that they could sign in and put malware into that
package. The more popular, the better, I presume. So this was a couple of days ago, August 24th,
so like a week or so. So today we received reports of, this is from PyPI, the Python package index.
Today we received reports of a phishing campaign targeting PyPI users. This is the first known
phishing attack against PyPI. We're is the first known phishing attack against PyPI.
We're publishing the details here to raise awareness
of what is likely going to be an ongoing threat.
There was many comments and quote tweets and so on.
It said, the background, the phishing message claims to be
there's a mandatory validation process being implemented
and they invite users to follow a link to
validate their package, like a so, otherwise their package will be removed.
So importantly, they say, note, we will never remove a valid project from the index.
IPI only removes projects which violate their terms of service or in some way determined
to be harmful, for example, malware.
This takes you over to this site, if you were to click the link to, if you look carefully here, sites.google.com
slash view slash IPI validate slash validate by VI package or some kind of redirect. And it does
bad things when you fill this out or just post the forum to somewhere else. So I guess they were
hosting it on google.com, you know know sites.google.com in an
attempt to avoid like the domain getting blocked something like that right but it posts over to
like linkedopports.com or something i don't know how you pronounce that domain but don't go there
it's not good and it says the malicious releases follow a pattern exotel. And I kind of laughed, even though it's not really funny.
One of the packages that got phished through this email is called spam.
I don't know what spam does.
But if you were like phished because your package, if you were phished by spam and your package is called spam, it's just too much meta.
Will, did you hear about this? Did you get any
notifications for your packages?
I didn't, but I could see how
if I got that early in the morning, I could
fall for it. Yeah, exactly. You're just
waking up. Not another thing I gotta
do. I feel like they're taking a
little bit advantage of the
notifications coming from
the Python Packaging Authority
where they've been sending out messages about security and about packages.
And there's the critical packages.
Will, I saw you tweet and Brian was like, wait, what is this?
About what is a critical package the day that stuff came out.
And so, you know, it kind of, I think, is trying to hide under that noise
and slip through the cracks there a bit.
I think I don't get very many notifications from PyPi.
I think the fact that I don't get very many,
I might just take them at their word.
If you get a lot of notifications,
you might learn to recognize what is a legit notification
and what is some kind of phishing attempt.
So you're asking PyPI to send us more email?
No, not really. wishing attempt so you're asking pipey to send us more email no no really
funny so you can actually look at what the code does uh that is the the malicious versions they
said they've taken down and they've taken down several hundred typos squatting ones that also
do a pattern the code is just set up no it's just it's hijacking the most used function or feature.
Try.
Get the computer name and then request to install the thing off of this malicious place.
If the platform is Win32, we're going to get this script, download this um malicious exe download it with requests and then
write it to a file and then just execute some executable and that's pretty much what it was
doing to all attempting to do all to all these packages it's kind of lazy this malware is not
cross-platform when he works on windows i agree come on well i mean also they they're looking for I agree. Come on.
Well, I mean, also, they're looking for investors so that they can, like, expand to other platforms.
Maybe they'll get a macOS and a Linux one coming at some point.
Just hope our VZ's listening.
Yeah, exactly.
Like, here's an opportunity to, I don't know what it does when it runs,
but it can't be good, whatever it does.
Can't be good.
Now, I remember I got an email from someone and I'm sorry, I didn't pull the details together as part of the, the right
up here saying, I think it was on Twitter, a DM that said, um, you're probably going to talk about
this. Um, the two of a wouldn't necessarily help you because if they asked for the 2FA, you're going to enter it in maybe there and it might, you know, pass it through as part of the process as well, right?
It could maybe get a software-based 2FA and use it.
But you know what does help with this really, really well?
Password managers.
One password, last pass pass and so on if you go there and it says enter your password and you
hit the hot key to like fill out the the site or you click in there like with one password if you
just access it with the latest version it'll automatically drop down or suggest the drop
down for the site if you do that it will not come up with anything because you don't have an account
at sites.google.com, presumably for this login, right?
Yeah.
And so some combination thereof, I think, you know,
is at least I always, if I go to a site,
the less sure I am, I like double check,
does the password manager think it should fill this account
into this website?
If it says no, then I triple check it.
It's not just like, oh, the password manager's not working.
Let me just copy it over, you know?
Anyway, there's some more details in here.
You can read about what they're doing
and what you should do.
Some ideas on how to verify the signed certificate.
I would prefer to just use a one,
just a password manager right away
instead of trying to follow the chain of the cert,
but you can do that as well.
Anyway, it says it's got a lot more details there
if you want to check that out.
What do you all think?
Yeah, it's interesting.
It's an ongoing threat.
I think if you're an internet user,
you're getting bombarded with this.
With PyPy, if they get a hold of your...
It seemed like it was more like attacking individuals.
Were they trying to get your credentials to
like install malware in in your what i'm pretty sure what they were doing is they were publishing
a new version of your package okay and the new version had malware in it yeah so yeah that would
be a huge concern yeah yeah yeah it says, we've additionally determined that some maintainers of legitimate projects
have been compromised and malware published as their latest release for those projects.
Their accounts have temporarily been frozen and the bad versions removed.
But that's what they were trying to do.
Okay.
Well, good on them for catching it.
Yeah, for sure.
I love how Seth out the audience says, another W W my hand for Linux on the desktop.
Yeah.
How about that?
Yeah.
Or Mac.
I'm like,
well,
I would,
that wouldn't hit me at all,
but yeah.
However,
anybody,
any package that you publish,
it would,
it would affect your windows users.
If you were the maintainer,
which is half the users,
as we know about,
you know,
half,
at least half the operating systems are Windows.
Yeah.
Yeah.
Yeah.
Not so good.
So Seth also points out that the timing of this phishing combined with Dustin mentioned there hadn't been any phishing attacks or something like that.
It's in Dustin Ingram.
Don't give people ideas.
By the way, you want to hear more about this i did interview
dustin with this like three weeks ago or so on talk python um talking about python packages
and security and supply chain stuff but all that predated the phishing side but not the malware
side so people can check that out if they want okay all right anyway make make sure that you don't put your password
for pipe yeah in the wrong place yeah all right um how about we talk about something nice or yes
friendly we can have nice things not if we can have nice things like python being on top of the
i triple e spectrum languages so it had so it has been for a while so this is i we're just reviewing this to say yay us
um partly but there's some interesting information here so if we go through the um the review stuff
there's a there's a cool chart so the top programming languages of 2022 python's at the
top it's both the spectrum uh survey actually i don't know where the spectrum number comes from.
I assume it's a survey thing.
And then trending.
It's on top also.
A little different.
And cool animation graphics on there.
But one of the interesting bits is in jobs.
If you look at job listings, I think they were looking at job listings and requirements.
SQL is at the top. And this is a comment because um it's it's not
it's not just sequel you know they're not going to just say we need somebody that knows sequel
but it's like python and sequel or java and sequel or javascript and sequel uh the and sequel part is
coming in a lot now and actually more than it used to, which is interesting. There's also a related article on the same on IEEE as well called the rise of the rise of SQL.
And it's really talking about that, that it's not it's not just because I mean, I do remember SQL has always been a part of programming or it has been for my career.
But it's often been a larger thing it's not something
you do in a small application it's something in the in the server or large applications but it's
growing it's growing in using it for even little small things and and a lot of applications you
don't have a specialist doing the database stuff you you've got uh the developers doing the database
every everything so anyway i thought that
was interesting that just the that the the highlighting that sql is is and always will
be important and it's even growing in popularity it's interesting that um orms haven't made a dent
in that you know i used to use django orms back in the day i didn't have to touch yeah sql um but
but clearly people are not using arms that
much if sql's like top of the charts there my first thought when i looked at this was there's
probably a lot of data warehouse data lake semi-structured data that people are exploring
with sqls and queries before they walk it down and you know productionize it with with an orm or
something along those lines right like the data science side if a lot of that data is dropped
into a database by an api or some web scraping or something and then you have to ask it questions
and like knowing the sequel is the asking arbitrary questions of the data before you
really know what questions ask is my first thought but yeah orm's all the way for
the win for me i'd i don't want to do straight sql there's also a growth growing thing of just
doing a small like a sqlite just the knowledge that sqlite is everywhere um and i don't know if
if sqlite has any effect on this or or if simon willison does um because he's um with data set uh taking like csvs
and stuff and turning them into a little sqlite um websites um but things like that have just even
uh yeah services and smaller applications collecting data isn't there um a javascript api
to sqlite um i think there's there's all languages have, I think, APIs into SQLite.
I think something built into the browser is local storage.
Does that not use SQLite, or am I mistaken?
I don't think that that does,
but it's very similar if it's not the same.
It's like, yeah, what is it called?
Local SQL or local DB, something like that. I wonder if that's contributing to... Yeah, yeah, what do they call it? Local SQL or local DB, something like that.
I wonder if that's contributing to.
Yeah.
Dave out in the audience says,
I wonder how the jobs one was measured though.
SQL can be one of those not really considered must-have items
that often goes into the list of requirements.
You really could just use an ORM.
Yeah, and that might be the case.
But even with orms sometimes you got to get in there and find out what's wrong like do optimizations and things yeah kim out the
audience says is it becoming less common for developers to know at least enough sql to be
dangerous i think that that's the where the minimum bar for what you should know to use an
orm you should know kind of what's happening you should know what a join is and that you might want to do it.
So it doesn't do 50 queries.
You do only one and things like that.
Yeah.
But yeah,
very,
very cool,
Brian.
Well,
what,
where are we at next?
Well,
I think Will is up.
What do you got for our first one,
Will?
Oh,
I'm on the wrong page.
So I came across this article.
It's by Charlielie marsh about using my
production at spring and i looked at spring and it's a some kind of interface for uh researching
medicine but he was saying that um they have a they have a big project, 300,000 lines of Python,
and they started typing it, and that was a few years ago.
And they've since typed the entire code base,
and they were very impressed.
It's reduced bugs and made things more maintainable. And even have all the strictness settings onto max.
I'm a big fan of typing, but i don't have i have everything um on on max i
relax it just just a tiny bit but um they've they've got uh all the settings on there so he
covers um the basics of typing there's some interesting stuff about the the history of typing
right um it's interesting how typing started it didn't um you know spring out of
nowhere with the same goals it did actually evolve um through various other projects originally when
my pi started i think they were building something that was um essentially my my pi c it was to run
python with with typing to use the typing to actually sort of transpile to another language
almost right yeah yeah and that turned into a type checker which didn't actually run your code with typing. To use the typing to actually sort of transpile to another language almost, right?
Yeah, yeah.
And then it turned into a type checker,
which didn't actually run your code.
It just analyzed your code.
So it's quite an interesting article.
They cover how it started
and go through a bunch of their experiences
with typing and MyPy in general.
They cover improved readability.
That's a big one for me.
I love typing and I find it makes code more readable.
Some people would disagree
because you add lots of these annotations
and some people find that clutters your code.
I find it super helpful to understand other people's code
and to understand my code
because I don't have to remember the types of everything
when I can just see them written down.
Yeah, I'm totally with you on that.
I think, you know, there's, I think a fear that,
oh, look, Python is becoming like C++ or something.
But, you know, it's nice and clean and it's simple
until you're focused on some area some
function or a class or something you're like well what happens here you can either go read the
documentation try to put it together or you can go find all the places it's used and try to put
it together or if it has types you you don't have to go do that exploration right you're just like
okay this is an integer and this is a list of users i know what's's happening now. I don't need to hold more information in my brain.
And I think that makes it great.
The shape update is what really helps me.
Like you mentioned like a number or a list or something,
but sometimes things can either conceptually
an argument to a function could be one thing
or it could be a set of things.
Is it expecting if it's just one thing,
can I do that? Or is it expect and types can give you that. And one of the things you,
you mentioned, which perfectly sum up sums up my, my philosophy for typing is I don't want to do it,
but I want everybody else to put types in there because it's yeah readability counts also mr wilson and the audience points out typing
typing greatly assists with co-completion for the editors yeah it's got a bunch of um tangential
benefits it's not just the one benefit i mean um it catches bugs but even if it didn't even if it
didn't i think typing would be an excellent addition to Python.
I agree.
If I can hit dot and it gives me more help, I'm already happy.
Yeah.
Bingo.
Yeah.
I love typing.
This is a very nice article.
I'll let people read it.
Yeah.
They also talk about the pain points of how that was painful for them. I think trying to get MyP pi to completely analyze everything is a different level
of i want my public interface to to see what it returns you know there's like you you got to
decide where do you live on this spectrum and what are some of the goals like catching bugs it's more
important to have everything covered through the documentation uh you know a little bit less i
think yeah i found it's changed my programming style.
The code I write is less dynamic.
I'm more likely to fix types quite early on and I don't do any, well,
I don't do too much get atter and set atter.
And I don't use all the dynamic capabilities of Python.
I prefer to write static code that looks a bit more like C.
So I can understand why people have that. They feel like it's taken away a bit of freedom from them um but
i do think it's given you uh the freedom to write solid code um that doesn't have uh you know no
attributes on none type errors yeah i agree i think you compare it to things like um typescript
typescript has a similar idea,
but TypeScript is very particular.
And if you don't get it just right,
it'll give you compiler errors
and it won't do the steps it needs to do
to make the JavaScript.
Whereas Python, maybe your editor will give you a warning
or some tool like MyPy will give you a warning,
but it doesn't really get in the way of it
still functioning, you know,
which unless you're doing something
where it depends upon it, like Pydantic or fast API, where it's actually using that.
But most of the time it's, it's there when you want it and you can kind of ignore it
if you don't.
Yeah.
Yeah.
So rich has a lot of, um, uh, yeah, fully typed.
Yeah.
Um, uh, so, so textual, um, it's not passing my pi currently there are some like little dynamic
corners and little typing errors which we're gradually improving but all new code is typed
and uh and changes are typed so yeah we're really big on on typing at textualize brian how about um
with your pi testest extensions, plugins?
You know, it doesn't really come up much, but I don't really think about it a lot, actually.
So I would like, but I have other applications that I'm working on that I definitely involve typing.
And I started out with just the, like you were saying, trying to help with documentation.
So making sure the API is typed. I think that's essential. essential i don't think i think it's just a good idea um especially now
with the improvements of some of the typing so you can do you don't have to say union anymore i like
the bar for or like it's it's a none you know it's this it's an int or a none or something like that
that's way cleaner than it used to be and you don't have to import typing as much as you used to. Um, I don't want to import
typing just so that I can type some type hint something. It seems wrong. Um, but, um, uh,
and I'm on the phase of trying to integrate it more into the rest of my code just because
I'm, you know, even in a solo project, sometimes you're also a user because you come back to something six months from now and try to figure out what you're doing.
And it's nice to be able to not have to look at the code.
So I like it.
Yeah, absolutely.
Absolutely.
Well, good find, Will.
Yeah.
So I want to say something nice about AI in real life and actually the podcast IRL from Mozilla.
So this episode of Python Bytes is
brought to you by the IRL podcast, an original podcast from Mozilla. And I'm really enjoying it.
I'm listening to a whole bunch of it. If you care about ideas behind technology, not just the tech
itself, you'll enjoy IRL. Tech has an enormous influence on our society. Many effects are
beneficial. The influences,
like for instance, the information and assistance we get through cell phones is amazing. I love
being able to look up the closest coffee shop wherever I'm dropped on earth or knowing where
my kids are, but some are not so great because like, I don't want somebody else to know how
often I hit the coffee shop and I definitely don't want somebody else tracking my kids. So Mozilla has always been on the lookout for possible downsides to technology and works
to mitigate negative influences of tech on the negative influences on all of us. If ideas like
that and concerns about technology resonate with you, you should definitely check out the IRL
podcast. This season is hosted by Bridget Todd and is looking at AI in real life.
Who can AI help?
And also who can it harm?
The show features fascinating conversations with people who are working to
build a more trustworthy AI and also using AI to help us.
So I really enjoyed a few episodes so far.
There's an episode on how our world is mapped with AI.
So data and maps is being used to make decisions that affect real people, even like by districts
and by governments.
But how can people reclaim the power over their own maps and stories using AI?
This is fascinating episode.
Another episode is about gig workers who depend on apps for their livelihood. It looks at
how they're pushing back against algorithms to control how much they get paid and seeking new
ways to gain power over the data to create better working conditions. And how about elections? So
episode four of this season addresses the role that AI plays when it comes to both spreading disinformation around elections, but also how to combat disinformation. This is a huge concern
for democracies around the world. And for me, especially in the US, but I know it's affects
everybody. If this sounds interesting to you, you should try it because it is interesting.
Try an episode for yourself. Just search for IRL in your podcast player or visit pythonbytes.fm slash IRL.
I think the best way is to go to pythonbytes.fm slash IRL so they know you came from us.
And the link is in your show notes.
Thank you, IRL and Mozilla for supporting our show.
Yeah, cool podcast.
Thank you.
Thank you, Mozilla. All our show. Yeah. Cool podcast. Thank you. Thank you, Mozilla.
All right. On to the next one.
Well, we already touched a little bit on the whole ORM thing.
And I hear some people use Django. It's a web framework.
Yeah. A few people use it.
I'm proud of it.
Yeah.
So really popular.
And they're picking up the speed, of course, for their releases, right?
For a long time, it was one and we had two, three, four, going really quickly over a couple of years there.
Well, one of the big moves with many of the web frameworks ever since Python 3.6 or so
has been, how are you going to participate and facilitate using async and await, right?
If you're doing a long database query and you block with an
ORM request, for example, how do you parallelize that or scale that without much effort? Well,
the async IO is perfect for it, but if your APIs don't support it, you can't use it. And Django
has been making its way towards having async capabilities. But what is the one thing that websites wait on the most?
Databases.
What is the one thing Django did not have async support for?
Databases.
So it's a little bit late here on the announcement.
So in the beginning of August, Django 4.1 came out.
And this means 3.8 and above.
But the big deal is the second one actually
is an asynchronous ORM interface for doing queries. So you can do anything that's a query set. So you
can say, like if you have a class, a model class called authors, you would say author.objects.filter
and then you do a thing and so on. So now you can say async for and do your query.
And now it's all happening async.
And if you want to do like a join author.books,
you can await getting access to that thing.
Books normally has a dot first in this example,
but they've now added also an a first.
So if you want the async version,
you put the a as a prefix i'm not sure how
i feel about that i'm not sure i would have gone this this path but you know doesn't really matter
it's awesome that there's some kind of async support in the django orm so that's that's really
really cool so i think i just wanted to highlight that this has been a major blocker to like real
async programming in django it's like well you, you can make the web, the web view method async, but then you can't
do async stuff that you really want to do.
So, you know, where are you?
Right.
This is like, this unlocks the final piece, right?
You could call APIs previously with say HTTPX asynchronously, but then block on the database.
Now just use the A version and off you go.
I guess they couldn't make the one without a
they couldn't make first uh waitable because that would break um old code i imagine yes but here's
my thought right so what i'm getting back so when i say async for author in query you are now you're
switching into an async mode so i think the thing that returns would be really great if it like, now everything must
be async on it.
If you just said for author in query, now it returns to the synchronous and everything
on it must be synchronous.
This is how I would have maybe done it instead of trying to like prefix everything with A
and double down on it.
But maybe it was just a bridge too far.
I don't know.
But this is what I had in mind when I said, I'm not sure what it, like you can go in async mode or synchronous mode and then you're. But this is what I had in mind when I said I'm not sure what it is.
Like, you can go in async mode or synchronous mode
and then you're kind of there
is what I had in mind.
Yeah, that makes sense.
The async 4 would return
a special version of the object
which had different first methods,
the same API, but awaitable.
Right, but awaitable.
Exactly.
Exactly.
You know, that doesn't mean
they can't do that in the future, potentially, but yeah.
Yeah.
Okay, a few other updates just for while I'm already here.
The thing I really wanted to call it is async ORM in Django, good to go.
Also, you can have class-based views where you have a class and then methods like get, post, put, and so on.
Or you can have just method-based ones. I prefer the
method-based stuff with a decorator. But if you have the class-based ones, they now can also be
async, right? So that's cool. And there's also some validation of constraints is one of the other
big changes. So check unique and exclusion constraints defined in meta constraints. Our
options are now checked during model validation.
Apparently they weren't before.
So that seems pretty valuable too,
but the ORM is the big news, I think.
Yeah.
Yep.
That must have been a big project. All right.
So yeah, it's great to see Django coming along.
It's been around for so long
as a stalwart of the Python web world.
And now it's much closer to the most modern features,
which is great.
Yeah, very cool. Yep. All right right brian what you got next for us um i have uh walrus operators
so i i really walrus is on the brain i do i like walrus operators the walrus operator but i don't
think i've been using it enough and especially because this article is telling me all sorts of places that i should use it more so i've got a an article um
from martin heinz titled uh you should be using python's walrus operator operator and here's why
and there's some just some stuff that i never even really thought about before. Like it just starts right off the bat. I'm talking about
the as as a basics in the basic section, I never would have thought about that. So there's a
there's a list that happens to call a function to create the data in a list. And it calls it
three times. Now, really, I probably wouldn't have done this in code, I probably would have
called the function once and then named the variable and stuck it in there. But you can do that. It's still easier. You can do the,
call the function in the first element and save the value and then use the value and in future
operations just to create a list. So right off the bat, that's pretty cool. I wouldn't have thought
to do that. It's nice. I, I didn't actually quite follow this. Oh, we get to save. Here's a comprehension where a function is called twice.
So you put in the value of a function if something around the function,
like if it's true or if it evaluates Boolean true.
You can do that with the Walrus operator
and only call it once.
So that's kind of cool.
One of the things I really liked around
was I didn't think about before,
but I'm definitely going to use it now,
is the regular expression match function.
You often had to call match.
And then if something was found,
then you do something with the match object you call
get the groups or some other thing on the match object it is cleaner to just go ahead and uh do
the call like go ahead and do that as a query of whether or not the match returns something
right with a walrus operator way cleaner code so i like this um and actually it's just a fairly big article talking about a
whole bunch of places now here's here's the place where i like while true loops that always drives
me nuts or having to flag something um this is uh this is definitely a place where i started using
walrus operator right away of instead of saying like while true or while flag or something uh do something and and then uh
and then you know break out if necessary or set the stop bit or something you can do that right
within the while loop it's yeah i actually i don't know if it's it is cleaner it's less code
i don't know if this is easier to read though any thoughts from you guys?
I think once you know it
it's not too bad
it's quite different from Python prior to the Walrus operator
even for me I barely use the Walrus operator
because I'm working on libraries
and the minimum version is 3.7
so I haven't trained myself to read a low-risk operator.
But to me, that doesn't look too bad.
That looks fairly clear.
Okay.
Yeah, this is nice.
Especially if you do one of those things where, like,
the example here is getting input from the user,
where you might get input from the user and then say,
wow, it's not exit or whatever.
Then in your loop, you get the same input with the same basic question again, but you've
got to ask it before to see if they ever enter.
You know, there's like this weird sort of do it two times and you could skip that with
the Walsh operator, which is very cool.
Oh, yeah.
Yeah.
I used to do that.
Like, like on the top example of just putting the command equals input and doing that.
Exactly.
Yeah.
And then do the same test.
Exactly.
Yeah.
Exactly. Exactly.
Because I really don't like while true loops.
Only if you mean really do it forever, right?
Yeah.
Or like until, yeah, exactly.
Until it really is some case where you need to break out of it.
Yeah.
Anyway, so the rest of the article is great too.
Accumulating in place.
There's a whole bunch of cool places.
Oh, this is one I really liked.
I wanted to highlight.
Naming values inside of an F string.
So there's an example of an F string
where you take the date time
and you're using, for instance,
you might use the date time value
in two different formats.
It formatted it in two different ways.
Once with year, month,
day,
and once with a,
which I don't know what a is,
but Oh,
which is the,
the,
the day spelled out for like Friday.
Um,
now it,
it,
it's assigning the date,
time today,
value to today,
a today variable,
and then using it,
using the value in a format string and then using the
today variable later in the same format string um this is a pretty cool trick and there's i mean
there's multiple times where i'm using the same value in a couple places because i'm formatting
a different with an f string so this is pretty cool so yeah that is pretty cool the one that i
really like is the list comprehension
because that always drives me crazy if you're going to do an an if section right you know if
you're going to say x for x in collection if something yeah and that the thing you want in
the list is some kind of like a database call or some other thing that has to be computed
then you need to test that computer
value before the walrus operator. You had to call that function twice, no matter what. Like if that
was a go get me the user from the data, like I want to go through all the emails and then get a
list of users that correspond to them. But maybe some of the emails don't actually exist in the
database. Every if state would have to be get me the user if it exists. And then the list result,
the value select out is also get me the user, right?
And this way, when it's really expensive like that, it's super nice.
It also is really useful in this situation when you're doing data science stuff that
expects one line of a thing.
You know, you're like, I want to do, I want to pass this expression to like a panda's
data frame or some other thing.
And you can kind of get a little bit more done this way.'s really nice yeah yeah this is pretty cool actually i hadn't thought
about doing it within uh within the the like the the l the if clause within a comprehension or
something yeah this is the one where there was no other way like there is no way in the in three
seven to do this without calling the function twice in a comprehension
you could do a totally different structure like a loop or something right but in a comprehension
where you have to have one line like a data science scenario you had to call it twice until
the walrus came around so i think that's fantastic yeah i suppose you could um create a
listic um expression of the return value of bunk and then then use a zip or something but it's
super awkward right exactly yeah all right so very cool it's nice to see a bunch of different
use cases because then you can you can see oh i will never do that that's horrible but this is
really great and i didn't do that right like you could even see in the audience people are reacting
like this is amazing but this one is i don't know about this one. This is,
yeah.
Yeah.
Yeah.
So cool.
Well,
what do we got next from,
from you?
Well,
ah,
yeah.
Um,
Oh,
all right.
All right, Paige.
Um,
so I'm sure we all love regular expressions.
We have a love hate relationship with them.
Yeah.
Those,
uh,
I,
I'm not,
I don't like regular expressions, but i use them a lot because
they're powerful and there is no really there is no um alternative a lot of the time um but they
are very difficult to read you tend to get long strings of gibberish which even if you're um very
well versed in regular expressions uh you might find it quite hard to parse and figure out what's actually doing
when you've come back to your code in the afternoon.
But this is a library written by Al Swigert,
and I think that's how you pronounce his name.
Rhymes with Wydert.
He's an author, and he's written this Python library,
which gives you kind of like a nicer
way of expressing regular expressions it it compiles regular expressions from a bunch of
bunch of uh function calls and these function calls are much more descriptive and they they
read quite well so you can essentially uh read a regular expression um in the future and find it quite legible.
I like the either option.
It's either this or it's that, for example.
It's very readable.
Like here we've got one.
Exactly five digits plus optional white space plus one or more non-white space.
That's very readable.
If you read that a second time, you'd know exactly what that did.
But if you saw this, this is a very short regular expression um yeah exactly even if you're good at regular
expressions i've been using them for for 15 years i'd have to like analyze that and it might take
me several minutes to figure out what what that does um so this is you know if it's quite powerful
just for such a short regular expression but you can make much larger ones you know here's
something that's more complicated but it's still quite readable um either non-captioning group
non-captioning group either this or that one or more of this plus non-captioning group um it's
it's readable and um you can you know come back to it and other developers see it they can understand
what's what's going on and in the end it
compiles it to a regular expression so it's just um it's just as fast and and powerful but um now
it's just easier to work with so yeah it's really nice because um the output of this little library
is just the text pattern of the regular expression which then you can do it's not like
you've got to adopt this entire library for everything yeah yeah you can um you know just
anywhere that you need to write a complex regular expression you could use this um i guess if you
wanted to develop the regex you could use this and then once you've done you could compile it and then
put the actual regex back in your code. Or you could just leave it like that.
It's probably not slow.
No, no, I would probably leave it like this.
But I'm thinking if you're using another library
where it expects a regular expression string, right,
it's still totally compatible with that
because you just say, give me the string and off it goes.
Yeah, yeah.
So it's not going to break anything.
It's not like you're switching
or you don't have to port anything per se.
It's a nice drop-in thing when you need it.
So yeah, it's pretty cool.
Yeah, very cool.
Excellent find.
So that thing's library is called HUMRE.
Is that HUMRE?
HUMRE?
Readable Regular Expressions, I think.
I just like, I'm going to call it humor.
Humor.
Because then the regular expressions are humorous.
Yeah.
Very nice.
Okay.
I love it.
All right.
Brian, is that all of our things?
All of our main topics?
I think that is.
Do we have any extras?
I didn't, but now I do.
Okay. Let we have any extras? I didn't, but now I do. Okay, let's have it.
Out in the audience, Dean pointed out that the very first PyData Tel Aviv is happening
in December, December 13th, 2022.
So if you're in Tel Aviv and you care about Python data stuff, check that out.
The call for proposals, I think it's open for two weeks
or something like that.
So yeah, if you want to submit a talk or attend,
then there you go.
Nice.
Cool.
Yeah, cool.
But that's my only extra.
Okay.
Well, you know what?
I'm not going to let Will off the hook
because the reason why I wanted you on here
is so that you could promote Rich CLI.
Okay.
Yeah.
So why do you want more people to use Rich CLI?
Or why do you think more people should use it?
I just think it's a cool project.
I use it.
You've got all the power of Rich,
but it's on the command prompt,
so you can syntax highlight files.
You can also just generate colorful rich style content.
You can put those in your bash scripts.
It's just a very useful thing.
You can get it from Homebrew.
If you do Homebrew install rich, then you'll have uh rich at the the command prompt
and you can use pipx and uh yeah it's got a lot of uh cool stuff so do you have some like some
workflow that you're using it for on a regular basis or do you use all of these workflows
it's more just a general tool okay you know um when i'm navigating you know the command prompts
i want to look at a file
um if it's a large file i can use pager and i can page up and down um yeah it's just i want people
check it out uh it can display nice tables you can take a csv and turn it into a nicely formatted
rich table and you can generate simple things like rules and And oh, it can display markdown as well.
So it's kind of like a general toolbox
of rich-related stuff in the command prompt.
MARK MANDELMANN- I think I'm going to use it for CSV.
I didn't know it did CSV so easily.
So I think I'll use it for that.
MARK BLYTHER- So maybe any time you
might type more or cat or something like that
to see the contents of a file you're proposing.
Now I could type rich and get syntax highlighting and better.
Yeah.
Yeah.
So you do rich and then name the file and hyphen hyphen pager.
And it'll give you a nice textual style pager.
Okay.
So this came together in, I think think two weekends um at some point i'll go back and uh polish it a bit more because
there's a few issues people asking for uh new features okay yeah cool two weeks i came in the
audience says rich cli has replaced cat jq and markdown tooling for me with one tool cool
yeah we're gonna ask him well how about a oh yeah a joke, and then I've got one more thing.
Okay, well, I do have a joke, as you can imagine.
So here's an example of where somebody is using open source to help keep their account secure.
And this is some kind of list of common passwords
or really reused passwords that people want to...
Somebody has posted these, says, here's a list of passwords that people seem to, you know, somebody has posted these
says, here's a list of passwords that people seem to use a lot and get reused a lot.
So please don't use this as a password or check and don't let people use these passwords
for their accounts.
Right.
So someone comes along to this, uh, to this repo and they remove the word dolphins as
a PR.
And the message is remove my password from list. so hackers won't be able to hack me.
The list is 10 million password top 1,000 list.
I mean, this is proactive business right here.
That might actually work if the hackers are very lazy and don't look at the Git history.
It might. Actually, there may be a very small percentage of effectiveness to this.
You're also saying my email address is this and my password is that.
So please don't put them together.
And by the way, this is my credit card number.
So don't paste that anywhere.
Yeah.
Anyway, that's my joke.
Okay.
Well, the last thing I just wanted to say is I got a new hat recently, so I wanted to show off my new hat.
Oh yeah.
Let's see it.
It's a, it's a top hat.
I love it.
It's a top hat with a, like a five inch butterfly.
Oh, it's got lots of butterflies.
And they're all, they're all leather and it's a, it's custom made from a guy in Oakland.
So it's my new hat.
It's fantastic.
And it perfectly matches both your shirt and your background. Did that on purpose. Oakland. So it's my new hat. It's fantastic. And it perfectly matches both
your shirt and your background. Did that on purpose. Yeah. So yeah. Or on purpose or on
dolphin. No. Fantastic. All right. Thanks Will for joining us today. It's been a pleasure.
Yeah. Thanks for having me. Thanks Michael. You bet. We'll see you all later. Bye.