Python Bytes - #332 A Python, a Slurpee, and Some Chaos
Episode Date: April 18, 2023Topics covered in this episode: huak - A Python package manager written in Rust. Inspired by Cargo PSF expresses concerns about a proposed EU law that may make it impossible to continue providing P...ython and PyPI to the European public ChaosToolkit PEP 711 – PyBI: a standard format for distributing Python Binaries Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/332
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 332, recorded Tuesday, April 18th, 2023.
I'm Michael Kennedy.
And I am Brian Ocken.
And this episode is brought to you by InfluxDB from InfluxData.
We will tell you more about them later.
Connect with us over on Mastodon.
We're all on Fostodon, at mkmini at brian ocken and at python bytes
and you want to be part of the live show pythonbytes.fm slash live crush that bell and
you'll get notified when we go live usually tuesday 11 a.m pacific time like it is now
well just a reminder that i think it's really important for people to subscribe because
sometimes it's not at uh tuesday at 11 usually because sometimes it's not at Tuesday at 11.
Usually, but sometimes it's not.
So get notified.
First, I want to talk about, I don't know, H-U-A-K.
It's a project.
I think it's WAC?
WAC?
I would have guessed WAC.
Yeah.
WAC.
I'm not sure.
But it was suggested to us by Owen on Mastodon.
So thank you, Owen.
And I gave a look at this.
So this, what, Huac is a,
it's a Python package manager written in Rust.
So we've got a lot of tools in Python
now getting written in Rust.
And I think it's cool.
I mean, why not?
So anyway, it's inspired by Cargo.
And I actually, so my first, I've tried this twice so far.
And my first take on it was sort of lukewarm, but I tried it again today.
And there's some really cool stuff here.
So I want to highlight a few things.
There's some decent documentation, but it's just it's just the early stages of the
project. I don't know how old it is, but they have a disclaimer that it's in an experimental state.
But I think there's a bunch of it that's already quite usable. You can it's just a pip install,
but it installs the rest tools and stuff with it. And you can create a new project and knit a
project. And that's where like the
people are picky about what goes in your project homo so or pipe project homo and i i am picky
also so it isn't the init isn't quite exactly what i would want but it's pretty good uh so it's a
it's a decent mix where it's initializing but there's so much more you can do so if i go to
the let's go to the main documentation.
These are all the work.
I just want to comment on something right there.
Notice the block distinguishes between library and application like projects,
projects default to library type, but you can pass a dash dash app flag.
And I think that is pretty excellent because so,
so many of these tools that either have a tendency for, you know, like PIP, ENV seems to have a tendency for apps, where some of the others have tendencies for libraries.
And you don't really want to say, well, my tool can only be used for building libraries, but not apps, right?
Like pinning specific versions versus greater than type of versions and that kind of stuff in your file.
So I think that that's a
cool aspect they've considered here it is and i'm i'll be curious to know what what that what that
affects yeah um what it affects downstream so we'll have to play with that there's even like
so apparently there's a no vcs uh flag so that you can generate uh projects without get um which
is cool but the assumption is it's going to be Git,
and the assumption is it's a library,
but it can do applications too.
Nice.
So things like once you have it initialized,
there's other stuff that I didn't even think
that a workflow tool would be good for.
But this is pretty cool, like adding a dependency. I
know poetry does this sort of a thing where you can say, you know, you know, add some dependency
and it adds it to your pipe project. Tomo, this does that, but it's, it's nice that it's a,
I don't know, it's just sort of the workflow seems nicer to me. You can activate a virtual
environment, even if you didn't create it with this tool um
just pretty nice um you can use uh i'm gonna go through the list the list is pretty big uh
you can add a dependency you can build your project and it i tried the build and it builds
it it like creates a new virtual environment and builds it in a fresh virtual environment so that's
a really clean way it's like building with talks almost um that's a really clean way. It's like building with talks almost.
It's a real clean way to build.
It's kind of cool.
Completion, generating a shell completion.
I'm not sure I need that, but oh well.
Cleaning everything.
When you're working with projects,
sometimes you just have tons of stuff around.
So a clean option is pretty nice.
Linting and fixing.
Linting and fixing lints.
And so I tried this. I'm like, okay, I have this new project. Tried linting and fixing linting and fixing lints and so i tried this i like i'm
like okay i have this new project tried linting and at first one of the things i did is i installed
uh rough uh right off the bat and then ran it which is cool um oh the other thing i thought
was pretty neat when i added something so i added pytest to a project and that added pytest to the
dependency list but it also installed it in my virtual environment.
It's like, so it figures you don't have it yet.
Let's install it.
So there's a whole bunch of these things like publishing.
So it's kind of a, it's kind of a poetry like thing, but if poetry doesn't really float your boat, maybe this does.
Most of this works for me and actually to be honest the stuff i've worked with
so far i think this is as this is as close as uh as reading my mind as any uh workflow tool has
gotten so far so this is pretty cool pretty close to what i was thinking about as a cool thing
even lists python versions so if you say uh uh walk uh, walk, uh, um, I got to understand the name.
Cause my brain, even if I don't talk about it, my brain needs to know what to call it.
Um, and, uh, so if you say Python list, it'll list all the Python versions on your, on your
machine that it can find.
So it's kind of cool.
Yeah.
Cool.
It also has update to update the project's dependencies, which is pretty neat, which
probably the pin pin numbers and stuff like kind of like pip tools, pip dash compile.
Yeah, I tried update first and it said,
you don't have any dependencies yet.
So I'm like, okay, well, I'll add some dependencies.
So yeah, pretty cool.
Yeah, I can get behind checking this out.
This looks pretty neat.
And it's kind of a theme.
It's going to be a bit of a theme on this show
with what I got coming up as well.
Although we didn't coordinate this. It is. Pamphil out there, by the way, just has a bit of a theme it's going to be a bit of a theme on this show with what i got coming up as well although we didn't coordinate this it's it is um pamphlet out there by the way just has a bit of
nightmares about pre-force when here's no get that could also go for source safe or any of these other
types of systems that like lock a file you know the centralized version control someone locks a
file because they're editing it then they go on vacation that's always a good time yeah yeah the the uh the no get part is um uh i it's important to me
for somebody trying stuff out because if i'm just trying a bunch of stuff out playing with a project
um sometimes i want to see how the whole build and the whole workflow works without
actually setting up a git repo yeah so i'm cool with it yeah anyway cool all right well we're not
going to start with more packaging let's start with law and i suppose as usual we should say
we're not lawyers don't take our advice but that's certainly not mine but i'll tell you there's a
blog post written by psf over on python.blogspot.com. It still kind of blows my mind
that PSF doesn't have its own domain for blog posts.
But anyway, the EU proposed CRA law
may have unintended consequences for the Python ecosystem.
So we've talked about this before,
just bringing awareness to what that law,
the Cyber Resilience Act,
basically holding companies liable for shipping bugs and vulnerabilities in their code in Europe, has for the open
source ecosystem.
And so the PSF has come out with a strong statement of this is broken.
If you don't fix it, bad, bad things are going to happen.
I'll jump ahead just a little bit before we go along.
It says,
let's see if I can find the phrase here. This as written would make it impossible in practice for the PSF to continue to provide Python and the PyPI ecosystem to the European public. Sound bad?
That sounds kind of bad to me. Like, hey, Europe, how about we just cut Python off? Ironically, dear Python, you were invented
there, but too bad because you hate it. So let's go through what the PSF says. I've already
highlighted this, some of these issues. I think maybe even Pampho was the one that sent this. Oh,
I can't remember exactly who sent it over the beginning. But so their blog post starts out and
says, the PSF has found issues that put the mission of their organization
and the health of the open source software community at risk
through the Cyber Resilience Act, CRA.
It says, if the proposed law is enforced, as it's currently written,
the authors of open source components might bear legal and financial responsibility
for the way
their components are applied in someone else's commercial project. So let me give you something
really simple, Brian, that just came to mind. Suppose I write the most awesome SQL library ever,
ever. So here's what you can do. It takes, it takes a connection string and it connects to
the database. Okay. And then you can issue SQL commands to that database. And I've got all the security patched. I've got, I made sure that there's no like SSL
vulnerabilities in its underlying communication. Somebody goes and writes that and they write
the query select star from users where username equals quote plus inputted username, right?
Yeah.
That would be a SQL injection vulnerability just waiting to happen.
Is it my fault they concatenated user input and then passed that as trusted commands to
their database?
No, there's no way I could have known that.
And yet I, as the writer of this awesome, let's call it MKSQL, whatever, library, I'm now on the hook.
Companies and individuals who had their data exposed can now sue me directly for providing MKSQL to the world.
That's what this law says.
No.
Yeah. And so it says, the existing language makes no differentiation between independent
authors who have never been paid for the supply of software and corporate tech behemoths selling
products in exchange for payment to end users. We, the PSF, believe that increased liability
should be carefully assigned to the entity that has entered into a commercial agreement with the customer, not the open source
people who built the software. Right. So that is like, I'm going to go, this is terrible. So
somebody goes off and like looking at a new tool and they see a typo or something and do a fix or,
or even just like, you know, actually help out for a while and then move on, they're still going to be liable forever?
Like, this doesn't make sense.
Yes, that's exactly what it says.
So Brandon has the same thought that I had actually out there.
So I see a new open source license coming saying that this can be used anywhere but the EU.
Yeah.
I mean, I have 250 GitHub repos.
Many of them are private.
Some of them are public.
Good chunk of them are public.
And I have a couple of things on PyPI.
They're all minor, nothing notable or anything, but they are being used.
If this goes into effect, there's a reasonable expectation that I should go, you know what?
Those small libraries, it's not even worth having them.
They're just, I'm yanking it from PyPI.
I haven't come to that decision, but why would you want to risk it?
Yeah.
That's why we put this software provided as is with no warranties. why would you want to risk it? Yeah, it's a, this is. Yeah, so here.
That's why we put like this,
this software provided as is with no warranties.
Yeah, and I was actually wondering about that as well.
And this kind of goes back to what Brandon said and what you just said is,
doesn't the license,
that's also a legal agreement, right?
And so when the CRA clashes
with the Mozilla open source license, for example, or MIT license or whatever that says kind of what you said.
Who wins?
You know?
So it says the PSF does not sell software, but we provide a public square for developers to download code, talk about code, and host components so that other entities may include it in their software.
And so specifically, people may be wondering like, well, okay include it in their software. And so specifically people may
be wondering like, well, okay, it's all vague. They call out two activities that could be affected
by the CRA. It says we host and provide the core Python programming language, standard library,
and interpreter to any who wish to use it free of charge. By the way, downloaded over 300 million
times a day, which is, I had no idea it was that much.
That's insane.
We host the Python, we host PyPI, right?
And nobody pays us to do this, none of that.
But that's the way the law is stated.
It's a problem.
Let me see if I can find the actual.
Yeah, so here we go.
We believe there are two phrases in the CRA
that cast too wide of a net. In Article 16, a natural or legal person, other than the manufacturer, the importer or distributor that carries out substantial modifications. So I guess a typo is not it. Substantial modifications of a project with digital elements shall be considered a manufacturer for the purpose of this regulation and hence held responsible.
Secondly, by providing software platform through which the manufacturer monetizes other services
is not specific enough, right? They, for example, they say, well, what if you have,
you create an open source thing, you don't charge for it, but maybe you have classes on it or other
types of things, right? then in a sense in the
indirect sense you're making money and modifying the software so there's just it's it's a little
bit i don't know it feels to me especially this this line above where they talk about like it
it was we believe you should um distinguish between unpaid and independent open source contributors and corporate tech behemoths selling products.
To me, the GDPR felt very much like we're going after Fang.
We're going after Facebook, Google, Apple, Microsoft, these big companies that are just harvesting our data, reselling.
I'm clearly obviously not them, but it was, you know, targeted very much at these large organizations, but had consequences for everybody. This seems
a little bit similar, right? Not exactly the same, but like, look at these huge tech companies,
they're making billions. They're the most valuable companies in the world. And just
they're unleashing viruses on people and they should take, there should be some accountability.
Yeah. That doesn't, that doesn't really seem to have taken into account,
like, oh, it could also be an extinction-level event
for open source in Europe, which sounds bad.
Yeah.
Well, I mean, I don't know where they were coming from,
but I kind of get the idea of, let's say, for instance,
the Google Play Store or the Apple Store,
where these companies are are like provided they're
just hosting stuff written by other people but they're taking a 30 cut or more so it's i think
it's reasonable for customers to expect that the stuff they get is not horrible a virus or stealing stuff or whatever,
or unintentional stealing at least.
Right.
But the,
that doesn't,
I mean,
it seems like this,
the two models are the same,
but they're not,
we're not PSF isn't taking it there.
Well,
they are taking a 30% cut of free, but.
Exactly.
Yeah.
Yeah.
I think another area where they probably had this in mind is like hardware
vendors that have a software component that just let them turn into garbage immediately like i've
got this streaming video camera that'll tell me if something's happening on my house and within
two weeks it has a vulnerability there's no updates. Or I get a router and after a year,
it's no longer supported and it gets hacked.
You know, those kinds of things.
Totally reasonable.
Holding every open source contributor who touches software liables seems stupid.
Like genuinely, I don't understand what the equals.
Yeah, I don't get it.
So, all right.
That, well, anyway, not the best news,
but I think it's important to let people know, right?
Like at the bottom, there is a call to action that says,
PSF members and Python users in Europe may wish to write to their MEP
voicing their concerns about the proposed CRA law before April 26th, while amendments that will
protect the public open source repositories are still being considered. So take action, folks.
Can't really write to them because I don't have a representative in Europe, but I hope people do.
What's an MEP? I don't know. I have no idea. I'm sure it's like a congressman type of thing.
And the link that we're going to provide in the show notes does have a link at the bottom of the article has a link to the write your MEP.
Yep.
Write your MEP.
Cool.
All right.
Members of European Parliament is that acronym we're looking for.
What is not trying to wipe out the open source community is our sponsor.
In fact, quite the opposite.
So this episode of Python Bytes
is brought to you by Influx Data,
the makers of InfluxDB.
InfluxDB is a database purpose-built
for handling time series data
at a massive scale for real-time analytics.
And developers can ingest, store,
and analyze all types of time series data,
metrics, events, traces in a single
platform. So dear listener, let me ask you a question. How would boundless cardinality and
lightning fast SQL queries impact the way that you develop real-time apps? InfluxDB processes
large time series data sets and provides low latency SQL queries of not the kind with the
plus name, just time series, making it a go-to choice for
developers building real-time applications and seeking crucial insights. For developer efficiency,
it helps you create IoT analytics and cloud applications using timestamp data rapidly and
at scale. InfluxDB is designed to ingest millions of data points in real time with unlimited
cardinality. Inux to be streamlines building
once and deploying across various products and environments from the edge on premise and to the
cloud so try it for free at pythonbytes.fm slash influx db the link is in your podcast show notes
thank you to influx data for supporting the show and keeping our podcast going strong yeah thank you all right
over to you brian well i want to create a little chaos arms i don't know anyway so uh
yeah it's uh it's it's all the rage with all the netflix kids but um so chaos engineering is a style of taking down parts of your system or injecting issues into your system just to make sure that your system is resilient.
There's a lot of experiment.
There's a lot of books on it, articles on it.
But how do you do it?
What kind of tools do you use?
And one of the tools is the Chaos Toolkit that we're highlighting now.
This was suggested by the maintainer, Sylvain.
And I'm not going to attempt your last name, Sylvain.
But thank you for suggesting this.
It's an open source project that works with Python.
I don't know what it's written in.
But I think it's Python, but I don't know.
So the idea is you can run experiments against your system
and you can write those experiments in JSON or YAML files.
And so you can orchestrate and collaborate with people
and you can orchestrate through the code.
So that's nice.
It's extensible.
You can build on it.
You can, it's got an open API that you can extend it.
You can automate it through CI pipelines.
And like I said, it's all open source.
There's a whole bunch of cool stuff you can do with it.
I'm just touching the surface, but one of the examples in the documentation, which I can't find right now, but I was reading the other.
There's installation tutorials and references. But one of the ideas was that I'm like, you should
totally, I didn't ever consider this is do an experiment where you have your system running,
and then you artificially make an SSL certificate expire. How does your system deal with that? And I think that's an
awesome thing to highlight because we've all been there with like a system that we're a third party
project that we're using or our own. We think it's fine. And and then the SSL certificate expires and
the whole thing just doesn't work for and you lose all your customers until you fix that. So
testing for that is great.
But there's lots of other things too,
like taking down, taking out a database
or a region or whatever.
So cool ideas.
And how do you unit test for that kind of stuff, right?
Like how do you unit test
that the SSL certificate's no longer valid?
And then it is again, like that kind of stuff,
that infrastructure level stuff is really hard.
Chaos engineering, I think, largely originated around how do we break the cloud so that, and then what happens to our app? Not how does our app break, but if the infrastructure pieces that our app expects to be there, if those start to go down in weird ways, like how do you survive that, right? That's kind of, I think that came out of netflix but maybe they weren't the original original it certainly was popularized out of netflix
yeah so some really cool stuff uh and it's at your fingertips with just like a pip install i think so
excellent yes it is 98 python one percent docker file and one percent make file so pure python yeah
yeah so cool stuff um And lots of examples.
And there's already examples there.
And that's one of the ways they like people to help out
is whether or not you extend the tool,
extending examples for how to use it
to test part of your system.
I think that's pretty neat.
And we've got,
and one of the reasons why I wanted to highlight this
is a lot of chaos engineering is around large corporations like places like Netflix or big services.
But there's little guys like Michael Kennedy that's running TalkPython training and a couple of podcasts.
And we would all be sad if something happened.
And he can't hire reams of people to test all this stuff.
So having these tools available for everybody.
And yeah, these tools can be used for companies too,
but it's nice to have things like this around
for people like you and me.
Yeah, absolutely. Thanks.
I do also see it as kind of one of these things
that brings like some of the tools and techniques
from really large organizations that have a team
that could build up custom tools like Netflix to do this kind of stuff.
You know, kind of like Docker and Kubernetes gives you crazy infrastructure, DevOps abilities that used to just live at Google and places like that.
Right. So it's a little bit like that for breaking things in your cloud and your infrastructure.
And I definitely want to get I think this is a perfect topic to go deep in on, on test
and code.
So I'm going to try to get Sylvain on the, on the show to talk about it.
We can jump in deeply.
So yeah, that sounds great.
I definitely look forward to it.
Well, what you got for us next?
I got a pep.
Now to be clear, this pep is in draft standard and it is 12 days old.
So it is not super old, but it is PEP 711.
This is the tie back to what you started with, Brian.
Sort of a little bit of packaging and managing and deploying Python things like libraries
and stuff called PyBI, a standard format for distributing Python binaries.
So what that is by Nathaniel Smith.
And I'm actually going to have Nathaniel on TalkPython in one and a half hours.
So if you're watching the live version of this and you care about this, you can drop
in on that live stream about an hour after this show ends.
But if not, if you're just listening, then check out TalkPython if you want to dive into
this for about the same time frame.
Anyway, the idea is so many of the tools that we work with, including walk, I imagine,
assume that Python is installed. And now how do we manage dependencies? How do we manage
environments? How do we isolate environments, right? How do we update the dependencies of a
given isolated environment? This is steps back a little bit and says, what if you don't have Python?
What if you have the wrong version of Python? How do we get that to you? What if you could pip install Python 3.11? Oh,
wait, no, pip install Python 3.12 and just express your runtime as a binary dependency,
not download it, compile source like PyMV does, and then it takes forever. Hope that your system
is set up right. But how do you get Python on your system in a way that is kind of like Python wheels?
So have a bunch of pre-built binary versions of Python on PyPI.
So you literally install it over that.
That's the proposal, right?
That's the idea.
So the abstract is short and sweet.
It says, like wheels.
But for pre-built Python, instead of a pre-built, like wheels, but for pre-built Python,
instead of a pre-built Python package, it's a pre-built Python interpreter.
Okay?
So that is pretty interesting.
This is the end goal.
I want this.
I want it too.
And I'll bring up a discuss thread here in just a second.
Endgoalpypi.org has pre-built packages
for all Python versions on all popular platforms.
So automated tools can easily grab them
and set them up, right?
So wouldn't it be cool if we could just do that
for the Python runtime itself?
That would also mean, I imagine,
that you wouldn't have to be an administrator
or have access to run sudo on your system.
Well, I hope, but maybe.
Because you can pip install dash dash user, right?
Oh, yeah.
So you could just do that to like a local location
because you get this isolated little binary.
And Jeremy Page out there points out that PyBI exists now.
It can be installed with the Posi tool.
So yes, indeed.
Jumping over to the announcement, PyBI and Posi by Nathaniel Smith.
So this is a, I would, looking in from the announcement, PyBI and PoSy by Nathaniel Smith. So this is a, I would, looking
in from the outside, I would say this is probably a proof of concept level version of this. But
really, you know, for the PEP to be accepted and for people really to leverage it, I would imagine,
you know, you probably need Python, like the full buy-in of the python folks themselves right the core developers and yeah so
on right but anyway so much like walk posy p-o-s-y posy posy i don't know that tool would allow you
to run cli commands that initialize your system with the right version not not so much your system
but a a particular localized kind of like virtual environment, even though it doesn't use virtual environment,
but give you one of these, right?
So it's riffing on Kushal's PEP582,
which is the DunderPy packages folder.
Instead of having virtual environments,
there could just be kind of like a node packages equivalent,
which I still would like to see that.
That would be nice. So he said, whoops, come back here, said, got me thinking historically
tools that have started with the assumption that you already have Python. Now you want a management
means every tool needs to be prepared to cope with every possible way of installing, installing and
managing Python and the beginner workflows, beginner-friendly workflows, has to be the part
of the interpreter, right? So you've got to install the interpreter, make sure you're the
right version of Python, and then you can start using, like, let's say, Hatch or Poetry or
PIP tools or whatever, right? And if your tester wants to use Tox, Nox, then you're on your own
figuring out how to get all those interpreters installed. If you use PyMV, that compiles it from source. So that's got to work on your system. That's slow, right? But what
if we went the other way around and just uploaded CPython to PyPI so you could pip install Python?
Technically, pip won't work because that's part of Python, right? So that's what this POSI thing
is. It lets you basically say, I want this version of Python. And you could also build out projects.
So you can say, I'm going to use various packages,
and I want this version of Python.
And it will bundle up a thing that when you install it
has the right version of Python and the right packages.
So it's kind of a step in a pretty interesting direction, I would say.
You scroll down, down, down, down. There are 71
replies in this announcement thread. But Paul Moore, one of the core developers on PIP, says,
this is beyond awesome. I hadn't realized you were actively working on this. That's pretty good.
Frederick says, really nice to see this. The direction of the path per package is really the right direction. The fact that it requires Rust,
like the way it is now, it requires having Rust installed,
which is kind of just like kicking the having Python installed
to a different corner.
You know, like, oh, you don't have to have Python installed to run this.
You just have to have the Rust compiler installed.
You're like, no, why?
I'm sure that you could compile a binary that for a platform and
hand it out and say here's the one for mac os long as you have this tool on your system you can
run it you don't need the the runtime tools right you could distribute that and let it kind of
bootstrap your system right i imagine yeah yeah well yeah so i'm i got lost with the posy thing
so i'll have to try to read up on this and
try to understand what's going on um but it i get that i guess i don't get it are we are we not
gonna have pip we're gonna have posy instead or is this just a we don't know i i need to talk to
nathaniel more about this okay but it it from reading this announcement and reading the things
it the way to think of it is kind of like Docker.
So with Docker, you don't create a Docker image and then run it as a container and then decide, oh, I want to make changes.
So you don't log into the container and make changes.
You just shut it down, restart it, rebuild the image with new settings, and then you rerun the container.
They're a kind of read-altern, right?
Yeah, but this is the early phases of trying to figure out the workflows of all this and everything. and then you rerun the container. They're a kind of read-altern, right?
Yeah, but this is the early phases of trying to figure out the workflows
of all this and everything.
Right, so what you would do here,
from what I've read,
is you would say,
I want this version of Python
and these dependencies,
and it has a lock file and everything.
You can sort of see down here in this section.
It creates a pyproject.toml
that describes the environment
and some aliases to run it, similar as Hatch environments, and then you run it, right?
And if there's some kind of change, instead of trying to actually change the environment, so there's no virtual environment, for example.
There's just, here's the thing you run.
You want to upgrade a request, say, it's in there.
You want to upgrade requests.
You just create a new one of these, a new build of this that has the updated dependency expressed in it and then you run that again right so you
rebuild the environment rather than edit it right so what what role is that going back to your
question what role does pip have in that probably less i'm not entirely sure but um maybe pip is
involved in the building but not in the distributing you know what i mean
to like build up the environment that you would get might um might involve pip but anyway it's
pretty interesting there's a bunch of comments here that people can can check out below and
it's not universally absolutely everyone's like yes do this now but it's most of them are like
this certainly blew my mind kept me in on how how we could explore to do this in um pamphlet also points out like this is
somewhat related to conda right so conda is another way that people get different versions
of python and bring along the dependencies and so there's some some talking here about how this
might work together uh maybe to be something that conda could use or how those two
projects might work together so anyway it is a pep 711 and there is this i'm going to call it
proof of concept maybe i'm not categorizing that right but this proof of concept with a posey tool
to make this happen i just realized it was 711 so there needs to be like a slurpy logo for this um yeah i don't think peps generally have logos but yeah i certainly
sure i think we might just have some image art for our episode all right anyway nice nice work
nathaniel uh talk to you soon about this but it looks interesting i'm looking forward to listening
to that episode nice nice yeah cool all right is that it for all of our items i believe it is it is got any extras
extras i just want to let people know to uh that um we're gonna both be the plan is uh both of us
in a couple days are gonna be heading off to pycon um and uh and so hopefully people will see us i
think on i think the plan is for saturday there's going to be a, a ask me anything
thing at the pie charm booth.
And then following that, the current plan, the things are, things may change, but the
current plan is that'll be set sometime Saturday.
And then also I'm going to be giving away some books.
So there's going to be some PyTest books giving away and,
and I'll be signing some.
So if you happen to be also,
if you've got one of the old copies or new copies or whatever,
it doesn't matter if you want to bring your own for me to sign,
go for it.
I don't know why people want me to write in their book,
but sure.
I'll do it.
So also gotten some new stickers.
I'm looking forward to giving those out.
So I don't,
I don't have like, I'm not speaking speaking but if you see me uh i'll it's fine to interrupt whatever i'm doing and ask for
some stickers so and we will be doing some form of live python bytes from there which will not
be at the standard time because it's over because it's not on tuesday not on tuesday it does not
intersect any known tuesday so yeah so we're going to be doing that.
Absolutely.
I'll probably do some other podcast recording.
I'll be going around.
I'm also doing an Ask Me Anything, giving away some courses.
So yeah, should be a lot of fun.
And yeah, I'll do that at the JetBrains booth and other live events as well.
So come find us and we'll try to live stream, assuming that the
internet is good enough there. We'll try to live stream our recording there. So the people who are
not at the conference can still check that out. Well, is it joke time? Yes, it is joke time.
It is definitely joke time. So, or do you have some extras? I don't, good question. I don't have
any extras. Uh, I have almost have seven extra, but I'm not ready.
That'll be in the next one.
So good stuff.
So this one has to do with interns here.
And maybe try to describe what you're seeing here in this picture, Brian.
So there's first off, you see like somebody from like their balcony or something looking
over at somebody else's balcony and somebody throws throws some water or something out of their window.
And then you pan over and there's a forest fire going on nearby.
A raging canyon fire somewhere like California or somewhere like that, right?
Yeah.
It clearly requires at least a fire truck, if not one of those airplanes that come by and drops water.
So the water is just like a mixing bowl worth of water.
And the title is,
Intern Helping Senior Devs Fix a Severe Bug in Production.
Yeah.
And also the other title is,
It's the Effort That Counts.
And this is good, and it is funny, and it'll make you laugh, but there are 43 really good
comments.
So there's different things.
It says, okay, so someone comments, when I was an intern, I get paged during the night
as an escalation when the senior engineers couldn't fix production because they didn't
know how.
Yeah, it was a crappy company.
And then someone replies, plan A, check if someone supplied a solution on Stack Overflow.
Plan B, it was the intern. Place the blame there. I like, but it's not water, it's gasoline.
Yeah, it's not water, it's gasoline. That is actually really, really good. I love it so much.
So another one, follow up to that that is actually the intern knows way too
much about the problem probably involved in causing it yeah so anyway it's the joke is funny
in the conversations throughout the comments here on reddit are they're fantastic so i encourage you
to go check out that joke funny nice alright well
Brian thanks for being here thanks to everyone
who participated in the live stream
and just for showing up and listening
we really do appreciate it
we do
see y'all