Python Bytes - #388 Don't delete all the repos
Episode Date: June 18, 2024Topics covered in this episode: PSF Elections coming up Cloud engineer gets 2 years for wiping ex-employer’s code repos Python: Import by string with pkgutil.resolve_name() DuckDB goes 1.0 Extras... Joke See the full show notes for this episode on the website at pythonbytes.fm/388
Transcript
Discussion (0)
Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds.
This is episode 388 recorded June 18th, 2024.
I am Michael Kennedy.
And I'm Brian Ocken.
And this episode is brought to you by Scout APM.
Check them out.
We'll tell you more about them as we get further into the show.
Brian, you, me, the podcast, we're all Fostedonians and folks who want to come hang out on Mastodon.
Doesn't have to be Fostedon.
Talked about that last week.
That's the whole idea of Mastodon.
Go wherever you want, but we're happy to invite you to Fostedon if you want.
Yeah.
Find the links to connect with us over there or even on X these days as well.
If you wish, a lot of people are still just hanging out over there and listen,
watch, participate live in am civic time on Tuesdays, typically links in the show notes or
on the website. Finally, if you want a handcrafted artisanal Brian Ocken special summary and set of
links of whatever we talk about, even if you don't listen to that episode, PythonBytes.fm, click on the newsletter,
put in your information.
We won't share it.
Just want to tell you about what we're up to
and keep in touch with you.
So that's pretty awesome.
That list keeps growing and people are enjoying it.
So good work on that, Brian.
There is a newsletter.
Like, that's cool.
Yeah, how about that?
Nice.
Yeah.
We also kind of put it under the friends of the show thing,
but that's a little more indirect, you know?
Like, okay, you want to sign up for the newsletter? Click the newsletter button.
You can sign up for the newsletter, even if you don't like us. That's fine.
Yeah, that's true.
Yeah, you can just mock the links we put in there every week.
It's like friends of the show, too. Everyone's welcome.
There probably are, actually.
All right. Well, what have you brought today?
All right.
I want to talk about the PSF election.
So the Python Software Foundation has elections every year.
In order to vote, we're going to talk about a little bit around what's going on with this.
But I want to highlight that even if you voted last year, you can't just vote again without doing something.
And it's not difficult.
You just have to affirm your membership status.
So we've got a link in the show notes.
You just head up.
We'll talk about the dates a little bit.
I think maybe the dates are here.
No, they're another link.
We have lots of links for you for this.
But there is the, what are we doing?
What are we voting on?
We're voting on the new board of directors and
and then there's a few bylaws changes so um so head over to the first link make sure you're
either signed up so the deadlines are right around the corner so it's 25th june 25th is when you have
to make either sign up uh to be a member um or uh if you already are a affirm that you're going to vote. So that's the 25th.
The board election, if you go to the board election,
there's a blog post called
It's Time to Make Nominations for the PSF Board Election.
It has the timeline.
This is a great, it's got mostly all that I'm talking about here.
Their nominations are open.
They opened on the 11th.
If you would like to be nominated or nominate somebody that is up until the 25th of June.
So the 25th of June is the close of board nominations.
It's also the cutoff date to affirm that you're going to vote or eligible to vote or whatever.
So that's June 25th.
Then we don't know who's in it because the candidate it's still open other
people can might enter um and there's link there's information in here on like what to include
because you you'll want some information about like who you are and stuff like that if you want
if you want to nominate yourself so uh the the candidates are announced june 27th and then voting starts um voting is from july 2nd to
july 16th so voting's in july but we need to get everything ready in the end of june so that's
what's going on here so there's um it's the nominations for the board of directors um and
there's links about what's going on oh there's there's one other data I wanted to highlight. Can't remember where I found this, but there is a,
here it is, thinking about running
for the board of directors, let's talk.
There is a June 18th session that you can,
office hours where you can find out more information.
If you're just curious and you'd like to know more,
that's a great place to go.
There is, and then, so it's for the board of directors, If you're just curious and you'd like to know more, that's a great place to go.
There is, and then, so it's for the board of directors.
And then there's also three bylaw changes proposed.
I think they make sense, but I'm not going to get into the depths of them.
But there's a link here.
Go ahead and check that out about the three things. One of the things that I'm really kind of excited about is this.
The first one is merging, contributing, and managing member classes.
And I think it makes sense because I sometimes have forgot which is which,
what contributing and managing means.
I think there's text on all of these so um go ahead and then there's
discussions going on around this too so anyway elections coming up make sure that you've
affirm your voter status if you like to vote so okay interesting some of these um shed some light
on messages i've seen on social media what why are people talking about this? Oh, okay. I see. Proposed changes. Got it. Yeah. So you know what I would propose, Brian? What? If you were working for a company
and you were having HR issues, let's say, what would you say exactly you do here?
Oh, Bob. No. You're having HR issues. I'm a people person. I talk to the people.
The engineers can't talk to the people.
No, something like that.
But anyway, if you were having issues with work
and you got fired and you wanted to give them
the big middle finger on the way out,
one thing I don't recommend
is going to all the GitHub repositories
and permanently deleting them
or deleting the logs
or then replacing them with code
that mocks the existing
employees or anything like that. There's this character, and boys, he seemed like a piece of
work, let me tell you. Mick Lewis Daniel Broody, a real piece of work. Cloud engineer. I don't know
what a cloud engineer is. I don't know what software developers are. I know what... Anyway,
he's a cloud engineer. He was sentenced to two years in prison and a restitution of over half a million dollars
for wiping the code repositories of his former employer in retaliation to being fired from First Republic Bank.
Wow.
Wow.
So probably some kind of discrimination thing or something.
He really had a reason to be upset.
No.
Why was this guy fired?
The court documents state that Brody's employment was terminated after he violated company policies
by connecting a USB drive containing pornography to the company computers.
And then when they tried to get the work computer back, you know, after he's done all this stuff
to it, like delete all the things and so on. He then reported the laptop stolen.
I wouldn't give it back.
Anyway, he may be not having a great time.
A couple of things he did.
He ran a malicious script named dar.sh to wipe the FRB servers, deleted Git logs and Git commit history for that particular script.
You know, props to him for a little covering of the tracks there with the git history that was clever um i don't know how they figured that out
given that he too clever no exactly exactly i mean you delete the repo and you still get that
figured out somehow anyway um he accessed the github repositories and deleted hosted code he
inserted taunts in the code um yeah anyway i, anyway, I just thought this was one, an amusing story, a
little bit of shot in for you, but also people, if you're upset with your
company, it is not worth it.
Two years of prison, half a million dollars.
Just walk away.
Just let it be.
It's not worth the revenge.
Anyway, let me leave you with that.
Oh, Brian, what do you think of this?
It's crazy. I think it is, but I Anyway, let me leave you with that, huh, Brian? What do you think of this? Is this crazy?
I think it is.
But I also, one of the things I really, okay, I'm not like taking sides here or anything,
but something that drives me nuts is a thing that some companies do that say that like
there's standard non-disclosure agreements for some, for exit interviews.
And some of them are generally you can't talk
about what you worked on at this company for say like a period of six months or a year or something
like that um just because you might have proprietary information the thing that drives
me nuts is things that say you can't you can't we're not going to give you any of your severance
or a portion of your severance unless you promise to not ever
disparage the company forever in the future um things like that are just insidious and a like a
blight on free speech i think it's disgusting yeah i don't like it i i know it's a standard practice
but i don't like it i don't like it either I am really happy to hear the non-compete stuff getting shot down.
I know it's not the same as NDA,
but it's in the same category, I feel like.
Do they do that for people getting fired?
No, no, no, not for,
but when you get hired,
there's traditionally been a lot of non-competes,
and I think it was getting kind of out of control,
like bakery workers or something silly like that, right?
Like really, really stuff that you wouldn't think would be under that purview.
But I believe that that got federally shot down, or is it just California?
I can't remember.
But yeah, anyway, maybe this kind of stuff you're talking about will as well.
But I don't have a ton of sympathy for this character yeah no reminds me a little bit of the guy who who um
took down all the javascript folks with the npm left pad yeah and then later was arrested for
making bombs you know it's like oh there's a theme here i see yeah not good yeah i'm pretty
sure that's the same person there's definitely a person with the same name in the same area okay
hey you know what is awesome and it not going to get you into trouble?
Scout APM. Let's talk about it. So if you are tired of spending hours trying to find the root cause of issues impacting your performance, then you owe it to yourself to check out Scout APM.
They're a leading Python application performance monitoring tool, APM, that helps you identify and
solve performance abnormalities faster and easier.
Scout APM ties bottlenecks such as memory leaks, slow database queries,
background jobs, and the dreaded N plus one queries that you can end up if you do lazy loading in your ORM and then you say, oh no, why is it so slow?
Why are you doing 200 database queries for what should be one?
So you can find out things like that.
And it links it back directly to source code so you can spend less time in the debugger
and healing logs and just finding the problems
and moving on.
And you'll love it because it's built
for developers by developers.
It makes it easy to get set up.
Seriously, you can do it in less than four minutes.
So that's awesome.
And the best part is the pricing is straightforward.
You only pay for the data that you use
with no hidden overage fees or per seat
pricing. And I just learned this, Brian, they also have, they provide the pro version for free to all
open source projects. So if you're an open source maintainer and you want to have Scout APM for that
project, just shoot them a message or something on their pricing page about that. So you can start
your free trial and get instant insights today.
Visit buythumbysite.fm slash scout.
The link is in your podcast player show notes as well.
And please use that link.
Don't just search for them
because otherwise they don't think you came from us
and then they'd stop supporting the show.
So please use our link, buythumbysite.fm slash scout.
Check them out.
It really supports the show.
Indeed.
Brian, what's your second one um i'd like to talk about
imports right now so if we're just importing a package is this like tariffs and stuff what are
we talking no no no importing code into your own cut so imports are normally difficult you just say
import and the package name you want to import. No, no, the package has to be installed already or a standard library thing, of course, like import math or something.
I'm blanking right now.
It's terrible.
But there is a blog post called Adam Johnson, which is talking about like what if you don't want to just use the import?
If you want to import it as an object or something.
And let's say you have a string to describe the package that you want to import um
there's a thing called that i didn't know about called the package util uh dot resolve name um
and this is actually pretty cool so what you do is you it's in package util is part of the standard
library and you say uh package util dot resolve name and then you give it a string and it's got um it's like it's like a package name that is also something that's
installed or an in something in it like a top level item like a like the example is path lib and
capital path the path object but i tried it on one of my own projects of just like let's say
i've got some uh third third party code that I want
to import just something from it, but I don't want to import it into the namespace. I want to just
import one thing out of there into an object. And this is really cool. The whole thing resolves and
it's from a string. So the, so you give it a string with this colon in the middle and it,
it creates it, it creates, you've got a, you've got an object um why is this helpful well one of
the i i don't know how other people are using it but i'm i'm using it um for things like testing
and stuff that i don't want to like clutter the entire namespace i just want one object from
something um so so there's that now there's a note here that says the thing that you're you're
importing importing can be it can be a class from the package or a function or a module or really any top-level thing, object within the package.
You can just resolve that and bring it in.
If you're going to grab the whole module, you can also use importlib.importmodule, of course.
You can use that as well to import a thing.
And it's a little bit different syntax.
You just give it the name of the package.
So there was a note at the top that says Django
and some other frameworks allow you to do things like this
to configure something based on a string.
And I think this is pretty cool.
One of the places where I'm considering,
yeah, anyway, I've got lots of places and tests
that I'm considering using this,
but I guess I didn't know about it. It's's pretty neat so yeah one area that might be useful that
comes to mind outside of testing or in addition to testing would be some kind of like plug-in
extension system so you say any any package that gets listed in this json file we want it to be
available and if you configure the app it'll actually import it and use it, but it might not import them.
The app doesn't know about them. It can't be
coded into it. So you could just sort of
parse that thing, pry it, or
even scan all the packages
somehow and see if they exist
or whatever, right? So some sort of dynamic
thing like that as well.
Yeah, pulling doc strings
out of a bunch of stuff too.
A list of that might be fun. Lots of stuff too. Do a list of that.
Yeah, nice.
Anyway, lots of stuff you could do.
You sure could.
Now, this last item from me here comes from Alex.
Just gave us a shout out and said,
you know that DuckDB thing, right?
DuckDB is a little bit like SQLite-ish type stuff and in process based on files rather than separate servers all those sort of
things well that thing's getting some traction up to four million downloads a month off of pi pi
but the news is it's released version 1.0 of duck tv and by the way the cloud hosted product mother
duck also opened up general availability but the news is the announcing a 1.0.0 and interesting
there's a lot of conversations like well we could have just called it 1.0 as soon as we made it
public on github you know 10 years ago or whatever it was or not quite 10 years ago eight years ago
um but focus is really on we want to make it super clear they want to make it super clear
that they're focused on stability
what's here it's kind of what's going to stay so examples so they give a you know as that thing has
evolved as duck db has evolved they've changed the file format around and that's created
incompatibilities from different versions and so for example they're now committing to more stable back and forth stability on the file system and things like that.
So very cool.
If you're looking for an interesting SQL-like database to include into your projects, this one, you know, is quite popular.
20,000 stars, really analytical and process database rather than relational database focused right yeah you
can do cool stuff like integrate it with pandas and other things like that which is pretty cool
yeah like for example select star from a parquet file or a csv file and so on so not meant to
replace sqlite but is that's kind of the mental model people should have but more on data science
select star from a cs file. That sounds fun.
And by the way, this guy, Alex, Alex Monahan is in the audience says,
here's a backwards compatibility for the files.
So you can just leave those files around and not have to like manage the
upgrades of them and so on,
which is especially tricky if they're just local files associated with an
app rather than a single server that all the apps talk to where you can just
manage that one thing through an API.
Yeah, pretty cool.
Cool.
All right, thanks for sending that in, Alex.
And good job, DuckDB folks.
Brian, what else you got?
I've got a couple extras.
Let's hear them.
One of the extras that I wanted to talk about
was just like, I guess, a shout out to everybody
that sends us topics. I really appreciate it. We
appreciate hearing what's new. Don't assume that we've heard about it just because we do pay
attention to a lot of stuff, but there's a lot to pay attention to. So if you think it's important,
let us know. Yeah, Brian, I would say a lot of times people start messages like,
I'm sure you've heard of this. And we're like, I have no idea what this is. No. I'm sure we've
not heard of this. I'm sure we've not covered it either but also it helps if like three or four people send
in to say this is exciting then that also helps us know that it is exciting yeah it's pretty much
guaranteed to be in on the show you can send it in any time but the one request is if it's timely
and it really needs to go in this week, if it shows up at all,
I'm trying to send it before Tuesday because you know,
sometimes we already have our topics anyway.
That's right.
So right after Tuesday,
a Wednesday is a fantastic day for recommendations.
Really anytime is great for me,
but anyway,
so a couple new 2.0 releases
I just wanted to shout out.
We talked about this last week,
but NumPy 2.0 is out now.
So NumPy 2.0.
So, and there's a scientific,
on the Scientific Python blog,
there's a discussion about it.
So you can read up
on all the NumPy 2.0.
And this is kind of exciting.
I just heard about this yesterday.
HTMX 2.0.
I don't. Oh don't have my attention.
So I haven't read any of this, but it should be.
So there's major changes and we'll see.
I'm not sure what broke or what.
Why the 2.0?
But I'm not sure I can switch to this.
This release ends the support for Internet Explorer.
Oh, my gosh.
Just kidding.
The interesting bit about this, though,
is they're not marking 2.0 as the latest on NPM until January of 2025
because they'd like to have everybody, you know,
have a smooth transition to there.
So, anyway.
Any extras on your side?
A few.
First of all, partnered with the folks over at PyCharm.
And now if you are taking a course at TalkPython Training,
you can get six months of PyCharm Pro for free.
That even works for our free courses.
So if you just come over and take a course, sign up and check that out.
Only works for new accounts at JetBrains.
It doesn't work for renewal.
So this is the best I can do,
folks, but it's still pretty awesome to be able to get a good chunk of the users free access to
Python Pro. Also, other item is we have a awesome new course on data science coming to TalkPython.
Its release is imminent. It awaits a marketing landing page, basically, and then it's out. So we have a new course called
Reactive Web Dashboards with Shiny,
Shiny for Python, not Shiny for R.
So partner with the Posit folks to put this course together
and it's super cool to build interactive dashboards
and web apps for your data science things with Shiny.
Shiny new course.
Very cool.
Indeed, very, it's a shiny brand new course all right
it will be shiny for a while how about a joke are you for it yes okay so we all you know you're
sitting around you're in a relationship you have these thoughts that just kind of run through your
head and you you always don't know so here's here's a young couple laying in bed the woman
is thinking i bet he's thinking about another woman. That guy is just laying there.
What would happen if I added git ignore into the git ignore file?
She's giving him way too much credit.
What would happen?
I know the title is I can't ignore the git ignore.
What would happen if I had the git ignore to the git ignore file?
No.
Well, there's the joke.
This is what I got for you, Brian, this week.
I'm going to tell you.
Now I've got to try it to see.
I don't know.
If you do that, you might take GitHub down.
I don't know if I'd check that in.
Well, not GitHub, but local.
I mean, it has automation.
It could explode.
It could.
Dependabot will just stop working for everyone after that yeah all right all right well that's it well everyone thank
you for listening scout apm thank you for supporting the show and brian thanks as always
thank you