Python Bytes - #390 Coding in a Castle
Episode Date: July 2, 2024Topics covered in this episode: Joining Strings in Python: A "Huh" Moment 10 hard-to-swallow truths they won't tell you about software engineer job My thoughts on Python in Excel Extra, extra, extr...a Extras Joke See the full show notes for this episode on the website at pythonbytes.fm/390
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 390, recorded July 2nd, 2024.
I'm Michael Kennedy.
And I'm Brian Ocken.
And this episode is brought to you by Scout APM.
Thank you so much to them for supporting the show.
We really appreciate them.
And if you want to attend live, get your comments in the episode, then check out PythonBytes.fm slash live, usually Tuesday at 10 a.m. Pacific time, like we're recording right now, Brian.
Yeah.
And please visit PythonBytes.fm right on the homepage.
Click on newsletter.
Subscribe to our newsletter.
We've got lots of interesting information that we share with you.
And we're going to be doing some kind of giveaway that we have yet to determine
and soon when we reach a, maybe a major milestone there.
So that'll be awesome.
Yeah.
And yeah, with that, right.
I'll kick us off.
Well, you got it for us.
Let's talk about strings for a minute.
So, uh, this one is, uh, from an article written by Veronica Olson.
And it's an article called Joining Strings in Python, A-ha Moment.
And I actually just really enjoyed this story because it tricked me up. And she says, I've been writing Python code for 17 years.
And I learned something new recently from a Mastodon conversation.
So what is the new thing?
So the idea is around joining strings.
So let's say you're like,
and I do this all the time.
So you've got some input from a file
and her example is,
you got some input from a file
and you're going through
and just using it,
using the regenerator thing. So F equals open and you're going through and just using it, using the read
generator thing. So F equals open, and you get like this thing that you can read with. So she's
using X for X, or I usually put line, line for line in F, and then also doing like some logic
on it within a generator, which is kind of cool. And once I learned this, I use it all the time. So go through using the file as a generator to pull out lines,
and then only collect the lines that you care about,
and then joining it in at the end.
And so this discussion really is,
when you've got a whole bunch of line strings
that you want to concatenate together with new lines
or something, you just create a list of them and then join it. But if you're using a
generator, you can just you can use a generator and pass that to join also. So the the little
trick here is whether you whether or not you should use a list comprehension. So these these
two methods is you're joining a generator out of the file, or you use a list comprehension within it.
The only difference is these little brackets in
there to create a list comprehension.
So my first reaction is that it really probably doesn't matter,
but the list comprehension,
I have no idea which one's slower or faster.
But the odd thing is... If it's a huge text file, Brian, if it's a huge text file, it could be a memory.
If you had a gig of text, right?
Yeah.
Then you potentially would be loading more than that in memory with the brackets, but not with the parentheses, right?
That's what I thought.
Right.
So she used a sample file
like the King James version of the Bible
which is
800,000 words long
and a ballpark of 3,000 pages
anyway, 200 million words
so
did a little timing here as to whether or not you want to use a
generator or list comprehension for this and looking at the memory output so that the memory
itself is as expected. The generator uses less memory. The list comprehension gradually grows
and you're using more memory. Okay. So far, it seems like it's doing what we think it might be doing.
But the weird bit is when we go down and actually time this stuff
is that the generator version without,
and if you compare the times for the generator and the list comprehension,
the generator one is slower by like 16%.
Weird, why? That is weird. the generator one is slower by like 16%. Weird.
Why?
That is weird.
Especially since the list has to like,
you allocate the list, you fill the list,
you reallocate the list, you copy it over,
like growing the list over and over and over.
Although as a list comprehension, maybe it doesn't.
I don't know.
So anyway, that's crazy.
And then adding more mystery to the mystery is that instead of, if you, instead
of join, if you use all as the thing that you're using across the entire list or generator,
it's behaving as expected.
The generator is faster than the comprehension.
So what's going on?
So the discussion went online and Trey Hunter said, you should know something about join. Join is weird in that the CPython implementation of to do a two pass over the generator.
And so therefore it is, it is the same.
The join is the same as take creating a list.
And we know that comprehensions are a little bit better than actually just creating a list.
So that little bit better is the reason why the, the, the comprehension version is faster.
Well, wait, I have no idea why i i should
have read more closely but there's something about this that makes it faster in when you're
using joins to go ahead and use a comprehension faster interesting weird and it's only in c python
apparently that's not true um for pi pi and uh uh yeah apparently you can i don't know
how they're doing it without it but um pi pi and some others uh implementations of python do not
use this but interesting yeah i don't see that it's yeah i don't see it tested here but the web
assembly one would be quite interesting yeah for pyodide and PyScript and those kinds of things.
Definitely.
Okay.
So interesting inside baseball around, I guess,
around if you want to do memory,
whether you care about speed or memory efficiency.
And also...
It's weird that you got to choose, though.
It is weird that you have to choose.
But also, just in case you haven't seen this,
this is basically the standard format for if you have to choose. But also, just in case you haven't seen this, this is basically the standard format
for if you want to iterate through strings
and combine them all into one
is to either throw them in a list
or throw them in a comprehension
or throw them in a generator
and use join to combine them with a new line.
If you haven't seen that before,
that's a good thing to stick in your tool belt.
Yeah, and our Windows friends can put
backslash r backslash in join
for their Windows line.
I'm on Windows.
I don't do that, but okay.
I know.
It should still work.
All right.
Awesome.
Well, what do you have for us next?
Well, I'm afraid I have some hard truths for you, Brian.
Just like you've learned, it's a hard truth that generator doesn't always give you the
advantages you thought.
These are hard truth, 10 hard truths to swallow that people won't tell you
about your brand new software engineering job.
So this is focused at students who just recently graduated or who are
getting into software development.
And that might sound like a somewhat niche crowd, but if you look at the
PSF Jetbrain survey, it's like the biggest group of people are like, well, you've been coding for three years
or less, which is crazy.
All right.
Anyway, let's go through the 10.
This is by Minsur Durevich.
Pretty good.
A pretty good article here.
And basically says, I was talking with a bunch of students and they were all psyched about
like startup culture, pizza parties and stuff.
Well, yes, but the thing you're going to do most of the time, write in code.
So here are the 10.
First, college will not prepare you for the job.
Just imagine your instructor spends a, you go to college to learn how to swim.
Your instructor spends a ton of time teaching you about the moves, reciting the moves, asking
you questions about the moves.
After five years, you get a piece of paper that proves your swimming skills and then you got to go in the pool and you just flail around, right? A little
bit like that. Also, a lot of the curriculums are pretty far behind. I remember when I was in
college, I said, can I please take C++? It's in the nineties. They're like, no, you have to take
Fortran. It's the most important language you'll ever learn. I'm like, okay. And then I'm like,
well, let me try some CS classes. Like, well, you got to do ever learn. I'm like, oh, okay. And then I'm like, well, let me try some CS classes. Like, well,
you gotta do LISP. Like, really? Can I please take some, something like more
modern? Like, no.
Right. So you should have been a lot of the LISP.
Yeah. I'm still not embracing the LISP. I like parentheses, but not that much.
Okay. Anyway. So it's like a lot of these folks who are professors have, are not,
not been professional software developers in the engineering sense. And so like the skills that they teach you are valuable but it's not
the same right as like working day-to-day this one i think is probably people probably don't
realize that much is you rarely get to work on greenfield projects yeah you get brownfield
projects that is you get some project that is not a three week project, but it's something
that's been around since 2003. And you're dropped in to work on some features. And every
time you poke it, it's like a rickety house of cards, you got to be super careful, right?
How does that fit with your understanding?
Yeah, definitely true. That's one of the reasons why I encourage people to do open,
contribute to open source projects, even in large ones, because you have to get
used to huge code bases.
You have to get used to getting thrown in the deep end and fix a bug, and you don't
even know what the code does.
Yeah, this is essential.
Speaking of which, there's a fantastic picture for this.
So let me try to zoom that out for a second so we can see here, Brian.
So check this link out, folks.
So it's like this crazy Rube Goldbergian thing.
There's a button to start the app, and it's got all these weird wires,
and there's like an elephant that's suspended,
and the wire cuts the elephant loose, which drops off a rock,
and there's a security layer.
There's the core logic since 2003.
There's all these third-party bits that are largely controlled by aliens.
And then there's a cloud.
And below the cloud, you can see just the base of the building.
There's two new engineers with a little button that's supposed to like kick this thing off or something.
It says, how hard can it be?
Come on.
Yeah.
Yeah.
Amazing.
So check that out.
All right.
Coming back.
Nobody gives a blankety blink about your clean code.
You may focus on it a lot, but really your job is to deliver features.
You're expected to write clean code, but you're not going to get like promotions and stuff from the business people because you write clean code.
It's because you deliver value, right?
Part of that value is clean code.
That's true, but you've got to maintain it too.
So you should be happy. Yes, you've got to maintain it too. So you should be happy.
Yes. You got to live with it. So here's what, here was my experience.
Not how do you lie,
but how do you phrase things like estimates and stuff so that you're in a
position so you don't have to write terrible code constantly. Right?
So for example, with testing or a little bit of refactoring,
it's just like, I would just work that into my estimates. How long is it going to take?
It's going to take a week.
Well, it probably takes three and a half days, but then if you were to bust it out, right?
But if you're going to put in the test and do it right, it'll take a week.
So how long does it take?
It takes a week.
You know, that kind of thing.
Sometimes you'll work with incompetent people.
Oh boy, oh boy, oh boy.
Yes.
And sometimes that person will be your boss.
And so.
It's even tougher. I'll tell you a story, Brian. You know, I used to do in-person training classes
and there was a person who was in this class as part of a team, software development team from
like a medium-sized company, one of these like, you know, 50 million yearly revenue type companies
or something. And during that class, we were doing like exercises.
I'd do a presentation for an hour. They'd spend maybe half an hour working on something and
round and round it goes. So there's this part where you need a variable that has a string value.
This person has been working for at least six months, I think a lot longer as a professional
software developer in this language. And I say, okay, you got to create a variable there and you need to assign
the, a string to it that says, you know, X, Y, Z, the value of the string is X, Y,
Z.
So they just write variable name equals X, Y, Z with spaces and all sorts of stuff.
Like, no, you can't just type it into the editor.
You have to put quotes around it.
What do you mean?
You have to put quotes around this.
Like, how have you been a professional software developer at a proper company
for over six months to a year
and not know that sentences with spaces
to have quotes around them
to put them into code
as a piece of text?
Like, could you imagine
that person reviewing your code?
Like, oh my goodness, dude.
Yeah.
No, that was a rough one.
Anyway, sometimes, maybe not to that extreme,
but you will probably end up working with ineffective people or people that don't care
about your process or people don't care about your clean code or whatever. Right. All that stuff's
there. Get used to being number five, get used to being in meetings for hours. This is important
part of software development job. Most meetings are not productive because you're being forced
to be there by a person whose only job is to have meetings. That's their job. That meetings are not productive because you're being forced to be there by a person
whose only job is to have meetings. That's their job. That's their work, right? Which
is, uh, however, other meetings with your team members and stuff, uh, planning out,
uh, and whatnot is pretty good. Yeah. If you're the one responsible for the meeting, be okay
with cutting it short, uh, getting everybody together and leaving in 10 minutes is fine.
Don't remember that. Yep. Okay. in 10 minutes is fine. Remember that.
Yep.
Okay.
A hundred percent.
Okay.
On,
I feel like you should have done this,
this article.
No,
I'll be the heckler in the background.
It's fine.
It's good.
They will ask you for estimates
a lot of times.
Right.
I told you about this one.
I mentioned this is fun.
So,
here's a great cartoon for this one too.
This is also a good,
like basically the joke segment.
It says,
would you rather for better
estimates?
We switched from measuring story points to a different style.
We now ask how many duck sized horses are you willing to fight rather than implement
this task?
Isn't that awesome?
Yeah.
Yeah.
And it sounds silly, but I kind of think of it as it's actually kind of practical.
Yeah.
It's using your desire to avoid negative stimuli more than your ability to predict something.
I love it.
That one is only a two duck-sized horse battle.
All right.
Bugs will be your archenemy for life because they come from different places.
It could be your own code, but it could be third-party libraries it could be hardware failure
electricity all sorts of things uncertainty will be your toxic friend so could be implementing
something you never worked on could be getting transferred to a new project with new technologies
it could be a move to a new company could be could be a bug report the day you need to finish the work.
You're going to break the deadline.
Job security, evolution technology, all these things totally resonate.
Number nine, it will be almost impossible to disconnect from your job.
So, yeah, that's rough.
But it's true because you're thinking about it, right?
Yeah.
However, a lot of these come with actually good advice on what to do to combat it or to counteract it or to deal with it oh that's good because i like one of the best things i ever did was not i don't have the ability to get email on my phone now my work email oh that's nice and uh
because i was checking it all the time even on when i was off work and that was bad so yeah that's
bad uh last one number 10 you will profit more, uh, from your
soft skills than your coding skills.
Not that your coding skills are important, but yeah, definitely.
Soft skills are tough and they're also required.
So things like teamwork, learning mindset, time management, emotional
intelligence, and empathy, approachability, persistence, confidence, all these
things amongst a whole zillion others.
Anyway, if you're new, I think this is a pretty good article.
I didn't go through all the little details, but these 10 concepts.
I don't know.
What do you think, Brian?
I think the soft skills probably ought to have been at the top.
Being able to communicate well and stay positive and don't be a jerk is huge.
The ability to not be a jerk under pressure um that was a struggle for me um also embracing deadline like that people are
going to ask you how long it's going to take you have to you just have to learn how to do that
estimating is part of the job it sucks it's wrong but you get better at it and you're also okay
about telling it i mean it can be ballparks it's
going to be is it going to be two days or is it going to be two months um pick uh people just need
to know so yeah yeah absolutely it's good all right before we move on to the next one let's
talk about a sponsor that i'm very excited about let me tell you real quick about gout apm they're
big supporters of python, so we appreciate that
very much. So if you are tired of spending hours trying to find the root cause of issues impacting
your performance, then you owe it to yourself to check out Scout APM. They're a leading Python
application performance monitoring tool, APM, that helps you identify and solve performance
abnormalities faster and easier.
Scout APM ties bottlenecks such as memory leaks, slow database queries,
background jobs, and the dreaded N plus one queries that you can end up if you do lazy loading in your ORM and then you say, oh no, why is it so slow?
Why are you doing 200 database queries for what should be one?
So you can find out things like that.
And it links it back directly to source code so you can spend less time in the debugger and healing logs and just finding the problems
and moving on.
And you'll love it because it's built for developers by developers.
It makes it easy to get set up.
Seriously, you can do it in less than four minutes.
So that's awesome.
And the best part is the pricing is straightforward.
You only pay for the data that you use with no hidden overage fees or per seat pricing
and i just learned this brian they also have they provide the pro version for free to all
open source projects so if you're an open source maintainer and you want to have scout apm for that
project just shoot them a message there's something on their pricing page about that
so you can start your free trial and get instant insights today. Visit
pythonbytes.fm slash scout. The link is in your podcast player show notes as well. And please use
that link. Don't just search for them because otherwise they don't think you came from us.
And then they'd stop supporting the show. So please use our link pythonbytes.fm slash scout.
Check them out. It really supports the show. Cool. Yes. over to you ryan um well we've talked we've
talked in the past about python coming to excel and but i haven't tried it so um i was kind of
curious about this person that wrote up an article called my thoughts on python and excel and this
isn't just a rando person apparently this is um let's see uh see or maybe i don't know um they wrote a book on python
and excel or reported um yeah are they the creator of excel wings maybe yeah sure as oh yeah as a
creator of excel wings the author of the o'reilly book python for excel i was obviously curious to
try it so anyway uh yeah okay Anyway, so somebody tried it out.
Great.
And this is from the XL Wings blog.
So yeah, it's probably somebody that's worthwhile looking at this and tried, actually really
wanted it to work.
So what are their takeaways?
And I'm just kind of loving this.
We'll just run through them.
Wanted it to be an alternative to vba vba but mostly got
an alternative to the excel formula language okay so i thought it was going to be a vba replacement
as well apparently not um the integrate integrating the jupiter notebook cells inside excel grid was a
mistake so not sure uh what they did there but apparently they didn't like that. So Python in Excel is not suitable for Python beginners,
nor for interactive data analysis.
That's kind of, that's a bummer.
So there's that one person left.
Yeah.
Right now there are too many restrictions.
You can't use your own packages.
You can't connect to the web APIs.
So what are the
current use cases um probably computationally intensive things like monte carlos and simulations
ai stuff via the included packages like scikit-learn nlk or in nltk stats model imbalance
learn um that actually that makes sense and i so there's a that's a good use case, I guess,
for being able to use AI scikit-learn stuff in Excel.
Nice.
Being able to use matplotlib and Seaborn for visualizations.
That's pretty cool because these are great packages.
Time series analysis.
But that's really about it.
Not sure about data cleaning or data analysis
since you almost certainly need Power Query.
I don't know what this is.
It must be an Excel thing.
It's like a BI, Microsoft Office, Tableau type of thing, I believe.
Okay.
So what's the conclusion here?
Before we dive into the details,
I want to clarify that this is my personal opinion
and not meant to be a rant or critique but i'm amused by it uh i've been in contact with the
excel team a few times and they're super friendly okay so he's he wants the whole thing to succeed
so we'll just that's good so these are just interesting takeaways um one of the things uh
and then goes through a bunch of the little bits um and in more detail the part that
wasn't in the uh the summary which i find is interesting is python is not really in excel
it's in the cloud which i'm surprised by um uh says as you've probably heard but i hadn't that
the python that you're running runs in an az container instance, not inside Excel. That's just kind of weird.
I think, um, did you know this?
Uh, yeah, I did.
And it's interesting that it means that you can't configure the environment.
You can't control which Python is running.
You can't install third party packages that are not pre-approved.
Like you saw that there was a list of a couple of ML ones.
Uh, if you don't like those, then you don't use it.
Well, can you do it when you're your laptops's disconnected like when you're on an airplane or something
no i don't think so okay i i you know just like quick to me i was hoping for like some kind of vba
like true automation sort of beyond the cell this cell that cell but kind of what you do with
notebooks and then sometimes you bring in
um like excel writer or something to like actually save the stuff out or something right like a
little way to orchestrate bigger okay but yeah so it's not also yeah so it's it's just different
it's just like stuff within a cell well multiple cells but yes okay well it's not really what i was
hoping for for python and excel so anyway
yeah it's also not quite in it right say that again it's not quite in it but as i said it's
in the cloud yeah yeah it is weird that's got to be online only yeah that's kind of a deal breaker
for me but maybe i shouldn't be care that much but anyway yeah but one of the comments around
that was that um that it's not really a problem for a lot of people because a lot of people are using that are using Excel or already sharing their data through OneDrive and SharePoint.
And I don't know if that's maybe that's a majority of corporations, but there's a lot of corporations like the one I'm in where we cannot do that because we don't want our stuff to go out anywhere. Anyway, just an interesting
takeaway of, I guess, if you've
been hoping and thinking, this might
be a good article to peruse
just to make sure that it's really your use case
before you jump in.
Good point. Christopher out there says
it's nice that it doesn't require Python
to be installed locally, unlike Power BI
because I wouldn't be able to
have my IT department install it.
So that's an interesting bonus there.
Navarro says you got to fight for your right to sudo.
There you go.
Can't you, I mean, Python now, can't you install it on Windows machines?
I think you can install it in like personal mode
that's just in your home directory or something.
I don't think you need install it in like personal mode that's just in your home directory or something i don't yeah i don't think you need like uh administrator privileges anymore
yeah that's true with uh the it's actually true with the python in the windows store on windows
10 and 11 yeah yeah okay uh henry schreiner i don't say henry says this feels like the perfect
use case for wasm sad it wasn't the default. Totally agree. Some Pyodide here would have been awesome.
Yeah.
All right.
Not as awesome as the next thing I'm about to tell you, though, Brian.
Okay.
What's the next thing?
This special live event course that I'm running.
All right.
Cool.
So this is happening in October, and I'm doing a Code in a castle event in Tuscany oh wow so this is a
six-day luxurious uh a course in a luxurious Tuscany villa and every morning we're going to
wake up and we're going to spend four hours working on Python. And then the rest of the day is
excursions and winery tours and other stuff around the Italian countryside.
This looks like fun.
Sounds awesome, huh?
Yeah.
So the course is going to be super fun. The course is, I called it Python Zero to Hero,
but you don't have to actually be zero. You got to just like, there's probably some areas
of this that would be, you haven't had any experience with so basically it takes you from i'm maybe learning python maybe i
know python but then talks about async and await mongodb talks about um we cover fast api using
htmx we'll be back to that in just a second and building out awesome web apps and web APIs and then performance testing this and then deploying it to Linux.
If we got time, maybe using Docker as well.
So yeah, that's what the plan is and it's going to be awesome.
So if you are interested in being part of this, click the link in your player show notes
and episode show notes there.
And I think I only have a talk Python link.
So talk python.fm slash castle is the link and everyone, when they come, they
get a room in the villa and the room has up to two beds.
So if you wanted to bring your wife or a good friend, there's actually a separate
set of events for the people who are not in the course, but who are attending the
event as
like a companion or something. So there's like morning excursions as well. Yeah. I was reading
up on that and it sounds really pretty like some, some good quotes from people from last year,
enjoying the, the, the, the plus ones having fun in the mornings. So. Yeah. Awesome. Maybe I'll
just say the morning track. No, I'm just kidding.
So I forgot to mention, this is an extra, extra, extra.
So this is number one of the extra.
Okay.
More.
Okay.
More.
So first one, code in a castle, learn Python, fast API, deployment, load testing, all that
stuff.
Hopefully you can be there.
Number two, I had this awesome use case for HTMX that is so incredibly clean that I just want to give people a feel for it.
So Brian, if you go to TalkPython,
click on the courses, go to your course here.
Okay.
You can see it has a price, it's $59.
But if you're European, it would have a price in euros.
If you were in India, you would have a price in some else. So in order to pull that,
all that information in, this was usually fast, but periodically we'd have to hit our credit card
processor for places that are less common. I tried to pre-compute all this, but it's like
combinatorially out of control. So if you're like from a certain part of Greece, where there's a
certain tax that's different than another part of Greece.
You know, like all of that factors
into what shows up on this page.
So I just showed them without prices.
I'm like, well, what if I could reload,
like show the page
and then recompute the page with prices.
And if it takes 10 seconds for 50 API calls
to the credit card processor, so be it.
And maybe you'll see it, maybe you won't.
But if it's already seen that and it's saved to
the database we'll just show it to you basically really really quick so watch so watch this if i
refresh it you can see that it kind of flickers for a second and then the prices come back
cool all of that is in in htmx and if you look at the implementation of it three lines for that
entire client-side implementation of show the page without prices instantly start a computation to figure them all out get the answer and then rebuild the page out
of that just div hx get some url hx trigger to load render partial this is the implementation
that both shows it on the first load without prices and then refreshes it and loads it with
prices those three lines and one of them is a slash div. Well, that's pretty cool.
Is that insane?
Yeah.
So, yeah.
HTMX for the win.
Just want to encourage more people to use that.
It lets you do more Python and less JavaScript, right?
Because most set implementations on the server,
which is where it's all Python.
Yeah.
And one of those three lines is just the closing of the div.
So it's really like two lines of code.
It's really like two lines. It. It's really like two lines.
It's incredible.
Yeah.
All right.
Another one.
Something I've been recently using.
And some people will be like, Michael, where have you been all this time?
Why have you not done this?
I'll put this out to you as my test candidate. Did you know that if you find yourself sitting down to the terminal, SSH into a server, running the command and then leaving often,
even if that has like text output and all sorts of responses,
colored text output like rich or whatever.
You can just run that on your machine using
SSH to execute a command remotely. Is this news to you?
No.
So you say SSH for people who don't know,
you can say SSH user at host and then in quotes, some command.
So like if you want to say tail your log
and see what's happening on your server,
instead of logging into the server over SSH and tailing it,
you could just create an alias that says SSH user at host,
do the tail log thing, and you just type it locally
and just boom, you're tailing log.
It's beautiful.
Or whatever you want to do.
And if you want to run multiple commands,
just separate them by semicolons. Create a little alias for that bad boy and off you go yeah nice so anyway that's one
of my extras i use it for um uh so the reboot is built in but we we have an extra command that we
do for restarting the we have an application that we often have to restart so uh doing a single
command to ssh and run the restart to restart all the software.
Do that a lot.
Yep.
Cool.
All right.
I told you it's extra, extra, extra.
There's still more extras.
Okay.
Okay.
We got time.
All right.
These are short.
So polyfill.io is a CDN, I believe, for JavaScript.
Polyfill is if a browser doesn't support a feature,
but you can implement it in
javascript on top of the features that are there that's a because include a script that's a
polyfill like add features to an old one okay an old browser okay so uh apparently according to
bleeping computer this thing has been impacted by a supply chain attack where a chinese company
acquired the domain and then the script was modified to redirect users
to malicious and scam sites.
No.
And everyone who had that in their web app,
100,000 different websites,
the CDN got a new version of the script for you.
Oh, geez.
Which means it's time for required reading
from Wesley Aptheker-Castles,
reasons to avoid CDNs in JavaScript.
I'll do the highlighted one here.
Oh, wow.
Look, systemic risk.
It says one of the CDNs out there supports 12.5% of all websites.
If that goes down, having 12.5% of the internet vanish is silly.
We've swung too far away from resiliency as a society.
Privacy, obviously, because they can track
everyone who makes a request to that and coordinate that across browsers and sites.
They say speed, but if you're using HTTP2, it doesn't matter that much. You could use your own
CDN security. This points out that modern browsers have sub-resource integrity. Basically, you put a
hash onto it. And if you're using a CDN,
put the hash in there. That way, if something like this happens, it won't load the page.
Like the browser's like, no, it doesn't match. I'm not running this, which is good. Unfortunately, this doesn't work for libraries that are split into multiple pieces, you know, where one thing
requires another type of deal as part of it. So what to do instead? Just download it,
is what they say. Although what we do, Brian, over at Python Bytes is we just download it, but then we serve that content back over our own CDN at bunny.net.
Well, it's not ours, but the one we use at bunny.net, which still gives it all the global reach, but we control whether or not it changes other people, which is awesome.
Okay. people which is awesome okay and just to keep beating the drum ad major ad networks are
basically malware delivering funnels and don't feel bad about ad blockers mac users served info
stealer malware through google ads so why not who wouldn't want that oh geez so um that's an article
on ours technically you can check out but that's my extra extra extra extra extra here all about it okay nice you got extras i do but um
i've got a link that i can't show okay so i want you to go to the like either in the notes or the
private chat and click on that link um and we'll talk about it uh it's called i i will effing pile
drive you if you mention the ai again so it's just a it's a funny reaction to all this chat gpt stuff and
ai and everything and it's interesting it's the interesting position so this is somebody that was
studying data science they're in um i think they're in college and um and they're doing uh
grads i think grad school stuff now uh doing a master's thesis um uh but he's uh kind of sick
of a lot of the hype around AI.
So there's just an interesting take on it.
And it's so funny.
If you're tired of all the hype around AI
and you'd like to read somebody else's perspective,
click the link in the show notes
and it'll be an interesting read for you.
The reason why I'm not showing it is because
I want to keep this child friendly and safe
for the live feed.
Thanks, Ryan.
We'll check it out.
That's my only extra.
All right. Well,
let's close this out with a joke, huh?
Yeah, let's do that.
By the way, I have this AI fatigue as well.
It's like ChatGPT is cool.
Lama 3 is cool.
But not everything needs to have AI in it.
And certainly a lot of times software use has just like easiest all persistent bugs because the whole team is like on an AI mission.
You're like, I don't want any of this junk.
Could you just make it when I click this that it works?
Yeah.
You know?
All right.
Off to the joke.
Over on Reddit, we have something called the HTML hacker.
We just talked about like the malware, right?
So this is sort of two sides of the picture.
Both people don't see either side really.
So woman, she says, my boyfriend is a programmer.
He'll hack.
She says, don't mess with me.
My boyfriend is a programmer.
He'll hack your world into oblivion.
Meanwhile, the boyfriend on his computer, Google, how to declare variables in HTML.
Yeah.
Yeah.
Both things can be true at the same time.
He also could be a hacker and still not know how to declare variables in HTML.
You never know.
I don't know how to declare variables in HTML.
Can you declare variables in HTML?
No.
No.
Okay.
But you can in like modern CSS and, you know.
Well, okay.
So one of the things I think is funny about this,
because sometimes in the movies you'll see somebody like pouring through lines of code
and then you look at it and it's it's just like
the view source of of some web page or something it's like that's not like you're not hacking
anything guys looking at the guys i found the source to this web page i'm going in
yeah wow and i've got the javascript next oh my gosh i can't believe they just published this and
don't hide it yeah so anyway that's funny yeah anyway all right that's that's it thanks a lot
for a great episode yeah fun as always catch you later bye everyone