Python Bytes - #411 TLS Client: Hello <<guitar solo>>
Episode Date: November 25, 2024Topics covered in this episode: Talk Python rewritten in Quart PyPI now supports digital attestations Django Rusty Templates PEP 639 is now supported by PYPI Extras Joke Watch on YouTube About th...e show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Talk Python rewritten in Quart Rewrote all of talkpython.fm in Quart (10k lines of code total, 4k changed) Considered FastAPI Litestar Django Hugo Static Site + Python Flask Discussed the multistage upgrade / conversion process Automating tests for all 1,000 pages Brian #2: PyPI now supports digital attestations Dustin Ingram “Attestations provide a verifiable link to an upstream source repository: By signing with the identity of the upstream source repository, such as in the case of an upload of a project built with GitHub Actions, PyPI's support for digital attestations defines a strong and verifiable association between a file on PyPI and the source repository, workflow, and even the commit hash that produced and uploaded the file. Additionally, publishing attestations to a transparency log helps mitigate against both compromise of PyPI and compromise of the projects themselves.” For maintainers If using GH Actions and Trusted Publishing make sure you use pypa/gh-action-pypi-publish, version v1.11.0 or newer that’s it If not “Support for automatic attestation generation and publication from other Trusted Publisher environments is planned.” “While not recommended, maintainers can also manually generate and publish attestations.” See also PyPI Introduces Digital Attestations to Strengthen Python Package Security by Sarah Gooding Are we PEP 740 yet? Michael #3: Django Rusty Templates by Lily Foote An experimental reimplementation of Django's templating language in Rust. Goals 100% compatibility of rendered output. Error reporting that is at least as useful as Django's errors. Improved performance over Django's pure Python implementation. Brian #4: PEP 639 is now supported by PYPI from Brett Cannon PEP 639 – Improving License Clarity with Better Package Metadata For project metadata, use these fields: license and license-files: Examples license field [project] license = "MIT" [project] license = "MIT AND (Apache-2.0 OR BSD-2-clause)" [project] license = "MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause)" [project] license = "LicenseRef-Proprietary" Examples of license-files: [project] license-files = ["LICEN[CS]E*", "AUTHORS*"] [project] license-files = ["licenses/LICENSE.MIT", "licenses/LICENSE.CC0"] [project] license-files = ["LICENSE.txt", "licenses/*"] [project] license-files = [] Extras Brian: Playground Wisdom: Threads Beat Async/Await - interesting read from Armin Ronacher about different language abstractions around concurrency. PythonTest.com Discord community is now live Launched last week, as of this morning we’ve got 89 members Anyone already a pythontest community member has received an invite Anyone can join through courses.pythontest.com Everything at pythontest.com is 20% off through Dec 2 with code turkeysale2024 “Python Testing with pytest” eBook 40% off through Dec 2, use code turkeysale2024 Michael: Python 3.14.0a2 released Starter packs: Michael’s Python people: https://bsky.app/starter-pack/mkennedy.codes/3lbdnupl26e2x Directory: https://blueskydirectory.com/starter-packs/all Joke: curl - heavy metal style!
Transcript
Discussion (0)
Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
This is episode 411 recorded. We got the 411 today. 411 recorded November 25th, 2024.
And I'm Brian Atkin.
And I'm Michael Kennedy.
And this episode is brought to you by us.
So we have links in the show notes, but check out TalkPythonTraining and PythonTest.com forcom for some courses and patreon supporters thank you for sticking it out with us so um also uh we have
lots of links in the show notes for connecting with us on social media because we've got um
we've got links for uh fasted on on mastodon and also blue sky for all of us here. We've got Python Bytes and Brian Ocken and M. Kennedy. M. Kennedy's at
mkennedy.codes, so check that out on Blue Sky. But all the links are in the
show notes. And thank you everyone for showing up for the live show. I love having
you guys here and commenting. And if you'd like, if you're listening later,
we thank you also. But if you'd like to listen sometimes,
it's usually 10 a.m. Pacific time, sometimes other times.
And you can go to pythonbytes.fm slash live to get that.
And finally, if you are listening and you're wondering about any link that we cover in the show,
you can go to our page, the notes page on pythonbytes.fm but you can also
click on the link to get in the
newsletter and we'll just send you those links right in your
email inbox. I have two more thoughts
in there really quick Brian we haven't talked about this
before I think the newsletter is awesome
people seem to be really enjoying it and connecting
with it the people who are subscribers there
but I don't even want to necessarily
say this out loud to encourage it but if you don't
listen to the show you maybe miss one or something.
You're still going to get those in your inbox and you can just peruse through real quick.
Oh, look at these two interesting things that they found.
That's number one.
Number two, this is also all of the stuff.
Our show notes are super detailed.
And so people put our RS feed, RSS feed for the podcast into their regular RSS reader is real similar as well. So there's,
there's reason to add your RSS, this RSS feed to maybe reader or whatever feed bin or whatever
you're using outside of just listening to the podcast. That's a great hack. I like that.
Speaking of hacking, you want to talk about hacking? Yeah. You hacked some website.
I hacked some website hard. I hacked it hard and And Python Bytes is on the docket to get the same hacking.
So for as long as there has been a TalkPython,
and for as long as there's been a Python Bytes,
they've been running on Pyramid,
the Pyramid web framework created by Chris McDonough.
Super cool framework.
I really, really love it.
But the truth is, the sad truth is,
it's just not getting updates these days.
So if you want to do async programming, you have to do async programming.
Sometimes it's hard to avoid it.
It's not supported.
Doesn't support types.
Doesn't do a lot of things.
And even though it's great and simple, it felt kind of like a bit of a liability to
be having all of our code written on frameworks that don't really get updates.
So I rewrote TalkPython. First, TalkPython.fm, not the courses, not Python Bytes, just TalkPython,
because it's a medium-sized level of complexity. More complex than Python Bytes, way less complex
than the course section e-commerce website. Just to see how would that go? Is this a good idea or
a bad idea? Turns out it's a pretty awesome idea. So I rewrote TalkPython, this is the topic, in court, and I wrote up a long post of my thoughts on it. Why did I do this?
What did I consider? A lot of people are like, why didn't you consider framework X? You're crazy
not to consider that. I'm like, I did consider that. And I wrote it down why I didn't end up
picking it. So if people are thinking about changing frameworks, here's a nice write-up of an example.
Any of you thinking about async flask, aka cort for now, until those get merged, if they ever get
merged, truly cool. Like for example, our database layer is Beanie, which is Pydantic plus MongoDB.
Super awesome. It only supports async code. That's it. Pyramid only supported synchronous code. So I
had to write this janky translation layer that would curry every request over to an async thing, wait for its response,
and then turn it back into a sync. There was like weirdness that was there, right? And I'm just like,
could I just not do this? And so I went to solve that technical debt issue that's been
dragging around for a long time, chose Quartz. So a few things. First of all, what did I consider?
I considered FastAPI, Lightstar, as in lightstar.dev,
super cool framework.
If you wanted something like FastAPI,
but kind of batteries included, like Django,
Lightstar is the winner.
Lightstar was really close.
FastAPI was a real contender.
Django, you always got to consider Django,
but decided not to go with that.
Hugo, actually I considered, what do you think, how much of our site do you think we could rewrite
in just a static site generator like Hugo? I think a lot of it. Yeah. I was actually thinking
about doing a testing code over again in Hugo at some point. Yeah. By the way, this site that we're
looking at here with the blog post, this is a sub Hugo site within the court site in TalkPython,
by the way.
I think it's really great,
but there's certain things like on talk Python,
there's a guest list and there's all the episodes and there's the analytics of who downloaded which episode and then who sponsors those different episodes.
And there's ad dashboard.
There's like a bunch of stuff that's not real obvious when you're looking at
it from the outside.
Oh,
it's just like a,
it's like a blog kind of with attachment.
Like it's actually way more complicated on the sort of iceberg part that
people don't see. And I decided not to do that. And of course, Flask, which is interesting. So
anyway, I think FastAPI is awesome, but it's really focused on APIs, though you can make it
work for websites. I don't think it's primarily the thing for websites, right? One of my goals
here, by the way, was I want a super popular framework. I want one where if you say, Hey, I wrote my website and this, what, what
framework did you choose? There's a real good chance. Somebody says me too, you know, and
pyramid just as much as I love it, didn't check that box these days. Um, and I also would have
put court in that category, except for the fact that it's really maintained by the flask people
now. Yes, exactly. I almost didn't consider court at all. And I ended up going with it. And that's
because I talked to David Lord about how it's been brought into the same organization as flask.
They're working, like they were both contributing to both. There's attempts to sort of bring court
into flask properly. So maybe one day they'll go over. And if I changed my mind, literally,
all I have to do
is find and replace lowercase Flask
and uppercase Quart with uppercase Flask,
and it's back to Flask, right?
It's a very, very small tie-in, you know what I mean?
So for that reason, I felt like Quart was worth consideration.
Okay, so FastAPI, awesome, obviously,
but too API-focused.
Same thing for Lightstar, also not as that popular.
It's more popular than Pyramid, but it's not in the, of course you're using that.
Django is awesome.
I mean, it's actually, I learned by doing this research,
going through the PSF JetBrains Python developer survey,
that if you look at the most popular framework,
Flask is to a decimal point more popular than Django.
But if you look at web
developers who use a web framework django is more than twice as popular than flask that's pretty
interesting right yeah yeah so a lot of machine learning models or something running there anyway
i go through why i'm not a huge fan of uh didn't want to adopt django you can read that up if you
care to i think hugo sites would be so neat. They're like, they can't go down. Technically the data center can go down, but there's no runtime
reason that a static site goes down and that's pretty glorious. So I did the upgrade in two
steps. I first said, let's go and rewrite everything in court, but just keep the synchronous
code there because one of the big challenges is to rewrite the entire stack to be async, right?
And so let's just get it running the way it is,
but on the court framework, aka Flask, not Pyramid.
So that took about a day,
maybe like a long day, 10 hour day or something,
you know, got that bad boy knocked out.
And then, you know, that was 2,280 lines changed,
3,000 lines of code deleted for that part.
That is a good chunk.
And then I rewrote it in async.
After I got that all tested and deployed, like immediately, that's another 1,600 lines of code, 1,700 lines of code changed.
But yeah, awesome performance.
Okay, so about a day to convert to Cort, and then you went to async.
How long to do that?
I'd say maybe eight hours, a slightly, six hours, six to eight hours.
Let's say six hours.
Less than a hard day, like a regular day of work.
Not a, I'm done for the day.
But yeah, we're talking five times faster performance.
That's pretty awesome, actually.
That's pretty good.
Yeah, it's really, really nice.
And I was able to get rid of that.
And a lot of that, like half of that speed is from this,
okay, you've got a request.
Send it over to some async background thread
that can async run it.
Wait for the response.
Okay, I got the response stash.
Grab the response back and then send it back over
to the sync refresh version to return.
Like all of that coordination added a lot.
Not a lot of CPU pounding overhead,
but just delays here and there, you know what I mean?
Yeah.
Anyway, that's it.
And finally, if you have a whole bunch of different pages,
you want to make sure they're not broken.
The way that I tested that most of it wasn't broken
was I just went to the sitemap,
which has a thousand pages in it.
And I just wrote a Python program
to just request every single URL in the sitemap
and make sure it didn't 404 or 500 or anything like that.
Y'all pass?
Push to production.
Let's go.
So did you already have a list of all the links or did you?
Yeah, because you generally want a sitemap
for SEO and Google and Bing and all those things
because that's what they use to discover
like how much of our site can we index
and what might we miss
if you're not directly linking to it but you want to make it known,
basically, right?
So over here on the site map, we've got, like, you know,
check out the scroll bar.
Yeah, you can just grab all the links out of there.
Exactly.
So I take each one of those.
So here's the one catch.
One person ran into an issue and they're like, oh, man, I missed that one.
And it's when you submit forms, right? The,
the, the page that is shown when something is processed and submitted, I got one or two errors
there. One little admin thing that only affected me, but somebody signed up for the mailing list.
The mailing list has a page that's special if you sign up successfully. So thanks. And here's a few
other things. Somehow I forgot to check the result of that. And there was some kind of bug in there
that was easy to fix,
but hard to discover.
Ooh,
links not in the site map.
Yeah.
Yeah.
Or they might even be there,
but you got to do an HTTP post with data to discover them.
Not a get,
cause get will show the form,
but it won't process the form.
You know,
that was what it was.
Okay.
I forgot to await something in the resulting post handler.
Basically is what it was.
Oh,
nice.
The interactive user base
so they can let you know.
Exactly.
Century sent me a little message that said,
you know what, there's a crash.
Oh, okay.
Yeah, anyway, very cool.
So hopefully, you know, I kind of want to add some detail
because, yeah, I think it's just on its own is interesting,
but I think more so the reason I wanted to cover this
is I think it's relevant for other people who are like,
oh, you know, we are on, you know, cherry pie,
and maybe we shouldn't be anymore.
Maybe we should pick another one of the top three
out of the list like Michael did.
And I don't know.
I'm sure it'll help some people on this journey.
Yeah, cool.
Nice.
Thanks.
Well, I want to talk about PyPI a little bit.
PyPI now supports...
You want to make an attestation about it?
I don't even know what that word means.
But PyPI now supports digital attestation.
Yeah, okay.
What does that mean?
Well, I'm not sure what it really means,
but it's a supply chain thing.
So PyPI package maintainers can now publish
signed digital attestations when publishing in order to further increase trust in the supply chain security of their projects.
That sounds cool.
Additionally, there's a new API to new APIs available for consumers and installers to verify published published attestations.
Oh, my God.
This sounds like a lot of work.
Fortunately, it's not um so uh
if you are a package uh there's this we're going to link to the um the python package index blog
and this is written by destin angram um uh talking about this it's uh there's some some
some discussion about why we did why they didn't't do, um, uh, signed identity key pair things. Um,
but, uh, the gist is if you are, if you're already using GitHub actions and trusted publishing,
and you're using the GitHub action, pipey, I publish a little hook thing for give actions.
Um, it'll just work for you. You just need to make sure that there's a, the, the version is,
I think it's, well, there's another article that I looked at.
I think it's 11.
Let's peek over there.
So this other article,
there's another article,
PyPI introduces digital attestation
to strengthen PyPI packaging security.
This is written by Sarah Gooding.
And the gist of it here is,
oh yeah, version 1.11.0 is the one that you need to use.
Now, what if you want to use something else?
If you don't use, if you don't like GitHub Actions, you're using something else.
Well, there is plans for other trusted publisher environments are planned.
And then if you don't even want to do that, if you want to do it manually, it's not recommended,
but you can do this manually.
So you're not locked into GitHub Actions.
It's just, I think that was a reasonable choice for them to implement first.
You got to have one of them has to be first.
So that's what they did.
Like I said, there's another article by Sarah Gooding, also very good.
It also walks through what the viewing the UI for the new API for viewing what the file looks like.
And the cool thing about this is, okay, this seems sort of technical and okay, like security on supply chains and all that.
Yeah, yeah, yeah.
But really, who cares?
Well, we all care, really.
But also, one of the things that I realized is there's links on PyPI for projects to say where the source code is.
But you just put that there.
It's not guaranteed to be linking.
Now, this is where the attestation makes it so that PyPI can verify that the object really is from the source code.
So you're not lying.
There's nobody in the middle lying about it and publishing a package that it really isn't from that source code. So you're not lying. There's nobody in the middle lying about it.
And publishing a package, it really
isn't from that source code, from something else.
And that's what we want.
We want our open source projects to be available, easy to
install, but also that we can find the source code readily
available.
So that's what that's all about.
There's also a cool are we PEP 740 yet?
That just shows you different some of the top packages.
Let's see, the 360 most downloaded packages
and whether or not they're supported yet.
And this is pretty new, so there's not that many supported already.
But Wheel is supported, for instance, so you can check that out.
Yeah, Pydantic.
Pydantic, good job, Pydantic people.
Good job, Pydantic people. Good job, Pydantic people.
Just had Samuel Colvin on the show, by the way, on TalkPython.
So people can hear from the Pydantic folks themselves very soon.
Yarl.
What's Yarl?
I got to check that out.
I've seen that in my dependencies.
I don't know what it is.
It's one of those things that comes along.
Yeah.
Something library.
Markdown library?
I don't know.
I have no idea.
I'm making this up. And 360, because it's a wheel,
there's like a visualization that is a wheel
and it's little slices show you which ones are there,
which ones aren't.
Yeah, nice.
360 degrees.
That's pretty cool.
They picked 360.
Yeah, it is.
All right, a couple of comments.
Sean Tibor, hey, Sean.
Glad the cryptography package is there
to attest the tested status, for sure.
And Christian says, trusted publishing is great.
It's never been easier to publish on PyPI.
If you're using GitHub, that is indeed.
And Brian, you said when I talked about UV build, UV publish last time, time before,
whenever, you said that you're not even doing that.
You just let GitHub do it.
Yeah.
Yeah.
How's that go?
How do you make that happen?
Well, we go through this thing,
this, what do we call it?
The package.
Trusted package provider or something?
Yeah, the trusted publishing.
There's like a doc on how to do that,
trusted publisher.
You have to have an API token.
You link tokens between GitHub,ub your github project
and uh and pi pi um so they know about each other and then the then kind of just add a github action
pi pi publish step so nice i should know um there's lots of ways to do it though workflow wise
i've found personally that my um uh my favorite way is to to do the publishing as part of the tag.
So I'll do another version that's just like I'll publish to,
I don't publish everything that I push to PyPI, but, or push to GitHub.
But when I push a tag, then a build is done and the publish happens.
So it pushes off a tag.
So just tag-a-logically, push it and then magic yeah nice um yeah that's a good question though i think
we might want to revisit that and uh and put an article up find an article on that whole process
yeah are you looking for a topic for a blog post you feel a little bit rusty i mean that's what we
gotta talk are you feeling rusty with your blog django's feeling rusty. Django's feeling super. I mean, a lot of Python's feeling rusty. That's
what I was talking to Samuel Colvin about. However, I want to highlight a project that is very early
in its life, but I think maybe deserves some love, some attention anyway, from Lilyfoot,
Django Rusty Templates. So all these web frameworks have some variation of templated programming.
So you've got your HTML and then you'll have some kind of expression like loop over all
of my blog posts and like put out the title and the contents in this little wrapper deal
or whatever, right?
They all have them.
They're all variations.
They're not as varied as you might imagine.
And I'm going to actually come back to this whole template thing at the end of the show as well.
However, this one re-implements
the Django templating one, right?
We've got Django, we've got Jinja,
Mako, Chameleon, probably others.
There's that whole PEP 750 maybe
that's bringing templating
into the language itself,
all this stuff, right?
So this one re-implements
that Django variant of that
in Rust with the goal of 100% compatibility on output,
not necessarily input or the way you program it,
but output at least.
And then error reporting that is at least as good as Django.
And obviously, why would you do this
if you weren't looking for improved performance
over Django's pure Python implementation?
These templates can be slow.
They really, like one of the things that can make your website literally suffer to start
up if it's under heavy load is to restart it and it has to reparse all the templates.
I go to the extent that I have an app that will see that I can run against the website
and it will request a representative subset of all the URLs to make sure that the
template is loaded and parsed because it's a difference of hundreds of milliseconds versus
tens of milliseconds, right? It could be up to one second to load the page the very first time
it hits one of these complicated things. And you want your pages fast. So when Google and other
things hit it, they'll go, oh, that page is fast. We'll put it a little higher in search. So anyway, this could be interesting.
So caveat for the world, it is net ready for full release and therefore is not on PyPI yet.
You can check it out if you want to live dangerously or contribute.
Okay.
They should push it.
That's what ZeroVerse is for.
Exactly.
I was shipping stuff that was 0.02 on vacation.
Come on.
Yeah.
Come on.
Anyway, no, it's fine.
People can do what they want.
Of course.
Sounds fine.
I guess it depends.
Do you feel like it's even anywhere close to potentially usable,
or is it just you're still working on it before it even makes sense?
Yeah.
You don't want a bunch of bugs saying, this doesn't work yet. like i know and i said not to use it yeah but also people people it's i think it's
a cool idea and if you want to help out and uh help out yeah absolutely nice um um are we i don't
want to get too dry but i want to talk about another pep so pepp it up, pep it up. It's a pep talk. Um,
so Brett Cannon,
uh,
announced,
um,
so I,
this is the first time I'd heard of this.
Um,
this post come out,
this is November 13th.
Uh,
that pep six,
three,
nine is now supported by PI PI.
Um,
this pep,
this is a pep that lets you specify the license spirit code using SPDX expressions.
How,
who can't get excited about SPDX expressions?
And it's easily,
and easily include all your licenses with your code.
Okay, I have no idea what SPDX is,
but let's jump in a little bit.
Why am I excited about this?
Is because the last way to be able to do,
specify your license,
was you did a little license string thing
that say MIT or whatever, but then you had a little license string thing to say mit or whatever but
then you had a um a link maybe a link to a license.txt file but there wasn't like wasn't clear
understanding what you should do but you really had to in order to get the license to show up on
pipe.ai you had to have a trove classifier and i'm not really a fan of trove classifiers i think
they're weird so um you don't have to do trove classifiers uh
anymore so uh brett linked to um e durbin's uh or ease pep 639 is now live so that's just the
same thing but i'll link to it anyway uh so let's look at this um the cool thing about this i think
is like i said you don't have to use the 12 classifier anymore. I'm going to jump down to
like, really, what does it look like? So we have, there's reasons why and all that stuff. But really,
it was confusing before, and it's easier now. So all you have to do is do something like you have
license, a license field, and you can put MIT. So that's the that's pretty easy. And then but
there's like, and so if you have, you can do
logic in here. If you've got multiple licenses in there. And the other thing was projects really,
a large project might have more than one license because there might be, you may have vendored in
part of the system that is, or part of another library that is licensed under a different
license. What do you do there? there well that's one of the great
things about this is that there's that logic in there but you can also do the license files key
and the license files key is great because you can just there's more than one you can have more
than one and you specify where they all go um and it's just a uh it's just a list of strings with
um um with uh what are those wild cards and stuff so that you can,
uh,
regular with sort of regular expressions so that you can,
you can find different files,
um,
through there.
And you can even have like,
I like this version.
It's got a main license,
a text,
uh,
at the top and then a licenses directory.
So you can have a,
a directory full of licenses for sub components or something.
Wow.
It's like creating a list,
a set of set of like creating a list,
a set of arguments from a list where you say star args and it explodes it out into positional arguments.
It's kind of like that, but for a TAML file.
Or is that a YAML?
I don't know.
Well, it's SPDX or whatever.
So this is pretty exciting to me.
I asked Brett, well, this is still, it's not finalized, I guess.
It's provisional.
PyPI supports it, but they say that it's going to be,
they need an implementation of the PEP in two build backends.
I don't know what the two build backends mean.
It would be like hatchling or poetry or something like that
right definitely hatchling would kind of or set up tools or something like that and an
implementation implementation of the pep and pipei which is done so i'm pretty sure this is done yeah
and the first link that you clicked on the discuss the discourse thread or whatever yeah yeah see
that second thing carolina struma wrote the pdm back end uh supporting
this since such and such version and hatchling since another version i believe the conditions
have been met okay so i think this is going to be changed from provisional to something else
hopefully whatever comes after provisional probably accepted or whatever probably accepted
hey i just want to make a little to Phillip and crew
in Carolina as well.
Just, you know,
the file that you create for this
is license underscore file,
no extension.
Think of an extension, please,
so we can have a default
so you can double click it
and open it.
Rather than have to figure out
an editor, go into it,
drag it into it, right?
Because without an extension,
you can't set a default editor
to edit the license file
in Mac or Windows
at least. Oh, like say
license.txt or something? Yeah, or MD
or YAML or TOML or
I would say YAML or TOML probably makes the most sense
if it has that structure. Because then the editors
when you open it in PyCharm or VS Code,
they'll apply linting
to it based on the format.
Whereas right now, it's like,
well, whatever. Good luck with that. It's just text.
Well, so this
changes that I'm showing,
they're like YAML or TOML or something like that
because they're part of the PyProject.toml
file. Oh, are they? Well, somewhere
it talked about the license key file.
Yeah, right.
There's a license underscore. Right there. Go back.
Upload. Stop. License dash
files. Oh, that's just the key in the file. That's not actually underscore. Right there. Go back up a little. Stop. License dash files.
Oh, that's just the key in the file. That's not actually a file.
Okay.
I don't know what I'm talking about.
Forget that.
That's the key.
And so I think that they're usually.
It's fine.
It'll be picked up by pyproject.com.
Yeah.
But I usually, I used to just have it be raw,
but I like the idea of doing a.txt file.
Yeah.
Anyway.
Something that
makes the tool apply the linting
to it if it's reasonable that it would already
know how to do that.
Do it like a Word doc.
Come on, I'll just Excel.
And not like a docx. Do it like
from like 1995.
Straight doc. Let's go.
Anyway, I think that's where
those are items.
Those are.
Okay.
Well,
do you have any extras?
I have a couple
quick ones here.
I'll go through for us.
I'll let you do yours.
Really quickly,
Python 3.14 Alpha 2
was released last week
just after
we did our show
last week.
So,
kind of the most recent one
we could talk about,
I believe.
Anyway,
it continues on
with its PEP 649,
deferred evaluation annotations on Python configuration C API,
and no longer having PGP signatures,
and improved error messages, among other things.
So check it out if you're interested in that.
If you want to test against it.
Remember, there will be seven.
So it's pretty early in there.
But you'll be able to influence the direction if you so want. Blue sky, Brian, we have personalities,
Python personalities are invading blue sky. And I would say I'm really happy with the engagement
and how much people are participating over there and all those kinds of things. It seems really,
really great. Right? Yeah. Yeah. So we have links for all of our accounts on blue sky over there,
but the thing I want to highlight is I created a starter pack and I think these starter packs are actually
one of the magic growth hacks of blue sky and also a good way for people to get started. So here's the
common social problem, social network problem is you join and it's crickets and then you follow
stuff that you don't care about because it's like, you haven't got no followers. So here's a bunch of
horrible stuff that you don't want to see.
Oh, great.
People ranting about this or that.
I want none of this.
I want to just get back to my communities that I care about.
So for each community, you can create people can create what are called starter packs, which is like up to 250 people.
You can just click one button and say, boom, I'm going to follow those people as a quick jumpstart.
So I created a Python personality one.
I don't know.
I think I have 60 people, maybe more. I'm not sure. I'll be able follow those people as a quick jumpstart. So I created a Python personality one. I don't know, I think it has 60 people, maybe more.
I'm not sure.
I'll be able to show you in a second.
But it's, you know, it's got whoever created it.
And then it's got who you put, like Nina Zakarenko, Dr. Becky, Chris Williams, Cecil Phillips,
Savannah, Simon Wilson, Peter Wang, and so on.
So you're in here somewhere, Brian.
Brett Cannon, who we're just covering in his article, and his pep, and so on.
See, there you are.
And so I just want to encourage people, hey, go find some of these starter packs, consider mine, give it a click and so on.
And how do you do that? Well, Will McGugan pointed out that there's this blue sky directory.com that has all the starter packs and you can search for like Python starter packs or motorcycling parts or packs or skating or whatever you're into.
So you've got, I don't know who these people are.
There's some people who created some,
like down here a little bit further,
you can see like here's one I created
and different folks, Python core team by Hugo,
I believe that is, so on, right?
So there are actually 572 starter packs,
but I suspect a lot of overlap intersection here.
Yeah, and one of the things I appreciate
about checking these out is is being able to
like that some people are keeping me like keeping these up a little bit which i appreciate like um
luciano wait no it wasn't luciano it was um oh uh reuben learner has one also that he's trying to
keep up and and i because i've been on blue sky for a while so i like went out and looked for
python people early on and there's a ton of
python people jumping on the bandwagon right now right and just yesterday a bunch of join you know
yeah so so it's good to to look like i was just looking through your list and there was probably
five or ten that i hadn't that i hadn't followed yet and there are people i want to follow so yeah
and i just added somebody two hours ago to it so it So it's being maintained to the limit
until it hits its limit.
Then I'll have to start
make tough decisions
if someone ejects someone else.
I don't really want to do that.
But right now there's 61 people in mind.
And this directory thing shows you
how big the list is.
Care about that.
All right.
Another really quick thing.
I'm going to save this one
until next time.
Just for sake of time,
we'll cover that one next week.
All right. Well, I've got a few extras um i didn't cover this because i didn't really i don't know
if i'm smart enough to cover this but i'll link to it anyway there's a article from uh armin
runeker um uh titled playground wisdom threads beat async and await and he's not really talking
about python threads he's really talking about or or python async and await and he's not really talking about python threads he's really
talking about or or python async and await i think he is but also just in general like programming
languages um uh thinking about threads versus thinking about async and await and um and it's
just an interesting read and a good article talking about um how like we should really be
making concert concurrency really easy
to the point where we don't actually talk about concurrency it just works and that seems ludicrous
in some respects if you're used to a low-level language but they his example at the top just
sort of like blew me away in thought process of thinking about um about the Scratch programming language for kids.
And if you have, like, he has an example of, like,
a cat and a mouse sprite having code that, like, just, you know,
moves 200 times while mouse X is less than 200,
update the X position by five and sleep for 10 seconds. then do that or do that for a cat also so you
got a cat and a mouse chasing each other um and the question is really do those run at the same
time or one after another and in scratch it just is each of these are their own thread their own
thing that's running and there's no async and await here it just is there and i'm not saying
that we should all go out and write our frameworks in Scratch now. I'm saying it's an interesting idea just to realize that it can
be made easy. I both agree and disagree in interesting ways here. So I really like what
Armin's been doing on his blog lately. He's been writing some very thoughtful posts and has me shaking my head in agreement a
lot. So well done, Armin. However, I think some of the pushback, I have not read this, so
it's go easy on me, but I'd like to read it. It's on my reading list, but I think part of the pushback
of async's having a bit of a, it's just not quite, is I think there's foundations of async that have
not been built yet that should be built. Like for example, so this example here,
create a function called move mouse,
create a function called move cat.
If this was async and this was C sharp
and you called run, you wrote that code in C sharp,
but the word async was applied to the functions basically,
it would just run like it is.
Like there's nothing left to do
and async and await handles that.
But Python doesn't have the concept
of a background management thing that runs all the async stuff and keeps it going.
Right.
You've got to go to the loop and say, hey, loop, here's another thing to run.
Start this, please.
Whereas in a lot of other languages, the act of calling an async function coordinates behind the scenes in ways you don't have to think about that start and run that.
You're given a task of a object of a running task that's already been handled in something you pre-configured whereas
in python you're like i know you think you ran it because it has parentheses like a function but now
you got to go find a place to actually run it and a lot that that finding the place is always janky
it's like oh async io dot get get event loop exception no event loop darn it i'll create one some other time
create event loop exception there's already event loop it's like why what is going on here why am i
always battling this or i there is a loop but it's i need to get to it from another thread and it's
thread local and i i how do i connect these two things through variables and i want to use globals
like there's just all this stuff that makes it tricky. Whereas there could be a little infrastructure
behind the scenes that just, I don't know,
it might be it's too late, which would be super unfortunate,
but it could be.
I think it can be built on top of it.
Yeah, maybe.
Maybe anyway.
I think that that is part of the problem
is the challenge is like,
it's your job to connect the pieces of the plumbing
more than it should be.
That's what i
think they i've also used um so i've used a uh in this is in c++ but uh a concurrency framework
that had the default is easy like the the generic the um the uh there is a general thread pool um
that it's easy to use easy to add things to it It just sort of happens. And then there's, if you want, like, a separate thread pool
that's just managed separately, there's more.
You could go and create it and put it and start connecting pieces, yeah.
And I think that's awesome, right?
Rather than you always have to do the hard way.
Yeah, yeah, we need a, at least for simpler cases,
there is an easy way that exists.
And anyway, but I'm also kind of talking out of my hat
because I haven't run,
I haven't written a lot of async Python yet.
Yeah, I'll give you a really, really, really quickly
to wrap the show up.
But in court, you've got,
there's an async event loop managed by the web framework,
or maybe it's even managed by the app server
that then starts the framework,
but there's a dedicated async IO event loop for processing requests. It doesn't exist until after
all of your startup code is done. And so if you have any async code to call before you're actually,
you're just like everything's set up, all the things have been populated, run the start
processing requests, you basically almost can't do it.
If like, for example, so for Beanie,
you have to say initialize the database
and get all the connections and stuff going.
So if you write code to do that
and then try to use it in a web view, in a web request,
it'll crash and say wrong event loop.
It was initialized on this event loop,
but it's running on the court event loop.
And you're like, well, but how do I start it?
How do I ask a database question
before the web request is started?
You know, like I, maybe I want to do something different
if the database is initialized or not,
or I want to, I don't know.
It's just like, there's all this juggling
and there are mechanisms to say, okay, well,
like you can have some startup code run in a different time, but it's it's just hard yeah anyway i hope i keep harping on this because i'm
hoping someone will go like okay we're at the core developer language summit can we simplify
please okay and then uh i got a few more but i'll do them quick um uh the the python test community
is now on discord uh that the the launch happened in a couple days last week,
and it's going well.
We've got like 89 people in there so far.
If you'd like to be a part of it,
and you're not already,
if you're part of the community,
you would have gotten an email
if you want to be part of the community
and you didn't get the email
or you haven't bought one of my stuff things before,
you can head over to courses.pythontest.com
and you don't even need one of the courses.
You can just grab the Discord community one.
It's there and it's on sale.
It and everything else on the site is on a Black Friday sale,
20% off using Turkey Sale 2024.
And that's just right on the site I'm posting that.
It's not a secret.
However, there is a secret on the book.
So Python Testing with PyTest is 40% off right now.
And you just need to use the Black Friday code,
which is also the same code, TurkeySale2020.
I just wanted to be easy for people to remember.
So learn PyTest easily through sales.
Test your thing.
Enjoy the turkeys. Yeah yeah and i'm having fun
with discord i've had to have had to embrace the uh the dancing logos and stuff and i i know you
can turn them off but i'm actually realizing that i kind of like them now these little doohickey
yeah it's fun the little giffies or whatever very fun yeah talk python's gonna also have a black
friday sale i don't have it launched, but that is my goal for the day.
So I'll put it in the show notes.
People can check it out.
I'm not a hundred percent on the final, final details, but I'm finalizing that today.
I can't believe November is almost over.
What even?
Exactly.
This is my problem.
I do not accept that November is almost over, but hey, it's, it's one, one month less of
rain for us.
We're closer to sun again.
So let's go.
Yeah.
All right.
You ready for a joke?
Yeah.
So this joke, just everyone, Brian has not seen or, or heard this, this joke.
Remember we had the AI, the sad girls, AI sing song, sing the MIT license terms.
Yeah.
This is like this, but this is a heavy metal rock band
singing the verbose output of a curl command.
So if you say curl dash V for verbose,
HTTPS, google.com,
there's a whole bunch of stuff
that comes out, a bunch of tech things.
So we're going to have a heavy metal jam session of this.
And I want to point out,
one, if your volume is high, turn it down.
Two, if you really
hate heavy metal hard rock just go ahead and stop here there's we're not covering anything else i
don't want to use it seriously this is kind of like some intense rock but it's also pretty funny
and i would also like to add on the the videos on youtube the video i'm linking to the there's a
comment that says hi i'm the creator of curl and i wholeheartedly endorse this amazing this
masterpiece with that said if you hate if you hate hard rock you're not going to love it so says hi i'm the creator of curl and i wholeheartedly endorse this amazing this masterpiece
with that said if you hate if you hate hard rock you're not going to love it so just go ahead and
skip ahead everyone here we go Out. DLS handshake cleared. Hello. DLSP 1.3 in the DLS handshake. So hello.
DLSP 1.3 in the DLS handshake.
Crystal extension.
DLSP 1.3 in the DLS handshake.
Certificate.
DLSP 1.3 in the DLS handshake.
Certified.
DLSP 1.3 in the DLS handshake.
Finished.
DLSP 1.3.
Out.
Out.
Out.
Out.
Out.
Out.
Out.
Out.
Out.
Out.
Out. Out. Out. Out. Out. Well, there you have it, folks.
The actual real song is three and a half minutes.
I couldn't do it.
I couldn't play the whole thing for you.
So it's a taster.
Hit the full show.
I love it.
TOS handshake.
Hello.
Nice.
All right, everyone.
Brian, see you.