Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to earbuds. This is episode 263, recorded December 15th, 2021, and I'm Brian Okken. I'm Michael Kennedy. And I'm Laís Carvalho. Welcome, Laís. Before we jump in, could you tell us who you are? Absolutely. So, first of all, thank you so much for having me. Thank you for the invite. And so my name is Laís Carvalho, and I'm a developer advocate for QuantSite.
And I also do a little bit of voluntary work for Python Ireland and a few other Python things around the sphere. Nice. That sounds really fun. The company you work for, I'm not familiar with it. What do you guys do there? It sounds a little bit like maybe QuantFinance, maybe some ML stuff. Yeah, so we do everything. So QuantSite is a consultancy company. But we do, so basically our CEO is one of the main guys behind NumPy. And yeah, basically we do consultancy and everything you need.
Yeah, sounds fun. Brian, you know what else is fun? What is fun? Websites. Yeah. Yeah. And if you think about websites, what web framework in Python is used more than Django? Flask. Maybe Flask. I think they're right on the boundary, but certainly Django is at the top. And I hear so many stories from people who say they got into Python not because they love Python, but because they wanted to do Django.
And I even had a guest recently describe themselves as a Django developer who learned Python because they just wanted, they came for the Django and they stayed for Python, which is cool. So Django has been on a bit of a tear lately in terms of its speed. So I actually went back and looked. If you look at a release for Django 1, that was in May 2010. I think it came out before then, but that's as far as the release history goes back and dates. So 1.0 was in 2010.
Seven years later, 2.0 came out in 2017. It seems like that just happened. Time's flying. Yeah. And then in 2020, three years after 2 was 3. And then now we have Django 4.0. So it's going seven years, three years, one years, you know, who knows? So do we get like five in March? Yeah, exactly. Maybe. Maybe, maybe. But it's cool. Django 4 is out.
It's not a super huge release in terms of what's covered, but some of the highlights over there include, I think I mentioned this, that it was coming, but now it is here, the new Redis cache back in. So there have been previously ways to plug in or use Redis as a cache back in inside of Django. But now it's just, you just use Django's caching implementation and you tell it, by the way, here's the connection string to Redis. And that happens. So that's pretty cool, right?
Yeah. Another thing that Django does for you is it will render forms and stuff based on various things like models and whatnot. And so they've changed how that works to ease customizations of forms and form sets and errorless. They are now rendered using the template engine. So you have more control over how forms and stuff look. And some changes to do with the time zone as well. So that's now using Python's time zone. So I guess it used a different one before.
I never really paid that much attention to which time zone it used. So with the release of 4.3.2 has now reached the end of mainstream support, which is interesting. And Liza, what you're going to talk about later, actually, this is relevant as well, right? I know the thing you're covering talks about Django and versions and upgrades and so on. So that's it. Django 3.2 is a long-term support release. So it will receive security fixes until April 24, but there's no more features coming to 3.2.
All the new features and improvements and whatnot are going into 4.0. So that's pretty cool. And let's see if you go over to the release notes. It now supports only Python 3.8 to 3.10, which I think is pretty cool. That's interesting. Yeah, that's no messing around, right? They're like, nope, we spent too long supporting 2.7. We're not doing that anymore, right? Yeah, I think most frameworks are not supporting 2 anymore. There's a lot still supporting 3.7, though.
So it's interesting that 3.7 is out as well. Yeah, well, they've got the 3.2.1 that still supports that if you want to kind of be on the slow burn. Let's see what else. There's a few things. I'm not going to go through it, I guess. One more highlight maybe is you can create composite indexes really easily with the unique constraints. So you can have a uniqueness constraint that has the first name and the last name.
So you could have the same first name or the same last name as somebody in the database, but not the same first and last name. That's pretty interesting. They upgraded the password hasher to script. And then you can have the password hasher to have the password hasher to have the password. You can have the password hasher to have the password hasher to have the password hasher to have the password. So you've got to have the password hasher to have the password.
And then there's a password hasher to have the password hasher to have the password. And then there's some backwards incompatible changes, things that are breaking changes. And there's also deprecation of some features that were not previously deprecated. So you want to be on top of that as well. So Django 4. Yeah, we're going to get Django 5 in March or something, I'm guessing, right, Brian? Yeah, I think so.
And can we take a moment to just say thank you for the amazing documentation that Django has all over? It's so good. Like, I'm a newbie. And every time I open, I don't really use Django that much. But every time I open their documentation, like sometimes I actually use their documentation to just check stuff about the web development because it's just so, so good. So thank you very much, maintainers of Django documentation, because it's really, really good. Indeed, indeed.
Sam Morley on the audience says, I'm always impressed by how much Django managed to cram into each release. Indeed. And Mark Pender says, howdy all from Ireland. Hello. Nice. Right on. Cool, cool. All right. Brian, what do you got? I got Python minifier. Actually, so this was a suggestion from Lance Reinsmith. So thanks, Lance, for sending it on. But he also sent some reasons. My first reaction was, we don't need a minifier for Python. What's up? This isn't Java or something.
But he gave a couple reasons. The docs for minifier have this sort of convoluted reason. Apparently, AWS CloudFormation. I don't know any of the details of this. But AWS CloudFormation templates can have AWS Lambda functions, source code embedded in them, but only if they're 4K or less. So a small amount of code. So that's one of the reasons why he wrote this package. Lance, the person that sent it in, said his reason for using it is Adafruit boards, which is a cool idea.
I didn't think about that. So what does this do? There's an example on the page of just normal Python code. It's maybe not the best Python code, but normal-ish. And then it replaces it with, like, you know, replaces the variable names with A, B, C, things like that. Some of your typical renaming things. So it has, like, a whole bunch of different techniques that it uses. I'm going to go to the docs. It combines the imports. So instead of on multiple lines, you just combine them all together.
Saves a little space. Removes passes, which is interesting. It removes them to just assigns it to zero in a function. That's interesting. I didn't know you could do that. Hoist literals, that's an interesting thing. And that's just if you've got a literal that's a bunch of different places, it just defines a variable and defines it at the top. Kind of interesting. And it uses a lot of semicolons. That's wild. Yeah. Remove annotations.
So type annotations you probably don't need at runtime for something like this. So you can remove them. Local renaming, a whole bunch of stuff, and, you know, renaming globals and literals. And sometimes, like, if it's an API or if something else is using it, you don't want to rename the globals because those are the APIs. So you can turn any or all of this stuff off. I guess you wouldn't turn all of it off because why would you use it? But you can turn off stuff that doesn't work.
So I would suggest if you're using Minify, test your code, of course, and remove what you need. And I actually, for something like CircuitPython and stuff like this, this might be an interesting idea. And I'm curious. Let me put out another idea about where it may be useful. Can you go back to the example? So just that code sample you had? Yeah. So if you look at it, one of the things you often have to do, and I'm not suggesting this is really a good idea, but it could be applied this way.
One of the things you have to do if you want to ship your Python code around to be used with places is to share your source code, right? And sure, you could send a PYC file, but it's basically the same thing, right? Yeah. So what about if you go in here and run this against something that you want just a little bit more obfuscation? You don't want people poking around it. That definitely looks less easy to read to me. I mean, it could go farther, right?
It could rename like create certain and whatnot, but maybe those are like standard library things. But certainly if you're trying to obfuscate your code as well, there could be some sort of use case there, although it's not super obfuscated. Yeah. It seems like that was a Java thing. I don't even know if they do that anymore, obfuscators. Yeah, I don't know. I haven't been in that world for a long time either. It might help also if you're playing golf, coding golf.
You know, just write one of these. Yeah, indeed. What is coding golf? Sounds like a thing that blacks should have, maybe a flag. That's a terrible idea. Yeah, I don't know what coding golf is either. Really? Okay, so you have like a coding. I just go to the driving range. I don't actually do any more things with golf, so I'm not very honest with it. Coding golf is like the lowest score is the best, right? In golf. So it's coding challenges that you solve with the minimal characters.
So minimal lines of code, minimal characters. And it's, yeah, that's what coding golf is. So you just throw the Xenob Python out of the window. Exactly. It's not easy to read code, but. Okay. Got it. All right. Sounds fair. May the best man win. May the best person win. Sorry. Indeed. Yeah. Also, one of the things it does is that it doesn't advertise is it throws away all your spaces and replaces them with tabs. And. Oh, interesting. Yeah. It does look very tab filled in the.
Well, it makes sense. You know, four, four spaces versus one tab to the forex reduction right there. So. Yep. Yeah. Sam says, Elias, you're, you're in for a treat. Code golf stack exchange is fascinating. I can only imagine. Yeah. Indeed. All right. Well, your topic is up next. This is the one I was alluding to earlier, talking about Django and support for old things and so on. Yes. Yes, indeed. I think it's a watch for the tip as well. So then this is, it's time to stop using Python 3.6.
So in one week and one day, Python is dropping support for, well, Python 3.6. So there's not going to be any more releases after that. So basically, well, you should update Python. If you are using Ubuntu, then you can say, well, I don't really have to update right now because, well, Ubuntu has long time support. But it doesn't necessarily work like that because, well, the Python dev team is not going to support your Python 3.6 anymore, which basically means that. Exactly.
Yeah. That's what we were just talking about with Django, right? Like, just because you might be on an LTS version of Ubuntu that will still let you use 3.6. Well, you're going to have to give up all the new libraries, like, so long to Django 4.0 and probably FastAPI and all the things, right? Yes, exactly. So you have your dependencies that are going to need to be updated anyhow. So you should update. But then I have a question. So Nubi here.
I looked around when we were preparing the notes for the show. I looked around and I tried to, because I'm using 3.7. So I'm still okay. But I was looking. I wanted to try the 3.10 new stuff because I listened to a few podcasts ago and you're talking about the wonders of Python 3.10. And I was like, okay, so let's update. But then I couldn't find the best way to update from 3.7 or let's say 3.6 to 3.10. I saw some people saying that it would be better to just update gradually.
So go from 3.6, 3.7, 3.8, 3.9, and then 3.10 because it could fix the dependencies easier like that. But then some other people just say, just go straight to the version you want and then just deal with the problems when you get there. Just rip the bandaid off. Yeah, I don't know. Yeah, I'm with Brian too. Go as far ahead as you can and then see if it works. All right. So just go 3.10 straight away. Okay, cool. That's what I would say. But the question is still open. How do you do that? Right?
It depends, I think, on what OS you're on. For example, on Ubuntu, 3.9 is really about as far as you're going to get without some jumping around. Like that's the latest Python 3 that it'll give you. On Mac, you only have two. So you got to install something, but you could download the installer from python.org. You could homebrew it or you could do other things. You could do PyE&V like Brandon Brunner out in the audience has suggested. I got started with PyE&V.
It makes this kind of thing trivial, true, except for I can't get it to work on my Mac. Maybe it's an M1 thing or an Apple Silicon thing, but it just won't install anything. So it's not trivial for me. But when it works, you can just say PyE&V, give me 3.6. You can be very specific. Like give me Python 3.11 RC2. I want that one. And it'll put them all side by side. So, mate, what do you think, Brian? I think I'm on PyE&V now, but it's because I test a lot of things.
For normal people that have an application and they just want to upgrade, I say, unless you're on Ubuntu or Linux, I say just go to python.org and download the latest one and install it. It works on Windows and Mac, usually. On Windows, there's the Windows installer. You can go to the Windows store. That works. But the python.org one works good, too. So, usually. Yeah. All right. Yeah, indeed. Of course, I'll try and I'll let you know how it goes on Twitter. Right on. The best I can do.
Give us a report of what you've found to work. Because I drew the question on Twitter as well. And then I got a bunch of people saying, don't go 3.10. Yes, it's not great for production. Go 3.9. And then other people just say, no, just rip the Band-Aid as you did, Mike. Yeah. So, okay. The Aachen Doctrine. I mean, I only support little tiny projects, though. So, in Python, I support big things in C++. But I would run your tests, you know, upgrade, run the tests, make sure everything works.
Yeah. Oh. Well, your conversation's got a whole bunch of stuff going off in the audience here. Alvaro says, NumPy is dropping support for 3.7 sometime this month. So, that should push the data science community to update. And then, also, on Ubuntu, you can install the dead snakes PPA. And you'll get now versions of the latest version of Python. Okay. That's interesting. Yeah. I saw that that snakes PPA. Yes, indeed. And I saw that in Ubuntu, that's really easy to do it.
But still, you can find tutorials saying go gradually. And then in other tutorials, it's the same. Yeah. Just go straight in. Yeah. Sam says, just compile from source every time. That's what I do. That's what I'm doing in production. But I'm doing homebrew on my Mac. All right. Maybe that's enough. How do I get the latest version of Python? But you were going to make a comment about Java. Is that right? Oh, yes. Yes, that's true. So, because I saw, I was doing a little bit of research for this.
And then, there was a little bit of a discussion of the third-party libraries and the frameworks that will drop support for 2.6 soon enough, as Alvaro just mentioned. So, then, I saw on Twitter, someone mentioning, let me put it here, that, like, using the Java, the new Log4J problem, let's put it like that. Log4J, it's so bad. This is so bad. Yeah. So, using it as an example for how, like, you should upgrade your version, the version of the that programming language is using.
And then, they talk about, yeah, so they say that you should upgrade as soon as you can. Yeah. What an interesting example they gave. Because this Log4Shell thing that I'm going to actually talk about a little bit later. But the problem is, you have to upgrade Log4J to a patched version. The patched version only works on Java 8. So, if you've been dragging your feet, in a sense, and staying on an old version of Java, well, now, all of a sudden, it's not just replace a library.
It's completely upgrade the Java you're running on. And if you were dragging your feet that hard, there's probably some kind of reason that it's a pain and not well-maintained or something. And so, instead of just going, oh, we've got to quick fix this problem because it's a super, a super big deal. It's now, all of a sudden, you've got to do a major upgrade when you weren't planning on it, right? That's bad. Yeah. And then, you have to have this meme. Oh, this wonderful meme. Your next task.
This is from the Squid Game. Your next task is to figure out which applications in your organization is using Log4J. You have 10 minutes. Oh, that's good. I didn't catch the meme. Yes. So, then I think, Michael, it's you now? It is. It is. Awesome. Well, yeah. Thanks for highlighting that article. That's a good one by Itamar Trauer-Turning. Trauer? Trauer-Turning. Yes. Okay. So, what do I got next here for us? Not Django, but something fun.
We just had what was probably the most contentious Formula One season. In 10 years, at least. And one of the most wild ones, for sure. The championship was decided on the final lap of the final race. Like, literally, the two people were contending for it. Hamilton and Verstappen. They were literally tied on points going into the final one. And the final move was done on the final lap.
So, I wanted to highlight this article here called, How to Visualize the Formula One Championship in Python Using the AirGast API in Seaborn. So, for people who are in data science, I know if you're learning it, one of the challenges I have of learning those tools is I don't have a great professional need for them. I don't use that kind of stuff to analyze data that I work with that frequently. So, my chance to learn Seaborn, for example, it's pretty limited.
So, finding some example or some fun project you can do, that turns out to be super important. So, I thought I'd pull this up as something people could do to learn to play with this kind of data. Now, if you're not yet into this stuff, check out the Drive to Survive Season 3. I think I got the wrong link here, but I put the trailer to it in the show notes. So, Netflix did a great series that is really good for people to just sort of get into it.
And also, there's like an eight-minute highlight of the last race, which was absolutely crazy. But, what I want to talk about is some cool stuff that Jasper, just goes by Jasper, no last name, over on Medium. So, introduces this thing called the AirGast API, which if you go over there, it's looking a little old school, but not very, how do you say, not very restful, for example.
So, for example, you can come over and we could get like details about the third race of the 2008 season by just going API F1 2008 3. And it's going to come back with, well, a series of tables, which is not necessarily that useful. And I thought the way you get the JSON, you might do like an accept application slash JSON type and not HTML or something. But no, you say 3.json. And that gives you the API there. So, that's pretty cool. And you come through here.
And basically, they talk about how to use Pandas, NumPy, Seaborn, and that API to just build some cool graphs that actually show you the position of all the drivers across the entire season. Right? So, if you want to build this picture you see right at the top of the article and play around with that data from that API, then this is the way to do it.
One other thing that's pretty interesting from this article that I had no idea about is over on PyPI, we have FastF1 as a package, which is a wrapper library for F1 data and telemetry APIs with additional data processing capabilities. That's pretty cool. Yeah. So, you go down here and they'll show you how to build this really cool graph of lap by lap, the times, the various drivers. You can see in the beginning, there's all sorts of chaos because there's people jockeying for position.
The cars are heavy. They're full of fuel. So, they go slower. You can sort of see as things spread out, as the cars lighten up and stuff because they burn off 100 kilograms of fuel, then they all kind of get faster and better times. So, you can get cool graphs and exploration of all this stuff here. And the way you do it is really interesting as you just go over to this FastF1 and you enable the cache because it downloads some stuff and you don't want to have to download it twice.
You can say, give me this season, this Grand Prix, give me the race details, load up the laps, and then you can start just working with the data in this really interesting way. So, if I was into data science and I wanted to learn some stuff, this might be a really cool real world data set that you can play with. What do you all think? I like it. I think I might actually try to know more about Formula One just so that I can talk with Anthony Shaw's a big fan. Yeah. Indeed. As am I these days.
It's a lot of fun. It was really a cool season this year. And yeah, check out the highlights from the last race. It was absolutely off the hook. Liza, what do you think in terms of a data science project here? A data science project? Wonderful. Like, especially if you actually like this. I have no knowledge on F1. I actually worked for a company that was like the, I think the founders of the company were in love with F1. And that's how they got together to found the company.
And I got to talk to them and like a certain one specific circumstance. It was like, oh, you like F1. That's awesome. I know nothing about it. So please enlighten me. If you're interested, check out the Netflix Drive to Survive series. That's the easy way in. It's lots of drama, not like the boring sort of 30 minutes in between the things that actually happen. Okay. Yeah. What some of the people from the US don't understand is that they can turn in two directions. That's odd. So odd.
However, Brian, just before we're off this, the US Grand Prix for the first time, I think was the most attended race ever, certainly for F1, but maybe 400,000 attendees in Austin, Texas this year. Wow. So apparently it's becoming a thing. Like soccer became a thing in the US when it didn't used to be. And now it is. I think this is as well. Yeah. All right. Alvaro also says, interesting about interesting libraries. Last week, I found DuckDB super interesting for data science as well.
Yeah, definitely. We've only touched on that a little bit, but yeah, it's a great one. DuckDB is like a new database, like, I don't know, CockroachDB? A different, but I believe it has integration with like pandas and stuff, if I recall correctly. I think so. I'll have to look it up, but yeah. Cool. I'll do some real-time follow-up, but Brian, tell us about NBdime. NBdime. NBdime. So another listener suggestion, Henrik Finsberg, cool last name.
He said we recently covered Jupyter Notebook Terminal Viewer. We covered that in episode 258. He's correct. But he said, hey, you should check out NBdime because it's been around for a long time. And it does something similar. So I definitely did. And I think this is a really cool set of tools. So we've got, not only does it do an NB show, which does a... Right. That's the Jute equivalent is the NB show, which is cool.
Yeah. But it's, this is a set of tools that is around the needs for diffing and merging notebooks. So like if you're keeping notebooks in a Git repo, you'll have to do things like this. And so one of the, it's got a bunch of tools. It's got diff. It's got merge. It's got diff web. So you can have a rich rendered diff of the notebook. And NB merge web. So web, a three-way web-based merge of notebook tools. This just looks really cool. And I definitely think it's worth checking out.
If you, if you work with notebooks and work with teams, you need to do things like this. So. Oh yeah. This looks great. Yeah. Diffing and merging notebooks is tricky for sure, because the actual on-disk representation is basically a JSON document. And then it embeds the output in there as well. Right. So if you ran it against live data and you got some output and you run it again, of course, that's going to be different, but that's a, you know, straight Git. That's a merge conflict, right?
Yeah. I'd be interested to know how they deal with that. I haven't looked through this, but you probably. It looks like it understands the cells and then just the cells or something along those lines. Probably. So. Yeah. That's super cool. Yeah. This is a great one. Thanks for the recommendation as well. All right. Lise, you're up next. Yes. So we found out. So first of all, this is a recommendation from Fridolin. He works. He's a software developer at Red Hat.
So thank you very much for the suggestion. And this is Project Dot. So basically, this is an open source cloud-based Python dependency resolver. So we all know that PyPy just launched a new dependency resolver. Yeah. Yeah. That was a big deal. There were some breaking changes to PyPI and stuff like that. But yeah. Yes. And well, show the first stone who never had dependency resolving issues with PyP. We've spent so much time like, okay, so it's not this library. It's this other one.
No, it's not this version. It's this other one. So this Project Dot basically comes to solve this issue and it uses reinforcement learning to solve these dependency issues. So basically, from what I understood, it's a smarter pip.
So basically, it uses a few inputs from the developer, such as like the speed of the execution of the code and if there was any errors and your hard drive version, etc. Yeah, it's not just what version do you want, like greater than 2.1, but you could say, I would like one that's relatively stable or I would prefer security over recency or something along those lines.
So there's a lot of different inputs to this machine learning model that then will give you the result of like pip install a thing. Yes. And then it pre-computes this whole dependency information and puts it in a database and then it just keeps track of it. And then the logs that result from like actually installing the dependencies of that environment, then I use to go into as input into that reinforcement learning algorithm. And they use that then to create future resolutions.
So basically, just make the whole process of dependency resolving much faster and much easier. Yeah. It sounds like a great thing. And I tried testing, but well, I got it to a little bit of an issue with my past-term versions. I was like, oh, I'll deal with all of this later. Yeah, exactly. Can you scroll down to the code sample where it's talking about Thamos or Thamos? I don't remember the term exactly. It's a little further down. It's like a code call out. Keep going. Keep going.
I've got a little bit right there. So yeah, so the way you can use it is you pip install this Thamos thing and then you configure environment and then you add dependencies with some suggested version like approximately Flask 1. And then you ask it to advise you on your current setup. And it'll go through and it actually analyzes the code and does a whole bunch of stuff. And then it'll give you some information.
I don't remember exactly all the details of what it would suggest, but it'll give you information about the various dependencies that you have installed and so on. And also give you suggestions on hardware and OS versions that you should be using. Yeah. It's quite smart. I thought it was quite interesting. And it's in beta phase.
So if anyone that is listening would like to try it and then maybe just give some feedback back to Red Hat there, they'll be very, very, very happy to hear from the community as well. Because it's an open source project. So please, collaborate. Yeah, check it out. And it looks like it might have something to do with OpenStack and their whole cloud story over there as well. Although I don't believe it explicitly said it.
It doesn't seem to be tied to it, but it seems maybe motivated by that as well. So yeah, cool. That's a good one. Interesting. Brian, some real-time feedback here. So we covered this article, Efficient SQL on Pandas with DuckDB. And one of the cool things you could do is create a Pandas data frame and then do select queries on top of the data frame. That's pretty cool.
Yeah. So for example, remember you have like a local variable and you say the name of local variable in the query and it like reaches into the call stack and grabs that out of the context and then works with it. So yeah. Anyway, this is one of the data science-y things. Nice. Yep. Fine. Brian, is that it for all of our items? I think it is. Yeah. I think you might be right. What about the extras? You got any? I do. Actually, nice timing for today.
So Pragmatic Bookshelf, they're the publishers of the pytest book. They're running a sale, actually 12 days of Christmas sale. So every day is something different. You don't know what it is. I don't know what it is. But today, my book is part of it. So you enter a promo code and you get 50% off $50 spend. So you got to order a couple of books because they're not that expensive. But anyway, it's pretty cool. Cool. Yeah. Hopefully that does well. Liza, how about you?
Got anything extra you want to give a quick shout out to while we're here? Oh, yes, of course. So I am a volunteer for Python Island. And Python Island has a speakers coaching session happening on the 22nd of January. So it's basically we're offering for people that would like to be a pro on giving talks. We're offering a workshop. It's the entire day. And you need to say that you need to just like give us your words that you're going to give us a talk as like a practice thing.
But it's quite it's a very interesting workshop thing. And if you would like to be part of it, just go into the meetup.com slash Python Island. And it's the 22nd of January. Yeah, that's a cool service. I guess you would call it a cool option for speakers because speaking is one of those things that really can open doors and help get you connected. But it's also super stressful. The very first time you do it is in front of the audience and it's being broadcast.
And also like the tips on how to put a talk together, because there is that anxiety as well. Like, I have a talk, but I don't know if my thing that I want to talk about is a good thing or I don't know if my slides are good. I don't know if I know how to actually convey the message. So we would love to help you with that. And I won't be the one giving the workshop. There is a proper person there that has experience in doing that.
So, yeah, I've done the workshop, though, and it's a great workshop. Yeah, nice. And then I have a few other extras, though. Can I just go on? Yeah, yeah. Cover as many as you want. As many as you got. Cool. So then I also found, I don't know how many newbies we have listening to us today. But for people that, since we're talking a lot about data science as well, there's a bunch of data scientists and other people around that don't really know how to deal with Git.
And even for me as a person, my personal experience with Git initially was so hard. Yeah. Why do I have to commit it twice? Why do I have to do that? I just want to commit it. What's this push about? And then what do you mean, where am I? I am here in front of my computer. Yeah. So if you want to learn Git, there is this website called learningbranching.js.org that gives you a step-by-step with a visual manual of how to actually get Git done. So you have lessons.
So you can click on the lessons and then it gives you an explanation with some best practices. And then it gives you snippets of code as well. So you have like a thing that kind of moves. It's, yeah, it's quite like straightforward and it's quite interesting. I don't know what happened here. My computer, I think, stopped working. Yeah. Anyhow. So it's very interesting. It's a very visual way of learning Git.
So if you're struggling with Git and you don't have time to read the book, actually, first thing, read the book. Chapter, I think chapter 10 of the Git book is the most important one. It teaches you the main things that you need to know. But if you don't have time to do that, then if you want to train a little bit with a GUI, just this is the most straightforward thing that I found around. Yeah, that's cool. I like how it's like a little fake shell.
Yes. And if everything was working, I could show you that like you have. So you do, you click here and it's like it's very GUI based. But then as soon as you get out of this thing, you need to train to pass the face because it's kind of like a game. Okay. Then you need to type it. So you're like. Oh, I see. So it has you do some kind of branch thing or check out and then it watches to make sure that, say, the branch was created or something. Huh? Yes. Yes. Like you have a check.
It's quite interesting and it's quite good for money. Yes. Yeah. Oh, yeah. Nice. If you could pick. No, you can't. I don't know what's going on. I'm sorry. No worries. It looks cool. It's a good suggestion. People can check that out in the show notes. Yeah. So. Yeah. I like the visuals. This is the one. So you can type, let's say, Git commit. And it's here. You can see what happens and it tells you. So, okay. So you did a commit and this is what happens.
And then you can go back to the instructions if you don't get it. It's quite interesting. And then just to close the extras. So I started coding with Python for a very short period of time. And then I switched when I started IT. I switched to Java and then I did a few years of Java. And then I went back into Python. But then when I went back into Python, I was like, well, I know Java now. And what's going on? What is this language that is not verbose at all?
And you can do whatever you want with it. How do you do objectively? There's no rules. What's happening? Exactly. What's the story? And I struggled a lot to find a straightforward tutorial and a straightforward manual. They'll tell me. So this is the comparison. This is what Python does. The Java doesn't do. Or this is how to do things in Python. And this is how to do things in Java. This is the comparison and blah, blah, blah.
So then I found this real Python article that was just being published, I think, maybe a few weeks ago. I wish it was around when I started, but it wasn't. Yeah. It's only like five days old or seven days old or something. Yes. Yes. So it tells you like very straightforward way the differences and the similarities between the two languages.
And talks about the Python data types and talks a little bit about as well the center of Python and how we do things in Python and how we do things in Java and then standard library. And then comments as well as about perhaps and tutorials and documentation. So it's very, very, very interesting if you're starting with Python coming from a Java background. Nice. Yeah. That's cool. I think using your existing skills to level up is a much better way. Like I want to know how to talk to a database.
I can do that in Java. How do I do that in Python? Oh, I see. Okay. Now I got it, right? Yes. Cool, cool. All right. I got a few extras as everyone may imagine. First, a quick follow-up for people who are getting started with Git and you want some more help, consider using OhMyZShell. Why? Because if you go into a Git repository here and you type Git, you can hit tab. It'll give you all the top level features of Git. So like branch, clone, checkout, commit, whatever.
So if you type Git branch and hit tab, though, it'll actually list, give you tab autocomplete and arrow autocomplete for all the existing branches, for example, and stuff. So if you're having a hard time on the terminal and you want some help, you can just do ZShell and it'll actually give you like super deep autocomplete on the terminal, even into, say, your project structure, your repo structure. So that's cool. Don't go there without that. But for my actual things, I gave a talk at FlaskCon.
So that talk is up, which is really cool. It was on HTMX and Flask and Jinja partials and things like that. So people can check that out. That's good. Brian, I've talked about why Firefox is awesome and people should be using it more and not letting it fade into oblivion. As everyone thinks, Chromium is the core that we should all be building on. And they just came out with a really cool idea called RL blocks that would be applicable to other browsers as well.
So one of the problems with web browsers is they accept all sorts of input from random strangers on the Internet, which is generally not a good idea for security, right? And it's not just the browser, it's the plugins. And so you've got things like the Ogg format or Wolf is a font parsing library and all these different things that you might need to run inside the browser. But you really get them from somewhere else, right?
So, for example, if there's a problem with, say, the Ogg parser and you load an Ogg file, then, you know, the browser gets hacked into. And there's things they've been doing to try to restrict that with, like, sandboxes and stuff. So this thing, I'll just give a quick shout out to R blocks. What they're doing is insane. As somebody who does a little C++, tell me what you think about this. So what they do is they use the LLVM, or no, clang here.
They use clang and they take these libraries like Ogg. They compile them to WebAssembly. And then there's another thing called WebAssembly to C and they compile it back to C. And then they compile it into the system as if they hadn't done anything to it, which sounds weird, right? Why would you do that? But what it does is it strips out a bunch of intermediate steps where viruses could live and uses WebAssembly to, like, put those checks as part of the system and then puts it back into C. Okay.
Yeah. So anyway, this is a pretty wild thing that they came up with. So just worth a quick checking out. And then, Liza, you mentioned this Log4J thing. Yes. We're all going to be suffering from this for so long. This is so bad. So it turned out that Log4J, the problem with Log4J is, let me describe this in Python terms and just see what you all think. So Log4J has this ability to parse the strings you put into the logs. So I want to log out a message.
But instead of actually getting a user, like, say, instead of going to the code and getting, say, the machine name or the IP address that I'm on, I can put, like, a little symbol in the log file and Log4J will go, oh, what you need is you want me to, say, pull in the IP address locally and then write that in the log. That's maybe okay. They also have this ability to run code that they don't know.
I mean, you did some Java. They have this ability to run code not in the local class library but on a remote machine somewhere else out on the Internet called, was it J-N-D-I? J-D-N-I? I don't always swipe the order. Well, it turns out you can put the J-D-N-I run code symbol into your log file. And then the log message will result in running code from anywhere on the Internet in the process of your thing that's trying to log. And it can come from anywhere. It is so bad.
If it's in a header file, if it's in the URL, if it's in the email address where you expected email address, you put in, like, dollar bracket J-N-D-I colon some path to the virus. Literally the attempt to say this user with this email address failed to log in results in running the virus. Anything that you may ever log, user agents, like, you name it, run virus remotely in this process.
And anything you might want to log in, you're typically logging bad inputs, so you can log attempts to hack your system. There were, like, 850,000 hack attempts within the first couple, like, day or two of this. It's going to be not good, which made me think of just a quick little fun comment here of an XKCD that someone put on Twitter after this. Because it's all about this log for J that's not really funded. So all modern digital infrastructure is like this Jenga tower.
And then at the very bottom, it's a project some random person in Nebraska has been thinklessly maintaining since 2003. Pull that out. It all comes down. So that's the world we live in. Yeah. Yeah. Especially because there was this thing, this movement on Twitter of people just blaming the log for J developers about it. Yeah. And some other people just show up and, well, they haven't been getting paid for all the work that they're doing. And everybody's using the application throughout.
There's certainly a conversation to be had about how much energy and time should these large companies be putting into supporting open source stuff. Right. And it's, I think there's so many little things like log for J that nobody feels like they're using. Sure. Their web framework might use it, but they don't actually want to use it. It just happens to be what their web framework shows. But they are built on top of it as they're learning. I'm sure there are many sleepless nights on this.
I don't know. Not good. As a Java person, what do you think about this? Actually. As a representative of all Java. Yes. No pressure at all, right? No pressure whatsoever. I can say as someone that has worked for open source for a while now that there is a big discussion to be had on that. But there is also a big discussion to be had on how do we want open source to be sustained from now on? Because the way that it's going is not sustainable when we all know it.
And we have big companies and we don't even need to name the big companies. But we have really big companies. They have been using and are starting now to do open source projects simply because it's good for business. Because it gets people hooked into what they're doing and then, well, you're going to have to use our open source packet now. And that's us taking the market. But we need open source to be at least a tiny bit more sustainable because the way it's going, it's not good for anyone.
Yeah. I guess one final thought on this. This was not a bug that was found. This was a feature that was used in a way that people didn't expect. I can expand variables. I can run remote code. I can run expanded remote code. Oops. All right. But let's bring it back to Python with a joke. What do you guys think? Yeah. All right. Liza, you got the first joke. Hit us on this one.
So we were talking about virtual environments and how much fun it is to set up Python and use all your virtual environments because you have, well, fans and ppams and condes and everything else. And how much everyone always complains about having to set up their environment before installing Python. So I found this. So apparently this would be society if you didn't have to use virtual environments to install Python packages. Let me try to describe this for the world who is just listening.
It's like the most idealistic, futuristic view of the world. We've got like monorails and there's just shining silver spaceships zooming through the sky. And it just looks like, oh, yeah, here's the perfect future. We all dreamed we were supposed to have. Yes. That everyone, everyone types Python. Everyone knows Python. But you don't have to use virtual environments to install their packages. Imagine. Are you telling me that virtual environments denied this from us?
No. This is the reason why we can't have these things is because people don't learn virtual environments. That spaceship has its own environment. The little house over there that's running a different version. Yeah. Because of its environment. That's a good way to look at it, Brian. I like it. Yeah, me too. Brian always brings the other side of the things. Where it's like, oh, the data perspective. It's wonderful. Thank you, Brian. Yeah, thanks, Brian. All right.
The joke I was going to cover is actually that Jenga tower I already showed. So I'll just leave it at that. One real quick bit of follow up here. Because I think this will be helpful to people. Jeremy Page says, if you are on bash instead of z shell, the package bash dash completion will also allow git command tags, branches, etc. to autocomplete. And I never read a book. I just like, I think I read an article that's like the 10 git commands you need. And I've been good since. Yeah. Oh, yeah.
Okay. Mr. Waze Kidd. I can't. Exactly. And Brandon says, you don't need virtual environments if you just set up a new virtual machine for every project. That's true. Yeah. Docker will save the world. That's right. I agree. We could have the same picture with Docker, but they'd all just be cubes just flowing around. Cubes. Yeah. Like, yeah. Pack it. There's shipping containers everywhere. Shipping containers everywhere. With wings. There's also the pragmatic.
Exactly. The pragmatic Mario says, I click buttons on VS Code. Go GUI. All right, Brian, you want to take us out of here? Yeah, sure. Let's, thanks everybody for showing up for the show. And it was really a lot of fun. Thanks, Leiaz for, sorry, Leiaz for showing up. It's been great. Bye, everyone. Thank you. Thank you for listening. And thank you for the invite again. It was a pleasure.