Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds. This is episode 365. Wow. Recorded. It's like we've been doing it for a year. Yeah. Recorded December 19th, 2023. Yeah. And I'm Brian Okken. Hey, I'm Michael Kennedy. And yeah, if we did it, if somebody listened to one a day from now on, they would be behind because we'll be way ahead of 365 by the time they finish. Still be awesome. Well, want to kick us off with something cool?
Oh, before we kick it off. Yeah, go ahead. Let's say that this episode is sponsored by us. So please support us and other people. I'm going to talk about that a little bit later at the end of the show. But also check out all the courses that Talk Python Training. Check out the complete pytest course. You can be a Patreon supporter. And also, if you want to connect with us, one of the best ways to do it is through on Mastodon. And we're all on Fosstodon, or at least Michael and I are.
At M. Kennedy, at Brian Okken, and at Python Bytes. Indeed. Hey, do I feel like I'm really fast, Brian? Like Neo in the Matrix? Mind-bendingly fast? Let's go with yes. Okay. I appreciate that. Because this, I just got fiber, gigabit fiber installed 30 minutes ago. I was hoping it wouldn't destroy the show, but it almost didn't make it, but it made it. Ooh. Nice. So hopefully that doesn't curse it, that something doesn't go wrong and it will crash.
But 950 megabit down, which is fine, but 950 megabit up is glorious. We should speed up the playback speed when we release the MP3 so it sounds really fast. No, we're talking really fast because it's really uploading. Yeah. No, let's talk about Hatch because Hatch is awesome. Ofek is the maintainer and creator of Hatch. And boy, oh boy, has he gone big on his latest release, 1.8.0. So Hatch is like Flit, is like PDM, is like PIP, ENV, and many of these other poetry.
Others, if I'm leaving your version of this out, I apologize. But with version 1.8, this has gone in a bit of a different direction. You know, I had Ofek on the Python packaging panel. I think Steve Dower was there. Some other folks were there. Really interesting that there's this tension between should there be an app that manages Python environments with Python, or should there be a thing that manages the Python itself? Right? Kind of like PyEMV, for example. Right?
So Hatch has gone in that direction of now Hatch manages Python, not just Python projects. And there's this thing to solve this problem in the form of PyApp. So PyApp is even maybe more awesome. PyApp is a runtime installer for Python projects written in Rust. And they can be, you ready for this? I'm so, so excited. Your Python app can be distributed as a standalone executable, a .exe or .app for users. What do you think, Brian? I'm very interested in finding out more.
Now, this whole post is a little bit wordy. So let me jump into the omnivore version of it over here, which has a huge icon. So Ofek says, look, one of the things that's been a perpetual problem for Hatch and all the others I named is that Python itself is a dependency. So in order to use Hatch or any of these other tools or any apps, you have to say, well, go get Python and then get back to me and we'll start talking. Right?
So he came up with this thing called PyApp that will create installers for the different platforms. Claims it's trivial. It's probably never trivial, but possible. Possible would be awesome even. And so starting with this releases, not only are the binaries available for every platform, but there are installers as in like install wizards on Windows and a DMG type thing, I'm guessing, or a PKG on macOS. That's awesome.
If you have ever in the recent days tried to put something onto macOS or Windows, there's a whole nightmare of digitally signing around it, Brian. So you can't just get a binary and give it to somebody. The platforms will freak out. They won't let you open it. Like macOS will not let you open it unless you go into settings and say, allow me to run apps from untrusted developers. And Windows gives you this big, scary dialogue and tries to not run it.
So that's why this next part- It's not developers that you don't trust. It's developers that Apple doesn't trust. Yes, exactly. You may or may not trust them, but that's a different conversation. It's a fair feature, but it makes creating desktop distributable apps super painful. So check this out. Halfway there. The installer for macOS is signed using a certificate. So you already, your apps built with this are already trusted. Honestly, I don't know how this is possible.
I mean, I know why, how it works. I'm not sure that it, how it's allowed, but I'm all for it. So, because I have dealt with Apple and they are not lenient in any way, shape or form when it comes to stuff running on their platform. But so the installer for the macOS is signed using the certificate from the same account used to sign the official distributions of Python. So you won't get any security warnings or blocking. Thank you, Ederbin, for helping out with that.
And Hatch itself with any good system is self-updating. So you can hatch self-update. What else I want to point out? There's also a new Python, like hatch space Python command group that will allow you to manage things. So you can show what you have installed. You can install different versions of Python, CPython and PyPy for those. It works with virtual environments. It has built in rough and Ruff format integrations.
And traditionally, it's been somewhat slow to like activate and set up a virtual environment that's already previously been installed because it'll refresh and recheck that all of the dependencies are there and everything. So now it does a hash of those. And so only if the dependency statement doesn't match the hash, right? Basically, so it'll pre-compute all that stuff. So now it should be basically instant. So also some minor breaking changes around build defaults.
And the new app build target is what I've been raving about. So, OFAC, you killed it. Can't believe it. It's awesome. Awesome. So Hatch has hashes? If you hash a hatch with hashling and, you know, like there's some kind of tongue twister in there we could do. I'm not doing it though. Gotta be. I'm excited about this. It's very cool. I definitely want to play with it. Yeah. Yes, indeed. Over to you. All right.
Well, I'm not sure how long this has been out, but Hinnick has been promoting a new project that he's got called services. He's got called services or SVCS, which is short for services and pronounced services. And it is a, I think it could be used for more than web stuff. And it was for removing some of the web. Like your database and your cache and all sorts of stuff to an application. typically a web application. Typically a web application. But I think it could really be anything.
But it's a flexible service locator. And one of the reasons why I haven't covered it yet on Python bytes. I don't think I have is because I didn't quite understand what it was doing. And it took me a while to get my head around it. But it's pretty cool. And Hinnick apparently realizes that it is a bit difficult to get your head around what this is doing. So he just recently released a video describing this project.
So really great video describing services, what you can do with it, and also how to pronounce his name. He doesn't pronounce his last name, though. Apparently that's left for maybe episode two. But I love, I guess. Anyway, it's pretty cool. Actually, I'm pretty excited about it after watching it, watching the video.
I thought maybe it wouldn't be for me, but especially for keeping services contained or the setting up services, looking them up within different parts of your application, and then getting them all cleaned up correctly at the end. That's kind of what it does, plus a whole bunch of other stuff. And one of the neat things is throughout all of this documentation, the documentation is amazing. Throughout all the documentation, he has examples in AIo HTTP, FastAPI, Flask, Pyramid, and Starlet.
Nice. So the video is talking about Flask, but it's cool that he just already hit all the bases. Like, how do I do this in Starlet? Well, it's just a little different. Most of them, mostly they're similar, but little different ways to use it throughout the different applications. So it's pretty cool. He also mentions in the video that he took a really long time really talking about the terminology and the glossary of the documentation.
And actually, I really appreciate this of somebody saying, okay, this is generally what I think of is what the meanings for all of these words are. And it's a lot of these words are, they're overused in the English language to begin with. And even in talking about programming, web programming, but things like what is the service? What is a resource? What is a dependency? Service layer. He goes through a whole bunch of different terms, what it means to him and probably to everybody else.
But if you're unfamiliar with them, and even a decent discussion of dependency injection. So one of the things he talks about is that this is not really a dependency injection thing. It's inversion of control, but it's a little different than service. Service locators are a little different than dependency injection. And I kind of appreciate that discussion. It's pretty cool. So anyway, kudos to Hinnick for doing this and for helping us pronounce his name. Yeah, this looks cool.
I definitely want to check this out. It's news to me, so I will be checking out. Cool. We have new leaders, Brian. We do. Yes. For the Python world, we have new leaders. And specifically, the steering council election results are in for next year. Okay. So for the 2024 term, we have Pablo Galindo Salgado. We've got Gregory Smith, Emily Morehouse, Barry Warsaw, and Thomas Werther's orders. So very cool to see them all leading the way. There's a lot of familiar faces there. So that's.
That's pretty cool. I don't expect a whole lot of different from the year before, but here's the results. You can actually see in PEP 8105, you see everybody who was potentially a candidate, how many votes they got by people who are disenfranchised. I don't know what that means. Or the not the franchised voters, the one who are enfranchised, how many votes that they got. And you can put that all together. So this begs the question, like, well, how do you get on this list?
You get on this list by being nominated by a core developer. So everyone on the list was nominated by a core developer. If you are a core developer, you can nominate yourself. So that could be the person you see here, because everyone I see, I think, is a core developer. Okay. But anyway, the results, the results are in. And we have those five folks. Welcome and congrats. Awesome. Nice. That's a good set of names, too. Yeah. So. Yeah. All right. Indeed.
Well, there probably is some protocol around the election results, right? No, you could model it with classes, or you could functionally model it, like, in an immutable way, but I don't know about a protocol. Okay. We're just great at transitions on this podcast. The next, I want to talk about Python protocols. So there's an article from Carlos Vecina, I think, called Python protocols, defining a protocol and when to use it.
And actually, this is something that I have, I've been meaning to play with for actually some years, and I haven't really done much with it yet. So I really appreciate this article. He's talking about protocols are a feature of Python that were added in Python 3.8. So really anything maintainable right now can use protocols. But they're, and you kind of, they're, mentally, I think of them kind of like class inheritance or mix-ins or abstract-based classes.
And that's one of the things he talks about in this article is, is they are in that same similar space, but you use them a little different. And you might use them together with other forms too, like with mix-ins and abstract-based classes. So the article just goes through on how to define a protocol and really, and he's also discussed, also a decent tutorial on abstract-based classes and mix-ins as well, which is nice to kind of describe them all together.
But the protocol thing is just sort of, let me see if I can find an example. So you inherit, you have a class that's inherited from protocol and you give it, you kind of give it function definitions, but don't fill in the body. So that's kind of what a protocol is. And then other classes that use the protocol derive from that, you know, from that protocol, from like in his example, there's a class called, explainable, that something that has an explain function.
And so you would derive from explainable and then your new class would have, would, would be a instances of protocol. But all it really says is that you can, other places that use it for types and stuff can declare that they need some, need a protocol passed in or a explainable class. And then you can use anything that derives from that. So pretty cool. Yeah. Brian, let me jump in and just say one extra point.
Brian, let me jump in and say, hey, what's awesome about this stuff is we've had duck typing like this. There's an assess fairness function that it has to call explain on the object passed in. And duck typing said, well, if it takes that, if you can pass it in there and it will run when you call explain on it, it must fit. Right. But the typing tools don't check. So like PyCharm, for example, would just go, well, it's a whatever. So good luck with that.
But once you do this protocol stuff, if you say the function takes an explainable and you have explainable as a protocol, you can pass stuff in and it doesn't even have to derive from or be related to that protocol in a base class. Like anything that is passed in there, the type system will look at it and verify it hasn't explained, even if it's in a third party package and you don't control it.
So it's like a way to project typing structure onto a dynamic thing that is not necessarily your code. It's wild. Oh, cool. I kind of had that a little bit wrong then. Awesome. You can drive from it. It gives you more information potentially. But it doesn't have to be. You don't even have to, which that's the totally wild aspect. That's what I think is really different for this. Okay. Yeah. Oh, awesome. That's pretty cool.
No. Yeah. So clearly I haven't thoroughly read this article, but I do want to get into really getting my head around abstract based classes, mix ins and protocols and stuff. And I would say that though, because like your experiences in C++, mine also is in C++ and C# and all of those languages have these interface ideas. But they're put into the type system through inheritance. And so you can inherit from it and it does what you expect. And it seems the right thing.
But what's weird is you don't even have to. That's what's weird about it. Okay. Cool. Oh, awesome. Now I definitely want to play with it more. Yeah. Because I've kind of missed that aspect of C++ in Python. Yeah. So nice. Anyway. Also, I'm assuming it's an AI generated image, but really cool image at the top of the article. I'm not sure what my opinion is about it. I'll ask GPT how I feel about it. It's hard to describe how I feel. So I'll, you know.
Yeah. I'm actually sort of, I don't know, this is a tangent, but I've switched to, I was playing with like Bing as my primary search engine at work. I just, I don't know, a new computer, it just was there and I'm just going with it for a while. But everything I search is like, it gives me an AI generated answer first. And I'm like, I don't know if I like that very much. Yeah, I know. I know. Anyway. Well, that's it for our main stuff. Do you have any extras?
I could have almost made it an extra, extra, extra this time. So yeah, sure I do. First of all, I've been wanting to say this several times and I'm usually like looking at my screen and see what I want to share and stuff. And I didn't have this anywhere. So I just pulled up Mastodon to remind me. There are tons of people interacting with us over on Mastodon and I've had some great conversations. And I want to, I'm sure you do too, Brian, want to follow people back.
So there's, there's kind of a, at least for, I'll say these are Michael's Mastodon's conventions. You, you could take them for what you want. I just made them up, but this is how I think about it. So people will follow me and I'm like, huh, did that person follow me? Cause they listened to the show and listened to Brian say, you should come join us and have a conversation. Hey, I'd like to follow that person. But a lot of times they have no picture, no description, no web pages, no posts.
You're like, yeah, maybe not next, you know? And so I'm just going to say, if you have a picture and a description, a description seems somewhat relevant. I will certainly follow you back. If you have posts, that's plus one. If you have a verified webpage, which is easy, another plus one. And a lot of people have private accounts who follow me. I'm like, why are you in social media? If you want a private account, I don't understand what this is because your profile is public.
Just your posts are private, but the platform has a way to have private posts. I don't understand. So anyway, probably not going to get a lot of engagement. If you have a private account, just post private messages for things you don't want to see. So, and while I'm on the topic of Mastodon, I had a really nice and productive conversation with the PSF around my mask rant on PyCon. So that was nice over there.
Some people weren't nice as they sent me, like not necessarily nice responses, but the PSF did. And that was cool. That's nice. Yeah. All right. Next one. Oh, wait, before you move on. I just want to add my two cents on the, the picture. Um, I also prefer to be able to see who it is, but also primarily if the picture is something that they're using on other stuff.
So like if a lot of people have a, their profile picture on their, like the profile picture on their blog and on their, and in their primarily a GitHub user and, and they have the same profile there, even if it's like a stylized something, but if it's the, if it's distinctive and the same everywhere, like glyph, for instance, has a, has a, a different thing for them. I I'm okay with that, but most people I think go with their picture. I think it's the right answer.
Yeah. When I say picture, I don't mean necessarily it has to be your picture. Just the fact that it's not the default icon. You've taken enough effort to put in something, even if it's just a picture of a triangle, I don't care. You know? Yeah. All right. Uh, Paul is asking in the audience, what is your secret? Okay. Well, we'll do this. Um, we, earlier on, we were talking about how Michael's got a faster internet now, so we should make it really fast speed.
Um, and then somebody commented, wagrants, wagrants, commented, I played it at one and a half times speed. Then I got up to a live event. Uh, and all of a sudden Brian should sounded like he got drunk in one second. Um, and so I said, Brian's secret is out. So nice. I'll just have another drink in my, Irish coffee. It's coffee. Trust me. Oh, all right. Uh, more extras. So, Dropbox spooks users with turning on new AI features that can almost automatically send your private documents to open AI.
Now you have to interact with part of the site for it to happen, but it doesn't say, Hey, necessarily, cause you does, you touch this. We're now sending your social security number away. Um, but anyway, that's kind of. Well, I mean, yeah. So you can check that out on defaulted on if you're not subject to the GDPR, but defaulted to off if you are. So, you know, plus one for GDPR there, I suppose. So mine was turned on.
Okay. So you have to go check to make sure that they're not sharing all of your. Yes, exactly. And it's on by default for you, Brian. So you might want to check. The whole conversation it's on ours. The, the, the comment section of our second is like the top notch place for comments, I think. So really good. Okay. Yeah. There's, it talks about how to go find it. So anyway, this like made me think, you know what? I should really be a little more.
I have, I have like three terabytes of data and Dropbox. So I'm like, maybe I should be a little more specific and intentional about where I put my stuff. So I went on this, this right on Mastodon, by the way, a bunch of people sent me all sorts of options of like, okay, if not Dropbox, then what? And I decided whatever I'm doing is probably good to have it end to end encrypted. Cause then I don't care what they try to do with it. Right. Cause they can't decrypt it.
Yeah. That, that solves a whole lot of problems. I don't, you care about the security, but it doesn't matter as much as if you're just exposing files or leaking stuff or whatever. Right. So I decided to go, I already have a, a paid Proton account. So all my private stuff, all my private documents and like my scans of things I want to save that might be sensitive. They're going to Proton drive where I have 500 gigs and it's already paid for and encrypted. There's async thing you can install.
That's pretty excellent. I looked around and some people suggested next cloud, which is really interesting. It's maybe more than I want. It's almost like a document calendar, everything self-hosted. Maybe do that next. Yeah. Own cloud got like super owned just last week and is a similar self-hosted thing, which makes me a little nervous to self-host stuff. I know there are people host it for you, but it's not next cloud. It's a little bit indirect. So maybe violin.
I don't know if you've heard of this, but they have encrypted, cloud storage and the end again, pretty nice. I think this is, is it British? I don't, I don't remember exactly. UG. Not sure. Uh, but somewhere in Europe, this company, it looks pretty good. I have not tried it, but, and, and encrypted there's ice drive, the next generation cloud storage. Also, I think this might be the British one. Yeah. This isn't Wales. Um, I mean, British, I mean, UK. Sorry folks. So that's pretty interesting.
And I think, I think I'm going to go with sync.com. Super simple. All they do is sync and then encrypted for six terabytes. It's like 140 bucks a year or something like that, which is a lot, you know, versus 240 for less than that in Dropbox. Anyway, if people are in this zone of like, I'm looking for all this stuff. Oh my gosh, like, what am I going to do regardless of whether you care about the Dropbox fiasco? Here's a bunch of options. Can people can pick?
There was one comment in this whole discussion that was pretty interesting. I think it was in the ours, just ours technica thing. And it said, look, if you give your data unencrypted to somebody, another company, even if you trust them, you don't really necessarily control that anymore, especially if they decide to pass it along. So, somebody pointed out cryptometer. Have you heard of this, Brian? No. So cryptometer is cool.
I have used something like it, but it's older and no longer supported, which makes me sad. So what you do is you run this app. It does like super strong encryption. You control the key, right? It's just like a thing you make up and don't give away. And then it will create a drive, a mountable drive on your Mac or on windows, like a D driver, E drive or whatever. And that thing is encrypted.
So when you mount it with this software, it looks like a drive, but then when you unmount it, it becomes just an encrypted pile of files. So you put that in Dropbox, you put that in sync or whatever, and then no matter what happens, they just get an encrypted blob of stuff. So things I super care about, I have encrypted in something either cryptometer or something like it.
On top of all the safety around the cloud drive and trust and whatever you might have there, like worst case scenario, they get a huge, hard, hard to decrypt a blob of stuff that they don't know the value of. And I don't know if it has Linux. Someone's asking does it have Linux. I think it might. Let's see. Mac. No, let's see if I go to download what it says. Yeah. For people with downloads. Use your DMG. Yeah. Windows, Mac, Linux, Android, and iOS even. Yeah. So that's that.
I think that it's a loss. I mean, cool. But cryptometer would have been great as a rotten tomato sort of thing to rate different cryptocurrencies. I know. The word is taken. I'm pretty sure this has been around before crypto became a thing. I'm not sure how old this is. Yeah. There's 17 pages of releases on GitHub from 2017. So yeah, they were ahead of their time in that. But yeah, this is super cool, Brian.
Like you can just say, I don't really care that much about the security of where these files go. You're not getting them. Interesting. So I suggest a sweet combination of these things. I'm going through like a super digital decluttering as part of this. And it's glorious. I'm having like a tech love affair with Notion. It's so good. But yeah, anyway, I'll leave it there. Maybe I'll come back and tell you more about this.
Last thing for me, I'm doing the keynote at PyCon Philippines 2024 in February. How awesome is that? Slightly jealous, man. Somewhere I scroll down and over. Woo. Yeah. Cool. Three of us and I get to be one of them. So that'll be awesome. Thank you for inviting me. And if you're going to be there, I will see you there. Nice. Yeah. In February. Cool. Oops. What were you for your extras? Well, I just deleted one. So sorry about that. But shift command T. Oh, shift commit. Oh, whatever.
I'll just tell you guys about it. So this is the kind of time of year that some people like to donate some money to different people, different groups. I had the link up for the Python Software Foundation. So Python Software Foundation is not hard to find. So I would encourage people to consider giving some money to the PSF. So Django Software Foundation is doing a drive. So giving some money. If you use Django, of course. If you enjoy Python Bytes, of course, you can check out Patreon.
At Patreon, we do accept money for Python Bytes to help keep the show going. This is great. Also, I wanted to highlight as well just the idea that to just go on GitHub. So the different things you use on GitHub, like adders, for instance, you can go down and you can sponsor this project. You can throw some money that way. pytest has a sponsor link. Pallets and Flask has a way to sponsor either all of Pallets or particular projects within the Pallets program.
And really, a lot of projects that you use every day have a sponsor of this project on GitHub. So I think it'd be great, too, for people. If you have extra and you want to help out, I think it's a good idea. Sometimes I help out different projects and I kind of shift it up every year and local things. And I think the things that I use. And somebody asked me once recently about some projects don't really need the money.
And I guess, for instance, I really love having people support Python Bytes through Patreon. It's fun to have our community help support us. If you, in particular, don't donate, we're not going to disappear. Michael and I are going to keep doing it anyway. It is totally up to you. And definitely don't do it if it's a hardship. But I think it's a fun thing to do this time of year is to spread the love around. That's all I wanted to say. Indeed, I second that as well.
That's kind of serious, though. Do you have something funny for us? Let's lighten it up. No, this is not funny. This is too close to home. You tell me how you feel about this. So here's the joke. Here's the joke. So there's two red buttons. Think Ren and Stimpy or something like that. And a huge, scary red button. You can press either of them. One of them says, pay $12. The other one says, admit to yourself, your dream is dead. There's somebody sweating trying to decide which button to press.
And it's the domain renewal. Oh, yeah. Totally. This is way too close for home to home for me because I just transferred 25 domains from all the different places into hovers I talked about like a while ago. And I talked about all the name servers and all that. And there was a few where I'm like, God, is the dream dead or do I just move this? So how many are you using still out of those? Well, lots of them are to like protect people from doing crappy stuff. For example, I've talked by thon.com.
I don't technically use it. It redirects to talk by thon.fm. But if I don't have it, someone will get it. And then all sorts of badness. Like there's a bunch of these cards. I would say half of them fall into that realm. Okay. And then maybe another third I'm directly using. And then there's the whatever the balance, the one six that's left is the dream could be dead. Or it could be not there yet. Not realized yet. We'll see. I had about eight that I was not really using last year.
And I admitted that about half of those are not going to go anywhere and let them expire. Let them go. Although, I mean, the domain companies don't make it easy. You're like, okay, I'm just going to let it expire. But you get like emails. No, it's going to go. Oh, it's gone. But we're going to save it for you for a couple more months. And you get a whole bunch of guilt emails. But yeah. Anyway. Yeah. Yeah, exactly. I have one real quick sad story to round this out, Brian.
Okay. A friend of mine and I decided we're going to write some iPhone apps right when the iPhone came out. Like 2007 or whatever it was. And he had the clever idea of like, let's get a domain. I probably did it together. I don't know. Got the domain iPhone.ly. And we worked on stuff for like a year. Because we didn't know we're going to build. We'll just come up with this. We'll put stuff there. Never really came up with stuff. It looked like there was nothing on the horizon.
We're like, you know, after three years, the LY, it was like the FM. It was like kind of expensive. Like, ah, just let it go. A week later, somebody says, hey, I'll give you $5,000 for that domain. So I shoot my friend like, hey, don't let it expire yet. Let's do this instead. He's like, it expired last week. Like, no. Oh, no. Oh, well. So it goes. So somebody could have paid you $5,000, but they instead got it for like $20. Yeah, for like $20 or something. I'm sorry to laugh at your pain.
No, it's okay. I mean, like, I'm telling you, this is not a joke. Admit to yourself your dream is dead or pay $12 for the rest of your life every year. That's where you are. No, it's good. It's a good joke. And people can hopefully laugh at it. Yeah. Everybody, most people that listen to this podcast probably are feeling this. Yeah. All right. All right. Well, I'm feeling good about our year's worth of show every day. Yeah. 365. Pretty cool. Yeah. All right. Talk to you later. Yeah. See you.