Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds. This is episode 388, recorded June 18th, 2024. I am Michael Kennedy. And I'm Brian Okken. And this episode is brought to you by Scout APM. Check them out. We'll tell you more about them as we get further into the show. Brian, you, me, the podcast, we're all Fosstodonians and folks who want to come hang out on Mastodon. Doesn't have to be Fostadon. Talked about that last week.
That's the whole idea of Fostadon. Go wherever you want, but we're happy to invite you to Fostadon if you want. Yeah, find the links to connect us over there or even on X these days as well if you wish. A lot of people are still just hanging out over there. And listen, watch, participate live in AM Pacific Time on Tuesdays, typically. Links in the show notes or on the website.
Finally, if you want a handcrafted, artisanal Brian Okken special summary and set of links of whatever we talk about, even if you don't listen to that episode, pythonbytes.fm. Click on the newsletter. Put in your information. We won't share it. Just want to tell you about what we're up to and keep in touch with you. So that's pretty awesome. That list keeps growing and people are enjoying it. So good work on that, Brian. There is a newsletter link. That's cool. Yeah. How about that?
Nice. We also kind of put it under the Friends of the Show thing, but that's a little more indirect, you know? Like, okay, you want to sign up for the newsletter? Click the newsletter button. You can sign up for the newsletter even if you don't like us. That's fine. Yeah, that's true. Yeah, you can just mock the links we put in there everywhere. It's pretty much like that. The show, too. Everyone's welcome. There probably are, actually. All right. Well, what have you brought today? All right.
I want to talk about the PSF election. So the Python Software Foundation has elections every year. In order to vote, we're going to talk about a little bit around what's going on with this. But I want to highlight that you, even if you voted last year, you can't just vote again without doing something. And it's not difficult. You just have to affirm your membership status. So we've got a link in the show notes. You just head up. We'll talk about the dates a little bit.
I think maybe the dates are here. No, there's another link. We have lots of links for you for this. But there is the, what are we doing? What are we voting on? We're voting on the new board of directors. And then there's a few bylaws changes. So head over to the first link. Make sure you're either signed up. So the deadlines are right around the corner. So it's 25th. June 25th is when you have to either sign up to be a member or, if you already are, affirm that you're going to vote.
So that's the 25th. The board election, if you go to the board election, there's a blog post called, it's time to make nominations for the PSF board election. It has the timeline. This is a great, it's got mostly all that I'm talking about here. Their nominations are open. They opened on the 11th. If you'd like to be nominated or nominate somebody, that is up until the 25th of June. So the 25th of June is the close of board nominations.
It's also the cutoff date to affirm that you're going to vote or eligible to vote or whatever. So that's June 25th. Then we don't know who's in it because the candidate, it's still open. Other people might enter. And there's link, there's information in here on like what to include because you'll want some information about like who you are and stuff like that. If you want to nominate yourself. So the candidates are announced June 27th.
And then voting starts, voting is from July 2nd to July 16th. So voting's in July, but we need to get everything ready in the end of June. So that's what's going on here. So there's, it's the nominations for the board of directors. And there's links about what's going on. Oh, there's, there's one other data I wanted to highlight. Can't remember where I found this, but there is a, here it is. Thinking about running for the board of directors, let's talk.
There is a June 18th session that you can, office hours where you can find out more information. If you, if you're just curious and you'd like to know more, that's a great place to go. There is, and then, so it's for the board of directors. And then there's, there's also three bylaw changes proposed. I think they make sense, but I'm not going to get into the depths of them, but there's a link here. Go ahead and check that out about the, the three things.
So one of the things that I'm really kind of excited about is this. The first one is merging, contributing and managing member classes. And I think that's, I think it makes sense because I sometimes have forgot which is which, what contributing and managing means. And it, I think there's, there's, there's text on all of these. So go ahead. And then there's discussions going on around this too. So anyway, elections coming up, make sure that you've affirmed your voter status.
If you'd like to vote. So. Okay. Interesting. Some of these shed some light on messages I've seen on social media. What are, why are people talking about this? Oh, okay. I see. Propose changes. Got it. Yeah. So you know what I would propose, Brian? What? If you were working for a company and you were having HR issues, let's say, what would you say exactly you do here? Bob? No. You're having HR issues. I'm a people person. I talk to the people. Then you just can't talk to the people.
No. Yeah. Something like that. But anyway, if you were having issues with work and you got fired and you wanted to give them the big middle finger on the way out. One thing I don't recommend is going to all the GitHub repositories and permanently deleting them or deleting the logs or then replacing them with code that mocks the existing employees or anything like that. There's this character and boys, he seemed like a piece of work. Let me tell you.
Mick Lewis, Daniel Brody, a real, real piece of work. Cloud, cloud engineer. I don't know what a cloud engineer is. I don't know what software developers are. I know what. Anyway, he's a cloud engineer. He was sentenced to two years in prison and a restitution of over half a million dollars for wiping the code repositories of his former employer in retaliation to being fired from First Republic Bank. Wow. Wow. So probably some kind of discrimination thing or something.
He really had a reason to be upset. No. Why was this guy fired? The court documents state that Brody's employment was terminated after he violated company policies by connecting a USB drive containing pornography to the company computers. And then when they tried to get the work computer back. You know, after he's done all this stuff to it, like deleted all the things and so on. He then reported the laptop stolen. Wouldn't give it back. Huh. Anyway, he may be not having a great time.
A couple of things he did. He ran a malicious script named dar.sh to wipe the FRB servers, deleted Git logs, and Git commit history for that particular script. You know, props to him for a little covering of the tracks there with the Git history. That was clever. I don't know how they figured that out, given that he- Not too clever. Nah, exactly. Exactly. I mean, you delete the repo and you still get that figured out somehow. Anyway. He accessed the GitHub repositories and deleted hosted code.
He inserted taunts in the code. Yeah. Anyway, I just thought this was, one, an amusing story. A little bit of schadenfreude. But also, people, if you're upset with your company, it is not worth it. Two years of prison, half a million dollars. Just walk away. Just walk. Just let it be. It's not worth the revenge. Anyway, let me leave you with that, huh, Brian? What do you think of this? Is this crazy?
I think it is, but I also, one of the things I really, okay, I'm not like taking sides here or anything, but something that drives me nuts is a thing that some companies do that say that, like, there's standard non-disclosure agreements for exit interviews. And some of them are generally, you can't talk about what you worked on at this company for, say, like a period of six months or a year or something like that. Just because you might have proprietary information.
The thing that drives me nuts is things that say, we're not going to give you any of your severance or a portion of your severance unless you promise to not ever disparage the company forever in the future. Things like that are just insidious and like a blight on free speech. It's disgusting. Yeah. I don't like it. I know it's a standard practice, but I don't like it. I don't like it either. I am really happy to hear the non-compete stuff getting shot down.
I know it's not the same as NDA, but it's in the same category, I feel like. Do they do that for people getting fired? No, no, no, not for, but, you know, when you get hired, there's traditionally been a lot of non-competes. And I think it was getting kind of out of control, like bakery workers or something silly like that, right? You know, like really, really stuff that you wouldn't think would be under that purview. But I believe that that got federally shot down or is it just California?
I can't remember. But yeah, anyway, maybe this kind of stuff you're talking about, Bill, as well. But I don't have a ton of sympathy for this character. Yeah. Reminds me a little bit of the guy who took down all the JavaScript folks with the NPM left pad. Yeah. And then later was arrested for making bombs. You know, it's like, oh, there's that theme here, I see. Yeah, not good. Yeah, I'm pretty sure that's the same person. There's definitely a person with the same name in the same area.
Okay. Hey. You know what is awesome and is not going to get you into trouble? Scout APM. Let's talk about it. So if you are tired of spending hours trying to find the root cause of issues impacting your performance, then you owe it to yourself to check out Scout APM. They're a leading Python application performance monitoring tool, APM, that helps you identify and solve performance abnormalities faster and easier.
Scout APM ties bottlenecks such as memory leaks, slow database queries, background jobs, and the dreaded N plus one queries that you can end up if you do lazy loading in your ORM. And then you say, oh, no, why is it so slow? Why are you doing 200 database queries for what should be one? So you can find out things like that. And it links it back directly to source code. So you can spend less time in the debugger and healing logs and just finding the problems and moving on.
And you'll love it because it's built for developers by developers. It makes it easy to get set up. Seriously, you can do it in less than four minutes. So that's awesome. And the best part is the pricing is straightforward. You only pay for the data that you use with no hidden overage fees or per seat pricing. And I just learned this, Brian. They also have, they provide the pro version for free to all open source projects.
So if you're an open source maintainer and you want to have Scout APM for that project, just shoot them a message or something on their pricing page about that. So you can start your free trial and get instant insights today. Visit pythonbytes.fm/scout. The link is in your podcast player show notes as well. And please use that link. Don't just search for them because otherwise they don't think you came from us. And then they'd stop supporting the show.
So please use our link pythonbytes.fm/scout. Check them out. It really supports the show. Indeed. Brian, what's your second one? I'd like to talk about imports right now. So if we're just importing a package. Is this like tariffs and stuff? What are we talking? No, no, no. Importing code into your own code. So imports are normally difficult. You just say import and the package name you want to import.
No, no, no. The package has to be installed already or a standard library thing, of course, like import or math or something. I'm blanking right now. It's terrible. There is a blog post called Adam Johnson, which is talking about like, what if you don't want to just use the import? If you want to import it as an object or something. And let's say you have a string to describe the package that you want to import. There's a thing that I didn't know about called the packageutil.resolve name.
And this is actually pretty cool. So what you do is it's in packageutil is part of the standard library. And you say packageutil.resolve name. And then you give it a string. And it's got it's like it's like a package name that is also something that's installed or in something in it, like a top level item, like the example is path lib and capital path, the path object.
But I tried it on one of my own projects of just like, let's say I've got some third party code that I want to import just something from it. But I don't want to import it into the namespace. I want to just import one thing out of there into an object. And this is really cool. The whole thing resolves and it's from a string. So you give it a string with this colon in the middle and it creates it. It creates you've got an object. Why is this helpful?
Well, I don't know how other people are using it, but I'm using it for things like testing and stuff that I don't want to like clutter the entire namespace. I just want one object from something. So so there's that. Now, there's a note here that says the thing that you're you're importing. Importing can be it can be a class from the package or a function or module or really any top level thing object within the package. You can just resolve that and bring it in.
If you're doing if you're going to grab the whole module, you can also use import lib import module, of course, you can use that as well to import a thing. And it's a little bit different syntax. You just give it the give it the name of the package. So there was a note at the top that says Django and some other frameworks allow you to do things like this to configure something based on a string. And I think this is pretty cool. I'm one of the places where I'm considering.
Yeah. Anyway, I've got lots of places and tests that I'm considering using this. But but I guess I didn't know about it. It's pretty neat. So, you know, one area that might be useful that comes to mind outside of testing or in addition to testing would be some kind of like plug in extension system. So you say any any package that gets listed in this JSON file, we want it to be available. And if you configure the app, it'll actually import it and use it. But it might not import them.
The app doesn't know about them. That can't be coded into it. So you could just sort of parse that thing, pry it or, you know, even scan all the packages somehow and see if they exist or whatever. Right. So some sort of dynamic thing like that as well. Yeah. Yeah. Pulling dock strings out of a bunch of stuff to do a list of that. Yeah. Nice. Lots of stuff you could do. And you sure could. Now, this last item from me here comes from Alex.
Monaghan just gave us a shout out and said, you know, that DuckDB thing, right? DuckDB is a little bit like SQLite-ish type stuff and in process based on files rather than separate servers, all those sort of things. Well, that thing's getting some traction, up to 4 million downloads a month off of PyPI. But the news is it's released version 1.0 of DuckDB. And by the way, the cloud-hosted product, Mother Duck, also opened up general availability. But the news is the announcing a 1.0.0.
And interesting, there's a lot of conversations like, well, we could have just called it 1.0 as soon as we made it public on GitHub, you know, 10 years ago or whatever it was, or not quite 10 years ago, 8 years ago. But focus is really on we want to make it super clear. They want to make it super clear that they're focused on stability. What's here is kind of what's going to stay.
So examples that they give, you know, as that thing has evolved, as DuckDB has evolved, they've changed the file format around. And that's created incompatibilities from different versions. And so, for example, they're now committing to more stable back and forth stability on the file system and things like that. So very cool. If you're looking for an interesting SQL-like database to include into your projects, this one, you know, is quite popular. 20,000 stars.
A really analytical and process database rather than relational database focused, right? You can do cool stuff like integrate it with pandas and other things like that, which is pretty cool. Yeah. Like, for example, select star from a parquet file or a CSV file and so on. So not meant to replace SQLite, but that's kind of the mental model people should have. But more on data science. Select star from a CSV file. That sounds fun. Anyway.
And by the way, this guy, Alex, Alex Monahan is in the audience. Here's a backwards compatibility for the files. So you can just leave those files around and not have to like manage the upgrades of them and so on, which is especially tricky if they're just local files associated with an app rather than a single server that all the apps talk to where you can just manage that one thing, you know, through an API. Yeah. Pretty cool. Cool. All right.
Thanks for sending that in, Alex. And good job, DuckDB folks. Brian, what else you got? I've got a couple extras. Let's hear. One of the extras that I wanted to talk about was just like, I guess, a shout out to everybody that sends us topics. I really appreciate it. We appreciate hearing what's new. Don't assume that we've heard about it just because we do pay attention to a lot of stuff, but there's a lot to pay attention to. So if you think it's important, let us know.
Yeah, Brian, I would say a lot of times people start messages like, I'm sure you've heard of this. And we're like, I have no idea what this is. No. I'm sure we have not heard of this. I'm sure we have not covered it either. But also it helps if like three or four people send in to say, this is exciting, then that also helps us know that it is exciting. Yeah. It's pretty much guaranteed to be in on the show. You can send it in anytime.
But the one request is if it's timely and it really needs to go in this week, if it shows up at all, try to send it before Tuesday because, you know, sometimes we already have our topics anyway. That's right. Yes. So right after Tuesday, a Wednesday is a fantastic day for recommendations. Really, anytime is great for me. But anyway, so a couple new 2.0 releases I just wanted to shout out. We talked about this last week, but NumPy 2.0 is out now. So NumPy 2.0.
So and there's a scientific on the scientific Python blog. There's a discussion about it. So you can read up on all the NumPy 2.0. And this is kind of exciting. I just heard about this yesterday. HTMX 2.0. I don't. Oh, you have my attention. So I haven't read any of this, but it should be so there's major changes and we'll see. I'm not sure what broke or what. Wait a minute. Why the 2.0? But I'm not sure I can switch to this. This release ends the support for Internet Explorer. Oh, my gosh.
Just kidding. The interesting bit about this, though, is they're not marking 2.0 as the latest on NPM until January of 2025 because they'd like to have everybody, you know, have a smooth transition to there. So anyway, any extras on your side? A few. First of all, partnered with the folks over at PyCharm. And now if you are taking a course at Talk Python Training, you can get six months of PyCharm Pro for free. That even works for our free courses.
So if you just come over and take a course, sign up and check that out. Only works for new accounts at JetBrains. It doesn't work for renewals. So this is the best I can do, folks. But it's still pretty awesome to be able to get a good chunk of the users free access to PyCharm Pro. Also, other item is we have a awesome new course on data science coming to Talk Python. Its release is imminent. It awaits a marketing landing page, basically. And then it's out.
So we have a new course called Reactive Web Dashboards with Shiny. Shiny for Python, not Shiny for R. So partnered with Posit folks to put this course together. And it's super cool to build interactive dashboards and web apps for your data science things with Shiny. Shiny, of course. Very cool. Indeed. It's a Shiny brand new course. All right. It will be Shiny for a while. How about a joke? Are you up for it? Yes. Okay. So we all, you know, you're sitting around, you're in a relationship.
You have these thoughts that just kind of run through your head and you always don't know. So here's a young couple laying in bed. The woman is thinking, I bet he's thinking about another woman. That guy is just laying there. What would happen if I add a gitignore into the gitignore file? She's like, she's giving him way too much credit. What would happen? I know the title is I Can't Ignore the gitignore. What would happen if I add the gitignore to the gitignore file? No. Well, there's the joke.
This is what I got for you, Brian, this week. I don't know what to tell you. Now I've got to try it to see. Exactly. I don't know. If you do that, you might take GitHub down. I wouldn't, I don't know if I'd check that in. Well, not GitHub, but local. Well, I mean, it has automation. It could explode. It could. Dependabot will just stop working for everyone after that. Yeah. All right. All right. Well, that's it. Well, everyone, thank you for listening.
Scout APM, thank you for supporting the show. And Brian, thanks as always.