#429 Nitpicking Python
27:24 Share

- Hello and welcome to Python Bytes where we deliver Python news and headlines directly to your earbuds. This is episode 429, recorded April 21st, 2025. And I am Brian Ockin.

And I am Michael Kennedy. And this episode is sponsored by the folks at Posit Workbench. Thank you, Posit. Also, listen to them later in the show, of course. If you'd like to connect with us, please do so on Blue Sky or Mastodon. We have all of those links in the show notes. We'd love to hear from you, love to hear new topics that you think we might want to talk about.

want to cover. And if you'd like to listen to us live, head on over to pythonbytes.fm slash live, usually Mondays at 10 Pacific time. But you can also use that link just to find the YouTube channel to watch older episodes too. And finally, you don't need to write anything down while you're listening because we'll just

we'll just send it to you. So head on over to pythonbytes.fm, join the mailing list or the newsletter list, and you'll just get an email sent every week with all the links. But it also has backup information of like, you know, what you need to know to understand the story. So really

Really nice. And we don't use it for spamming or anything like that. Michael, what do you got for us? I might have a problem. I like to self-host stuff too much. It means I end up with things that I have to take care of rather than just have a login somewhere. But I'm going to make a recommendation nonetheless. So if you find yourself using Slack, TikTok,

I think even Zoom maybe. If you're using Jira, if you're using Notion and you would like that all in one place rather than a bunch of different apps that you pay for, for free, for open source, self-hosted or paid as hosted if you really want to do it that way, there's a project or tool or platform, whatever, called Huly, H-U-L-Y, an open source platform that serves as an all-in-one replacement for Linear, Jira, Slack, and Notion. How cool is that?

Okay. Okay. So maybe you want to have some place to do chat conversations or you want to store your documents or you want to do project management and sync it with your GitHub issues or do planning. So all of this stuff is super cool, I think, and even has video meetings. So if you want to also get rid of Microsoft Teams or Zoom or whatever, it gives you a nice private space

Way to do all that, right? And I don't know. It just, that really resonates with me as just like, here's this cool open source thing that we can do and we can run it and we don't have to have all these different services. And I don't know about the others. I honestly don't know the pricing for Jira. I've never paid for Jira, but Slack is out of control. Like Slack is super expensive for what you get from it and things like that.

And so having this with a bunch of dashboards and it even has a nice self hosting option. So if you are a person who does Docker compose, guess what? You just Docker compose up dash D you have your whole platform running, which I think is pretty excellent. So,

That's how a lot of these self-hosted things are shared and maintained. So you don't even have to figure out how to put it into Docker. It's already there and set up. So you just run it and you're good to go. Just make sure you do backups. Pretty neat, I think. That's pretty cool. Yeah. And it also syncs both ways with GitHub. So if you've got GitHub issues, it will sync with the issues. And if you have GitHub projects, it'll sync with those projects. So it's...

project management tools and its issue management, like its JRO replacement stuff is mirrored on GitHub. So not everybody has to use it. Like you can have internal people on this and external people just perceiving it as GitHub. I have GitHub issues. I was just talking to my therapist about it the other day.

Yes, indeed. And John other says, this is why I love the podcast. Thanks for the holy recommendation and loves health, uh, self-hosting as much as I do. So awesome. Thanks, John. Yeah. Holy self-host hosting Batman. Anyway.

Holy self-hosting. Indeed, yeah. The problem is you can end up with like, well, now I've got 12 apps to back up and maintain. But it is super cool to be able to say, we don't have to worry about data privacy. We don't have to worry about sharing things or if those places get hacked or if they change their business model or if they go out of business. You know, you've got a self-hosted open source thing that you can fork and just run. And there's something cool about that.

I wonder if anybody's got like, because this sounds great, but I don't really want to do that work. So I wonder if there's a self-hosting as a service. I think there actually is. I'm forgetting the name of it right now. But yes, there basically is a self-hosting as a service. Yes, it's amazing. Okay. What an interesting idea. All right, that's it for this one. Over to you. Okay. Well, I am going to talk about critical... Oh, what are those called again? CVEs? Common...

I should have practiced this common vulnerability and exposures. So CVEs, we're used to talking about these when there's, when there's like a really wide scale attacks, but they kind of happen all the time, like vulnerability problems. And this propped up this, this last week rather urgently because the CVE system, the entire system is sort of built on top of an,

a non-for-profit called MITRE and the entire system, but there was a contract with the US government to maintain this database of CVEs. However, and this has been around for 25 years, it ran the risk of possibly going away because of all of the cost cutting that our current lovely administration is doing.

It's a waste. It's government waste, I tell you, Ryan. A lot of people involved in this are volunteers anyway. That's just nuts. Anyway, so a 25-year-old CVE program ran the risk of going away. There was a letter that came out from the vice president of MITRE,

gave notice of potential halt of operations. And apparently they had been worried about this for some time. So there's this, in order to deal with this and possibly make sure that we don't have this risk in the future,

there is a now a CVE foundation. So, uh, there's been an announcement as of April 16th, um, that the CVE foundation is formally been formally established to ensure long-term viability, stability, and independence, uh, of the CVE program. Uh,

This is really cool. It isn't something they just suddenly did. They've been thinking about it for a while and planning it. And there's an announcement at thecvefoundation.org, and they're gonna release information about the transition, what its structure is, the transition planning, opportunities for involvement later. But right now there's just an announcement.

But this is pretty crazy that we would like run the risk of losing this. This is this is how we talk about vulnerabilities.

But apparently there was an announcement also, I couldn't find the link to it, of that they did not lose funding. So it's okay for now, but it's still the for now part. So the foundation wants to make sure that it's not a just for now. I still think it's something that we should fund as a government, but you know, is what it is, I guess. I think we should fund it. But also I feel like maybe that should be more of like kind of in the style of a

of Python or Mozilla foundation or, you know, that it's tied to the U S government rather than just an international organization of people who are really committed to tracking security issues. Doesn't take insane amounts of funding to track these things. You know what I mean? Yeah. I have no idea what the work is involved for this, but. Yeah. I don't know what the work is, but it's not like there's a lot of server infrastructure. It's not running like AI farms or something, you know?

Yeah, and the funding probably should be coming from all the ISPs and big companies and stuff that are benefiting from this. I think so too, but hey, I'm not against the U.S. government. I'm glad they were doing it, but it just puts it in a weird situation these days.

Yeah. And Python became a CVE authority not too long ago, the PSF, so they can announce their own CVEs around things in the Python space without going through an extension.

external, not convincing some other participant to allow them to list their CVE for Python and so on. So there's a bit of a distributed aspect of it. Now, before we jump on to thinking our sponsor, Ryan, the thing that I was thinking of is Elestio, E-L-E-S-T-I-O. And it says fully managed DevOps or your cloud and open source software. Yeah.

And I've not used this. It's not a recommendation, but we, as in they, deploy and manage open source software to your cloud provider of choice. So, you know, create a Hetzner server, point it at it, and then pick the various self-hosted things that you want, and they will self-host them there for you. I believe it's how it works. Awesome. Self-hosting is a service. Who knew? Who knew? Well, I guess you did. But we also have...

We also have Posit doing pretty awesome stuff. Why don't you tell them about it? This portion of Python Bytes is brought to you by the folks at Posit. Posit has been making huge investments in the Python community lately. Known originally for RStudio, they've been building out a suite of tools and services for Team Python. Have you thought of all the things that go into a Python data science project? You need your notebook or IDE for sure, but you also need a server or cloud environment to run it, a version of Python. Pack

packages, access to your databases, and internal APIs. That's a lot to set up. And if you change any of these things when you return to your project months down the road, you might get different results. Wouldn't it be nice to have all of this set up for you in one easy to access place whenever you want to get work done? That's the goal of Posit Workbench. Posit Workbench allows data scientists to code in Python within their preferred development environment without any additional strain or on IT.

It gives data scientists access to all the development environments they love, including JupyterNobix, JupyterLab, Positron, and VS Code, and yet it helps ensure reproducibility. Here's how it works. You or your team set up Posit Workbench on a powerful, dedicated server within your organization or on the

the same cloud service that is hosting your most important data sources, such as AWS, SageMaker, Azure, GCP, Kubernetes, or pretty much anywhere.

There, you create dedicated, pre-configured environments to run your code in notebooks. And importantly, you also configure access to proprietary databases and internal APIs. When it's time to onboard a new data scientist or start a new project, you just fire it up in Workbench and it's fully configured and ready to go, including the infrastructure side things.

All of this is securely administered by your organization. If you work on a data science team where consistency matters, you owe it to you and your org to check out Posit Workbench. Visit pythonbytes.fm slash workbench today and get a three-month free trial to see if it's a good fit. That's pythonbytes.fm slash workbench. The link is in your podcast player show notes. Thank you to Posit for supporting Python Bytes.

Indeed. All right. You ready for the next one? Yeah. Database. Database things. So here's a really interesting free web app, I guess it is, that lets you draw and import and export and visualize database diagrams. So either you've got your own project or where I see this being super useful is you're put onto a new project or you're a consultant and they're like, and welcome. Hi.

for the two weeks, here's the database and here's the app, please fix it by now. And you're like, how do I even get started? What is here? Right? So this thing called drawdb.app allows you to draw, copy and paste database diagrams. And if you go there, you can see there's really nice graphics and the UI is quite nice for interacting with it. So it says you can try this for yourself for free. And what's interesting is it asks you to choose your database.

as in like SQLite or Postgres or SQL Server or whatever, because it imports and exports SQL statements. And those different databases have different database SQL dialects, which in and of itself was annoying. But let's just say I wanna, I don't know, I'll do Postgres, right? And you come in here, you can add a little table and you can then like edit that thing, give it a column, multiple columns, different data types.

and create a second one, then you can say like, grab one column from one database, or one table rather, and then drag it and drop it in a field on another, another column, and that'll create a foreign key relationship automatically, for example. And you can go over and you can say file, export SQL, or import from SQL. And that'll generate the data definition language, DDL stuff, the

create scripts and create the indexes and columns. Or if you've got a database, you can export it and then load up this diagram based on what was in your database and then visualize it, tweak it, save it, or just try to understand it. That's really cool. Yeah. And as far as I can tell, it's free. I don't know. Maybe there's some point where I pay for it, but I don't think so. So anyway, I think it's a great little app and people should check it out if they have databases they want to visualize.

And you know, I'm usually starting with a drawing anyway, like drawing it on paper. So why not just draw it in something like this? Exactly. Cause then you could say, generate my table from this. Yeah. Yeah. That's cool. Neat. Cool. So not much more to it, but there it is.

All right. Um, well, my last item is a, and I'm only going to cover part of this, but it is a blog post by Edward Lee, um, called 14 advanced Python features. And, um, and you know, it's a listicle sort of a thing, but there's a lot of those like advanced Python features and even talks about this that are really, really not that advanced. They're just stuff that people should know. And some fun things for, you know, advanced for beginners, but not really. Um, but I, I,

I kind of, I kind of really like this because there are things in this list that, that I really, really wish I would have learned earlier. And, and so anyway, I'll just jump in. There's a few things I wanted to pick out. First off is typing overloads. And this is something that I just learned by while reading this article, I didn't know you could do this. So within the typing module, you can say from typing import overload and it's,

And then one of the things you can do then is you can essentially list overloaded operations, overloaded definitions for a function call. And it's not really like full op, like, you know, function overloading, like we haven't seen or something like that. However, there

there's return types. So let's say there's an example here that if you only pass in, if you pass in a certain type, then you're always going to get a list of strings. And if you're passing in a different type, then you get, you always get

a single string back. Those sorts of things are nice to have for typing or return types. And that's something that we don't really have in Python. You can't have a difference in just return type. So having that in place is kind of neat. That's neat.

I'm gonna play with this like right away. So that's pretty cool. Overloading functions with the typing. So I'll have to try that. Next up is something I've been using a lot lately is keyword only and positional only arguments. And specifically, so we now have these star,

or a slash that you can separate the parameters to a function, the parameter definition. And the asterisk or star means that everything after that is keyword only parameters.

And then the slash is positional only parameters. And that's everything before. So it's a little, one of them's before and one of them's after. So in his example, he's got A, B, and then slash, C, D, star, E, F. So that means A and B are positional only. C and D can be positional or keyword. And then E and F have to be keywords.

keyword only. And the thing that I'm doing a lot is why I'm, why I'm using this, the keyword only one a lot is for functions that have, um, and these are all like not usually API functions, but functions, internal functions that have a lot of parameters that are, uh, that have defaults and you would almost hardly ever pass it, pass it like just, uh,

positional only because the the defaults are it doesn't really matter the order it's just they all have defaults and there's a bunch of them so i really want all the callers of that every place we're calling the function to list which which variable or which parameter they're they're defining as they call the function and you can do that with the asterisks super yeah that's really cool another thing that i think is really useful for that is if it's the same a lot of times you're going to give it like

are true and false where you don't have a variable that you're passing in, but you have just some kind of constant. Because if it goes 7, 7, 5, true, true, false, you're like, whoa, whoa, whoa. What? It's not like variable names are there where like X, Y, Z, like, oh, those are the dimensions. No, it just goes 7, 7, 5. Like, hmm.

which is which, you know what I mean? Especially true, true, false, true, something like that. If you have a, if you force keyword arguments on it, then it's a much more readable thing at the call site. Yeah. Things that are like generic, like you're just adding things. It doesn't really matter. You know, it doesn't really matter that the, your add function is a and B, but you know, the, for true and false, you really want, what do those mean? I like those. It's a good addition. Last thing I want to come, come to is there's a list of, hey,

He said, number nine is Python nitpicks, which is really a few, a few topics around it, but it's listed as a nitpick because it's, it's a bummer when people aren't utilizing this. So the for else statement, and this is, you know, this is, I think probably still controversial is maybe a little bit is whether or not you should utilize the else clause in four statements. And yeah,

and kind of, you know, it's like often before the else clause or without using it, you might have to say like something like his example is like a found flag to say, you know, whether or not you actually found the item you were looking for while you're iterating the for loop. And then you can check that later, but there's, there's else you could just say, you know, if, if you didn't find, if, if you never hit anything inside the,

the for loop you can else out. It's still a little weird, though. I still find it very good to make sure that you comment that to say what's going on in the else. You're using what you're doing in there. So, okay. I'm anti-else. I'm definitely anti-else. And, by the way, Guido...

I heard him quoted at one point that said, if I had to do it over again, there would be no else statement. I think it's just weird. It's like, does it happen when it breaks or does it happen when it doesn't break? Like is break the thing you're looking for and else is the other, or is break something weird and it was supposed to go, like, it's just, I don't know. It just, I know you can save one line of code, but it's,

It's too ambiguous to me. It's too weird. So else is if you didn't break, right? I think so. Yeah. Anyway. I think so. Anyway, it's the fact that you got us, like, we got to have this discussion. It's like, I don't know. It makes it weird for me. I'm out. I know there's, I could do it, but I don't do it. Okay. Also the walrus operator, it's been around since three, eight and three, it's already deprecated or like end of life. So we can start using, definitely use the walrus operator.

Again, it's just saving one line of code, but I like it. How about Walrus? I'm a fan of Walrus. I created the Walrus operator this weekend, I believe. Okay. For me, I like it because it's the locality of definition. Like I'm creating it for this if block and I'm going to use it in this if block if I need it. Otherwise, it's kind of, you know, it's kind of like it's part of this thing, not something that might make sense later down the line, probably. For me, I like it. Okay. Yeah.

A couple more. Short circuit evaluation, I don't really care. I'm fine with a bunch of if-elses, actually, if that's all you can do. But the short circuit, which means utilizing or to say if you're going to do one thing or the other, you can use or short circuits. So once you hit one of them that's true, anything after that's not going to get...

And you can kind of go crazy with that though, and actually put logic in there. And I'm really not a fan of putting logic in the short circuiting or operation, but that

That's just me. But I am a fan of operator chaining. And I often see this with people coming from different languages. They don't know you can do operator chaining. So I'll see like if zero is less than X and X is less than 10, you don't have to do that in Python. Just put them together and say zero less than X less than 10. So operator chaining is right. But also I think that we should have been a little more strict with operator chaining. And I don't think it like...

you can put anything in there right um but i don't think you should like for numbers it should be less than you should not be doing like greater than uh operator chaining it's just weird we the number line is small to big i think so please do that that's that's all i wanted to cover for that but um there's a bunch of other great stuff in here um uh so definitely check out this uh this article uh here's here's the full list so lru cash love it yeah love it have

F strings. Love it. Nitpicks. I have some nitpicks with that statement. But you know what? It's fine. Good find there, Brian. All right. Well, we're done with our main topics, and I don't have any extras, Michael, but do you have any extras? Well, I thought the answer was no, but it turns out to be yes. Okay. Because something I just heard about right before was...

Oh gosh, the zooming on this is all weird. So there's, remember I wrote this article that said unsolicited advice for Mozilla or Firefox or something like that saying, you know what? The stuff that you guys are doing is not leading you in the right path. And here are five ideas that you might write, try as a business to exist

down the line, please do that. And so they're actually coming. I mean, I really doubt they gave a crap about what I said, but they are introducing this, um, this new suite of services. How about that? So Thunderbird, it's all seems to be based around Thunderbird, their email client and Thundermail, which is a really interesting term, but they're offering like

Thunderbird Appointment, which is kind of like Calendly or TidyCal or whatever. Thunderbird Send for private file sharing. I used to love Firefox Send, but it got abused by hackers and other badness. And so then it stopped working. But you could put just like, here's a URL, here's a password. The whole file just goes away in three days. Give it to someone, and then they could have it. It was really great. And it's all end-to-end encrypted, all that kind of stuff.

Also, some AI thing because, of course, there's an AI thing. And then Thunderbird Mail, hosted Thunderbird Mail, all that. Anyway, I think this is a cool idea. Thunder Mail. Thunder. Thunderbird. Oh. So, very cool.

That's all I got for my extra. You can't spell mail without AI. That's right. Well, I'll tell you what, that seems to be what they think in their feature set. Every mail client I find is like, and now we have some terrible AI thing that will just erase all your formatting and make you have to rewrite your mail if you try to use it. But it's here and it's great. No, it's not.

Anyway, shall we? You know, Brian, we try to make it not too political here, but I got a political joke in a sense. Okay, awesome. Are you ready for it? Yeah. So this one came to us by many people. So thank you to everyone who sent us this in. Have you noticed, I don't watch the news a ton, but have you noticed that there's some talks about tariffs lately? Yeah.

I mean, look, I think genuinely it's fair to say, like, let's discuss tariffs. And if other countries have tariffs on us, does it make sense for us to not? I don't know. Whatever. I think there's a debate that can be had. But the way that it's been done is so justifiably

just chaotic and random and on and off again and so on. But somebody decided that if that's a good idea for a global trade, boy, oh boy, wouldn't that be a cool idea for Python and for program languages and particularly for these pesky external outside of the standard library packages. So I present to you Tariff, a Python package that imposes tariffs on Python import statements. Yeah.

And no, it's not just a joke. It's literally version one. It's not even zero over anymore. And it is released on PyPI. So you can literally pip install tariff

What does it do? Well, boom, fire, fist emoji, fire emoji, a little reference back to Signal, the greatest, most tremendous Python package that makes importing great again. Tariff is a fantastic tool that lets you impose import tariffs on Python packages. We're going to bring manufacturing back to your code base by making foreign imports more expensive. And so all you got to do is import it. You set your rate on the different libraries

Like 50% tariff on NumPy, 200% tariff on Pandas and so on. And then when you import NumPy, it's literally 50% slower. It takes 50% longer than before. What do you think? That'll teach them. Yeah. That'll teach them. Yeah. We're going straight back to self-hosted vendoring it in. Yeah. But what's nuts is it works. Like, you know, it's not just a weird joke idea, but somebody made it. It's open source. Yeah.

And the hat. The hat. The hat is good. Why tariff, you may ask? Because foreign packages have been stealing our CPU cycles for too long. It's time to put America first and make importing fair and balanced again. Obviously a parity package. Use it at your own risk.

Yeah, other people stealing our CPUs. We need to steal our own CPUs. Exactly. That is how we're going to do it. Yeah. Well, that's what I got for you. Is it funny? I don't know, but I think it is certainly amusing. It's not. When I look at my 401k, it is not funny. You got to laugh. You got to cry. Those are one of your two reactions. Might as well laugh. Glad I like my job because I'm going to be here for a while. Anyway.

Uh, thanks. Thanks for everything, Michael. Thanks for the joke. Thanks to everybody that shared them. Um, like we said, a lot of people, um, sent that in, but that is not a waste that also gives us a signal that we, we might want to cover it if a lot of people are thinking about it. So, so thanks. Yeah. Thank you. All right. Bye. Bye Brian. Bye everyone.