#292 Pythonic identity (auth in Python ecosystem)
Play • 1 hr 5 min
So you're excited about that next app you're about to build. You can visualize the APIs with the smooth scalability taking to the mobile apps. You can see how, finally, this time, you'll get deployment right and it'll be pure continuous delivery out of GitHub with zero downtime.

What you're probably not dreaming about is writing yet another password reset form and integrating mail capabilities just for this purpose. Or how you'll securely store user accounts the right way this time.

Don't worry, we got you covered. Our guests, Christos Matskas and John Patrick Dandison are here to cover a bunch of different libraries and techniques we can use for adding identity to our Python applications.

Links from the show

Christos on Twitter: @christosmatskas
John Patrick Dandison on Twitter: @azureandchill

shhgit live: shhgit.com
Twitch channel for Christos and JP: twitch.tv/425show

Passlib & Folding: passlib.readthedocs.io
Microsoft Authentication Library: github.com/AzureAD
authlib - JavaScript Object Signing and Encryption draft implementation: github.com
django-allauth - Authentication app for Django that "just works": github.com
django-oauth-toolkit - OAuth 2 goodies for Django: github.com
python-oauth2 - A fully tested, abstract interface to creating OAuth clients and servers: github.com
python-social-auth - An easy-to-setup social authentication mechanism: github.com

Sponsors

Talk Python Training
Linode
Python Bytes
Python Bytes
Michael Kennedy and Brian Okken
#216 Container: Sort thyself!
Sponsored by Datadog: pythonbytes.fm/datadog Special guest: Jousef Murad, Engineered Mind podcast (audio, video) Watch on YouTube Brian #1: pip search. Just don’t. * pip search [query] is supposed to “Search for PyPI packages whose name or summary contains [query]” * The search feature looks like it’s going to be removed and the PyPI api for it removed. * Alternative, and better approach, just manually look at pypi.org and search for stuff. * Right now it does this: $ pip search pytest ERROR: Exception: Traceback (most recent call last): ... [longish traceback ommited] --- xmlrpc.client.Fault: [Fault -32500: "RuntimeError: PyPI's XMLRPC API has been temporarily disabled due to unmanageable load and will be deprecated in the near future. See https://status.python.org/ for more information."] * The Python Infrastructure status page says, as of Jan 12: “Update - The XMLRPC Search endpoint remains disabled due to ongoing request volume. As of this update, there has been no reduction in inbound traffic to the endpoint from abusive IPs and we are unable to re-enable the endpoint, as it would immediately cause PyPI service to degrade again.” * This started becoming a problem in mid December. * The endpoint was just never architected to handle the scale it’s getting now. * There’s a current issue “Remove the pip search command”, open on pip. * The commend thread is locked now, but you can read some of the history. * I personally don’t understand the need to hammer search with a CI system or other. * Probably should be using a local cache or local pypi mirror for an active/aggressive CI system. * If you have scripts or jobs that run pip search , it ain’t gonna work, so probably best to remove that. Michael #2: QPython - Scripting for Android with Python * Python REPL on Android - interesting * Scripting Android tasks with Python - more interesting * Free, open source app that is ad supported. * Some people have commented that their phone is their only “computer” * With SL4A features, you can use Python programming to control Android work: * Android Apps API, such as: Application, Activity, Intent & startActivity, SendBroadcast, PackageVersion, System, Toast, Notify, Settings, Preferences, GUI * Android Resources Manager, such as: Contact, Location, Phone, Sms, ToneGenerator, WakeLock, WifiLock, Clipboard, NetworkStatus, MediaPlayer * Third App Integrations, such as: Barcode, Browser, SpeechRecongition, SendEmail, TextToSpeech * Hardwared Manager: Carmer, Sensor, Ringer & Media Volume, Screen Brightness, Battery, Bluetooth, SignalStrength, WebCam, Vibrate, NFC, USB Jousef #3: Thesis: Deep Learning assistant for designers/engineers * PyTorch (3D) / TensorFlow * The thesis: what is it actually about & goal of the thesis * Libraries mainly used: numpy, pandas * (Reinforcement Learning & GANs) Brian #4: sortedcontainers * Thanks to Fanchen Bao for the topic suggestion. * Pure-Python, as fast as C-extensions, sorted collections library. >>> from sortedcontainers import SortedList >>> sl = SortedList(['e', 'a', 'c', 'd', 'b']) >>> sl SortedList(['a', 'b', 'c', 'd', 'e']) >>> sl *= 10_000_000 >>> sl.count('c') 10000000 >>> sl[-3:] ['e', 'e', 'e'] >>> from sortedcontainers import SortedDict >>> sd = SortedDict({'c': 3, 'a': 1, 'b': 2}) >>> sd SortedDict({'a': 1, 'b': 2, 'c': 3}) >>> sd.popitem(index=-1) ('c', 3) >>> from sortedcontainers import SortedSet >>> ss = SortedSet('abracadabra') >>> ss SortedSet(['a', 'b', 'c', 'd', 'r']) >>> ss.bisect_left('c') 2 * “All of the operations shown above run in faster than linear time.” * Types: * SortedList * SortedKeyList (like SortedList, but you pass in a key function, similar to key in Pythons sorted function.) * SortedDict * SortedSet * Great documentation and tons of performance metrics in the docs. Michael #5: Łukasz Langa Typed Twitter Thread * Let’s riff on typing for a bit. * Here is my philosophy: If I have to type more than three characters to complete a symbol in my editor, something is wrong. * e.g. to go from email_service. → email_service.send_account_email() I should only need to type .sae then tab/enter. These types of things are vastly better because of type hints. * Python type hints are more malleable than even TypeScript. * Lukasz is addressing this comment: Controversial take: Types in a Python code-base are a net negative. * Points * put enough annotations and tooling connects the dots, making plenty of errors evident. * The most common to me at least is when a None creeps in. * The second bug often caught by type checkers is on the "return" boundary: one of your code paths forgets a return. * squiggly lines in your editor * Microsoft is now developing powerful type checking and code completion for Python in VSCode. This effort employs a member of the Python Steering Council, and possibly also the creator of Python himself soon. You think they would settle for "illusion of productivity"? Jousef #6: * Point Cloud operations → open3d Extras: Michael: * via Francisco Giordano Silva: On Brian's ref to using numpy all for array element-wise comparison, also please check out numpy.allclose method. Allows you to compare two arrays based on a given tolerance. Brian: * Just this: 2021 is exhausting so far. * Test & Code has shifted to every other week to allow time for other projects I’m working on. * This is probably a short term change. But I don’t know for how long. It’s definitely not going away though. Just slowing down a bit. Jousef: Engineered Mind podcast
36 min
The Cloudcast
The Cloudcast
Cloudcast Media
An Event-Driven Apps Look Ahead for 2021
James Urquhart (@jamesurquhart, Global Field CTO @VMware, O’Reilly Author) talks about event-driven application architectures, how it's changing real-time business models, and technology stack driven the evolution.  *SHOW: *483 *SHOW SPONSOR LINKS:* * BMC Wants to Know if your business is on its A-Game * BMC Autonomous Digital Enterprise * Datadog Security Monitoring Homepage - Modern Monitoring and Analytics * Try Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirt. * Okta - You should not be building your own Auth * Learn how Okta helped Cengage improve student success rates during COVID. *CLOUD NEWS OF THE WEEK *- http://bit.ly/cloudcast-cnotw *CHECK OUT OUR NEW PODCAST - **"CLOUDCAST BASICS"* *SHOW NOTES:* * Flow Architectures - The Future of Event Streaming & Event-Driven Integration * The Cloudcast Eps.43 - James Urquhart * The Cloudcast Eps.344 - Bringing AI to the Edge (Swim.ai) * The Cloudcast Eps.334 - The Future of Edge Computing (Derek Collison, Synadia) *Topic 1 *- Welcome back to the show. We’ve known you for quite a while, going back to working together on very early Cloud stuff. You’ve always enjoyed being focused on complex, distributed systems. Tell us what you’re focused on these days.  *Topic 2 *- Let’s talk about this concept of “event-driven” and flow. Where did it come from, what does it do, why is it valuable to application designers? *  * *Topic 2a *- What is a “flow” and how is it related to event-driven? *Topic 3 *- Events are data. We’ve had relational databases for data, and then we had NoSQL or eventually-consistent databases for data. Are events a new type of data, or a new way to deal with data in a different context?  (channels, replays, etc.) *Topic 4 *- Can we talk through an example of an event-driven application, or an event-driven integration between multiple organizations? How is it new/different? What unique capabilities does it bring now?  (Kafka, IoT, API Gateways, etc.) *Topic 5 *- Cloud made IT self-service. Serverless made Ops become on-demand. If I’m a business leader, what does event-driven give us?*  * *Topic 6 *- Where are we in the maturity of event-driven architectures? What might be some of the next stages coming in 2021 or 2022?   *FEEDBACK?* * Email: show at thecloudcast dot net * Twitter: @thecloudcastnet
43 min
Syntax - Tasty Web Development Treats
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Reactathon LIVE
In this episode of Syntax, Scott and Wes are coming at you live from Reactathon with audience-favorite segments including All I Want for Christmas in React, JS or Nay-s (or Both), Overrated / Underrated, Hot Take Tweets, Listener Questions, and more! Freshbooks - Sponsor Get a 30 day free trial of Freshbooks at freshbooks.com/syntax and put SYNTAX in the “How did you hear about us?” section. Magic Bell - Sponsor MagicBell, the embeddable notification inbox - magicbell.io. Use the coupon code SYNTAX to get a 20% discount if you sign up in the next two weeks. Sentry - Sponsor If you want to know what’s happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code “tastytreat”. Show Notes 04:17 - All I Want for Christmas in React is: * Suspense for data fetching * On mount animations * Unmount for me * Single file components * preventDefault shortcut * Input to state mapping 09:45 - JS or Nay-s (or Both) * Shout out to Pigeonhole * Graphene - 1) Carbon atoms organized in a hexagonal lattice, or 2) An opinionated Python library for building GraphQL Libraries in Python? * Floodlight - 1) A super simple syntax highlighter for XHTML documents, or 2) a large light used to illuminate dark outdoor spaces? * Toy Machine - 1) An early 2000s skate brand, or 2) A Vue-based GUI for creating state machines? * Joplin - 1) A free, open-source note taking and to-do application based on markdown, or 2) A city in the northwestern corner of Missouri? * Noco - 1) A JavaScript library that connects to No Code tools including bubble.io, or 2) A smart car battery maintainer & charger? * Innr - 1) A smart lightbulb, or 2) A CSS in JS library for selecting parent selectors? * Cabkoma Strand - 1) A thermoplastic carbon fiber composite rod used in modern buildings, or 2) A Redux-like state management library for Svelte? * Sputnik V - 1) Code name for the upcoming WordPress release with built-in headless CMS mode, or 2) A non-replicating viral vector COVID-19 vaccine? 18:44 - Overrated / Underrated * Deno * ESM import from URL (no npm) * Remix.run * Xstate 27:49 - Hot Take Tweets * https://twitter.com/wesbos/status/1336367385683636225 34:34 - Listener Questions * Q: If you recently started doing web dev work, which career path would you choose - startup, FANG, or freelance? * Q: TypeScript all the things? * Q: What do you do to keep up with the latest and greatest changes in tech - front-end libraries, new languages, etc.? * Q: Can you share some exclusive BBQ tips? * Q: What do you expect of Blitz.js in the next few years? * Q: What’s the first node module you install in a brand new React project besides React itself? * Q: Thoughts on using languages other than JS and TS with React like Kotlin? * Q: Do you have an approach for optimizing hi-res images that are stored in your back-end, like S3 for your Gatsby website? Links * Watch the live recording of this episode: https://www.youtube.com/watch?v=8xJpxj6T1BQ * Formik * Mux * Syntax Ep 206: State Machines, CSS and Animations with David K Piano * Check My Hair - Wes Bos * Houdini.How * Rust * Cloudinary * LockPickingLawyer YouTube Channel ××× SIIIIICK ××× PIIIICKS ××× * Scott: VS Code color conversion extensions * Wes: Acrylic lock picking kit Shameless Plugs * Scott: All Courses - Sign up for the year and save 25%! * Wes: All Courses - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! * Scott’s Instagram * LevelUpTutorials Instagram * Wes’ Instagram * Wes’ Twitter * Wes’ Facebook * Scott’s Twitter * Make sure to include @SyntaxFM in your tweets
49 min
Kubernetes Podcast from Google
Kubernetes Podcast from Google
Adam Glick and Craig Box
Cilium, with Thomas Graf
Thomas Graf is the inventor of Cilium and the co-founder of Isovalent. Cilium is a container networking plugin built on top of eBPF, bringing modern SDN technologies to accelerate your pods. Adam and Craig also discuss the many uses of Christmas trees. Do you have something cool to share? Some questions? Let us know: * web: kubernetespodcast.com * mail: kubernetespodcast@google.com * twitter: @kubernetespod Chatter of the week * Christmas trees: * Keep clear (mostly) * Culinary uses * Discussed in episodes 104 and 111 News of the week * Google grants $3m to the CNCF to run the Kubernetes infrastructure * AWS Managed Grafana and Prometheus * In partnership with Grafana Labs * Red Hat acquires Stackrox * Windows Containers GA in OpenShift 4.6 * CNCF Annual Report * KubeCon NA 2020 Transparency Report * Rancher announces Harvester * I’ll give you the key * Kubernetes 1.20 feature deep-dives: * Pod impersonation an short-lived volumes * Third-party device metrics GA * More granular control of storage permission * Sonobuoy goes beyond conformance * Project Contour security audit * Pulse: stats from Envoy Mobile * Crossplane 1.0 * Project Karavi from Dell Technologies * Cluster API provider for Microsoft Azure * Vitess project journey report * Tanzu Gemfire * Kubernetes Security Essentials from the CNCF Links from the interview * Chains and tables * Berkeley Packet Filter * eBPF * Episode 91: eBPF and Falco, with Leonard Di Donato * High level languages for kernel developers * eBPF Summit 2020 * Cilium * Is it DNS? * Is it a series of tubes? * BGP * Hubble * Accelerating Envoy and Istio with Cilium * Episode 128: Antrea, with Antonin Bas * Bringing Cilium to GKE with Dataplane v2 * Maglev load balancing connection scheduling * Isovalent * Notes on A16Z’s investment * Thomas Graf on Twitter
41 min
More episodes
Search
Clear search
Close search
Google apps
Main menu