New course: Agentic AI for Python Devs

Django 2.0

Episode #161, published Sat, May 12, 2018, recorded Mon, Apr 23, 2018
Django has reached a major milestone with its 2.0 release. This puts legacy Python (that is Python 2) fully in the rear-view mirror and brings some nice new features to the framework.

Join me with Daniel Roy Greenfeld to discuss what new best practices we should adopt and which ones are still entirely relevant.

Episode Deep Dive

Guest Introduction and Background

Daniel Roy Greenfield, often known as “PyDanny,” is a long-time Python developer who has been deeply involved in the Django community. He started his professional coding journey building infrastructure projects for NASA Headquarters, where he discovered and adopted Python for enterprise-level work. Daniel also co-authored the well-known book Two Scoops of Django with Audrey Roy-Greenfield, contributed to notable open-source libraries like Cookiecutter, and has given talks and keynotes on Python packaging and Django best practices around the world.

What to Know If You're New to Python

If you’re just starting your Python journey and want to get the most out of this episode (focused on Django 2.0):

  • Understand virtual environments: They help you isolate Python packages per project.
  • Get comfortable with basic web concepts: Knowledge of how URLs, HTML, and HTTP requests work will help you follow Django’s structure.
  • Don’t worry about “the old ways”: Django 2.0 (and beyond) focuses on Python 3, so you can learn Django without Python 2 complexities.

Key Points and Takeaways

  1. Django 2.0 Moves to Python 3 Only Django’s move to drop Python 2.7 support in 2.0 is the standout shift, simplifying Django’s codebase and encouraging the community to embrace modern Python. While this transition may require updates to older code, it significantly streamlines development, testing, and maintenance.
  2. Easier URL Routing (No More Required Regex) Django 2.0 introduced a simpler syntax for URL routing, making it more beginner-friendly. Developers who disliked writing custom regular expressions can now specify paths in a more intuitive way, much like Flask, without losing any flexibility.
  3. Django Admin is Mobile-Friendly by Default The admin interface gained a responsive design, so you can effectively manage your site on phones and tablets. Whether you’re traveling or just away from your desk, Django’s out-of-the-box admin is more convenient than ever.
  4. Upgrade Path from 1.11 to 2.0 Although 1.11 is a Long-Term Support (LTS) release, upgrading to 2.0 can be straightforward if you run Python 3 and have a solid test suite. Always test your dependencies and custom code thoroughly; if something fails, it’s likely due to external packages that haven’t been updated rather than Django itself.
  5. Security Best Practices in Django Django’s security posture remains strong thanks to features like CSRF protection, XSS safeguards, and its dedicated security team. Just remember to never deploy with DEBUG = True in production and to follow recommended security guidelines, as Django alone won’t compensate for misconfigurations.
  6. Long-Term Support (LTS) vs. Standard Releases Django 1.11 is supported until April 2020 (at the time of this episode’s recording) as an LTS, whereas 2.0 has a shorter support cycle. Organizations that move slowly may prefer to stay on LTS releases, while new projects or more agile teams will want the latest features and optimizations from Django 2.
  7. Cookiecutter and Packaging Daniel and Audrey have contributed significantly to Python packaging best practices with Cookiecutter. This tool automates project setup, ensuring consistent structure across your web apps or libraries, making it easier to implement clean coding standards right from the start.
  8. Managing Production vs. Development Settings A key takeaway is to keep development and production configurations separate, Django’s DEBUG setting is a prime example. Relying on environment variables and established patterns, such as settings.py modules with selective imports, prevents costly security oversights or downtime.
  9. NASA and the Joy of Python Daniel’s background at NASA shows how Python can power everything from secure infrastructure to internal tools. NASA’s acceptance of Python for systems integration, combined with Django’s simplicity for web interfaces, exemplifies how widely Python can be applied.
  10. Async Future for Django The conversation acknowledges that asynchronous capabilities are essential for modern web frameworks. While Django 2.0 isn’t fully async, discussions around channels, ASGI, and Python’s native async and await features signal that future Django releases may tackle real-time and highly concurrent use-cases more directly.
  1. Conference Networking and Volunteering PyCon and similar events are crucial for expanding your Python knowledge and community connections. Daniel points out that volunteering, rather than only attending talks, helps you meet new people, learn fresh ideas, and even discover new career opportunities.

Interesting Quotes and Stories

"When I discovered Python and its expressive syntax combined with its dynamic typing system, I was hooked." -- Daniel Roy-Greenfield

"If you have debug equals true in production, you can kiss your security goodbye." -- Daniel Roy-Greenfield

"Make new friends at PyCon, don’t just stick with the people you already know. That’s how you expand your horizons." -- Daniel Roy-Greenfield

Key Definitions and Terms

  • LTS (Long-Term Support): A release of Django with extended maintenance and security updates, allowing organizations to avoid frequent major upgrades.
  • Cookiecutter: A command-line utility that creates projects from cookiecutters (project templates). It helps standardize and automate initial setup.
  • WSGI (Web Server Gateway Interface): A specification for how web servers communicate with Python web frameworks. Django 2.0 still relies on WSGI for synchronous requests.
  • ASGI (Asynchronous Server Gateway Interface): A newer specification aiming to add async capabilities to Python web frameworks; Django Channels and other projects rely on this for concurrency and real-time features.

Learning Resources

Overall Takeaway

Django 2.0 opens a new chapter by embracing Python 3 and simplifying both the framework’s codebase and developer experience. While the breaking change for Python 2 users might be significant, the benefits, improved security, mobile-friendly admin, and easier URL patterns, make it a solid move for the community’s long-term progress. Daniel Roy-Greenfield’s experience, from NASA projects to open-source leadership, highlights that strong community, modern tooling, and a curiosity-driven mindset lead to better, more sustainable web applications in Python.

Danny on Twitter: @pydanny
Creating and Distributing Python Packages course: courses.twoscoopspress.com/courses
Course (Spanish edition): courses.twoscoopspress.com/courses
cookiecutter: github.com/audreyr/cookiecutter
black formatter: github.com/ambv/black
TwoScoops Django Book: twoscoopspress.com/products/two-scoops-of-django-1-11
Pyup: pyup.io

MongoDB webcast: MongoDB.com/webinar/python

Episode #161 deep-dive: talkpython.fm/161
Episode transcripts: talkpython.fm

---== Don't be a stranger ==---
YouTube: youtube.com/@talkpython

Bluesky: @talkpython.fm
Mastodon: @talkpython@fosstodon.org
X.com: @talkpython

Michael on Bluesky: @mkennedy.codes
Michael on Mastodon: @mkennedy@fosstodon.org
Michael on X.com: @mkennedy

Episode Transcript

Collapse transcript

00:00 Django has reached a major milestone with its 2.0 release.

00:03 This puts legacy Python, that is Python 2, fully in the rearview mirror and brings some nice new features to the framework.

00:09 Join me, along with Daniel Roy-Greenfield, to discuss what best practices we should adopt

00:15 and which ones are still entirely relevant.

00:18 This is Talk Python To Me, episode 161, recorded April 23, 2018.

00:24 Welcome to Talk Python To Me, a weekly podcast on Python, the language, the libraries, the ecosystem, and the personalities.

00:45 This is your host, Michael Kennedy.

00:47 Follow me on Twitter, where I'm @mkennedy.

00:49 Keep up with the show and listen to past episodes at talkpython.fm and follow the show on Twitter via at Talk Python.

00:55 This episode is brought to you by MangaDB and ActiveState.

01:00 Please check out what they're offering during their segments.

01:02 It really helps support the show.

01:04 Danny, welcome to Talk Python.

01:06 Thanks for having me, Mike.

01:07 Yeah, it's great to have you here.

01:08 I've been looking forward to having you on the show for quite some time.

01:11 So we were finally able to put it together, weren't we?

01:13 Yeah, it's been a few years since we first started talking.

01:18 Yes, it's one of the more drawn-out guest appearances, but you're finally here.

01:22 And I think the timing is really good because we now have a super major change in the Django world

01:29 in that we have Django 2.

01:30 Maybe not major in terms of features, but that's a pretty big step to have, you know, go from 1.something to 2.0.

01:38 Absolutely.

01:38 Especially considering that the big change is really under the hood.

01:44 It's basically the move from Django 1.11 to 2.0 was dropping support for Python 2.7.

01:53 So from going forward, Django is 3 and higher.

01:57 There's no other way to do it.

01:58 Should they just make it super explosive and call it Django 3?

02:01 I actually have some minor issues with the Django naming structure.

02:06 And I actually think that maybe you're right.

02:08 Going to Django 3 might have been better.

02:10 But the beauty of it, though, is that now the source code is going to be simpler,

02:15 which means, you know, it'll be more stable.

02:17 It'll be easier for them to implement more features or for the community to implement more features.

02:23 Yeah, anything that attracts more contributors and doesn't chase them away with complexity.

02:27 It's good stuff.

02:28 Yeah, absolutely.

02:29 I definitely want to focus some more on this Django 2 only being Python 3 only.

02:34 But before we do, let's make sure we get to hear your story.

02:37 How did you get into programming in Python?

02:38 Originally, I got into programming because it was fun as a student.

02:43 And as an adult, it was a much better way of making a living than working in restaurants or doing manual labor.

02:51 And since I started coding, I explored a lot of different languages before settling on Python.

02:58 I've done FoxPro, Perl, ColdFusion, Java.

03:02 The list goes on and on.

03:04 But with Python, I was lucky enough to get employed at NASA.

03:10 And there, a co-worker named Chris Shenton introduced me to it in the summer of 2005.

03:17 And at that point, I was so tired of Django's, not Django's, Java's static typing in rigidity that I had delved into ColdFusion of all things.

03:30 And because I liked the less static typing.

03:34 And I know static typing is very popular in certain circles, but it's just not what I enjoy.

03:40 And when I discovered Python and its expressive syntax combined with its dynamic typing system of, you know, where you can, you know, it's strong typing, but not.

03:53 And I've really enjoyed that.

03:54 And so I've been hooked ever since.

03:56 Hence the name PyDanny.

03:58 Yeah, of course.

03:59 That's awesome.

03:59 First of all, what were you doing at NASA?

04:02 Like what projects were you working on?

04:03 That sounds really interesting.

04:04 When I originally got hired there, it was for infrastructure support at NASA headquarters.

04:10 Is that Cape Canaveral?

04:11 No, that's actually in Washington, D.C.

04:14 And there's satellite offices, depending on the contract, in usually in Northern Virginia, but it can change to Maryland, I guess.

04:22 I'm not sure what the contract state is right now.

04:25 Those companies can just kind of like spread in a ring around D.C. and like cross borders.

04:30 It's kind of crazy around there.

04:31 Yeah.

04:32 And so what I was doing was a lot of infrastructure support.

04:36 And one of those things was tying a number of in-house projects to a X500 directory system.

04:46 That's like LDAP.

04:47 And what happened was, is that at some point, someone at NASA decided that they were going to switch to an active directory server, which is fine.

04:57 But they implemented a self-signed security certificate.

05:01 And the Java version that we were allowed to use in the day, which I think was 1.6, its implementation of Jindy couldn't interact with that.

05:11 And so Chris Shenton got it to work with TCL.

05:16 And then we figured out, him and I figured out how to do it with Python.

05:20 And so that gave us the business reason to bring Python into more of NASA headquarters.

05:26 That's nice.

05:27 I'm sure it's playing a pretty important role there now.

05:29 I believe so.

05:30 In fact, Chris Shenton has done a number of talks on using Python with AWS Lambda at NASA headquarters.

05:38 It's really fascinating stuff.

05:40 And I guess I can probably link to some of his talks at the end of this.

05:44 Yeah.

05:44 Yeah.

05:45 Throw them in the show notes.

05:45 That'd be great.

05:46 That'd be really cool.

05:47 So what was the coolest thing that happened while you were at NASA?

05:50 I got to start with Python.

05:52 Yeah, that is pretty cool, right?

05:54 Very, very cool.

05:55 Shaking hands with astronauts is a close second to that.

05:58 So yeah, pretty awesome.

06:00 It's definitely one of those places that it at least has this really big, noble goal.

06:04 Like you could go write amazing technology at like a hedge fund, but it's not the same as like, yeah, we're helping launch satellites or do whatever, right?

06:11 Absolutely.

06:12 If you ever get the chance to do something like that, by all means, do it.

06:16 Yeah, cool.

06:17 And then how do you get into open source?

06:19 Well, I got into open source because Python is all about open source.

06:23 And while Java technically is open source, when I was still doing Java, it wasn't.

06:30 It was a Sun project and then I guess an Oracle project, or it's an Oracle project now.

06:36 But it didn't have the same ethos and environment and community.

06:40 Yeah, Oracle doesn't scream like open source to me in terms of just the company culture.

06:47 I feel it's more likely somebody will show up in like a full on suit than like talk about their open source project coming from there.

06:53 But I guess there is definitely some stuff happening at Oracle.

06:56 They just released some pretty interesting new runtime.

06:59 I can't remember exactly what it's called.

07:02 Have you heard of this?

07:02 It's something with a G.

07:04 I don't pay attention to Java news.

07:06 It's GraalVM, G-R-A-A-L-V-M.

07:11 And apparently it's like a new virtual machine for Python and some other stuff as well, like JavaScript and Rust.

07:18 And I don't know, maybe it's going to be something amazing, but I haven't been paying attention enough.

07:22 So I guess give them some credit for open source.

07:25 They are doing some things these days, right?

07:26 Yes, absolutely.

07:28 So I got into open source because it was fun and it was exciting.

07:34 It was great to see people give me a pat on the back as a beginner in a new language and a new tool set that who I respected.

07:44 And those pats on the back were actually a form of credibility.

07:50 So I've been, you know, after a few years of doing that, I guess I released my first open source package in 2009.

07:56 Do you remember what it was?

07:57 Yes.

07:58 There are several that I released at that time.

08:02 The most notable one or the one with the most GitHub stars and downloads is a package called Django Crispy Forms.

08:09 And it's one of the predominant form libraries for Django.

08:13 But and at that time I called it Django Uniform.

08:16 But I had also done some clone packages.

08:20 And I think there I attempted to write a new logging library because I didn't like Python's logging system.

08:27 I think everybody goes through that stage as a Python developer, like, oh, I want to write my own logging.

08:33 The five stages of logging.

08:35 Yes.

08:35 So, yeah, I've been doing that since 2009.

08:40 And since 2013, I've been helping other people build their packages, which has been pretty awesome.

08:46 It's kind of like paying it forward.

08:48 That's really cool.

08:49 How did you get involved with Django?

08:50 At NASA headquarters, we were doing a lot of clone work.

08:54 Actually, originally, we weren't doing any web work for my first few years of doing Python.

08:59 There was essentially no web.

09:01 And then we got a project where we could use clone.

09:04 So we use clone and then nothing against clone, but it's a big, complex animal.

09:11 And so when we had a new project, which was to build a Facebook clone for internal use at NASA, we decide to use Django.

09:20 And that was at the end of 2008.

09:23 And so that's when I started with Django, was really the end of 2008, the start of 2009.

09:31 And it was a bit woolier back then.

09:35 And it's really come a long way since.

09:38 Of course, it's definitely come a long, long way.

09:40 That's awesome.

09:42 So that's about 10 years ago.

09:44 What are you up to now?

09:44 Now I do mix.

09:47 Well, I still do quite a lot of Python and Django as well, mostly with REST APIs.

09:53 My not so dark or not so hidden secret is that I actually do a lot of Flask because we use AWS Lambda a lot on our projects.

10:05 And our rule is if we don't have a SQL persistence store in the back end, then we use Flask that we don't want to staple anything in.

10:14 Or better yet, if we don't need a persistence store, we use Flask.

10:18 So that's our go-to tool.

10:21 And recently we've delved into Vue.js, some modern JavaScript, which has been kind of interesting.

10:28 I'm a big fan of Vue.js as well over things like Angular and whatnot.

10:33 What drew you to it?

10:35 Maybe tell people real quickly just like kind of generally what Vue.js is and then answer my question.

10:40 Vue.js is roughly analogous to React or Angular.

10:46 It is an open source front-end JavaScript framework for building responsive, progressive web applications.

10:54 And it can be used, you can call it by just sticking in a script line in your application.

11:01 So it's great for bringing over projects that already exist, you know, legacy projects.

11:06 But also it can be used for new projects.

11:09 And the virtue that I feel it has over its competitors is it's not as enterprise-y.

11:17 And I know the word enterprise is a word that there's multiple definitions, but I like the relative simplicity of it and its directness.

11:28 I don't have to learn a new DSL to work.

11:31 Well, I guess you do kind of have to learn a DSL to use it.

11:35 There's the template directives, but it's nothing like having to learn JSX.

11:39 Yeah, for sure.

11:40 And yeah, so I think with these frameworks, it's really a matter of taste.

11:46 But the one thing I do have to say that I like about Vue.js is it's not dependent on Facebook or Google.

11:52 Vue.js is an independently funded project.

11:57 So if Google or Facebook decides to drop their projects, there's nothing like that will happen with Vue.js.

12:06 So there's nothing like the Angular 1 to more modern versions of the Angular transition that you'll have to deal with.

12:13 That it doesn't require like CLIs and sort of compilation, transpilation steps and all that.

12:18 It's just like, like you said, drop a script file in, maybe write a little JavaScript and off you go.

12:22 Yeah, I don't use it much, but when I need that kind of stuff, that's the one I turn to.

12:26 So, and you also just released a packaging course, right?

12:29 Tell us about that.

12:30 So what happened was, is we were invited to PyCon Colombia, my wife and I, Audrey Roy Greenfeld.

12:37 We were invited to PyCon Colombia to give the closing keynote.

12:41 And we gave a talk on packaging.

12:44 And, you know, people seemed to like it.

12:47 And they said, wow, it'd be great if we could actually learn this in more detail.

12:52 So we ran a test workshop in Medellin, Colombia, where we, you know, gave out the course material free for a few days.

13:01 And the response, and we also allowed people to join in from around the world.

13:06 And the response was really stunning.

13:10 So we decided, hey, let's make this an ongoing thing.

13:14 And we decided to charge for it.

13:16 So that way, that means that we can really work on it.

13:19 Open source is great.

13:21 But without funding, you just, everything else is the priority when you're doing volunteer open source work.

13:26 So that's why we're charging for it.

13:29 And it's entirely Python neutral.

13:31 I know we're talking a lot about Django, but this is pure Python.

13:36 And it is built on proven and awesome tools like Cookie Cutter, pytest, and Tox.

13:43 It also uses proven software solutions like Read the Docs, PyUp.io, which is the security backend for Pipenv, as well as Travis.

13:54 And, you know, it's kind of with Cookie Cutter, it's kind of our mission to make packaging easier and better for everyone.

14:02 Yeah, it sounds like a really cool project.

14:03 And I love a lot of the tools you mentioned.

14:05 Cookie Cutter is great.

14:06 Like you guys, you and Audrey are behind that.

14:09 That was more Audrey's thing she was leading.

14:11 But it's still, that's going strong.

14:13 We could spend a lot of time on that, but maybe save that for another episode.

14:17 But I think things like PyUp, I use PyUp for all of my web apps to basically tell me if there's any dependency updates, and especially if there's security updates.

14:26 I think that's great stuff.

14:27 So, yeah, it's really cool.

14:29 I do wish packaging in Python was a little simpler, especially for distribution to other people, not to servers.

14:37 But, yeah.

14:38 I think...

14:39 Absolutely.

14:40 I think the next major thing, well, a thing that could be the next major thing that really ramps up the popularity and usage of Python would be making it simpler to hand out running Python applications.

14:51 That would be wonderful if it happens, especially because, you know, packaging is so important for, you know, not just open source work or running on servers, but, you know, any kind of architecture, be it monoliths or microservices, you always have repeated patterns that can be captured by installable packages.

15:10 The problem, though, is we have this, I guess, break between the pip world and the condo world.

15:17 Bridging that is pretty challenging.

15:20 And I know the condo team is trying to figure out a way to bridge that.

15:25 And I'm not an expert on it by any stretch of the imagination.

15:29 But I know when you're trying to build out projects that'll work in every environment on all the supported Python versions, I know from a lot of personal experience, that's hard to do.

15:40 And then to get it to work with pip and condo, that's even harder.

15:44 And even though there's solutions to do it, implementing them, getting them to work is not trivial.

15:50 Yeah.

15:51 And we have packaging stuff like CX Freeze, Py2App, Py2Exe, all these things.

15:55 But it seems to me like they all 95% work until they don't.

16:01 And so I dream of a day where I can just type Python dash M build or something like that, you know, and just have it like some sort of thing that is part of Python itself that truly perfectly can like replicate itself in a reproducible way.

16:17 I don't know if that's going to happen in our lifetime.

16:19 I'm telling you, I told you it was a dream.

16:21 It was a dream.

16:22 All right.

16:22 But stuff that will happen in our lifetime, I'm sure, is Django is going to continue to be going on strong.

16:29 So let's talk about Django, which is what we're actually here for, even though you've got to package those things up and put them on servers as well.

16:35 So maybe I know many people know about Django, but there's a lot of listeners, scientists, data scientists, students, and so on who maybe are not super familiar.

16:44 They probably heard the word, but give us just a quick overview of like what's the elevator pitch for Django?

16:48 Okay.

16:49 Django is a high level Python web framework designed to work with relational databases.

16:55 If you really want to, you can staple in MongoDB or another non-relational data store, but then you'd lose a lot of the virtues of Django.

17:05 And those virtues specifically are, or the primary virtues, Django makes a lot of the decisions as to which software components you use and the architecture you follow.

17:18 So that way you can focus on business logic instead of all the other pieces.

17:23 Because the truth of it is, is that your business logic is never simple.

17:28 It always gets complex, even for what seems like a simple project.

17:32 So why not let Django handle that kind of stuff?

17:37 Right.

17:37 You know, every single app that I've had that ever has interacted with customers that maybe have some kind of thing they own or they interact with or history or anything has accounts.

17:49 As soon as you have user accounts, then you have to have the ability to register, the ability to log in.

17:55 And as soon as that happens, like the very first day, someone's going to say, I forgot my password.

18:00 So you got to have email so that they can reset their password, right?

18:02 Like this, all of a sudden you're like, I just wanted to have accounts.

18:05 And now this is like a week long project, right?

18:08 This is a significant challenge.

18:10 I mean, there are companies, Okta and others that make a lot of money solving this problem for you.

18:17 And Django combined with one or two other packages just does this for you free.

18:23 Or I guess it's open source, so it's not free.

18:25 But you get the point.

18:26 It does it for you.

18:27 So that's the power of Django is that it gives that to you.

18:31 And yes, you can customize it.

18:34 If you want to use SQLAlchemy with Django, you can.

18:37 All you have to do is import SQLAlchemy.

18:40 It's not hard.

18:42 So you can make changes to it.

18:44 Sorry, I forget the name of the guest, but like a year and a half ago, you probably know better than I do.

18:49 I had the folks that wrote the book Lightweight Django, which is an interesting.

18:53 Do you remember who that is?

18:55 Yes.

18:56 I can't remember the names.

18:57 I'm so embarrassed.

18:58 But I know the book.

18:59 I know the authors.

19:00 I'm sorry.

19:01 I'll try to link to it.

19:03 Yeah, it was a great book.

19:04 And they're both really smart.

19:05 And so that was an interesting look, I thought, inside Django, where it was like, yes, you can have these big projects.

19:12 But actually, that's just how the start, the sort of create app stuff works.

19:16 It doesn't have to work that way.

19:18 We can break it down into these smaller pieces if you want.

19:20 Yeah.

19:20 And it's kind of touching on with your SQLAlchemy thing there.

19:26 Hey, everyone.

19:27 Michael here.

19:27 Did you know I'll be doing a three-part webcast series about MongoDB and Python from May to June?

19:33 We'll see why MongoDB is a great choice for Python web apps.

19:36 In this series, we'll go through the entire process of building a clone of PyPI, Python's packaging website, over at pypi.org.

19:44 Everything from building the front end to deploying the web app and MongoDB to the cloud.

19:48 You'll learn everything from document modeling basics to special considerations for running MongoDB in production.

19:54 The webinar is free.

19:56 So just click on the link in the show notes or go to mongadb.com slash webinar slash Python and sign up.

20:02 See you in May.

20:04 So some of those ideas or concepts you just talked about are definitely part of what makes Django popular.

20:10 But, you know, it came on the scene roughly around the same time.

20:15 There was like kind of a flourishing of web frameworks 10 years ago or something.

20:18 It seems like looking back, why is it so popular amongst those?

20:22 Of the other Python frameworks of the time, most of them have, actually, I think all of them have kind of faded away into very much a tertiary position.

20:33 But when it came on, there was a Python framework called Zope with a CMS that it powered called Plone that was very popular at the time.

20:40 And that framework grew out of the Java 2 Enterprise Edition version of building stuff, which was very enterprise-y.

20:50 And the more components you had, the better, to the point that to implement anything trivial like a form just took a lot of work.

20:58 Django made that, compared to projects of the time, very trivial to do.

21:05 And since then, it's maintained its popularity, even against libraries like Flask, which, you know, like I said before, I use.

21:13 And it's many clones, some of them who are asynchronous.

21:16 It does this because it, one, it has market presence.

21:21 And it makes a lot of these decisions for you.

21:24 Instead of, you know, as I mentioned before, instead of figuring out which package or component to use out of the box, Django does that for you.

21:32 So that way you can implement your project and then not have to, you know, if you want to replace it later as business needs dictate, you can.

21:41 But out of the box, it just gives you a ton of stuff.

21:44 It has the same batteries-included approach that Python does.

21:47 Yeah, that's cool.

21:48 I feel like it's easy to get kind of a hindsight bias or a curse of knowledge or whatever you want to call it, where you, as an experienced developer that's been working in Python for a long time, you're like, oh, yeah, I'm going to use this package for this.

22:01 And that package for logging, and that package for mail, and that package for data access.

22:05 And it's easy to think, well, I just want to grab my little favorite pieces and put them together and create, like, this little super web project that I'm working on, which is actually how I work a lot of the time myself.

22:17 But it's when you're new, those are not necessarily joyful things, right?

22:23 It's, like, super overwhelming.

22:25 Like, there's all these different databases.

22:27 Each of them have many ways to talk to them, either directly or through a variety of ORMs or ODMs.

22:33 And it's just, it's a lot, right?

22:36 And so I feel like Django does bring quite a bit for, you know, a significant number of people to say, here's what we prescribe.

22:44 Put in the pieces that you want of logic.

22:47 Absolutely.

22:47 And because it's Python, the other thing that's nice, and this is just Django or any Python web framework in general, is because it's Python.

22:57 It plugs in with the whole data science world, trivially.

23:00 And, you know, I'm always kicking myself thinking, gosh, I want to be doing more data science.

23:05 But fortunately, when I do get the chance to, you know, play around with Pandas, and I need to display the result of data, making it work with Django is easy.

23:16 I know people in the Node and Rails world who, you know, when they work with tools like Panda, they've got to jump through, you know, there's extra hoops to make it happen.

23:26 And thankfully, the Django and Flask and Pyramid world, we don't have to worry about it.

23:32 Yeah, that is pretty interesting that, like, so much of the machine learning stuff and the data science stuff is in Python.

23:38 And that just means, you know, you can, you know, we think about full stack programming already, right?

23:44 This is another level, right?

23:45 Another aspect of, like, you can just plug machine learning straight in, and you don't have to basically do anything, right?

23:50 Just call it.

23:51 Yeah, it's an exciting time to live.

23:53 Let's just put it that way.

23:54 Yeah, I kind of feel the same way every day I wake up.

23:56 I'm like, it's so amazing to be alive.

23:57 Let's go.

23:58 What else are we going to do?

23:59 Oh, another thing I want to bring up about Django, and this is one of my favorite selling points, is its security.

24:05 You know, if you follow Django's best practices, odds are you're going to be in a good place.

24:11 If you don't have debug equals true in production, you know, odds are you're going to be not having to worry about people penetrating your system.

24:21 And there's also a pretty large and dedicated security team that works.

24:27 I mean, the core Django team has a security group that's large and dedicated.

24:32 In fact, every version of Two Scoops of Django that we've released, the security sections have been vetted extensively by the security group.

24:44 It's, yeah, we spend more time on that, the chapters and appendices in the book for security than any other place,

24:51 just because they go over it with such a fine tooth comb.

24:56 That's really great to hear.

24:57 I mean, that's one of the things that definitely can keep you up at night.

25:01 I mean, or if you're doing this for your company, it can be dramatic when that kind of stuff slips.

25:07 So they do have such a great attention to detail on the security space.

25:11 That debug equals true problem in production, that is not good.

25:17 There was some security researcher that had, like, gone through and realized that they could actually pull the AWS secret keys out of a bunch.

25:27 And Stripe keys, MailChimp key, you name it.

25:30 The API keys that are stored, basically, in memory were things that you could just go scan and pull out of these things because they're running the debug tools.

25:39 Absolutely.

25:40 So a little bit of background.

25:43 Someone went to, I think they went through various Heroku apps or powered apps and nothing against Heroku.

25:51 But Heroku is a common target for people first learning how to deploy Django because at the basic level, it's free.

25:58 And it's simple, right?

25:58 There's like, you don't have to configure Nginx and Microwiskey or Genocorn.

26:02 You just like push app.

26:04 Right.

26:05 And I think Python Anywhere as well.

26:07 And they found 28,000 instances of people's Django projects.

26:13 And most of them were probably just simple tutorial applications where they set debug equals true.

26:18 And it doesn't matter how secure your framework is.

26:22 If you have it in debug mode in production, it's, you know, it's game over.

26:26 There's nothing that can be done.

26:28 That's your fault.

26:29 That's not the framework's fault.

26:30 It's somewhat of an education thing.

26:32 But I don't know.

26:33 Maybe you could do it.

26:35 Maybe you could somehow deal with this.

26:36 But nothing really comes to mind unless there's just like a huge scary box that absolutely appears on every page.

26:44 Then probably it would help.

26:46 But, you know, it's a tradeoff, right?

26:48 Yeah.

26:48 Yeah.

26:49 Well, definitely be sure to follow the security best practices.

26:51 But once you do, then it's all good.

26:53 All right.

26:53 So one of the things I said when we got started was the Django 2 announcement is a really big deal.

26:59 And I want to kind of set the stage for that before I ask you more about it.

27:03 A while ago, two years maybe, there was more of a debate about Python 2 versus Python 3.

27:10 And are we going to cross that chasm?

27:12 And I feel like we're kind of on the downward.

27:14 Like we're coasting downhill to like wrap that up, even though it's going to become really bumpy around 2020.

27:21 It's going to be real interesting.

27:22 Very bumpy.

27:24 Very bumpy.

27:24 But it's going to be the bottom of the hill and the bumps are going to be there.

27:27 Anyway, I think we're kind of over the debate.

27:30 But one of the things that was really interesting around Python 3 a little while ago with Django was they switched the default recommendation and just the tutorial steps of using Python 2 to using Python 3.

27:44 And that made a really noticeable difference in the PyPI download statistics for Python 3 usage.

27:50 Oh, I didn't know that.

27:51 Yeah.

27:52 Basically, the tutorial switched to say, here's how you get started.

27:55 You type Python 3, this, da, da, da.

27:56 And that made like a 5% difference in the usage.

28:00 So the reason I bring this up is that that is such a dramatic difference that even a small change has.

28:07 And now being Python 3 only, it's just going to take it to another level.

28:11 And so I think Django is one of these things that stands out in the community as really having power to move that needle on the Python 2 versus Python 3 debate.

28:22 You mentioned pandas before.

28:24 They're also going Python 3 only.

28:25 So we're seeing this in other more than just Django.

28:28 But it's a big deal, right?

28:30 Okay, so let me give you some background so I can give you my example.

28:34 I maintain or I help maintain or co-maintain a number of packages.

28:39 And some of them, for example, Cookie Cutter, which I'm one of the maintainers on,

28:43 we maintain every supported version of Python and some unsupported ones across every major operating system.

28:51 And doing that is challenging.

28:54 It's possible.

28:55 And I'm not going to say it's easy because sometimes things just suddenly break and, you know, you have Unicode issues and stuff like that.

29:04 And when you get to move a package to just one version, major version of Python, like from 2 to 3, it's wonderful.

29:14 It's bliss.

29:15 You get to remove tons of special code.

29:18 And I know there's libraries like 6 and Futures that makes it easier.

29:22 But trust me, you get to get rid of tons of code.

29:26 You have logic trees that you hope are being tested properly until someone reports an edge case.

29:33 All that goes away.

29:34 So it really lowers the amount of effort you have to put in to maintain a project.

29:41 So what this means is it's not an immediate effect for Django to move to Python 3 besides, you know, the increased downloads on PyPI.

29:50 Right.

29:51 Because it ran in Python 3 already.

29:52 It's not like, oh, now it supports Python 3.

29:54 It just drops support for the old one.

29:56 Yeah.

29:56 And the thing is, it's not that you'll necessarily see more features.

30:01 But what you may see, because maybe something's pretty feature complete, but what you may see is maintainers having more bandwidth to answer questions, to make sure that tasks are actually testing what they're supposed to be testing.

30:17 So the end result is, even if you don't see more features in a project that's Python 3 only, it will be more polished.

30:26 It will run better.

30:27 The maintainers will be able to be more responsive simply because they have less work to do in maintaining compatibility over multiple versions.

30:36 As one of the maintainers of Cookie Cutter, I can tell you we cannot wait until we only have to maintain one version of, one major version of Python.

30:46 Do you have plans for that?

30:47 In 2020, when that happens?

30:48 Eat a lot of cookies.

30:50 We're going to celebrate with cookies.

30:53 I guess that's the most formal plans that we have right now because that's still, you know, two years away.

30:59 I'm really glad to hear Guido come out and say it's January 1st and put an actual date on it because it was within a year range.

31:05 There's a lot of speculation.

31:05 Oh, so it is January 1st.

31:07 Okay.

31:07 I heard that, but I wasn't able to confirm that.

31:10 Yeah.

31:10 There was some very strong statement that Guido came out and said, like, let's not mince words or, like, be ambiguous.

31:17 It's going to be end of life.

31:19 No more support.

31:20 Period.

31:21 January 1st, 2020.

31:23 Oh, wow.

31:24 Do not expect the core developers to help you even with security.

31:26 That's it.

31:27 Like, something to that effect.

31:28 I mean, that's paraphrasing, but that's more or less what he said.

31:31 Well, who knows?

31:31 We might release a cookie cutter enterprise support edition for 2.7.

31:37 That's right.

31:37 Because we know that there's a lot of big companies using cookie cutter.

31:40 And who knows?

31:42 We know that there's a legacy Django group that has a business plan like that.

31:47 So, who knows?

31:48 As a way to kind of lead into the next question, I feel like we've been around long enough to know the whole change in the Y2K era.

31:59 Like, I remember when it was like...

32:02 I remember that.

32:02 Do you have a flight on January 1st?

32:04 You might not be able to go.

32:06 Like, the computers may be...

32:07 Like, people were, like, legitimately, like, we don't know what's going to happen.

32:10 And I think January 1st, 2020 is a little bit like that.

32:14 It's not going to be like the code is going to stop running.

32:17 But people who, you know, as soon as there's, like, some sort of major security issue and the CEO says,

32:24 I heard that there's this big problem and we kind of use the same software stack, but we're fine, right?

32:29 Like, no, we're actually not fine because you didn't fund us upgrading to Python 3.

32:32 Consultants will be hired at whatever rate they want right then, right?

32:36 So, there's going to be a definite...

32:38 Oh, yeah, that's true.

32:39 Yeah.

32:40 It's not going to be quite on the single day.

32:43 But there's going to be some serious consulting for people that know how to upgrade Django apps, upgrade Python in general, right?

32:50 Right.

32:50 So, what Mike is talking about here is after 2000, you had some of it leading up to it, but after the year 2000, COBOL developers, you know, the old programming language COBOL, which still drives a significant part of our banking system, suddenly became the hot thing.

33:08 And they, you know, they're pulled out of retirement and they were making, you know, salaries, crazy, crazy salaries.

33:15 And I remember thinking, gosh, maybe I should have learned how to program in COBOL at the time.

33:20 What he's insinuating is some of this will happen.

33:23 And I know that there are some industries where the software, like, for example, the visual effects industry, last I heard, they were still very much stuck on like Python 2.5 or 2.6 that runs inside their commercial software that they use.

33:40 And so, we'll see what happens with them in the year 2020.

33:44 Will they upgrade or we'll see.

33:46 Yeah, we'll see.

33:47 But it's going to be an interesting time.

33:49 The next question I wanted to ask you is who should be upgrading to Django 2?

33:54 First of all, there's just a couple of new, really nice features.

33:57 Do you want to touch on those first?

33:58 Sure.

33:59 Actually, what's interesting, the change from Django 1.11 to 2.0 was minor.

34:04 It was less than the change from 1.10 to 1.11, which is kind of interesting, especially for someone who published a book called Two Skips of Django 1.11.

34:14 Because we have people coming to us and saying, oh, well, it still worked with 2.0.

34:19 And it's like, yeah, 98% of the book still works.

34:22 But there are two little things that are kind of nice.

34:26 One is the routing system for URLs is very Flask-like now, the default one.

34:32 That's easier for beginners or for people who just don't like to play around with regular expressions like I do.

34:38 It always struck me as a little bit contrary to the zen of Django to have regular expressions in there.

34:47 Because Django is all about helping you make things easy and make these choices.

34:51 And, oh, by the way, here's this crazy, super hard syntax.

34:54 If you're not a programmer, you put that here.

34:56 You're like, whoa, why is this not just like clearly the name, right?

35:00 Like Flask or Pyramid or whatever.

35:02 So the contrarian in me says, what's wrong with regular expressions?

35:07 But the realist in me agrees with you.

35:10 Yeah, yeah.

35:10 I mean, think of the marketing person who decided they're going to learn a little programming so they can get some interactive site.

35:15 Like that person is going to have a hard time with regular expressions.

35:18 Yeah, I can't disagree with you there.

35:21 The other thing is the admin interface that comes with Django.

35:25 That's now mobile friendly by default.

35:27 So you don't need to install another package to make that work.

35:30 So that's really nice, especially since often when you're accessing the admin, you're doing it from your phone, trying to fix something, you know, in the middle of the night from bed.

35:41 You get woken up by like a pager thing.

35:44 Okay, we'll fix this.

35:45 Or on vacation.

35:47 Or on vacation when you have a slow connection.

35:49 So yeah, so those are the two significant changes or what I consider the two significant changes.

35:55 And as you can see, they're pretty small.

35:57 Again, the big switch with 2.0 is going to Python 3 only.

36:03 And then, you know, that leads in the question of why shouldn't you move to Django 2.0?

36:09 And there actually are a few reasons.

36:11 Django 2.0 is a standard release for Django.

36:15 And that means it is supported by the core team for less than a year.

36:20 Whereas Django 1.11 is a long-term support release, which means it's going to be supported until at least April 2020.

36:29 Although we'll see what that means with Guido dropping support for Python 2 on January 1.

36:36 Maybe it'll truncate it a little bit.

36:38 Yeah, who knows?

36:38 Yeah.

36:39 So in fact, what that means is Django 1.11 is going to be supported longer than 2.0 and 2.1.

36:47 So if you have an organization that moves slowly.

36:50 Right.

36:51 So you'll be forced to upgrade on 2.0.

36:54 Yeah.

36:55 Yeah.

36:55 If you have an organization that moves slowly, sticking with the long-term support version, it can be a really good thing.

37:01 And at NASA, we are always long-term support.

37:04 So that's why to stay on 1.11.

37:06 Are there companies that have like LTS only sort of guidelines?

37:10 Like do not use a version of Linux that's not LTS?

37:13 Do not use these packages that are shorter term and like always just stay on the LTS version?

37:18 Or is it just a culture thing?

37:19 I don't know if they have formal policies or not.

37:22 I know at NASA, we didn't have a formal one or at our center.

37:25 And it might have changed there because with the, you know, advance and DevOps and deploying stuff to the cloud, things are easier, at least at NASA.

37:35 But I know that there are certainly organizations that we've dealt with where because they know, you know, the engineers and developers know that upgrades just take a long time to implement like a major upgrade.

37:49 They rather stay on an LTS and then get the minor patch updates.

37:55 It's why Red Hat and other organizations do long-term support releases is just because the larger a group gets or the less funding it has for a project, the more likely it is to stay on a particular version of a project.

38:09 Yeah, that makes a lot of sense.

38:11 So would you recommend that people maybe start on Django 1.11?

38:15 Or is it if you're starting a new project, it's 2.0 for sure?

38:19 I say that 95% of people should be starting on the most recent version of Django, for which our book still certainly absolutely applies.

38:29 And then, you know, upgrade as soon as, maybe not as soon as the next version of Django comes out, but like the first patch release, right?

38:38 Because that's when all the secondary packages and projects update.

38:42 It's just like that with Python, right?

38:45 Like as much as I can't wait till 3.7 comes out for Python, I'm going to probably wait a little bit before start coding in it because I know that there are packages that I use that won't be supported yet.

38:57 As much as I like to be on the bleeding edge of things, I don't have that luxury.

39:03 You also don't want to wake up in the middle of the night because it's leaking memory or some weird thing like that, right?

39:09 Yeah.

39:09 So if you look at the dates, like Django 1.11 is scheduled to be supported till April 2020.

39:16 Django 2.1 is till December 2019.

39:20 So that's like right on the cusp of the Python 2 cutoff anyway.

39:23 So there's not a huge difference like currently.

39:26 No.

39:27 At four months, right?

39:28 So that's not, I don't know, if I was starting on new, I would definitely go for the 2.01.

39:32 But yeah, it's just me, I guess.

39:34 I always try to do the latest and greatest.

39:35 Yeah.

39:36 So another recommendation you have is like, you probably shouldn't move to 2 if you can't run on Python 3, which is obviously like, it's not, you shouldn't.

39:45 You cannot move to 2 if you cannot run on Python 3, right?

39:49 Yeah.

39:49 So in fact, I really try not to make fun of, you know, other software developers.

39:55 We have a challenging job.

39:57 But sometimes on some of my projects, open source projects like cookie cutter Django, someone will say, hey, it's not working.

40:03 And then they show the stack trace and it's clear they're running 2.7.

40:08 And it's like, well, you're running Django 2.0 with Python 2.7.

40:13 It's just going to break.

40:14 Not intended to work that way.

40:16 But we all make mistakes like that.

40:17 So it's, you know, like I said, I shouldn't make fun of people.

40:20 Well, I think part of it is like, we need a little bit more help from the operating system folks to make this a little bit smoother, right?

40:28 Like on my Mac, if I'm just a person, I know I want Django and I know Django uses Python.

40:33 I type Python and that comes up with a program that does a thing.

40:36 Like I might try to type pip install Django and just run it, right?

40:43 Like there's nothing along that path that's like a big warning slide.

40:46 Like you're set up for failure, but if you don't know, oh, there's this thing where there's a Python 2 and a 3.

40:53 They're incompatible.

40:54 You don't have 3 by default, right?

40:57 I mean, Linux is starting to fix the problem because they're starting to default to Python 3.

41:03 Windows ironically fixed it by not supporting it at all.

41:07 So you have to go seek it out.

41:08 Why would you seek out the old one?

41:10 I actually think that's kind of a good thing.

41:12 Yeah.

41:12 And then Mac comes with just the old one.

41:14 What do you think about all that?

41:15 Like I said, I kind of, I mean, I know with a POSIX operating system, there is no choice.

41:21 I think they do need system Python just to run.

41:24 Operating system experts can correct me there.

41:27 So I don't think taking Python out of OS X or Linux is a solution.

41:32 But in some ways I am envious of the Linux world or not the Linux, the Windows world where

41:38 to run Python, you have to install fresh installation.

41:42 And, you know, maybe the answer is with some of these projects of complexity, such as Pandas

41:50 or Django or whatever is, you know, maybe we could put in something saying, oh, you're running

41:56 the system Python.

41:57 We're not going to let you do that.

41:58 You have to go and install a new version of Python.

42:01 And I don't know how realistic that is.

42:04 I'm just not, I just don't know enough on the subject.

42:07 But having seen beginners stumble through that again and again in the Python world, I definitely

42:14 hear that.

42:15 That would be kind of ideal if we forced people to install an external version of the language.

42:21 Right.

42:21 Or I understand the system needs it, but does it have to default to Python?

42:29 Could it be Python 2 is the thing that is Python 2 and Python is Python 3, right?

42:34 Like it, I feel like they could somehow patch that up and kind of make things more or less

42:39 hang together.

42:39 Probably would take some work.

42:40 My reading is it's probably just not a priority, at least in the macOS world.

42:45 In the operating system world, I just don't see them making it a priority.

42:49 They've got other things on their plate, either for financial reasons or bandwidth reasons.

42:54 But I wonder, you know, is it possible when you run a library like Pandas, for example, can

43:01 we detect whether or not you're running the system Python?

43:04 And if so, throwing that flag down saying, hey, you need to go to python.org or install

43:10 Wakanda rather than forcing people to learn the hard way that screwing their system Python

43:17 is going to be really painful.

43:18 Yeah.

43:18 I mean, probably the error you get the vast majority of the time is like this particular

43:23 method or this attribute, like an attribute error or something to that effect or an import

43:27 error.

43:28 And that means nothing to people.

43:29 It's just like, oh, it's broken.

43:30 Right.

43:31 But if you got a wrong version of Python error.

43:33 Exactly.

43:33 That actually would go a long ways towards, oh, I have the wrong version of Python.

43:38 Not like, oh, it's broken.

43:39 It just doesn't work.

43:40 Wow.

43:40 That's a really awesome idea, Mike.

43:43 I wonder what we can do with it going forward.

43:46 It's not hard.

43:48 Right.

43:49 Just check system version.

43:51 Right.

43:51 But it's it's seems like just a little bit of communication.

43:55 But yeah, I I hear the problem.

43:57 I would prefer that the operating systems come with modern Python if they're going to have

44:01 it.

44:01 But who knows what what could we do?

44:03 This portion of Talk Python To Me is brought to you by ActiveState.

44:09 ActiveState gives you a faster way to build and secure open source runtimes from your first

44:14 line of code through to production.

44:15 Every second you spend building your Python distro or trying to secure your Python programs

44:19 is less time spent doing the work you love.

44:22 You've got better things to do than trying to resolve dependencies or making sure that you

44:25 tick off all security boxes when you ship to production.

44:28 Standardize on your Python builds so you can have less friction in the development cycle and

44:33 you can deliver apps faster.

44:34 You can also get a unique server side way to verify your Python applications at runtime.

44:39 Bake security right into your code without impacting performance.

44:42 Go faster.

44:43 Spend more time doing the work you love and comply with your enterprise security needs.

44:47 Try ActiveState and see why it was chosen by IBM, Microsoft, NSA, Siemens, PepsiCo and more.

44:53 Join millions of developers who trust ActiveState to build their open source language distros.

44:58 Visit talkpython.fm/ActiveState for a special offer.

45:01 That's talkpython.fm/ActiveState.

45:04 Greetings from the expo booth here at PyCon.

45:07 I just want to add one quick thing to that spot you just heard.

45:10 The ActiveState folks just had a really cool announcement.

45:13 So if you're here at PyCon, drop by their booth and ask them about it.

45:18 They'd love to tell you about it.

45:19 All right.

45:19 Hope you enjoy this episode.

45:20 And if you didn't make it to PyCon this year, you owe it to yourself to do it next time.

45:27 All right.

45:27 So generally, you're thinking the advice is, unless you have some kind of major blocker,

45:32 one of these edge cases we talked about, it's all about Django too.

45:35 It's all about Django too.

45:36 Always go forward.

45:38 Is there more to it than pip install dash capital U Django to upgrading?

45:44 Or do I need to change configuration files or anything like that?

45:47 In a perfect world, it's really easy.

45:49 You just do pip install dash U Django, then run your tasks and deploy.

45:54 But the Django world has a large and comprehensive ecosystem of packages and products.

46:01 You know, Audrey and I had a part in building and maintaining it for a long time.

46:06 We've stepped away in the past, I guess, two years.

46:09 So sometimes your auxiliary packages don't work.

46:13 And this is why it's so critical to have tests.

46:17 Because, I mean, you know the drill.

46:19 You update a package and then you run your tasks.

46:22 And if something breaks, then you see if it's something in your code that's breaking or if it's something in a third-party package.

46:29 And then in which case, maybe you need to update that.

46:32 And tools like pyup.io, which is created and maintained by my good friend, Jan Eskabauer, that certainly makes it easier.

46:39 But you still have to run those tasks.

46:42 And this is, you know, my favorite reason to include tests.

46:46 It's less to find bugs and more to make upgrades for versions of Python and Django and other tools easier.

46:52 It's more the smoke test rather than the nuanced unit test, right?

46:55 Like, does it generally hang together?

46:57 Exactly.

46:58 So fortunately, what I found is upgrading from 1.11 to 2.0 is pretty easy.

47:04 There is none of the, from 1.10 to 1.11, I think it was, the way that Django handled cross-site request forgeries was changed.

47:16 And if you had a busy, you know, very, very busy project with millions of users, if you deployed it and all of a sudden for a few minutes, everybody's forms stopped validating, that made upgrades or upgrading from 1.10 to 1.11 challenging.

47:32 But fortunately, with going to 1.11 to 2.0, for us, it's been really trivial.

47:38 It's been really sweet and easy.

47:40 So I think that was kind of intentional when they went from 1.11 to 2.0 and the big change being the version of Python or that it doesn't support 2.7 is just to keep that advance easier.

47:54 Yeah, it's clever to make that there.

47:56 So that sort of decision to say the way people perceive it, the change is going to be actually really small.

48:01 So encouraging people to get on that new track that's Python 3.0 only is really not scary.

48:07 It's not like, oh, we've changed some settings, config format or something, and you've got to make sure you change that, too.

48:12 For us, at least, it's been very easy.

48:14 And this doesn't just apply to Django with Pandas or other tools.

48:19 This is one that, like I said, is a great justification for having tests is that it makes these upgrades easier, especially as we move to the Python 3.0 only world of the future.

48:29 Yeah, just create a new virtual environment, check it out again somewhere else, do the upgrade, run the requirements, do the upgrade, run your tests.

48:39 If that works, you're probably good, right?

48:41 You don't have to break what you have sitting on your main desk, right?

48:44 Absolutely.

48:44 Nice.

48:44 So what's the future, Django?

48:46 I'm not a core developer, so people often think that I am.

48:50 So I don't really know too much about what's coming.

48:53 When I have looked at the roadmap, there hasn't been anything super concrete that's changing.

49:00 But again, I'm not really in the loop, and I don't go to that many Django-specific conferences, so I just don't know.

49:08 There are some things that I would love to see, though.

49:12 Deployment is still kind of a pain.

49:15 I know there's services like Python Anywhere and Heroku and now Zappa that make it easier, but I've always wondered if there's a way to make those hooks a little bit better and easier.

49:27 And also, we're in a world of data science, and for better or for worse.

49:34 And having Django integrate better with those tools, I think, is something we're going to see more of in the future.

49:42 There aren't that many huge and easy to lose, not huge, I guess that's the wrong term, but comprehensive libraries with good documentation on how to integrate, pulling data out of a server, running it through Pandas or PyTorch or whatever, and then displaying that with Django.

50:00 There's the odd blog post or Stack Overflow answer, but I'm guessing in this year we're going to see that start to change.

50:09 Because part of data science is displaying your data, displaying the results.

50:14 And you can crunch numbers all you want.

50:18 You can data wrangle.

50:18 You can do all that stuff.

50:20 But if you don't display your data, especially with a large project that needs to be able to do this for its end users, who's your customer?

50:29 The sales team?

50:30 That may not be enough for you.

50:31 For sure.

50:32 And we've got things like Jupyter, JupyterLab, and there's a whole explosion of notebook solutions.

50:38 But in the end, maybe you want to show it, like you said, not publish a paper of data to your sales team, but give them dashboards within the app and things like that.

50:47 Yeah.

50:47 And not to bring up politics, but I don't know too much about the whole thing with Cambridge Analytica.

50:55 But from what I'm gathering, part of what they were giving were reports to end users.

51:01 And, you know, while that might have been done for the wrong cause and the wrong purpose, there's a sales opportunity for you, which is for consultants or companies around the world, which is you have this framework, Django.

51:15 You have all these machine learning and data science tools that are accessible via Python, providing a means for publishing that data is part and parcel in what we do as engineers.

51:26 Yeah, for sure.

51:27 And making that easier and beautiful, that'd be awesome.

51:29 All right.

51:30 Well, let's go ahead and actually have one more question before we drop off, Django, that I wanted to, I threw here at the end, I want to ask you.

51:36 So one of the really powerful things that we have in Python 3 these days, and it started 3.4, 3.5, but really came into its own in 3.5 with async and away is the whole asynchronous programming model.

51:49 And that's like largely missing from the main web frameworks, right?

51:56 Like, just you can't throw an async Jenga view up there or an async flask view or an async pyramid view or whatever, right?

52:04 And a wait on various things.

52:06 Do you see stuff like that coming?

52:08 Do you think it's important?

52:09 I think it's critically important.

52:11 One of the things is when you play with a language like modern Python outside of the web or with Go or with JavaScript is async is just getting easier and easier to implement.

52:25 It's more straightforward.

52:28 And the issue, though, with Python web frameworks is that this is a very hard problem, be it Django, Flask, Pyramid, or whatever.

52:37 They're all based on a WSGI.

52:38 They're all based on WSGI.

52:40 And WSGI follows a very precise request and response cycle.

52:45 And while Andrew Godwin has been working on channels for Django, which provides an asynchronous system and it's powered by asyncio under the hood.

52:56 But they're all these like we have Quart for Flask, which is really nice.

53:00 But they're all like, we're going to take this and make a copy of it.

53:03 And it'll be really, really close to the thing that you want to have.

53:07 Right.

53:07 Django, Flask, whatever.

53:08 Right.

53:09 But it's just they have not made their way into these major, the actual official major frameworks.

53:13 I think that Django is too resistant to breaking backwards compatibility that I don't see it happening in the next couple of years, which I think is kind of a shame.

53:24 You know, I think Andrew Godwin should just be committing right to core, right to the master branch.

53:30 Yeah.

53:31 The stuff he's doing is awesome.

53:32 I had him on the show quite a while ago and people can go back and listen to the whole episode on that.

53:36 Yeah.

53:37 I think Flask's API is pretty stable, but there are async clones for Flask.

53:41 I think there's Sanek.

53:42 There's API star.

53:44 There's a bunch of these things.

53:46 But even though these things exist, deployment isn't really that straightforward.

53:52 I know that you can deploy a channels application on Heroku and I'm pretty sure you can probably do it on Python anywhere.

53:58 But it's not the default operation.

54:01 It's not for people who are just new to the system.

54:04 It's an advanced topic.

54:06 And I think that's a shame because the way of the world is async, right?

54:11 That's the trend.

54:12 And it's not a trend.

54:14 It's the way things are going.

54:16 Now, Andrew Godwin has his own specification that he wrote or actually created.

54:22 It's not his specification called ASCII, which is asynchronous service gateway interface.

54:27 But until I think we have a long way, I think WSGI is so entrenched in our Python world that it's really hard to break out.

54:38 And I think it's a shame.

54:39 And I think if someone came up with a business model to get around that, they would make a lot of money.

54:45 I know I would use that system in a heartbeat.

54:48 As much as I like using EC2 and playing around Zap on Lambda to be able to do asynchronous easily with easy deployments without having to stand up my own server or use a platform as a service system that's super integrated in itself.

55:06 For me, that would be awesome.

55:08 I'd love to see something like that.

55:09 But I think that's not going to happen for several years.

55:13 Yeah.

55:13 It's kind of a bit of a chicken and egg kind of blockade thing.

55:17 But it'll break free.

55:18 It'll come out.

55:19 It just sooner would be better.

55:21 Every time I hear somebody say, oh, we're switching to go for because the performance is better async and whatever.

55:27 Part of the problem is somewhat self-inflicted.

55:30 And it could easily be fixed with just a slight, like basically a one function called deep, deep down from process request or whatever it's called to like process async request.

55:41 And it like kind of cracks loose, you know.

55:43 But yeah.

55:44 Okay.

55:45 Someday we can look forward to the future with async methods and all the major frameworks.

55:49 Yeah.

55:49 I can't wait.

55:50 These creative and powerful.

55:52 Yeah.

55:52 Knockoffs.

55:53 But let's bring those back in.

55:55 Right.

55:56 Nice.

55:56 Okay.

55:56 Well, let's touch really.

55:57 We're getting low on time.

55:59 But maybe just tell us a little bit about your Django book.

56:01 It's been one of the more popular ones.

56:03 So you have two scoops of Django, right?

56:05 Yeah.

56:06 Two scoops of Django.

56:07 And it's been out since 2013.

56:09 We're on the fourth edition, which is kind of awesome.

56:13 If we do another version, we won't release it until next year, which is when the next time a long-term support version of Django is released.

56:22 And if we do it, we'll make.

56:24 You're going to call it two scoops of Django 2?

56:26 2.2.

56:26 It'll be two scoops of Django 2.2 if we do it.

56:29 And because it's so much work to do.

56:32 If you want to inflict pain on an enemy, get them to write a book.

56:35 And if we do it, we're planning some substantial changes.

56:41 Like we'd probably have much more, touch a lot more on asynchronous stuff, especially with Python 3.

56:48 And we'll get to get rid of all of the Python 2 stuff, which will be awesome.

56:52 Yeah, yeah.

56:52 That's really cool.

56:53 So what are some of the core principles from your book?

56:55 With two scoops of Django, it's a big book.

56:58 It's 550 pages.

56:59 But you can boil it down to you want to embrace best practices.

57:03 Pet bait, good import policies, having tasks, be aware of security, understand your tools, and try to keep your implementation of everything as simple as possible.

57:15 Because your business logic, no matter what your project is, is never going to be as simple as you think it's going to be.

57:22 The other thing that we did that really helped with it was have a lot of fun examples.

57:28 I mean, that's the theme, ice cream, right?

57:30 Audrey insisted on that.

57:32 And she did the illustrations.

57:35 And while she was also doing the illustrations, I need to point out, she wrote more of the book than I did.

57:40 So I'm the loud one on social media, but she's the more productive one.

57:45 You don't go to MIT and not know how to write about Python and Django.

57:50 And of course, there's the ice cream theme.

57:52 And that ties into the fun examples.

57:55 A lot of programming books.

57:56 We've seen a lot of changes since the release of our book.

57:59 And other books like, you know, Land of Lisp, they've gotten more colorful.

58:04 But when we first came out, we were like a fresh rock being dropped into the pond.

58:10 It was kind of awesome at the time.

58:11 And now we're not so significant, which is kind of sad.

58:14 A fresh replacement for a few and a bar.

58:16 Or a spam.

58:17 I love spam.

58:18 But yeah, that had gotten very old.

58:20 That's for sure.

58:21 All right, cool.

58:22 So definitely recommend your book.

58:24 It's a good one.

58:24 I guess one final thing I want to ask you about, because we were talking before we hit record.

58:29 You have some good advice for folks is PyCon is coming up.

58:32 This episode, I don't remember how the timing is going to line up.

58:35 This is going to be like right around PyCon.

58:37 It may be the week of PyCon that this comes out.

58:40 So what's your advice for people getting the most out of that conference?

58:43 My advice to PyCon is, first of all, you should go if you can.

58:48 And if you can't go to the one in the U.S. or North America, you should go to your local regional one.

58:54 And then if you go, don't hang out with your friends.

58:58 Make new friends.

59:00 You are there to broaden your horizons.

59:02 And hanging out with your friends, I know it's easy.

59:04 And I know you're nervous.

59:06 I know you're scared.

59:07 But by making new friends, you're going to broaden your horizons.

59:10 You're going to learn new ideas.

59:11 You're going to make new connections.

59:13 And that is why you are there.

59:16 And while you're doing that, don't show off how much you know.

59:20 Instead, ask questions.

59:23 And yeah, if someone starts to explain something that's super trivial and obvious to you, maybe you've got a PhD in a particular field and it's on your label and someone starts to explain it to you, then yeah, you can start showing off how much you know.

59:39 But really try to focus on asking questions.

59:42 Because you're there to learn, not to show off what you know.

59:46 And I know as someone who has gone to conferences and hire people, I'd rather hire someone who is eager to learn and find out new things than a know-it-all.

59:57 I definitely second that.

59:58 Yeah, for sure.

59:59 And then if you have been to a conference before or if it's your first one, volunteer to help in a session.

01:00:06 If there's a volunteer process, get involved.

01:00:09 And again, the reason is you're there to make connections.

01:00:13 You never know who is going to be there helping out with you.

01:00:17 I've certainly made some life-changing differences in my career by volunteering and just happening to meet that right person.

01:00:26 And so that's really important.

01:00:29 But overall, just try to break free of the patterns that you have.

01:00:33 And if you're worried about looking like an idiot, don't.

01:00:38 Because people will forget you.

01:00:39 If you do something that's embarrassing and you think it's embarrassing, but most people won't really care.

01:00:46 They'll be like, oh, whatever.

01:00:47 It's just another overeager conference goer.

01:00:51 I know I've done some things that are really embarrassing and no one remembers but me.

01:00:56 Like, I can assure you that.

01:00:58 And I'm not talking about offensive things.

01:01:00 Like, don't be offensive.

01:01:01 But if you happen to start explaining to this middle-aged guy, you know, that Python 3 is going to be taking over on January 1.

01:01:11 And then someone points out to you that's Guido Van Rossum.

01:01:14 You know, he's not going to remember that.

01:01:16 In fact, he would probably appreciate somebody coming up and saying that to him.

01:01:20 Yeah, you're not.

01:01:21 It's going to be okay.

01:01:22 Just break free of your normal habits and broaden your horizons.

01:01:27 Good advice.

01:01:28 One thing about PyCon, at least PyCon US, because it's so large, that there's an opportunity to tie all three of those suggestions up into one quick and easy thing.

01:01:37 A lot of conferences have people on the stage.

01:01:40 There's one track or something.

01:01:42 There they have the open sessions.

01:01:43 And so you can volunteer by proposing and kicking off an open session.

01:01:49 Your friends may not come.

01:01:51 And you have to ask questions because there's no presenter.

01:01:54 So it's all about sitting there and having a conversation.

01:01:56 So I definitely recommend people embrace the open session side of things.

01:02:00 Open space, whatever they call it officially.

01:02:02 Because that's something that's not recorded.

01:02:05 It's only a live experience.

01:02:07 And it gets you involved.

01:02:08 Absolutely.

01:02:09 Nice.

01:02:09 All right.

01:02:09 Well, we're just about out of time.

01:02:12 But before we call it a show, let's ask you the two questions.

01:02:16 So if you're going to write some Python code, some Django code, what editor do you use?

01:02:20 So I run and I have a 2011 MacBook Air.

01:02:24 And so an IDE like PyCharm is just going to break it.

01:02:29 It worked several years ago, but it's not going to work now.

01:02:33 So I just use Atom because it runs and it runs fast these days.

01:02:38 And also if I need to install it on a new machine, as much as I like Sublime, what I like about Atom is I can just install it and go.

01:02:46 Because we have a couple test machines for Windows and other operating systems that I don't use that often.

01:02:51 And I can just get Atom going in about 20 minutes.

01:02:56 It's something that's always there and you don't have to change depending on where you are.

01:03:00 That's pretty nice.

01:03:01 And I don't need to learn arcane commands like with Vim or something else.

01:03:05 Exactly.

01:03:05 Exactly.

01:03:06 I'm with you on that.

01:03:07 So notable PyPI package?

01:03:09 So I'm going to list two.

01:03:10 I know we're short on time.

01:03:12 The first one is Black, which is the uncompromising code formatter.

01:03:16 And it's awesome.

01:03:18 I'm replacing PyFlakes and all these other tools on my project with it.

01:03:22 And the reason why is because I cannot keep, this is my dark secret, I cannot keep single quotes and double quotes from getting into my code.

01:03:30 And Black just fixes all of that.

01:03:32 And no one complains or yells at me.

01:03:33 Oh, it fixes that.

01:03:34 That's pretty interesting.

01:03:35 Yeah.

01:03:36 So we're trying to figure out on our projects how to get it to run and clean stuff up the way we want.

01:03:44 But yeah, Black is awesome.

01:03:46 And comes in any color you want, as long as it's black.

01:03:48 Exactly.

01:03:49 And the guy who founded it, Rikash Langa, he's a friend of mine.

01:03:52 But that's not why I use it.

01:03:54 Well, maybe a little bit.

01:03:55 That's why I noticed it.

01:03:56 But it's Black is awesome.

01:03:58 Okay, cool.

01:03:58 And then another one's close to home for you guys, right?

01:04:00 Yeah, that's Cookie Cutter because, well, packaging.

01:04:04 And it's our most popular project.

01:04:07 It's got over 7,000 GitHub stars.

01:04:09 There's a lot of Fortune 500 companies who use it, which is kind of flattering in government organizations.

01:04:16 Whenever I want to ego trip, I just go into GitHub and search for Cookie Cutter packages.

01:04:22 Yeah, there's a bunch now.

01:04:23 It's really cool.

01:04:24 Yeah.

01:04:24 Nice to see that doing well.

01:04:25 Okay.

01:04:25 Awesome.

01:04:26 Yeah, I definitely recommend Cookie Cutter as well.

01:04:28 A lot of the web frameworks are starting to adopt it as the way to scaffold up the apps as well.

01:04:33 Pyramid went all in on that.

01:04:35 I don't know about Django.

01:04:36 They're not using it, are they?

01:04:37 No, but there's a lot of templates for building Django projects that use Cookie Cutter.

01:04:43 Right.

01:04:43 There's independent templates that you can just, you know, Cookie Cutter or whatever the link is and create your Django project, right?

01:04:49 Exactly.

01:04:50 Yeah, nice.

01:04:50 All right, final call to action.

01:04:52 People are excited about Django 2.

01:04:54 Dropping that Python 2 aspect.

01:04:56 What do you recommend for them?

01:04:57 Final call to action.

01:04:58 Use Django 2.0, the most recent version of Django, if you can, and buy our book because even though it says 1.11 on the label, it still applies.

01:05:08 That's awesome.

01:05:08 And of course, your packaging course as well, right?

01:05:10 Yes.

01:05:11 It's available in both English and Spanish.

01:05:13 Although we talked a lot about Django, the course itself doesn't mention or doesn't have anything to do with Django.

01:05:20 It's Python specific or it's Django free, however you want to call it.

01:05:25 Yeah.

01:05:25 Perfect.

01:05:28 Perfect.

01:05:28 Perfect.

01:05:28 So I'll put a link to all that stuff in the show notes.

01:05:30 Okay.

01:05:30 All right, Danny.

01:05:31 Thank you so much for being on the show.

01:05:32 It was great to chat with you and talk about the web.

01:05:34 Thank you for having me.

01:05:35 Yeah.

01:05:36 Past, present, and future.

01:05:37 It's going to be a good ride, right?

01:05:39 Absolutely.

01:05:39 Yep.

01:05:40 Talk to you later.

01:05:40 Bye.

01:05:41 This has been another episode of Talk Python To Me.

01:05:44 Today's guest.

01:05:45 Today's guest has been Daniel Roy Greenfield.

01:05:47 And this episode has been brought to you by MongoDB and Active State.

01:05:51 Interested in seeing how web apps are built with Python and MongoDB?

01:05:54 Register for my webinar I'm doing with MongoDB over at mongodb.com slash webinar slash Python.

01:06:00 See you there.

01:06:01 Active State gives you a faster way to build and secure open source runtimes.

01:06:07 From your first line of code through to production, check it out at talkpython.fm/active state.

01:06:13 Want to level up your Python?

01:06:15 If you're just getting started, try my Python jumpstart by building 10 apps or our brand new

01:06:20 100 days of code in Python.

01:06:22 And if you're interested in more than one course, be sure to check out the everything bundle.

01:06:26 It's like a subscription that never expires.

01:06:28 Be sure to subscribe to the show.

01:06:30 Open your favorite podcatcher and search for Python.

01:06:33 We should be right at the top.

01:06:34 You can also find the iTunes feed at /itunes, Google Play feed at /play,

01:06:39 and direct RSS feed at /rss on talkpython.fm.

01:06:43 This is your host, Michael Kennedy.

01:06:45 Thanks so much for listening.

01:06:46 I really appreciate it.

01:06:47 Now get out there and write some Python code.

01:06:49 I'll see you next time.

Talk Python's Mastodon Michael Kennedy's Mastodon