Flask goes 1.0
David Lord is here to share the big news with. He's the maintainer of Flask and we dive into the new features as well as the future directions of Flask with him.
Bio photo credit: Paul Collins (@paul_collins)
Overcast
Apple
Castbox
PocketCasts
RSS
RadioPublic
Spotify
Pro Edition
YouTube
Links from the show
David Lord's site: davidism.com
Flask site: flask.pocoo.org
Pallets Project: palletsprojects.com
Pallets GitHub Org: github.com/pallets
Donate to Pallets (redirects to PSF): palletsprojects.com/donate
Authlib package: authlib.org
Flask-Talisman: github.com/GoogleCloudPlatform/flask-talisman
Episode transcripts: talkpython.fm
--- Stay in touch with us ---
Subscribe to Talk Python on YouTube: youtube.com
Talk Python on Bluesky: @talkpython.fm at bsky.app
Talk Python on Mastodon: talkpython
Michael on Bluesky: @mkennedy.codes at bsky.app
Michael on Mastodon: mkennedy
Episode Transcript
Collapse transcript
00:00 Flask is now eight years old, and until recently had been going along pretty steady state.
00:04 It had been hanging around at version 0.11 and 0.12 for some time.
00:09 After a year-long effort, the web framework has now been updated to Flask 1.0.
00:14 David Lord is here to share the big news with us.
00:17 He's the maintainer of Flask, and we dive into the new features, as well as the future directions of Flask with him.
00:22 This is Talk Python to Me, episode 177, recorded August 30th, 2018.
00:28 Welcome to Talk Python to Me, a weekly podcast on Python, the language, the libraries, the ecosystem, and the personalities.
00:48 This is your host, Michael Kennedy. Follow me on Twitter, where I'm @mkennedy.
00:52 Keep up with the show and listen to past episodes at talkpython.fm, and follow the show on Twitter via at Talk Python.
00:59 This episode is brought to you by Linode and 10x Agent On Demand.
01:04 Please check out what they're offering during their segments. It really helps support the show.
01:07 David, welcome to Talk Python.
01:09 Hello. Thanks for having me.
01:11 Hello. Yeah, it's great to have you here.
01:13 It's really good to see lots of vibrant activity around Flask, and I know you're at the heart of much of this activity,
01:20 and I'm super excited about diving into it with you.
01:23 Yeah, let's get started.
01:24 Yeah, for sure. And so we're going to dive into Flask and the news that Flask 1.0 is now out.
01:29 That's a big deal, but let's get started with just your background.
01:32 How do you get into programming in Python?
01:33 Let's see. So I've been programming most of my life.
01:36 I got into it probably around like second grade or so.
01:39 Got a book about HTML, started making websites.
01:42 Nice.
01:42 Where I really like started and what I thought I wanted to do, and I think this is the story for a lot of people,
01:46 is I thought I wanted to make video games when I grew up, because I started with a game maker when I was in like middle school and everything,
01:54 making like 2D games.
01:56 I wish I had saved now, but I didn't know about Git back then, so I didn't know about this back then maybe.
02:02 So they faded into the digital dust?
02:05 Yeah, unfortunately.
02:06 So yeah, I got started that way and then went to college for computer science
02:11 and eventually just kind of settled on like, oh, web apps are pretty cool.
02:15 Like I started making like some small things for groups I was involved with,
02:19 and eventually that's how I got into Python also.
02:23 There was like a Python course in college, but even before that, I started thinking like, hmm, what can I do next?
02:29 Because I'm just doing Java here and it's not that exciting.
02:32 So I went one summer and I was looking at how to make a web application and I came across Ruby on Rails and Django.
02:38 So I looked at both of them.
02:40 Two very different directions that could have gone great.
02:43 Yes.
02:44 I looked at both of them.
02:45 Looking at the growth curves and popularity curves of these two languages,
02:49 you know, 10 years out or whatever, you probably got a good choice on the fork in the road there.
02:54 Yeah.
02:55 I mean, I'm sure there's plenty of good stuff you can do with Ruby also,
02:58 but back when I was starting, I looked at both of them, looked at the code and said, not knowing Python or Ruby,
03:04 hey, I can read this Python.
03:05 It makes sense.
03:06 And so I just started using that.
03:09 Picked up the Django tutorial back when I think it was like 0.8 or so.
03:13 And I think Flask may have just come out or was going to come out the next year.
03:18 So it was like 2008, 2009 around that.
03:22 And so that's how I got started.
03:23 It just kind of went from there.
03:24 Yeah, that's awesome.
03:26 So I guess one of the interesting follow-up things is like, how do you go from Django to Flask?
03:31 Like I just interviewed some folks for the Python survey done with the PSF
03:37 and JetBrains collaboratively.
03:38 And the number one framework, the most popular framework that anybody picks up for anything in Python is Django.
03:46 And so it's certainly really popular.
03:48 So you've strayed.
03:50 You've strayed from Django.
03:51 How did you get over to Flask?
03:52 It's funny.
03:53 I want to touch on those most popular things also.
03:56 I don't want to start a fight with Django or anything.
03:57 But we'll go into how I did Flask first.
04:00 So for my job after college, I got put on a contract where it was basically open-ended.
04:06 Like they wanted this.
04:07 I mean, this is literally the line I got the first day I walked into the client's office was,
04:12 we have this spreadsheet.
04:13 Can we put it online?
04:15 Like an Excel spreadsheet.
04:18 And so the company I was working at, and I still work for them, they were a Java shop.
04:23 And that's what my previous projects had been in.
04:27 But I was the only person on this contract over at the client's office.
04:31 I said, yeah, we can put that spreadsheet online in Django, which I've been learning, which I was learning before I started here.
04:37 And I did it before anybody could say anything, you know.
04:41 You know, the best way to quiet dissenting voices in those situations is to show them something working.
04:49 They're like, oh, you should use Java.
04:51 Wait, that works.
04:52 You're already done.
04:53 Okay.
04:54 Well, I guess, all right, fine.
04:55 You can do that, right?
04:57 Did it go something like this?
04:58 By the time they checked in a couple weeks later, we already had like a working prototype.
05:02 And, you know, we've gone beyond the spreadsheet at that point.
05:05 Yeah.
05:05 Have they been using like the spreadsheet as like almost a web app database?
05:10 Were they like mailing it around?
05:12 What was the story?
05:13 I don't know how many details I want to give like publicly.
05:17 Yeah, yeah, sure.
05:18 It was basically they were keeping track of how secure their computers were for various audits that they needed to do.
05:25 And everybody was just basically reporting about their computers and somebody was filling out a spreadsheet.
05:30 And then they would go and look at the statistics every now and then.
05:34 So they wanted some way to people can like report that automatically.
05:37 They can get the reports about compliance automatically.
05:42 So it's kind of like just a data collection and reporting.
05:46 Yeah, I just I asked because it seems like there's just so many sort of holes like that that Excel fills.
05:52 That was just a little bit of skill.
05:54 You know, like a much better solution would be in place.
05:56 Yeah.
05:57 Well, the contract ended up lasting like three years and far outgrew what Excel would ever have done.
06:03 But it started from pretty humble beginnings.
06:05 Nice.
06:06 Okay, so that's Django.
06:08 So how'd you get to Flask?
06:09 Right, right.
06:09 So we were on Django.
06:10 And so we made this prototype and it was working well.
06:13 And they're like, well, we want to start using this every, you know, for the company now.
06:17 And so we deployed it and it ended up being too slow.
06:22 Now, I'm not saying Django is too slow.
06:24 That's probably partially on me.
06:26 Like I was still learning and everything.
06:28 But at the time, you know, it was a SQLite database.
06:32 The templates were kind of slowing down in rendering.
06:36 And the biggest problem was the ORM at the time.
06:39 And I know you can do clever things even in the Django ORM.
06:42 But I like was trying to do all these reports and aggregates and everything.
06:46 And it was kind of finding Django.
06:48 So I started looking for something, you know, alternatives.
06:52 I found SQLAlchemy.
06:53 And I found Flask, which SQLAlchemy was used with a lot.
06:56 So I said, okay, I'm just going to rewrite the whole thing in Flask and see what happens.
07:01 And that's about how it happened.
07:02 I just had a Django site and I needed more performance and more customizability.
07:08 And so I switched to Flask.
07:09 Yeah.
07:10 And was it pretty easy?
07:11 Was it like a couple days?
07:13 This is like six years ago now.
07:15 But yeah, it was pretty straightforward.
07:18 And like I said, like, I think I probably could have accomplished the same thing in Django eventually.
07:23 I knew a lot less at the time also.
07:24 And so I was more just exploring what was out there.
07:26 But it was definitely, we built something on it for three years after that.
07:30 Yeah.
07:30 So it was a really good foundation in the end, huh?
07:32 Yeah.
07:33 I'm a fan of the micro framework style.
07:35 You know, take a small web framework, pick the ORM and other tools that you want to use for that situation and put them together.
07:43 I don't know.
07:44 That's my style.
07:44 So I'm a fan of that style as well.
07:46 Yeah.
07:47 I'm not biased or anything, but I'm definitely a fan of that also.
07:50 For sure.
07:52 Yeah.
07:53 So we're going to talk a lot about Flask, but let's start at a more higher level umbrella style angle here.
08:01 So when I went to look about Flask, it's now under this Palette Project umbrella.
08:08 And a couple of years ago, I don't think it was.
08:11 So what is Palette and how did Flask get there?
08:15 So Palette is, it's like basically the new organization that's managing Flask and the other projects related to Flask.
08:23 So VerkZoik, Jinja, Click, MarkupSafe, It's Dangerous.
08:28 And there was a previous organization called Poku, which your listeners are probably familiar with,
08:35 because when you go to the Flask documentation, you're still going to flask.poku.org.
08:40 Right.
08:41 That was Armin Roeneker's stuff, right?
08:44 It was him and some of his friends.
08:46 They had started various projects and Flask came out of that.
08:50 Spinks came out of that.
08:51 Other projects came out of it that I'm remembering off the top of my head.
08:54 But everybody just kind of ended up moving on eventually.
08:58 And so it had become just Armin managing all these projects himself.
09:03 And he wanted to open it up more to the community.
09:06 And so he created this new Palettes website and said, okay, everything belongs to this organization now.
09:12 And I'm going to try to get more community involved.
09:15 And so that's how I kind of, that's about the same time that I got into the project as well.
09:20 And honestly, we haven't really picked up a lot more maintainers since then or anything.
09:25 It's still just a couple of maintainers going at things.
09:28 But it was like more of a significant like, it's not Armin's project anymore.
09:33 Right.
09:33 I was going to say, it kind of got Flask out of the shadow of Armin.
09:37 Right.
09:38 And he's still there.
09:40 Like I chat with him about like, hey, do we want to do things like this?
09:43 Or he still manages a lot of the assets behind the scenes like servers and that sort of thing.
09:47 But day to day, it's me and the contributors that I kind of have gotten on board.
09:52 All right.
09:53 Right.
09:54 Are you looking for more contributors?
09:55 Absolutely.
09:56 I don't know if you want to go in depth on that now.
10:00 Yeah, sure.
10:02 Let's talk about it just a little bit.
10:03 Because I know a lot of listeners will reach out to me and say, hey, I'm getting into open source.
10:08 I'm getting into this whole Python world.
10:10 And I would like to contribute to something.
10:12 But I feel like they contemplate creating something for themselves.
10:17 And like, well, I could build this thing, but I don't really have a great use case for it.
10:20 Or I'm not sure it'll be popular.
10:21 And then they look at contributing to other projects.
10:24 We talked about Django.
10:25 Django is really like a big polished project that is super hard and approachable for people to get into.
10:33 And so they're like, well, I can't get into these major projects because they're too advanced or too, you know, widely used.
10:39 Whereas the small, simple stuff, I don't think it's going to make a lot of sense.
10:42 So they ask you, well, what projects could I get involved with?
10:45 And like, where can I help out?
10:46 So if there's like a good place for people getting started or people who love Flask and want to get more involved, that'd be great.
10:52 Yeah.
10:52 So we're definitely looking for more contributors in all of the projects that I mentioned earlier.
10:57 So Flask, Berkswake, Jinja, everything out there.
11:01 The biggest success I have at finding contributors is at PyCon.
11:05 And I'll run the sprints and I'll find people who are interested.
11:08 You know, they'll come to me basically.
11:10 And I get to walk through everything in person, which is really helpful.
11:13 But I am trying to, I do get contacted occasionally, like saying, hey, can I contribute to Flask?
11:19 And I'm like, absolutely.
11:20 Do you want to write documentation?
11:21 Do you want to write tests?
11:22 Do you want to make sure our configurations are consistent across all six projects?
11:29 Do you want to triage issues and see, can you reproduce things?
11:33 Can you get more information out of people?
11:35 Can you identify where a problem is?
11:37 Right.
11:38 Triage all the issues that come rolling in, right?
11:40 Right.
11:41 So like, even if you're not comfortable, like writing code yet, and you should be, you absolutely
11:46 can contribute code to any of our projects.
11:48 But there's plenty of non-code related contributions out there that are really helpful to me.
11:53 So they give me more time to focus on the code.
11:55 Yeah, that's awesome.
11:56 Do you feel like it's a little easier to contribute to Flask because it's like six projects?
12:02 And each project is a little easier to hold conceptually in your mind?
12:05 It might be.
12:06 I mean, there are really, there's four main projects.
12:09 Flask, VarxSoy, Jinja, and Click are all pretty large code bases in themselves.
12:14 And they're pretty distinct use cases.
12:16 So there's not too much to do actually in Flask specifically anymore.
12:21 1.0 kind of said like, acknowledge, you know, here we're stable and we have the features we want
12:28 at this point.
12:30 So like, in terms of like bug fixes, like there's some bug fixes every now and then,
12:34 but a lot of the work is in VarxSoy and Click especially.
12:38 There's a lot of stuff behind the scenes that people don't see when they use Flask every day,
12:41 but it affects them.
12:42 I think a lot fewer people are aware of those also.
12:45 So like, people just being aware of those projects and looking at them also and not just Flask would
12:49 be really helpful.
12:50 And there's always tutorials and documentation that could use upkeep, right?
12:55 Like I went through and just for Flask 1.0, rewrote the entire Flask tutorial from scratch,
13:01 just kind of based on the questions and stuff I had experienced answering questions on Stack
13:07 Overflow, answering, helping people at meetups or conferences.
13:13 And so identifying those kinds of things like, hey, this didn't work for me in the docs, you know, or this could have been clearer and going and contributing there.
13:20 Yeah, that's cool.
13:21 I often think of like, every time there's a question about something that I thought was explained well,
13:26 but then it turns out there's a question about it.
13:28 You're kind of like, ah, it's almost like an issue on that explanation, right?
13:32 Most of the issues in Flask right now, the open issues on the bug tracker are documentation, really.
13:37 Like people have brought up, like, this is confusing or this could be clearer.
13:41 And if you're looking for even more issues, just go on Stack Overflow, go to the Flask tag and sort by most voted questions.
13:48 And just look at the top one, see if it's documented.
13:52 Look at the next one.
13:53 Yeah, that's a really good point, actually.
13:56 So it occurs to me that it might be worthwhile to spend just a moment talking about these projects that you discussed.
14:02 So we just quickly ran through it, like there's Flask and there's Jinja and there's Vexoig and stuff like that.
14:07 And could you maybe give us a rundown of like what each one of those actually is so people know what they're about?
14:12 Sure.
14:13 So, yeah, Flask is definitely the most popular.
14:16 But if you're using Flask, you're using the five other libraries also behind the scenes.
14:21 Like, so every time you pip install Flask, you get all these also.
14:23 And Flask, honestly, is just a wrapper around all these other libraries.
14:28 It's using what's provided there and just putting a nice framework around it.
14:32 So Vexoig is the closest to what Flask is doing.
14:36 It's also a WSGI library, but it's dealing with kind of a lower level than what Flask is.
14:42 So Flask is providing like an application framework and Vexoig is providing all the parts for taking a HTTP request and a WSGI request and parsing out the headers and producing some data structure,
14:57 like a request that we can use and look at and turning our response into something that our server can understand.
15:04 Jinja is a templating library, which means you write text files with special syntax in it that kind of looks like Python.
15:13 It actually compiles to Python behind the scenes.
15:16 And then you can render these templates and produce different web pages, for example, different HTML pages with user information or different details about different objects.
15:27 Click is the most recent Palettes project, but it's four years old at this point.
15:33 So it's not that recent, I guess.
15:35 It's probably also the one used most independently.
15:38 Yeah, that's true.
15:40 I wish I could name more projects off the top of my head that used it, but I do know PIPend uses it, Cookie Cutter uses it, and Flask uses it, obviously.
15:48 And that's our command line tool.
15:51 So it's kind of like Flask in a sense, but for command line applications instead.
15:57 So you use decorators to turn functions into commands that you can run with options and arguments and produce terminal output.
16:08 Right. Nice.
16:08 And there's all sorts of...
16:10 Click is kind of unique.
16:11 It tries to be very correct about how it interacts with the environment it's running in, in terms of encodings for the terminal, for the file system, for user input.
16:25 And it actually, I think, I don't know the full history, but I think in part influenced some recent changes in Python 3.7, where Python now handles UTF-8 encodings better, detecting those on Linux machines.
16:38 Because Click would actually complain, like, your system is not configured right, and I'm not going to try to get...
16:43 Right.
16:44 Right.
16:44 Which led to a lot of headaches for people writing tools.
16:47 But it did make people...
16:48 Yeah.
16:48 ...better.
16:49 Yeah, yeah.
16:50 So one thing I want to highlight, and I'm not sure if people are aware of this, that GitHub recently added dependency computations or dependency reports for Python.
17:00 That used to be just for Ruby and JavaScript.
17:02 But if you go to, like, palette slash Click on GitHub and go to Insights, then Dependency Graph, and then Dependents, you can see there are 82,408 repositories and 4,774 packages that depend on Click.
17:15 And there's the list of them.
17:16 Okay.
17:17 Wow.
17:17 I haven't actually...
17:20 I remember vaguely seeing that they had released that, and I haven't looked at it yet.
17:24 That's really surprising.
17:25 It's really cool.
17:26 Dependency Graph.
17:28 I'm looking at it right now.
17:29 Oh, yeah.
17:29 Yeah.
17:30 It's good to draw you in, right?
17:31 And you can also see the dependencies, like, in reverse.
17:33 So it's good for, like, saying, what does this project depend upon if you're going to try to decide if you want to use it, right?
17:40 But I think the other one is interesting for people like you who create these packages and then other people depend upon them.
17:47 And you'll see, like, well, what else is out there?
17:49 Yeah, it's really cool.
17:50 It's just, like, an absolute number.
17:52 The other package I use for getting statistics like that is PyPinfo.
17:56 I don't know if anybody's discussed that on your podcast before.
17:59 No, I don't think we talked about it.
18:01 Yeah, you have, they have all the statistics about PyPI downloads, and you can just query that through Google BigQuery.
18:08 That's why I was questioning your, Django's the most popular earlier, because if you go look at it month to month, it's not like I monitor this every month or anything.
18:18 But Flask and Django are neck and neck.
18:22 Really?
18:23 And some months, Flask will be higher by a couple tens of thousands, even, and sometimes Django will be higher.
18:29 It's really surprising, though, because despite them being downloaded the same amount, if you look at statistics like number of questions asked on Stack Overflow, Django has, like, probably, I think, like 50,000 times more questions.
18:43 It's like a ridiculous number.
18:44 Yeah.
18:44 Well, I wonder if that's a micro framework versus sort of, I think of, like, Lego building block frameworks like Django.
18:50 Like, you wouldn't ask so much, you wouldn't say tie a question about SQLAlchemy to Flask because it's about SQLAlchemy.
18:56 But you very much, it's very common that you might do that for, say, Django ORM being tied to Django, even though it's the data, because it's more like grouped together.
19:05 I don't know.
19:06 Yeah, I'm not sure if you can even read anything into that.
19:09 Like, it's maybe there's just a bigger community, and so there's bigger awareness of Django that people think to ask questions about in the first place.
19:17 Yeah, but I think maybe the main takeaway is Flask and Django are both well up there as some of the most popular frameworks for Python.
19:23 Sure.
19:24 Okay, so let's see.
19:25 We talked about Flask, Jinja, Vixoy, Vixoy.
19:28 Yeah, thank you.
19:29 And we just touched on Click.
19:30 So we got MarkupSafe and It's Dangerous.
19:33 Right.
19:34 So MarkupSafe is kind of used internally by Jinja, and it is just a very fast implementation of escaping unsafe characters in HTML.
19:45 So basically...
19:46 Like, if you're going to take something from a database and plunk it into the web page as a string, you're going to HTML encode that before you do that so it doesn't get owned.
19:54 Right, right.
19:55 So if you have user input or anything like that, you're going to make sure it's safe to display to people without them being able to inject unsafe code into their browser.
20:04 And so it's just a very fast implementation of that.
20:07 And plenty of other projects use it behind the scenes.
20:10 Okay, that's interesting.
20:11 But I think Django might even use it.
20:15 Yeah, you can go to the Insights on GitHub now.
20:17 Or just their requirements at DXT.
20:20 But yeah, and then we have It's Dangerous as well, right?
20:24 Yeah, so It's Dangerous is the last one.
20:26 And that's just a way to securely sign messages.
20:30 And I know there's other solutions out there now, like JWT, that sort of thing.
20:34 But those didn't really exist at the time this was written.
20:37 And this is a lot simpler than JWT.
20:39 So basically, it's kind of like JSON.dumpS.
20:42 Yeah.
20:43 Just throw out some data, and it will dump it into a JSON string.
20:46 Then it will also securely sign that string so that you know that it can't be tampered with.
20:51 Right, tamper-proof marker.
20:53 But they can't edit it.
20:54 So we use it for our secure cookies and for signing things like login tokens and preset tokens.
21:01 Yeah.
21:02 Yeah, you don't want people tampering with that stuff.
21:06 This portion of Talk Python to me is brought to you by Linode.
21:09 Are you looking for bulletproof hosting that's fast, simple, and incredibly affordable?
21:12 Look past that bookstore and check out Linode at talkpython.fm/Linode.
21:17 That's L-I-N-O-D-E.
21:19 Plans start at just $5 a month for a dedicated server with a gig of RAM.
21:24 They have 10 data centers across the globe.
21:26 So no matter where you are, there's a data center near you.
21:29 Whether you want to run your Python web app, host a private Git server, or file server, you'll get native SSDs on all the machines, a newly upgraded 200-gigabit network, 24-7 friendly support, even on holidays, and a seven-day money-back guarantee.
21:44 Do you need a little help with your infrastructure?
21:47 They even offer professional services to help you get started with architecture, migrations, and more.
21:53 Get a dedicated server for free for the next four months.
21:56 Just visit talkpython.fm/Linode.
21:59 Then there's a few other projects that are not directly under Flask, but are under the palettes or related to palettes, right?
22:06 Yeah, there's plenty of extensions.
22:08 There's some that I'm involved with.
22:10 Flask SQLAlchemy, which is the kind of official extension for tying SQLAlchemy's sessions with Flask sessions.
22:17 There's Flask WTF, which is a wrapper around WTForms, which is a form library that lets people interact with data submitted from web pages and render those forms that submit that data, do validation, that sort of thing.
22:32 So the other things I'm involved with, I wrote this library called Flask Alembic, which is kind of like Flask SQLAlchemy.
22:38 It takes Alembic, which is the migration library for SQLAlchemy and wraps that in kind of the Flask configuration.
22:44 That's really cool.
22:45 So I don't believe we've talked about Alembic very much.
22:48 We've mentioned SQLAlchemy plenty of times, but I feel like Alembic, if you're doing real production relational database stuff with SQLAlchemy, you should know about Alembic to be using it.
22:59 Maybe give people a quick overview of what Flask Alembic does to that whole mix.
23:04 Yeah.
23:04 So I never just use SQLAlchemy unless it's just like a really quick example project.
23:09 What Alembic does is it does something called migrations.
23:12 So if you write your model in SQLAlchemy and you create a table in your database, if you want to change that model, the only thing SQLAlchemy lets you do is drop the table completely and then recreate it.
23:26 Instead, you can run migrations, which lets you add or move columns or change data and just kind of keep version control over what your database looks like.
23:37 Right. Because with these ORMs, the structure and schema of your database has to at least be a superset of exactly what you have in your SQLAlchemy definition.
23:46 So if you add like a column or field to your SQLAlchemy class, it can no longer talk to your database without also adapting the database schema.
23:54 Right.
23:54 Right. So you need some way to tell the database there is this new column that you need to know about.
23:59 And that's what Alembic does.
24:01 So Flask Alembic just kind of ties Alembic, which comes with its own CLI, for example, into Flask's CLI and moves the configuration from Alembic into Flask.
24:14 Just kind of a...
24:16 I think so it's kind of like a wrapper.
24:18 Yeah, it's a wrapper around it.
24:20 Just like, I mean, mainly like Flask SQLAlchemy is for SQLAlchemy.
24:24 There's another library out there called Flask Migrate, which is another wrapper around Alembic.
24:29 And that one's developed by Miguel Grinberg.
24:31 And we basically, from what I remember, because I developed, it was like four years ago now, but I think we developed them at basically the exact same time.
24:41 Really, something like a month of each other, completely independently.
24:45 His is a lot more of a direct wrapper around Alembic, which a lot of people, for a lot of people, is exactly what they need.
24:51 And it's a lot more straightforward a lot of the time.
24:53 Mine, on the other hand, I wanted to like be able to dig into all the internals of Alembic and like introspect exactly what was going on at any time.
25:01 So it's more of a very opinionated framework on my end.
25:05 And people can choose.
25:07 Yeah.
25:07 It's good to have options.
25:08 That's really cool.
25:09 Let's spend a little time talking about maybe the biggest news for Flask and that it went from, what was it, like 0.12 to 1.0?
25:18 Yeah, 0.12.4 to 1.0.
25:21 Well, here's a major open source project going to 1.0, which is actually, I think, really, really positive.
25:29 And I think it's, I'm just super excited to see that you guys did that because it's time, I think.
25:34 Oh, it was absolutely time.
25:36 I mean, I was, I had been working on that, getting that happening for about a year prior to it, at least.
25:41 We joked about it, this at PyCon, because Mamuta Shemi had come out with this thing called ZeroVert for ZeroVert.
25:46 And making fun of projects that were still on like Zero, not something that were 10 years old and Flask was on that list.
25:52 Yeah, that was actually, I didn't find out about that until after I released 1.0.
25:58 And then people were like, oh, it was because of ZeroVert.
26:01 No.
26:02 I've been doing it.
26:03 You set the record straight.
26:04 This is going a lot longer before that.
26:05 Yeah.
26:05 ZeroVert.
26:06 I was very amused by it.
26:07 I was like, yeah, this is, and I actually got them to put us on the Emeritus list.
26:11 Aha.
26:12 Nice.
26:13 So we're, we're graduated now on their website.
26:16 But yeah, I've been working on it for a while.
26:17 And we always have people asking like, hey, this is, this is 0.12.
26:22 My boss doesn't want me to use it because it's not software.
26:26 And we kept having to tell people, this has been stable for years.
26:32 Nothing's really going to change.
26:33 Nothing's going to change.
26:33 There's no breaking bugs or anything.
26:35 It's more just a number.
26:37 I think for a long time I told them, just tell them it's version 12 and we misplaced to zero or something.
26:42 Yeah.
26:42 But yeah, we finally got it.
26:44 They are.
26:44 I mean, that is the impression for a lot of people, especially people coming from commercial oriented software backgrounds.
26:53 I'm thinking like Microsoft shops, you know, .NET folks.
26:57 I'm thinking Java and those types of people.
27:00 They're just like, well, I mean, I think they even have a rule of the Microsoft shops.
27:03 Like you can't use this whole version three because the first two are messed up.
27:06 Right.
27:06 And I just think there's so many large organizations that at least some of the folks in there have that mindset.
27:13 And I think having this become one O is like a pretty big step to just sort of sidestep that conversation.
27:19 Yeah.
27:20 And I mean, it feels, it feels significant, even if like the actual stability of the software hasn't changed or, you know, the, the, the acceptability to use it in production environments hasn't changed really.
27:31 But, you know.
27:32 But there are some major changes.
27:34 Oh, yeah.
27:35 I mean, there's, the list is not trivial.
27:38 Right.
27:38 I was kind of surprised when I made that release slot or those release notes, just how much it changed.
27:46 It's a lot of small things, honestly, like, but it adds up.
27:50 Right.
27:50 You want to talk us through some of the changes, some of the major changes?
27:53 So, yeah, we dropped support for Python 2.6 and Python 3.3, which made me really happy.
27:59 That's really nice.
28:01 I was looking at, I was trying to use the PyPI info, which I mentioned earlier, to figure out stats about how people were using it.
28:06 And I think less than 0.1% of installs were on Python 2.6.
28:13 Yeah, 3.3 itself went unsupported, right?
28:16 Yeah.
28:17 It, like, 2.6 itself is unsupported.
28:19 And in the future, I'm definitely going to be sticking with, as soon as Python drops support for a release, I'm going to drop support for it.
28:26 Yeah, that makes sense.
28:27 That doesn't mean we're going to, like, rip out support and, like, it's suddenly going to break.
28:31 But we're not going to test on it.
28:32 You know, we're going to...
28:33 Not going to inject breaking changes to force it to not work.
28:36 But you're going to no longer run tests and not care if it breaks it.
28:39 Right.
28:40 And actually, Flask 1.0 secretly supports Python 2.6.
28:44 Even though I removed it a couple months before we made the release, I kept testing it internally because I wanted to give people who were deployed at least one chance to be on 1.0 before they had to make a bigger upgrade.
28:57 Yeah, that was generous.
29:00 Yeah, I probably shouldn't have done it in retrospective, but it's done.
29:03 You talked about the versioning going 1.0, like, in the comparison to Django.
29:07 Django is now in sort of this 1.0.2.0 versioning as well.
29:12 And they dropped support for Python 2 altogether.
29:14 Do you have plans for that outside of the deadline of 2020?
29:18 Yeah.
29:19 As soon as 2020 comes around, I am dropping support for Python 2.
29:23 Yeah, and I think that's basically what Django said.
29:26 It was like their end of life was, it was pretty far out before you could, you're fully unsupported on like an older version of Django or something.
29:32 Yeah, I'm looking forward to that day.
29:34 I mean, we'll still be supporting from, I think, 3.4 and up at that point.
29:38 Sure.
29:38 So we're still a little behind in terms of features that we're allowed to use.
29:42 Right, like async and await, for example.
29:44 Yeah, that's a whole other discussion that we'll get into.
29:47 Yeah, yeah, for sure.
29:49 Actually, it is, isn't it?
29:50 But do you think it will reduce the amount of code that you have to write?
29:54 Do you think it'll be easier for people to contribute if you don't have to do version checks or compatibility?
29:59 I haven't really considered it in a while.
30:02 I think it will cut down on, I think mostly it'll just cut down on mental overhead.
30:07 Like people don't have to think about it as much.
30:09 When I write code at this point, I'm so used to doing it for Flask that I just kind of, by default, write code that is compatible with both.
30:16 And occasionally get a mistake that CI catches.
30:19 But just having less surface to have to remember and to test, I think will be beneficial.
30:24 But for the most part, there's, I mean, there's cool features that come out.
30:28 But clearly all our code can be written in Python 2.7 and compatible code.
30:33 Yeah, I think what's more important is that people that use Flask get to use the new features where and how they want, you know?
30:41 Oh, well, people writing applications in Flask can already use Python 3.7 if they want.
30:47 And they can use f-strings and what was the controversial change that got into 3.7?
30:52 It's coming in 3.8.
30:54 It was PEP 572, the like assignment equality thing, the inline assignment.
31:01 Yeah.
31:01 Hey, I'm looking forward to when Flask only supports 3.8 and up because I'm going to switch all my code to that also.
31:06 I personally like the change.
31:07 Yeah.
31:08 Yeah, I do as well.
31:09 Yeah, very nice.
31:10 Okay, so another major change is the CLI.
31:12 Tell us about the changes there.
31:14 Yeah, so I'll talk about the CLI in a second.
31:16 But basically like all the changes that are, a lot of the significant changes that went into 1.0 are, were basically me trying to make things easier for people.
31:27 So easier for people to learn, easier for people to understand.
31:30 So a lot of this stuff is improving documentation, better error messages, and then a better CLI also.
31:36 So we did a lot of work on improving how the Flask command, which is like the recommended way to run the development server while you're working, how it detects your application.
31:48 So when you write code, you just write app equals Flask somewhere in your code.
31:52 And there's even a common pattern called the factory, the application factory, where you write a function that creates your application.
31:59 So you never actually have an instance of your application where you code.
32:02 That's what the server is in charge of setting up.
32:05 And so we did a lot of work to improve how the CLI can detect where your application is, what it's called, how it should be imported, and if it's behind a factory or not.
32:16 So that the command can just, like everything will just work when you're writing it, instead of having to set up some extra glue in between.
32:23 Yeah, that's cool.
32:25 So you no longer have to say set the Flask underscore EMV, no, the Flask debug rather, or the Flask app environment variables, right?
32:33 It can detect some of that stuff automatically.
32:35 Yeah.
32:36 A lot of the times for like really for simple applications, which is really useful for tutorials, especially like Flask app will just know that you have an app, you have a file called app.py.
32:46 That's where your application is.
32:48 I'll just look there.
32:49 You do still have to set Flask app in most significant cases.
32:53 Like once you're writing a big application, you know, a more significant application, you'll probably have to tell it like at least where the, which files are important, but nothing.
33:04 This portion of Talk Python to Me is brought to you by 10x Agent On Demand.
33:08 Here's a guess.
33:09 If you're listening to my podcast, you're likely a Python pro.
33:12 You may be even pretty well paid to code in it.
33:14 Here's another guess.
33:15 You likely aren't being paid what you're worth.
33:18 Why?
33:18 Because negotiating isn't your thing.
33:21 Even the best tech talent can get taken advantage of when negotiating their comp packages.
33:25 Don't let this happen to you.
33:26 10x Agent On Demand has negotiated more than $50 million worth of deals for senior level tech talent just like you.
33:33 When you've got a job offer at hand or expecting one soon, contact 10x and they'll help you level the playing field.
33:39 Just visit talkpython.fm/10x when you're ready to roll and mention Python for a three 30-minute consultation.
33:46 10x Agent On Demand.
33:48 You handle the tech, they'll handle the negotiation.
33:50 Another thing, actually, I think this was a, wasn't a warning message.
33:56 It was like an info message when I ran Flask recently that I had a virtual environment named .env.
34:01 And it said, hey, we think we can help you with some files that are hanging out in this .env thing.
34:06 Yeah.
34:07 So maybe tell us about the python.env.
34:09 Yeah.
34:09 So as part of the CLI improvements, we also, previously when you were using the CLI, you had to kind of type these environment variables in every time you opened a terminal.
34:18 So you had to tell it like export Flask app equals, you know, my app, export Flask app equals development.
34:23 And so we integrated python.env, which is a library that reads these .env files and automatically sets up your environment variables based on it.
34:35 So people can just have one of these sitting in their project.
34:37 And they won't have to set up their terminal every time they start working on the project again.
34:43 Yeah, that's really cool.
34:44 One thing I recently learned is the script that activates virtual environments.
34:49 You can export stuff from there.
34:52 You know, you set every virtual environment.
34:53 Go in there and sort of configure your virtual environment.
34:55 So in addition to just having the packages you want, it also kind of kicks off with the right environment variables, which is handy.
35:02 The downside of that, and we do have that listed in our CLI documentation.
35:07 Like this is an option.
35:08 You're using virtual lines, go edit your activate script.
35:11 But the downside of that is if you have multiple people developing or if you're on multiple machines, you know, and you recreate your virtual line.
35:18 If you suddenly don't have that stuff and so it doesn't work again.
35:21 Right.
35:21 Right.
35:22 It's a pain in the CLI, sorry, in continuous integration.
35:25 And also you can check your .flask env into source control, whereas you can't, you shouldn't check your virtual environment into.
35:32 Yeah.
35:33 If you've managed to check your virtual env into Git and it works somewhere else, that's amazing.
35:38 Yeah, exactly.
35:40 A lot of stuff has to line up just so for that dork, right?
35:43 Nice.
35:44 Okay.
35:44 Another one, another big change.
35:45 I thought this was pretty cool is it's got to help people when they're testing for performance.
35:50 And how's my app going to behave when I ship it to production?
35:53 Is the development server is now multi-threaded by default?
35:56 Yeah.
35:57 So the development server actually had threading previously pretty much for its entire existence, but you had to explicitly enable it.
36:04 So you had to say like when you were starting, you had to say like threading equals true or something.
36:09 Right.
36:10 And so now people were just always running into things like, hey, I'm trying to serve some media and like make an API request at the same time.
36:19 And suddenly it's hanging.
36:20 Well, that's because the dev server would only handle one request at a time.
36:23 But we decided to go, let's just enable threading by default.
36:27 It makes some things more difficult to reason about, but debuggers nowadays are pretty good at figuring out, you know, what threads are running and where to do breakpoints and all that.
36:37 I think it's a good change.
36:38 I mean, we're living in a multi-threaded world, right?
36:40 A multi-core world.
36:41 That's actually one of the big kind of hidden bugs that needs, or not bugs, but things that needs to be improved in Fairkzweig now.
36:50 Because we're threaded by default, Fairkzweig has this nice debugger that pops up the traceback and lets you interact with it when there's an error.
36:57 But it only works in single threaded environments.
37:00 It'll still output correctly.
37:04 But if you have multiple requests going on at the same time and you try to interact with the traceback, you might just get like junk data back.
37:10 And so figuring out how to get that working in a threaded environment is actually on my to-do list.
37:16 It still works for us.
37:18 Yeah.
37:18 It's not like a huge issue.
37:19 Yeah.
37:19 How many people are actually interacting with the debugger and hitting concurrency at, you know, exactly that moment, right?
37:26 Probably.
37:26 Very few.
37:27 I think we got a couple people who reported it.
37:31 And I just said, you know, you just kind of try to make your thing synchronous when you're debugging a list.
37:35 Right, right.
37:36 Use this command line that makes it not threaded.
37:38 Yeah.
37:40 So there's still things to be fixed, but we're basically trying to improve the 80% case, right?
37:45 Like the 80% of the time you're going to have this and then we can fix the, or whatever that's saying is, 90, 90, 10 or something.
37:52 Yeah, yeah.
37:52 Get people to fall into the best case scenario most of the time.
37:56 Right.
37:57 So another thing that changed is accessing missing keys from request.form.
38:02 Yes.
38:02 That was...
38:03 That's one of your error message type things, right?
38:05 Right.
38:06 Yeah.
38:06 So we had a couple of things.
38:07 So basically the way Flask looked up error handlers and reported errors was improved.
38:14 So it's more consistent in more cases.
38:16 And as part of that, I noticed that...
38:19 And this is an issue that comes up on Stack Overflow all the time is like, hey, I tried to access, you know, request.form name and I got a 400 error.
38:31 Why?
38:32 Well, the answer is because you didn't submit a form field called name.
38:38 But we don't tell you that we...
38:40 Like the dev server never told you that.
38:43 I guess if you're deeply familiar with status codes, you would know that 400 means something is wrong with the data you submitted, but it's still not even obvious there, right?
38:53 Yeah.
38:54 So now when you're running in debug mode, the error, we still raise the same error, but I inject some extra information into it about like, hey, you tried to access this key and it wasn't there.
39:03 So go check your HTML and see if it's...
39:07 If you're sending what you expect.
39:08 Yeah.
39:09 That's cool.
39:10 Like that could be the difference from...
39:11 Oh yeah, of course.
39:12 I'll check my HTML versus hunting Stack Overflow.
39:15 Yeah.
39:16 Now I know like Stack Overflow probably isn't the best metric for this, but like we still get plenty of questions about like,
39:23 why am I getting a 400 error?
39:24 Like I've even gotten questions with the error message saying you're missing this key right there in the question.
39:30 So like I'm not going to, you know, solve everybody's problems, but it's a lot clearer.
39:33 And that was basically the number one problem that I always saw.
39:36 Yeah.
39:37 I'm seeing it less at least.
39:38 Yeah, it'll definitely be less.
39:40 That's cool.
39:42 I mean, you're never going to solve the problem of somebody just sees it doesn't work.
39:47 I'm just going to Stack Overflow and pasting the error and not reading through it and thinking through it.
39:51 Or, you know, maybe they're just so new they don't make sense of...
39:54 They don't see what should be obvious.
39:55 Sure.
39:55 I mean, there's still a lot of information, even if that's at the bottom, you know.
39:59 So I understand, obviously.
40:00 Yeah.
40:01 Yeah, yeah.
40:02 For sure.
40:02 Let's see.
40:03 You changed error handlers a little bit.
40:05 Like the thing that will run if, say, there's a 400 bad request or a 404 or something like that?
40:10 That's more of an internal change.
40:11 Like, I don't think most people noticed.
40:13 But technically, when you've raised...
40:16 You can register error handlers on Flask and on the blueprints inside of it so that when certain errors are raised, they'll be handled by those instead of causing a 500 exception, you know, to be sent to the browser.
40:28 And in certain cases or for certain types of exceptions, the behavior was just kind of inconsistent.
40:33 And so we kind of...
40:35 We just went back and looked, like, how is this actually working?
40:38 Oh, there's, like, this mess of different if statements.
40:40 Well, let's just, like, simplify that.
40:43 So there's, like, a strict set of rules that it goes through now and it's documented and all that.
40:47 Yeah, that's cool.
40:47 So one thing that you just mentioned that I think is worth touching on a little bit for the listeners, a lot of the frameworks, it's a little easier to partition your view methods into different files and categorize them and stuff.
41:01 Because you just take a static decorator that comes out of, say, like, Pyramid.
41:04 You say, at view config and you just drop it there.
41:06 In Flask, you create the app and then you say app.route.
41:10 And so in order to split that stuff apart, you have to pass that app around in certain ways.
41:15 But then you also have blueprints, which really simplify that.
41:19 Do you want to just tell people real quickly who maybe only know about app.route, about blueprints and, like, that problem solves?
41:24 Yeah.
41:24 So I mentioned the application factory pattern earlier, where you don't actually ever have an instance of your application when you're coding.
41:33 You have a function that creates it.
41:34 And that's actually the recommended way to use Flask in the official tutorial now is use an application factory because it solves a lot of problems that people run into, even if it's a little more confusing.
41:44 But one of the problems with using that is, well, you can't just decorate your function, view function, with at app.route anymore because you don't have app.
41:52 So instead, Flask has this thing called blueprints, which are basically ways to defer calling app.route.
42:01 So you call blueprint.route.
42:04 And that just kind of registers, like, hey, this is here.
42:07 And now later, when you have your application and you register the blueprint with your application, take all those deferred registrations and perform them now.
42:16 And so you don't have to have access to the application.
42:19 You can split your code up into different modules so that all the stuff about users is over here and all the stuff about blog posts is over here.
42:28 You don't have to worry about circular imports or any of that.
42:31 Right.
42:32 And that has been tricky.
42:33 And I think the blueprint stuff is really beautiful.
42:35 It just makes it so much easier to partition your code in a more healthy way for large apps.
42:40 Yeah, it's a really good pattern.
42:41 And that's why I tried to...
42:42 It's something that confuses a lot of users.
42:44 I think they expect more of it than it actually does.
42:48 Like you said, it's a pretty straightforward, or it's a pretty simple pattern.
42:53 It just defers calls.
42:55 Yeah.
42:56 So people are doing Flask and they don't know about blueprints.
42:59 They should go spend the five minutes and learn about it.
43:01 Yeah.
43:02 Read the official tutorial.
43:03 Flask.poku.org slash docs slash tutorial.
43:06 It'll walk you through an application factory, making a blueprint, all that.
43:10 Yeah.
43:10 Yeah.
43:10 Very cool.
43:11 Another thing that changed in Flask 1.0 is the testing got a little easier.
43:15 Testing.
43:16 A test client having a JSON request and then also get JSON for response, right?
43:22 This was kind of like another one of those like, hey, there's an inconsistency here.
43:27 You could test JSON before.
43:28 I mean, there's a lot of people did.
43:30 But the request object that Flask gives you, like when requests come into your views, has this
43:36 JSON property.
43:37 And it basically automatically parses JSON from the request.
43:42 Right.
43:43 A dictionary pops out if it has JSON text inside.
43:46 And so people kept expecting that to work when they were testing.
43:49 So they would make a request with the test client, get a response object back.
43:52 And unlike for the request object, the response object didn't have that.
43:57 And so they'd call JSON.
43:57 It wouldn't work.
43:59 And then they would have to like go get the raw bytes and pass it to JSON.loads.
44:03 And some people would use Flask JSON implementation.
44:06 Some people would use Pythons.
44:08 So we just made it consistent.
44:10 So you can now get JSON from the response just like you can get it from the request body.
44:17 And similarly, a lot of people expected.
44:19 So we have this test client where you can just make a request.
44:23 Like you can make a fake request without running the server.
44:25 And it'll generate like the correct environment behind the scenes.
44:28 And so you just say like I'm going to request, you know, slash users.
44:32 And I'm going to pass, you know, name equals David to the form.
44:37 But there was no clear way to.
44:38 So it looked kind of like Python requests, the library, right?
44:42 Like so you would make it like requests.get, you know, data equals name equals David, right?
44:47 But so people were expecting it to kind of work like requests, be able to pass JSON equals, which you couldn't do.
44:53 So you had to encode the JSON yourself.
44:55 And so now you can just, if you want to test your JSON API, you can use the test client and just do JSON equals this data structure.
45:03 Yeah, that's cool.
45:04 Another thing around that is the test CLI runner.
45:08 Oh, right.
45:08 Yeah.
45:09 So, so there's another testing thing.
45:11 So we have this test client, which makes requests, but we didn't really ever document how to test CLI commands.
45:18 And I mean, one of the, one of the selling points of the Flask CLI is that you can add your own commands.
45:24 So if you want to like add a user management command, like, hey, have a create user command that I can run on the background to like add the admin user when I'm deploying.
45:33 There was no way to really test that.
45:35 Like it was documented in clicks documentation.
45:37 But even with that, it wasn't really clear how to get Flask, Flask's like CLI object working in a test framework.
45:45 So we have, you know, have this test CLI runner that kind of mirrors the test client.
45:50 So you can test the CLI code.
45:52 Yeah, that's great.
45:54 So I feel like that's the main items that I saw that are pretty interesting.
45:58 Anything else that you want to tell people about 1.0?
46:01 I think that was the big stuff.
46:02 Yeah, I think so as well.
46:04 I mean, you can go look at the full changelog.
46:06 It's pretty impressive.
46:07 I think it's like two pages long on my screen vertically.
46:10 That's awesome.
46:12 But yeah, these seem like a lot of great changes.
46:15 And what do you say for people who are thinking about upgrading, like maybe they've got Flask
46:19 equal equal, you know, 0.11.
46:21 They're afraid of change.
46:23 And they don't want to change it.
46:24 Should they change?
46:26 And what would they get from doing so?
46:27 They should absolutely upgrade, especially if they're on 0.11, because that's a couple of
46:33 years.
46:33 I was thinking of a pretty out of date version.
46:35 Yeah.
46:35 When I said that.
46:35 Yeah, one of the reasons to upgrade if nothing else is just to continue to get support.
46:39 Just kind of due to the size of our organization, we don't really offer support on old versions.
46:45 Like I will do security fixes for 0.12 until 1.1 comes out.
46:50 But nothing besides that.
46:53 Right.
46:54 So if there's a problem and somebody has a 0.11, the official answer is you want to fix
46:59 that, make that problem go away, you install one, right?
47:01 Yes, install one.
47:03 And even if you're on 0.12, there's no real reason to stay on it at this point.
47:06 Luckily, what I've heard from various users, like when I was at PyCon, Flask 1.0 had just
47:12 been released and people were already telling me, yeah, I upgraded.
47:15 And it was literally just changing the version number.
47:17 Everything worked.
47:18 Right.
47:19 There are some things that changed a little bit, but they're rarer cases and it's documented
47:26 on the change log and it's pretty obvious when it fails, like, oh, this thing got renamed.
47:30 Right.
47:31 So there's not a whole lot of work to upgrading.
47:33 No.
47:33 All right.
47:34 Excellent.
47:34 That's good to hear.
47:35 So one of the things that I thought was interesting is you talked about on the Pallet's organization
47:42 website about being part of the PSF's fiscal sponsorship program.
47:47 If people want to support Flask, maybe you want to tell them about that program and how
47:50 they can help.
47:51 Sure.
47:51 It's really cool.
47:53 It's also really new.
47:54 So I might not be the best spokesperson for it yet.
47:57 I hadn't heard of it before.
47:58 I'm like, oh, we should talk about this just so people know it's out there.
48:00 Yeah.
48:01 So, I mean, this is a little bit of advertising for the PSF also, but they have this program
48:06 called the fiscal sponsorship program.
48:08 They were mostly using it for meetups at the time that I tried to get in.
48:12 And basically what it is, is you submit your organization and they accept you.
48:18 Or if they accept you, you become part of the PSF essentially.
48:21 So you gain their, their nonprofit status.
48:25 They will help you out with certain logistics and they will also set up a donation page for
48:31 you and a bank account for you that they'll manage, which was great for me because it's
48:36 not something that I have any experience with.
48:38 And, but I did want to be able to start taking donations for Flask.
48:42 So yeah, I've reached out to them because I saw that somebody pointed out this program.
48:47 And when I reached out to them almost a year and a half ago now, I think they only, they
48:51 didn't have this set up for developer organizations like pallets yet.
48:56 So we were kind of their test project and we got into this program right as a, right before
49:02 PyCon.
49:02 And then I think they've accepted a couple more projects since then or kind of like in parallel
49:07 with us.
49:08 So we now have a donations page.
49:11 You can go to palletsprojects.com slash donate, and that'll redirect you to the right place.
49:16 Let's see, take PayPal or checks to one time or recurring payments.
49:20 And we're basically just trying to raise money to support the community.
49:24 And I'm not a hundred percent sure what that means yet.
49:27 I have some vague plans.
49:29 We want to be able to support maybe if you want to have a meetup that sprints on Flask,
49:34 for example, we can sponsor that.
49:35 You know, maybe we sponsored pizza or something, right?
49:38 Or recognizing people, you know, outstanding contributors in the community, sort of like Google
49:45 does, right?
49:45 So Google has that.
49:46 I don't know the name of the program, but they recognize developers every year.
49:49 And so we were thinking that would be a cool way to do it.
49:51 And maybe, you know, further down the line, being able to have a Flask conference.
49:56 And besides...
49:57 Really good.
49:58 Yeah.
49:58 Yeah.
49:59 So those are kind of like outward facing.
50:01 And then the other thing donations would support be getting the current maintainers to more conferences
50:07 so we can run sprints in person and supporting our infrastructure and all that sort of thing.
50:12 Yeah.
50:13 I know.
50:13 I'm pretty sure it was NumPy that had this, like one of the scientific groups basically...
50:19 Oh no, I think it was PyPy.
50:21 Anyway, one of these groups, basically a lot of contributors had never met and they had taken
50:25 their donations and they use it to get the contributors physically together.
50:29 Maybe like you said, at like another conference, like PyCon US or EuroPython or something.
50:33 And it seemed like it made a really big difference.
50:35 That's absolutely something I want to do eventually.
50:37 Like I've never met Armin or Adrian or Marcus in person who are the other core contributors,
50:44 mostly because they're in Europe and I'm over in California.
50:48 So it's a little difficult to find the time and money to do that.
50:51 And being able to get us all in the same room, I think would be very productive.
50:55 Yeah, I think so as well.
50:56 And let me just put a plea out there or a comment out there for folks who work for companies
51:02 that are large, successful companies that depend on their technology and that technology
51:10 significantly involves Flask.
51:11 I think there's so many large, multi-billion dollar companies that are built on Python and
51:19 some of its libraries and they don't necessarily contribute anything back.
51:23 If those companies could all just contribute, it's a very, very small amount of what they
51:27 pay their developers to keep the projects they depend upon healthy.
51:31 That would go a huge, huge way.
51:33 So people are out there in that situation.
51:35 I'm not, but if they can make that happen, that'd be awesome.
51:38 Absolutely.
51:39 I was reaching out.
51:41 That was basically my entire PyCon when I wasn't in open spaces or sprints was being on
51:45 the floor going to, I actually printed out business cards, not for myself, but for pallets
51:50 with the donate, the donate link on it.
51:53 And I was handing them out to every single company and like saying like, Hey, do you use
51:57 Flask?
51:57 Turns out like 80% of the companies at PyCon use Flask or Jinja or Click.
52:03 Yeah.
52:04 And if they all just recurrently added a hundred or a thousand dollars, right?
52:08 Like that would just change, change things dramatically.
52:10 I'm sure.
52:11 Oh, sure.
52:11 If everybody added a hundred thousand dollars, that'd be great.
52:14 A hundred or a thousand.
52:16 Obviously.
52:18 I don't know what we would do with that much.
52:20 Gosh.
52:20 Don't do that all at once.
52:21 Let me, give me a year to ramp up.
52:23 Yeah, exactly.
52:24 It's you'll find David on an eye, his own personal Island.
52:27 He's no longer working on Flask.
52:29 No, just kidding.
52:30 Now that'd be awesome.
52:31 If we got more support for Flask and other projects that are in the same, same boat,
52:35 basically.
52:36 Absolutely.
52:36 I think it's really important just to recognize the tools you're using and, you know, support
52:41 those, support the maintainers that are already working really hard on them.
52:44 And so, yeah, we're, we're starting that we've gotten, I didn't really advertise it that much
52:48 after PyCon, but we've gotten a significant number of donations already just from personal
52:52 donations.
52:53 And it's really cool to see those notifications come in.
52:55 You know, I see a little notification, like $5 was donated every time it happens.
53:00 And it's, it's really nice to see that.
53:02 Cause a lot of the times my experience with maintaining is, oh, there's a new bug, go fix it and stuff.
53:07 You know, it's never anything like really positive.
53:09 Somebody being impatient and frustrated and then they've gotten to you finally.
53:13 And now you're frustration.
53:15 Right.
53:16 Yeah.
53:16 Yeah.
53:17 I hear you.
53:18 So let me ask, I guess sort of a few closing thoughts here.
53:22 Like what's next?
53:23 Like you've got one out now, now where are you headed?
53:26 I think I said this earlier, but Flask one, Oh, all the features that I want at least
53:31 are in there.
53:32 And I think most of the features that people ask for are easy to do with extensions at this
53:38 point.
53:38 That's not to say we're not going to like add anything to Flask or, but you know, it's
53:42 mostly like, like I said, how can we improve people's experience with Flask?
53:46 How can we make it easier for them to learn and work with it on a day-to-day basis?
53:50 So improving documentation, identifying better error messages, writing more tutorials, writing
53:56 better tests.
53:57 That's what a lot of the focus on Flask is.
53:59 There's still a lot of focus on Verixdweig and Click and Jinja for actual bugs and features
54:06 to get in.
54:06 Verixdweig is just never ending because there's always more HTTP RFCs coming out, you know,
54:11 changes in subtle ways.
54:14 It's my favorite.
54:15 I've gotten so good at reading RFCs now and I'm still, I still don't like it, but.
54:19 I'm sure.
54:20 I'm sure.
54:20 It's pretty dry stuff.
54:21 So I guess the final question around this is when will I be able, if, will I ever be able
54:28 to write, let me rephrase it that way.
54:29 Will I ever be able to write async def index?
54:34 You know, app route, async def index.
54:38 Yes.
54:39 I've committed to this kind of publicly, but in other places, but yes, we do want to have
54:45 async support in Flask and Verixdweig.
54:47 That's awesome.
54:48 Getting there is going to be really difficult because we also want to maintain compatibility
54:53 with Python 2.7 for at least another year and a half.
54:57 We want to maintain compatibility with Python 3.4.
55:00 And I think if what you told people was you have to wait until we drop support for 2.7
55:05 and 3.4, that just knowing that it is coming actually would probably.
55:09 I mean, honestly, even if we don't say that it's probably going to take that long to get
55:14 there.
55:15 There's a lot of work to do.
55:16 Verixdweig is very, it makes a lot of assumptions behind the scenes about the WSGI environment.
55:22 I have gotten some contributors who are interested in working on that.
55:25 So there's an effort in Verixdweig to make it sans IO, which means separating the IO from
55:31 the parsing so that we can kind of plug in different.
55:34 Right.
55:34 Then you can plug in an async layer maybe right there without really changing much.
55:37 Right.
55:38 And then on the Flask side of things, we're looking at ways to kind of look kind of like
55:43 the two to three migration tool.
55:45 We're trying to look at some sort of async to sync migration tool where we can write async
55:49 code and get a version that can also work with sync code.
55:53 Yeah.
55:54 I think there's been some work on that in your all lib3.
55:56 Nice.
55:57 Have you seen the work they're doing with Quart?
55:59 Yeah.
56:00 So I actually reached out to Philip, who's the author of that, a couple weeks ago and said
56:07 like, hey, you know, Quart can still be its own thing.
56:10 But I know you were trying to be Flask compatible.
56:12 Would you be interested in just making Flask async?
56:15 And he was on board with that.
56:17 I've met with him a couple of times.
56:19 He's still working on Quart, obviously, but he's going to at least be there giving input
56:25 about how we can get Flask to be in that same place.
56:28 So yeah, it's definitely a cool project and excited to work on it.
56:32 Yeah.
56:32 If that sounds interesting, people don't know anything about it.
56:35 I interviewed Philip Jones about Quart on episode 147 a little while ago.
56:39 So check it out.
56:40 Okay.
56:41 Yeah.
56:42 Yeah.
56:42 I've played with it a little bit and it's pretty solid.
56:45 It seems like if you could take kind of what he's doing and where you're going and blend it.
56:50 Yeah.
56:51 The nice thing he has going for him is he can just say, I only want to support Python 3.6
56:56 and above.
56:57 Yep.
56:57 Yep.
56:58 And I don't want to support sync at all.
57:00 Or like I'll support sync in, you know, some worker threat executors, but I'm all async.
57:06 And that's just not like we have to be a lot more deliberate about how we handle backwards
57:11 compatibility in Flask.
57:12 We will get there.
57:14 Well, I'm really encouraged to hear that you're on that path, even if that path is a long journey.
57:20 Yeah.
57:20 And so that's definitely if some people are interested in contributing or using async code and want it in Flask,
57:26 like that's definitely a place where I could use more contributors also.
57:29 So.
57:29 Okay.
57:30 Check it out.
57:31 Awesome.
57:32 All right.
57:33 Well, I think that's probably, we're going to leave it for Flask, but it's been great to get caught up with what you're up to.
57:38 Yeah.
57:39 Thanks for having me.
57:40 You bet.
57:41 You're not out of here without answering the two final questions though.
57:43 First of all, if you're going to write some, some Flask code, what editor do you use?
57:47 PyTerm.
57:48 PyTerm.
57:49 Professional.
57:49 I love it.
57:51 I'm right there with you.
57:52 All right.
57:52 And then notable PyPI package.
57:54 We talked about six already.
57:55 Flask, Vexoeg, and so on.
57:57 Other ones that maybe people don't know about it.
57:59 You're like, oh, you should totally check out this.
58:02 So yeah, I gave this one a little bit of thought.
58:04 I don't actually have the opportunity to use a lot of PyPI packages, but the ones that have
58:09 been kind of in my awareness lately are one called Authlib.
58:14 Okay.
58:15 Okay.
58:16 A-U-T-H-Lib.
58:17 Yeah.
58:18 Yeah.
58:18 And that's like a new, very thorough implementation of OAuth and OpenID and OAuth2 client and server
58:27 for Flask and Django and has all sorts of integrations with different existing OAuth implementations
58:35 on different social sites.
58:36 And so-
58:37 Oh yeah.
58:38 That looks cool.
58:38 It's pretty cool.
58:40 If you go look at the documentation, it's pretty incredible how thorough it is in terms
58:44 of what standards it's supporting and all that.
58:48 And the other one I'm looking at is Flask Talisman, which is basically-
58:53 I don't know that one.
58:53 What's that about?
58:53 This one's really important.
58:55 I think a lot of people don't really think about what it solves.
58:57 And what it does is there's all these different headers that you can send in your responses to
59:04 browsers that will tell the browser how to be secure.
59:07 What stuff it's allowed to do and what stuff it should block from happening.
59:11 And there's a lot of them out there.
59:14 There's like maybe not 20, but close to 20 different headers and different configurations
59:18 of them.
59:19 Flask Talisman will set all this up for you for the most part and tell you like, it'll give
59:23 you the secure defaults.
59:24 And all you do basically is just wrap your application in the Talisman extension and it's done.
59:29 Your application is just more secure.
59:32 And I really like that.
59:33 I'm just plugging it into all my applications now.
59:36 Oh, that's cool.
59:36 It looks like it comes from Google as well, which is pretty nice.
59:39 Those are two really great recommendations there.
59:42 And I'm definitely going to play a little more with AuthLab.
59:44 I got to get some single sign on stuff going on.
59:46 So that'll be great.
59:47 Final call to action.
59:48 People now know there's a Flask 1.0.
59:51 What should they do?
59:52 There's Flask 1.0.
59:53 Go upgrade.
59:54 Watch us on GitHub and start contributing to issues.
59:58 Donate.
59:59 Go to palletsprojects.com slash donate and help the maintainers all meet up maybe.
01:00:05 That's awesome.
01:00:06 All right.
01:00:06 David, thanks for sharing all of what you've been up to.
01:00:09 It's really great work.
01:00:09 And I'm super excited to see Flask moving forward like it is.
01:00:13 Yeah.
01:00:14 Thanks for having me on, Michael.
01:00:15 You bet.
01:00:15 Talk to you later.
01:00:18 This has been another episode of Talk Python to Me.
01:00:21 Our guest on this episode has been David Lord, and it's been brought to you by Linode and 10x Agent on Demand.
01:00:27 Linode is bulletproof hosting for whatever you're building with Python.
01:00:31 Get four months free at talkpython.fm/Linode.
01:00:35 That's L-I-N-O-D-E.
01:00:38 When you've got a job offer in hand or are expecting one soon, contact 10x Agent on Demand, and they'll help you get the salary you deserve.
01:00:45 Just visit talkpython.fm/10x and mention Python.
01:00:49 Want to level up your Python?
01:00:51 If you're just getting started, try my Python jumpstart by building 10 apps or our brand new 100 days of code in Python.
01:00:58 And if you're interested in more than one course, be sure to check out the Everything Bundle.
01:01:01 It's like a subscription that never expires.
01:01:04 Be sure to subscribe to the show.
01:01:06 Open your favorite podcatcher and search for Python.
01:01:08 We should be right at the top.
01:01:09 You can also find the iTunes feed at /itunes, Google Play feed at /play, and direct RSS feed at /rss on talkpython.fm.
01:01:19 This is your host, Michael Kennedy.
01:01:21 Thanks so much for listening.
01:01:22 I really appreciate it.
01:01:23 Now, get out there and write some Python code.