Sort the developer madness and improve your productivity at DEX by Sentry on Sept 28

#345: 10 Tips and Tools for Developer Productivity Transcript

Recorded on Wednesday, Nov 17, 2021.

00:00 You know that feeling one of your developer friends or colleagues tells you about some amazing tool, library or shell environment that you never heard of and that you have to run out and just try right away.

00:11 This episode is jam packed full of those moments. We welcome back Jay Miller to discuss tools and tips for developer productivity. The title says Ten Tips, but we actually veer into many more along the way. I think you really enjoy this useful and light hearted episode. This is Talking Python to Me episode 345, recorded November 17, 2021. Welcome to Talk Python, a weekly podcast on Python. This is your host, Michael Kennedy. Follow me on Twitter, where I'm @mkennedy and keep up with the show and listen to past episodes at 'Talkpython.FM' and follow the show on Twitter via '@talkpython'. We started streaming most of our episodes live on YouTube, subscribe to our YouTube channel over at 'Talkpython.FM/YouTube' to get notified about upcoming shows and be part of that episode. This episode is brought to you by us over at '', and the transcripts are brought to you by 'Assembly AI' Jay, welcome back to Talk Python to Me.

01:21 It is always a pleasure to join the show and hang out.

01:26 Yes, it's a pleasure to have you here. You help out with all sorts of things, and it's been great to bounce ideas off of you. I've had you on the show a couple of times, literally two times so far. I believe.

01:37 How many more before I get that golden jacket like they do on SNL?

01:41 You get the golden jacket after ten?

01:44 It is a commitment to get the jacket.

01:47 Wow.

01:48 Yeah. Well, we'll pick up the cadence here and we'll get you the jacket. I mean, you're a third of the way, basically.

01:53 All right. I got goals. Now, before I retire from the Python community, I will have my golden jacket from Talk Python.

02:01 That's right. Oh, man. If you come on ten times, you are getting a jacket. I'll figure out where to get one.

02:05 I'll demand one.

02:07 Thank you for being here. This episode is going to be something of a reversal, but not 100% reversal. I've got all these ideas about developer productivity. I've been bounced around and I want to share them with the audience, and so we're going to kind of share those together, right. I'll present them because it's my idea. I don't want to force that recommendation coming out of anyone else or you in particular, so I'll present them and then we'll discuss them. Right. So you'll be both the guest and the sounding board. How's that sound?

02:37 I get to be the Simon Cowell to your performance. I love it.

02:41 Yes, exactly. Well, hopefully you're in a good mood because Simon, he can be tough. Sometimes we'll see how it goes. We'll see how it goes.

02:48 I've seen the talk. I think there's a lot of great points in there and some stuff that I immediately was like, oh, and then I heard you explain it. Actually, that's not a bad idea.

02:58 Well, you let me know where you disagreed because a lot of these things, one thing that works for one person is exactly the wrong thing for others. Now, before we jump into it, though, you've been on the show a couple of times. The most recent time we were on, we talked about little automation tools, which was super fun. We had you, we had Rusty, we had Kim Van Wick, and we had Rivers Cuomo, of all people who did a fantastic job on the show. So that was really fun. And I feel like that's a really good lead into this conversation here before we get to it, though, for people who don't know you, it has been a little while. When was that? That was back in July since you've been on the show. Tell people a little bit about yourself.

03:36 Yeah. So I'm Jay Miller. I'm a developer advocate for a company called Elastic. We do Elastic Search.

03:45 I also do podcasting and a lot of productivity automation, and you can usually find that stuff over either on Relay FM, where my podcast lives, or on YouTube, where I'm often talking about different productivity tools around the macOS ecosystem or the iOS ecosystem, mostly Mac. And I guess the biggest difference there is I don't shy away from the programming friendly stuff.

04:13 The more that I can hack in shell scripting, Python scripts, even Swift from time to time. Bring it on. I am here for it. And yeah. So you're going to see some software recommendations from me, but I often tell people like, let's use what we know, build what we can and ultimately just make things that work for us. And it's kind of me that's kind of what I do in my if it's got to be solved with if this than that.

04:40 Then let it be solved that way. Right?

04:42 Absolutely. Yeah.

04:43 You want to give a quick shout out to your podcast in particular, conduit that's kind of new, right. You also did the productivity podcast before this and then transitioned over here, right?

04:53 Yeah. So before I did a show called Productivity and Tech, it was just a general productivity conversation with people around the tech, I guess, lowercase word tech ecosystem, just learning how they did things and how they were more productive.

05:09 Somewhere along the lines, I found my co host for my current show, Cathy Campbell, and we do a show on Relay.FM called Conduit, where we talk about productivity, but make it so that it fits no matter what tools you're using.

05:25 We do like to make up our own different funny names for things, different techniques and tools and stuff. But ultimately, the idea is whether you like GTD, whether you like Bullet Journaling or whether you absolutely have to build to do lists and visual studio code, whatever you're choosing to do. Hopefully, we can provide some guidance on how to do it to the best of your abilities.

05:49 Yeah, that's awesome. We all have different tools. I remember being in one high level meeting with some executives and such, and they said for some reason my screen was being shared because I was demonstrating. I said, Michael, can you just go and take some notes? I'm like, yeah, sure. So I fired up VS Code in markdown mode and just started taking notes. Like, oh, okay. I see how we're taking notes here. This is very, like, I didn't know they expected, like, one note or something. I know what they wanted, but, yeah, that's how we do it. We're doing this.

06:16 You'll often hear me talk. I'm a notebook, pen and paper person. So when it comes to managing projects or tasks, I'm often starting in my notebooks, and then I'll move it over to a digital format. Like, if I need to share it out or something like that.

06:30 Yeah, right on. Also from the audience, J Lee says, Please make that golden jacket a thing.

06:36 We got goals. I think so. It's easy for me to stand behind this because I'm pretty sure we don't have any ten time repeat guests. I've put the bar pretty high, but we'll get there. It'll happen. Awesome.

06:47 I feel like I'm in the race with people like Rusty Van Wick and Anthony Shaw. And maybe Brian, I feel like Brian can sneak as well.

06:56 Brian does sneak in periodically. He's an easy one to reach out to you. Like, hey, we got to cover this topic, and I can't find somebody you want to jump in and do it.

07:04 Awesome. So what do you think? Should we jump into the tips straight away?

07:08 Let's do it. I'm excited, too.

07:10 Awesome. Well, I think there's a lot of little things that you pick up when you work in software, and I feel like you and I share this belief that software is the superpower to whatever you're actually trying to do. You talk so much about. I found this cool tool to automate that you've even created, like, mail through automation.

07:32 Stuff like that. It's beautiful.

07:33 Yeah.

07:34 I think the coolest part about tools is that they are that they're tools.

07:41 I love artists that are able to take a tool that wasn't designed for that thing and make something truly beautiful with it. I mean, the first time I saw Bob Ross on TV, you see some of the brushes that he uses, and they're not like these little ones that you used in your high school arts class. They're like shop brushes that you would use to paint a fence. And somehow he could still make these crazy pictures in, like, 30 minutes.

08:07 That's where the happy trees come from.

08:09 Exactly.

08:11 Awesome. So the things we're going to cover here, they're like that they're a bunch of little things, and I specifically chose them because I thought they're incredibly easy to try out.

08:22 They're not like, oh, you know what you should do? You should move to a no SQL key value store database. That would be better. That's, like a month, and then we have to live with the consequences. So everything that we're going to talk about here, I believe, is something you could try out really quick and say, yeah, that's cool. Actually, no, maybe not. Okay. If we got some time, I'm going to throw in some extra ones there.

08:45 I think everything here is free except for, like, one or two things.

08:51 Absolutely. Your download manager might get exhausted, but your bank account won't exactly.

08:58 So the first one that I wanted to start out with, and I feel like this is a very bimodal distribution is shells or terminals or command prompts, depending on your origin. Where you're coming to think about these things? And I say bimodal because I feel like there's one group of developers that lives in the shell even more than me by quite a wide margin. They're incredibly talented there. And then there's a whole group that are just like, whatever is on my system. That's what I'm using. What do you think? What would your estimation on that population be like?

09:29 It's tough because I think as the community continues to grow, you're going to have more and more people that are not. Back in my day, we had the green screen with the Blinky dot.

09:41 I don't think you're going to have as many people that are doing that. And I don't think that's necessarily a bad thing.

09:48 I think the first programming thing I learned was when I was eight or nine and my grandfather was using Eclipse, and it's like, I don't go anywhere near eclipse. Now.

10:01 That's not me at all. But nowadays, even in my IDE, I find myself often going into VIM to make changes, like in my IDE instead of just clicking on the file right there, making the change. It's like, oh, I know I can do this faster, just from my muscle memory. So I think having at least some knowledge of if I need to dig into the shell, I can. I think that was actually one of the things you talked about here was using different tools to augment the shell.

10:35 I think that even if you're not going to go in, there a lot, at least when you have to go in there make it at least enjoyable.

10:41 Yeah, there's a bunch of little tools, and there really seems to be a Renaissance of the tools around the terminal. We've got things like rich and textual, allowing people to make really cool apps there.

10:53 We've got all my Zshell, my posh, a bunch of things. There some stuff called I'm not totally sure I want to make a recommendation for it yet, but I'll sort of bring it out there. And so on.

11:07 My recommendation was if you open up your terminal or command prompt if you're on Windows and you're still using CMD Exe, if it looks like the way it looked when you got the machine, there's a problem. You're doing it wrong. If it just comes out of the box and it's just CMD Exe, that's what you're using. Or if you just open up macOS and it's the white bash like you're missing out on so much.

11:34 Yes. Brandon. Brandon. Hey there in the audiences I'm using Fig, and it's pretty awesome. I just started checking out Fig. I'll pull up Fig in a moment. We'll talk about that. So on one hand, there's a bunch of people who are incredibly talented, but there's also all these things that support being more efficient on the terminal. So, for example, I'm a big fan of Omyzhell Omyssh at Omy.ZSH, which I learned that macOS now switched to Z shell as the default terminal. So that's interesting, but that means it's even easier to install on my Z shell because you've already got Zshell, and there's just so many little nice tricks. Like if you go into a directory and that directory happens to be within a Git repo, you get information about your Git repo right there in the prompt. It tells you what branch you're on and what repo you're in and all those kinds of things if you get it to say things about, like, the Python version that you're on and so on. Do you ever use Z shell?

12:30 What do you use? I use Oh my Z shell. Absolutely.

12:34 To me. If I'm not using it, I immediately know because of it's. Like, wait a minute, what's happening here? I'm typing stuff and nothing's happening, and I don't get it.

12:46 I hit tab and it didn't help.

12:48 I typed a few things hit back here, and it just went back to the previous command. This is broken.

12:54 I can't give you the name on it because I guess we'll try to be a family friendly episode, but one of the things I like about my Zshell is that they have these plugins that do a lot of the configuration for you, which is already a big help.

13:09 Like the fact that I don't fleet and all sorts of things.

13:11 Yes, not even that. Just the fact that I don't have to go into my ZSHRC and then put a bunch of, like, path statements and this crazy shell scripting to make things work. I can just go to the plugin section and type something in, but one of my favorite ones, the command for it is WTF. So if you know, you know, but the way that it works is if you type in something wrong, like if you miss type it, if you type in the magical phrase, it'll go, oh, I think you meant to type in this and you can just hit Y and then it inputs it in for you. So if you can't remember what's that one weird command that you have to use if you're using something like Set or AK, which I have another suggestion. If you're using those still like.

14:03 You can be like.

14:03 Oh, I think you meant Aug/ this, not Other thing.

14:09 That's awesome. There's one also, that is the spelling out of the last of those three letters there, and you type that and it will say if you do, like a get checkout and it meant get branch or something like that, you can just type that and go, did you mean this? You say yes and it'll fix it. Yeah. It sounds similar as well. That's awesome.

14:30 Yeah. And things like Fast D and asdf like, asdf I'm sure we'll talk about later, but fast D, like the fact that you can do things like fuzzy searching. You don't have to remember the exact path. You just know the name of the directory you want to go into. You hit Z space, the name of the directory, hit enter, and then now you're in that directory, and if it ever messes up, you just hit tab, and then you can manually set it to whatever you want it to be. So in the future, it doesn't mess up again. To me, it's like you're missing out on a very modern and clean browser experience. If you're not kind of unleashing it with some of these extra plugins and Omyzsehell is the way to start with those.

15:08 To me, it feels a little bit like I'm programming in Notepad versus I'm programming in PyCharm or Vs code. Like, why would you not want to hold this stuff that can help you with what you're trying to do? Okay, if you just take the base one. All right. So now if you are in Mac, I think Mac OS has the best shell of all the OSS, and then you've got Linux. There's a lot of good stuff there. They're very similar. But then if you're on Windows, I felt like that's just a different world, right? You're not meant to be on the terminal command prompt that much until recently. So Microsoft released this thing called the Windows Terminal, which I started using on my Windows machines. And I really like the Windows Terminal. There's a bunch of good stuff in there in particular. You can install oh, my posh on there and get fantastic similar experiences over on Windows Terminal plus. Oh, my posh.

15:58 Yeah. I haven't gotten to play around with the new Windows Terminal experience, but everything that I've seen makes me really impressed with what they've been able to do in the last few years.

16:10 Yes, totally. And you can set up Windows so that if you just say Open command prompt or Open Terminal, the default terminal is the Windows Terminal. And then within Windows Terminal, you can set up the new PowerShell, the PowerShell seven or whatever. It is not the old school PowerShell three or command prompt version. So it also drop in to, like, the latest version with Oh My Posh set up and then you're in a pretty good place on Windows, actually.

16:34 Yeah. And I guess on Mac two terminal is fine. Use I term like item two.

16:41 Unless you're using a shell emulator of some sort, I would highly suggest I term two to replace it.

16:51 Talk Python to me, is partially supported by our training courses. We have a new course over at Talk Python HTMX + Flask modern Python Web apps hold the JavaScript HTMX is one of the hottest properties in web development today, and for good reason, you might even remember all stuff we talked about with Carson Gross back on Episode 321 HTMX, along with the libraries and techniques we introduced in our new course. We'll have you writing the best Python web apps you've ever written, clean, fast, and interactive, all without that front end overhead. If you're a Python web developer that has wanted to build more dynamic interactive apps, but don't want to or can't write a significant portion of your app in rich frontend JavaScript frameworks, you'll absolutely love HTMX. Check it out over at 'TalkPython.FM/HTMX', or just click the link in your podcast player show notes.

17:42 A couple of other things. We spend a lot of time. We're going slow, but we'll make it. We got a lot of stuff to cover.

17:50 This is the most exciting one for me because it's like, oh, you want recommendations? I'm here for it.

17:55 Yes, absolutely. So good. If we spend a lot of time, I think that's also totally fine. So one of the things I much prefer about oh my Zshell over, say, Bash is I could type, get GIT space and hit the up arrow, and it'll only show me stuff that started with Git. So if I'm like, all right, what were the Git commands I recently did up there up there, and it'll cycle through very common, like, SSH. I need the third server I was recently on. I don't want to touch it. So SSH space, upper upper right. And that's really good. Something I've been using for about a month now. That's really neat. Was recommended to us by somebody listening to Python Bytes. We covered it. There was a McFly. Are you familiar with McFly?

18:35 I'm not. And now I want to know because I have a very specific wish that my Z shell would do. And if this does it, I will instant download it.

18:45 Okay. First thing that makes this nice is it integrates in a non conflicting way with Omyzshel. So I have McFly and OmyZshell working together. Okay. So McFly, what it does is normally if you type CTRL R, it'll go to a reverse search on Bash or Zshell or whatever, right. And that I find to be very useless.

19:06 I've never done that.

19:07 Yeah. You know what I'll tell you when I do, I'm like, oh, I tried to type something else, and I accidentally hit it. I'm like, Darn it. I could get out of this thing. I know that you can search for stuff historically, and it's useful, but what I already talked about with the up arrow stuff that's, like the way I go through history in Zshell Oh my Zshell. Really nice, but this imagine if you could just say actually, what I want you to do is use artificial intelligence and context and fuzzy matching to show me a drop down Emacs like experience for my history that I can then run. So what you can do is you can type a part of a command and hit control R, and this replaces your control R with this, like, full screen select mode that will show you all the stuff, which is really cool.

19:50 The stuff that matches, and it doesn't have to just be the beginning. It can match in the middle of strings and commands. So you're like, oh, I checked out this branch. I don't know where it was or just type part of the word of the branch and hit control R. And then boom, there's all the commands you ever issued to that branch, basically, which is fantastic. It uses context. So if you're in a certain directory or you had just Typed one command that's usually followed by another command, it'll give you different ordering on your history, not just the order you Typed in, but usually go to this directory and type that. So you're in this directory, you ask for help on it. So we're going to suggest that one first. Isn't that cool?

20:23 That's the exact problem that I had was the directory sensitive, like context.

20:29 I guess the big example for me is if I'm building something in, like Flask, I often use something like tellwincss to do the styling for it, and I need to reload tailwind from time to time to add the changes. And on some project, I might put that CSS file in, like, static CSS tailwind TailwindCSS or something like that. And the other one might be in, like, static tailwind CSS. The thing I need to remember is when I do NPX tellincss output whatever that file name is, I always mess it up, and I always put it in the wrong folder. So if I knew what folder based on history it was supposed to be in like to me that solves that problem.

21:11 Yeah, I don't know how well it will work there, but that's one of the types of things it takes into account. You can also optionally turn on fuzzy matching and some other stuff. So far, it's been working pretty well. I'm pretty psyched with it, so yes, this one is fun. I would recommend people check it out. It's been working well for me.

21:31 I'm going to give this a shot, but I have one that I recently just started using, and I think that this is this might be something that a lot of folks have had issues with. Have you ever tried to do, like, a grip for something and then you find the thing that you're looking for, and then you're like, wait, but now I need to go and replace that thing. How do I do that?

21:52 I found a program called Amber, which has two commands to it Ambr and AMBS.

22:02 I think I sent you a link. It's a link in the dock there for you.

22:07 But Ambr is a replace, and Ambs is a search, and everything else is basically the same. And it uses that greplike feature so you could do Ambs for search and then type in what you're searching for. What file directory you want to have it search through it'll, do some nice stylized matching, and then when you're ready to replace it, just hit up, replace the S with an R and then add whatever you want to change it to and it'll just go in and make that change. So if you don't have to remember how does said work or how does. Awk work? It's like, you know what? Just Ambr I found what I'm looking for or in AMBS other way around. That's the one thing I will say is I get them confused and mix them up when I'm talking about it. But you don't have to remember two different languages. You just have to remember, replace one character with another and then add whatever I want to do as my substitute.

23:10 Oh, that's pretty nice. I haven't heard of this. This is great. So another one, the one that Brandon talked about that I mentioned was Fig IO. This one is new and interesting. So with tools like PyCharm and VSCode as you type things, you get autocomplete drop down. What if you could have that as part of all of your shell?

23:31 That's what this big thing is. And it has crazy integration, like all sorts of coloration and stuff. And to the point where I have a bunch of custom icons I put for certain folders so I can find them more quickly when it shows the folders. If I type CD space like GitHub space like Talk and start to type talk Python, it'll show the talk Python icon on the folder. It's auto completing in the terminal. It's ridiculous.

23:56 This is where I wish that there was copilot for just working through the shell. I just started typing something. Oh, you meant to do this, and it's like, yes, exactly. And I hit okay. And I'm good.

24:09 So I was trying it. They updated today. It broke some stuff. I got frustrated. I've only tried it for one day, so it's not real recommendation. Brandon seems to like it out in the live stream. I thought it was pretty cool, but I can't give a full recommendation, but I can't tell you to check that out. All right. So that was a bunch of stuff for just a shell, but I think this is really one of the things that's super important. I also like to point out was it Starship is that the one?

24:35 Yeah. Starship was the reason why I specified use iterm if you're not using some type of emulator, because Starship is actually pretty cool.

24:43 Yeah, that's the one Brett Cannon definitely recommends all the time, and I definitely admire his recommendations. So this is another one. If you're not on the Oh My Zshell bandwagon, that sounds like it would be pretty good. This one is more about the prompt and not the whole shell, so you can swap it from place to place, which is also pretty cool. All right. 'ngrok', have you done anything with 'ngrok'?

25:04 I haven't.

25:06 I was taking a look at it, and I was like, this seems amazing.

25:09 But I also don't know if I have a need for this ngrok. ngrok.Com. So there's, like, three or four scenarios that are just so painful that this haul so well. So ngrok as a tool, that's free, but also it's a paid plan. It's like $100 a year. They get 100 of my dollars every year because it's extra useful what you can do with the paid plan for me, but maybe it's not free, so you can try it for free. So let me give you a scenario. I'm working on rewriting the credit card ecommerce system of Talk Python training.

25:43 Okay.

25:43 And the way this new site that I'm at a new service I'm going to integrate with tells me somebody bought something because you don't want to do all the processing on your server, because then you have PCI compliance and all that stuff. They do the processing and they let me know and they take the person to where I tell them they need to go. The way they let me know is they do a web, hook a call into my server with the results, and then I create the access to the course and then redirect them. When they go to that place, they have access to it, for example. Right. So I've got to debug this and I've got to debug their server calling into my server, and you're like, Well, how do you do that? Right. So one terrible way would be to open up your router, put your computer straight on the Internet. But with ngrok, you could just say in ngrok, I want to accept http messages to my local machine. It opens an SSH tunnel out so it doesn't open any firewalls, any ports. It can be as complicated on the way out of town as it wants to be, and then it listens on for an https URL. That then is SSH tunneled back to my local server. So I put a Breakpoint in PyCharm, go to their little app and type in my stuff and say, test this purchase. And then boom paused in PyCharm, pausing their server request as I'm going through.

26:56 See, I thought about something like that. And as soon as you pulled up the site, an actual use case for me popped up, and a good example of this was doing the developer advocate thing. I often have like, builds of stuff servers, Docker, compose instances, and I keep all of this on like a Mac mini at my house. And the one time I actually needed it and it kind of bit me in the backside was I was in La for cubecon recently and I was like, oh, no, I want to do this demo, but all of my database stuff is on my server at home because we haven't been going anywhere for a long time.

27:35 Yes. You forgot what it meant to leave the home.

27:37 Exactly. So had I had something like this, I could have just said, open up access on this Port and this Port only and say, like, hey, now I can actually access data on my home server and keep all of my configs the same instead of doing what I had to do, which was like redownload all the data, open up a cloud instance and then move everything to the cloud and then get a call from our company saying, hey, your bill went up like several hundreds of dollars with GIZ, and it's like, oh, sorry. I was downloading gigabytes of data, left it on. Yeah, on conference WiFi nonetheless.

28:15 Yes. So you don't even have to open up ports. It's just like, you run this and then it SSH tunnels in reverse back. That's really awesome. And you can just leave it running for days if you want.

28:29 Another example is when we were debugging the mobile apps for viewing the courses. We just told it the URL was that opened up the phone. It didn't matter if we were on LTE or whatever hit a button and then boom, break point again. Another one that I think it would be really helpful for is, hey, I'm in this stand up meeting. I want to show everybody this new feature we added to the website, but it's only on my local version. We haven't deployed it, but you don't want to show it over Zoom because the animations look crappy and all that just in ngrok. It give everybody in the media and the URL and they can interact with it live with all the JavaScript fanciness, but it's running on your server, right? Just the latest one. It's beautiful.

29:05 I was thinking about that in terms of what's the overall latency of what is happening there, because in my mind I'm like, this is the better way to show people things. Like, you can go to this website and you can play around with this. And at the end of the day, like, you just close the ngrok connection and it's all done.

29:23 You don't have CTRL+C and you're off the network again.

29:26 Yeah. I might have to play with this as soon as we're off this call because I have a demo that I have to do soon.

29:32 Yeah, that's awesome. One of the things you get with the paid plan is you can create a stable URL, whereas if you have a free one, it always resets the URL, so you got to reshare, which might be fine. It might actually be good.

29:43 But, yeah, that's good for me. I needed to reset on it. Yeah.

29:46 So instead of trying to set up some crazy server set up at home and trying to do, like, router net routing, which you probably don't want to even expose your server to the machine to the Internet, just fire up an ngrok session. Good to go. I really think this is. I've been using this all week, and it just reminds me how much I love it. I'm like, yeah, just set the sandbox URL to have my ngrok endpoint instead of the production endpoint. And boom, it's good to go.

30:12 You know, one of the things that I was thinking about as a productivity tip is very much for the beginners out there.

30:19 I have always struggled in the idea of, like, what do I do with all of this server admin stuff that I don't want to have to do.

30:29 I remember how intimidating that stuff was.

30:32 Yeah. And I think that this is kind of a good segue between the next topic that you're going to talk about and this existing one and that's, like, the idea of, like, it's okay to embrace not necessarily the serverless ecosystem, but the power, like, the past product as a service ecosystem to where like, hey, I just want to build my app and I don't want to be a sysadmin. Can I do that? And now with stuff like Netlify or Vercel, Digital Ocean has a thing now like.

31:06 Heroku.

31:08 Taking advantage of some of those things or even doing something like ngrok that you can spin up when you're done with it, tear it down. I think that was actually a tip. On the last time we were in this call, I often built admin consoles and flask do them locally, have them connect to my servers off site to do any database changes. And that way I know for a fact I'm not leaving anything secure open because I'm just doing local hosts and sending the API calls. And when I'm done and I close the terminal, it disconnects and there's no more access unless someone has my API keys. I'm not putting anything up on the server. I'm not putting anything up on GitHub and I don't have to maintain it and be worried about it. I can just go, oh, pythonapp, PY enter and then go to localhost 5000, make my changes and then close it and then cool. Got access. Don't get access that easy.

32:00 Yeah, that's very nice. I love it. Jlee out there also says I'm using ngrok to work with my RPI for home security services. Works great. Yeah, that's another thing on devices that aren't necessarily listening. You can get them to sort of push out and then start listening again.

32:17 Yeah. There's a lot of good use of the intelligence ngrok thing. It's a thing of beauty. All right. So another thing that I think speaking of people who are beginners and struggle, right has to do with security, you push something out on the Internet, who knows how quickly will it get owned? Right? It's not going to be good. And there's a bunch of recommendations from OWASP that they say, look, these types of things we found to be common vulnerabilities that websites have, like injection cross site scripting, other things like if you don't explicitly disallow it, people can take your site and embed them in an iframe and then wrap other stuff around it. Right. Like, go to your login screen, but actually overlay something that captures the keystrokes or other weird things. Right. So how do you keep track of these? How do you prevent them? So this thing called is fantastic.

33:13 And it's got the most amazing Pypi name. Just secure. Like how they got that name? I have no idea. That's incredible. But it integrates. One of the things I like is it just like a couple of lines of code to integrate into whatever framework you're using. So Quart Responders, Sanic Flask, Fast API, Jango, Pyramid, AIO Http, all of these things. And it's just a couple of lines of code to get it integrated.

33:39 Usually it's some kind of, like, middleware type of thing that you wrap it up with. And so in order to use it, all you have to do is create one of these secure headers, and then you set a couple of values, like whether or not you want to allow cross site scripting and things like that. And then what it'll do is it'll automatically put all the security controlling headers into the response coming out of your website. So, for example, X content type options, no sniff. You hear that want to protect against that X frame thing or iframe X frame options, same origin. So you can do it with no one else things about the refers and so on cross site origin for JavaScript and whatnot? So it's super easy to integrate with what you're doing. Also, it's like a tamper proof cookie type of option for doing that as well. What do you think this one?

34:32 So I know when I first saw this, I was like, what is this obfuscation of what's happening behind the scenes? And I literally just talked about this 30 seconds ago. Like, oh, you don't want to have to think about that stuff.

34:45 Yeah. I'm going to completely walk that back. And in my own projects that I'm building, it's like, I want to know what's happening. I just don't want to have to maintain it. Yeah.

34:57 And that's kind of where your response in showing how this works and showing it's. Just adding the headers on that it needs makes me feel a lot better because I'm in a Devop space where we're, like, we do a lot of, like, APM stuff, and I just got off a live stream where someone was like, yeah, it just connects to your platform, and it's like looking and digging and getting logging of all of this stuff. That is a dependency of the tools that you're using. And it's like, oh, that's kind of should it be doing that?

35:30 I don't know.

35:31 I mean, it's great because I know that I can drill down and see where the problem is, but at the same time, I want to know that it's doing that.

35:38 And that's my concern with tools like this.

35:43 But I will always say, leave security to people who know security and don't try to roll your own. I think Jacob Kaplan Moss said that.

35:54 Yeah, that's good advice. One of the things in my dream world, imagination or idealistication of this thing is if a new recommendation comes out some new header that we should all be adding that we are not paying attention to that we should have added, but we didn't for some sort of configuration change for security, secure py could be updated to make those changes, and you just pick them up. And you don't have to know that that was approved.

36:22 That makes me wonder, do you know, if any of these things, any of these protections come in at like, a platform level? Like, if you're using something like a Netlify, you say I use Netlify functions to load a thing.

36:38 I wonder if Netlify is doing something on their end to also include some of these. And that's where a lot of my concern comes from is that if down the road, I'm doing a thing and then my provider is also doing a thing. Am I going to run into some goofy error that I have to troubleshoot?

36:56 I would guess, because it's headers just they would overwrite what your app creates.

37:02 This is more intended for, like, Flask or Django or something like that where you're kind of the beginning and the end of the security statement. You know what I mean?

37:11 Something like that?

37:12 Absolutely. Like I said, I will always leave security to in the hands of people who get paid to think about security because I know I should be thinking about it. And the most secure thing I can do is say, hey, I need an adult in this situation.

37:29 I thought a lot about this, and I haven't absolutely.

37:32 I also would like to point out that if you're not doing Python web apps. First of all, what's wrong with you? No, but seriously, second, there's tools like this for other frameworks for, like, ASP, Net and other ones. If you want it, if you seek it out, they have a totally different name. Very unlikely to have a cool name, like Secure, but there's other tools for other frameworks and platforms as well.

37:53 You'll have to listen to talk, whatever that language is to me, I guess, to hear about that.

37:58 Exactly. Yeah. Talk Cobalt to me about our APIs. All right. So yeah, to integrate it is, like incredibly easy. So that's super cool. So here's a recommendation, which is in some sense in contrast to how much I went on and on about how much I love the shell and the terminal. And that is don't shy away from UIs for your get.

38:20 Basically, this is the one that I was like, I'm ready to fight on this one.

38:25 Let's battle. So here's the thing. I think there's a lot of value to having nice visualizations of what's happening. Right. Like, for example, my first thing I pulled up for this was Source Tree from Atlassian. And when you open up a repo, you see the branch history and who has made what changes and where the Tags are all in, like, one quick shot. And you still have hotkeys. If you want to just do a pull latest, you shift cmd+l, and that's the same as Git pull. Want to push shift + command I don't remember what the push one is. P maybe. But there's a couple of hotkeys that sort of give you a quick access that is like being on the terminal. But you also have really nice and beautiful things. One or if you're an expert or two, like, if you have two branches, you want to merge one, you drag one branch on the other and that merges the changes from one to the other. There's things that help people who are new a lot. So I find this doesn't mean you should never do source control in the terminal or with getting the terminal. But it also shouldn't mean you should never use UI tools. That's my stance. How do you feel about this?

39:28 Okay.

39:29 I can tell you feel the same with that phrasing. I'm like, fine, but I took the first word on this one, so go from there.

39:41 So I have many a tweet that has said I have made said mistake. I need to unmistake it. And how do I do this? And almost like clockwork. I do it wrong. And I wind up deleting things that weren't supposed to be deleted. And then I'm banging my head against the wall and then figuring out how do I fix this.

40:04 The biggest get undo is just delete the whole directory that is actually check it out again and just hope that you can kind of get it back.

40:12 Yeah, that's exactly my solution in most cases.

40:17 Again. I also want to say I am not saying that any type of UI is bad. I'm just saying if you're getting started, learn the basics because you're going to be on a server one day, you're not going to have access to Tower or Source Tree or something else, and you're going to need to know what was that command like, what is cherry picking? Get whatever. And it's like you're going to need to know it. And if you have an over reliance and you don't understand what's happening behind the scenes. That's when you're going to be in trouble. So for me, it is very much you can use the UIs. You can use the tools, know what's happening behind the scenes, and know what they are as well.

41:06 With this comment, why make things more difficult? There's so much to memorize in our languages already. Why do we need to memorize the Get commands as well? That's the thing. You don't have to memorize all of the commands. You just need to know. Get a good understanding of what you do need to know. And on top of that, plus, we already talked about use things like Omyzsh, where you can just tap through it and get a list and you can use man , and you can learn about all the different commands and what they do. But again, if you hit delete on the Git or the GitHub interface, what is that doing?

41:42 Is that deleting your entire repo? Is that deleting the clone that you have locally, like, what is happening and what happens when you go to use some other tool and they use the exact same phrasing to do something different?

41:53 What happens when you go to a new company and your git workflow changes and you're like, oh, well, now we don't do branch stuff. We do tagging and things like that. I'm not saying that you can't use the UI. I'm just saying it's good to kind of understand what the UI is doing so that if you ever need to change it, or if you ever need to change what UI are you're using, you can do so and do it in confidence. And when you're stuck in that one situation that I have personally been in, where it's like, crap, I don't have the button that I press. What do I need to do? You can at least have a better chance at making the right decision.

42:32 Yeah, that's fair. I would say to Robert, I think RJL is Robert. Hopefully I got that right, Robert.

42:39 There's probably five or six git commands you need to actually know how to do, and then the rest I would go to the UI because to me, it's like, do I really need to visualize the branching in some other way? And I'll just open up sorcery and look at it. That's going to be totally fine. But if I need to know how git, pull, git, commit, git ad, push, git, check out.

43:02 These are the various things I need to know, but like, a complicated rebase.

43:07 Maybe I'll just go, I'm going to find the server or the UI, and I'm going to do it.

43:13 We've all done that interactive rebase, and we're just like, what am I doing? We get like, three of them through and we're like, yes or whatever. Just accept the rest of them and go and then you realize that you shouldn't have done that.

43:30 Why am I in V. I just accept theirs. Accept theirs.

43:33 I think that's the thing. No, I'm not typing git commit M insert my message and then all the files that I want to commit. I'm often just doing git add G Cam, forget, commit, addmessage all, and then whatever my message is. But at least I understand what those commands are doing. So that down the road.

43:55 I do very understanding.

43:57 And to be fair, sometimes the tools like you're also giving access to your repo.

44:02 It's cool if you're using GitHub and everything's public, but you're also adding a layer of opening to another company.

44:14 I would be hesitant to say that there's no company out there that's not going to be vulnerable to some type of attack, and then you got to revoke access to your repos and things like that, because again, in order for these UI's to work, you're giving it a lot of access to what you're doing again.

44:32 Some of them I think Source tree mostly just work like you can just drag a folder onto it and it'll start to do its thing, whereas there's other ones where you're like OAuth OAuth signing into GitHub or GitLab or I'm going to let Anthony from the audience have the fun of word here. Don't roll over source tree, Jay.

44:52 Not at all. Not at all. Use the tools. I think Tower is great. I think the GitHub you I've never actually used source tree. I'm sure it's fine.

45:00 I would say Source tree is the one that hides the least. It's there to help you and there's UI, but it's actually pretty complicated in what it does. They don't mean that necessarily in a bad way. It's not hiding everything behind pseudo actions.

45:13 And I'll also throw out there. I am probably not the best subject test case for this because most of the projects that I work on, it's just me or it's me and like, one or two other people. So it's easy to follow that tree. If you've got 50 people working on a thing and you need to be able to trace back and forth what's happening? I totally get using a tool to help with that.

45:36 Yeah. If you find yourself over here in the sktcd world, you start out writing beautiful code like created main loop and timing control enabled config party. At the end, you find yourself just eight A-S-A-F-D-K-F-S-G. My hands are typing worse hands. Yeah, you're kind of breaking down there. All right.

45:59 So I reset this on.

46:01 Where did they get access to my git commit messages?

46:04 Exactly. How did they do that?

46:06 All right. There's also GitHub desktop, which is kind of neat. I would say the other area I just point out really quick is a lot of the tools we have already have built in. Awesome git stuff like PyCharm has fantastic Git integration, and so does vs code with like, Git Lens and stuff. So you might already have a UI for it if you just press the button, you know what I mean. All right. Keeping along with Git, if you've got a Git repo that you've forked something that's always driven me crazy is like, I've got to go. And there's a series of events I got to do on the terminal. Like, add a remote origin, and then I can earn upstream origin, and then I can do some commands to pull the upstream origin and merge it back into my main branch and so on. So GitHub added a button that just says, Have you forked this? Oh, look, there are changes. Press this button to make them the same. I love this. Fetch upstream and fetch and merge. This is awesome.

47:01 I really want to give a shout out to a lot of the features that Git has added recently that every time I go in there and I see something like, oh, this is nice.

47:12 Yes, GitHub is coming along.

47:15 There was concern about what would happen to it and Microsoft bought it. I think it's only gotten better.

47:19 Yeah, I think because I'm such a professional open source contributor. There was a misspelling in a README, and I wanted to lift, tilt my glasses up my brand and go, well, actually, you swapped the T and the H and without.

47:38 Yeah. And by the way, I am a contributor to Django.

47:41 Now, exactly.

47:43 Just the process of doing all of those things can sometimes be more when it's like, this is a simple fix. And like, in your mind, you're like, Now I got to go do this thing. I need to fork the code base. I need to go and do all this stuff. And I literally did everything just in the browser. And then it was like, hey, do you want to sync this or hey, do you want to create a new do you want to put this on the brand? Do you want to do a new thing? How do you want the PR to look? Hey, they accepted your PR. Do you want to go ahead and delete this and it's like, all this maintenance stuff that I am bad at doing. I am glad that GitHub will be like, hey, it looks like you merged a PR to me. Microsoft just clippified GitHub and made it easier for me to do what I do.

48:27 Good afternoon, Jay. Are you trying to write a letter or merge a PR?

48:32 It looks like you're trying to rebase. Would you like some help with that?

48:35 Exactly. Wait a minute. First. Why are you rebasing?

48:38 All right.

48:39 So I love this. This is like a single button click it solves a lot of the problems.

48:44 Really nice, because keeping your Forks in sync have been a problem. What I would love to do is just say yes and do this every day. And don't tell me about it ever again. Just make it happen. If they're committing line. It depends on what I'm working on, but there's a lot I would be happy to do that on.

48:57 Yeah, I think as long as I maybe give me a deadline, give me like, hey, we're going to auto merge this in after five days. At least that way you can get the messages of, like, hey, we broke this thing. Don't do it, don't do it.

49:11 Yeah, sure. So for me, there's like, two reasons I'll fork a repo. One is because I really love it and I want to contribute to or explore. The other is just I really want a personal copy of this thing that I can control just because I depend on this so much. I want a copy of it. And for those, just keep it in sync. I can always go back to the version before.

49:31 I was wondering, how many, like, were you doing this for dependency management, but I don't know how much I'm doing that. I'm not really forking someone else's code and then, like, bundling it in with my projects. But I'm never going to say never, because that's the one time you need to go and do that.

49:52 Yeah, for sure.

49:53 All right.

49:54 Well, so glad that we're only part way into, like, we're halfway through now, and we're just barely into the podcast. That will be fine.

50:04 Some of these I am just like, I agree next.

50:07 Yeah.

50:09 This one's perfect. If you're not using let's Encrypt, and you're not a company that buys their own certificates and other things just use let's Encrypt.

50:19 It is so simple.

50:22 I would say getting a certificate is kind of a challenge. I remember being on the phone with a certificate company and having to verify the identity Where's the office and what do you do there? Maybe we'll give you an SSL certificate. It might have been one of those enhanced ones or something that didn't really matter, but they thought it would matter. It was just such a hassle. And then, oh, my goodness. If you got to renew that thing and you don't remember the details or the person who originally got it is gone.

50:48 What a hassle. Right. And so one of the benefits of let's Encrypt is not just you get an SSL certificate. Tls certificate. You also get them automatically renewed off behind the scenes without you doing anything that's beautiful.

51:00 And again, this is a plus one for those platforms as a service. I know, like, Jam Stack and all this other stuff. People are like, I don't want to have time to deal with that. The fact that I can just commit to GitHub, push my repo up to GitHub, and then from there, I know my website is done, and I don't have to worry about the certificate renewals and everything else. I will always go that route. But I do have servers that I run for. Like, hey, I want to show you what it looks like to run the server. Let's Encrypt is absolutely like, the first step in that process. Like, okay, let's make sure this is good to go.

51:35 And I always imagine this would be kind of complicated until I actually saw the steps. The steps are app install software properties, common add app, repository, Universe, app state, and then just app install Cert, Python, three Cert Bot NGINX, and then just run . Bot NGINX.That's it.

51:55 Then say yes to the prompts.

51:58 That's it. It's really not that intimidating. So people should absolutely be using it. And audience RJL Robert says, hey, don't forget about Flask Con in a couple of weeks. Michael will be speaking. I will indeed, that'll be super fun.

52:09 And he I'm also speaking at Flask on you're speaking at Flashcon.

52:14 I had no idea. Awesome. We didn't even get a chance to connect. What is your talk on?

52:18 My talk is on utilizing the Google Maps Autocomplete API to do location based searching with Elasticsearch.

52:27 Awesome.

52:28 And I'm demoing it in my College board clone. So anybody that's in high school getting ready to go to College and wants to know how much student loan that you're going to go into? Yeah. Check out my talk.

52:39 Awesome. Congratulations on being there. You could run ngrok and let the audience interact with.

52:45 That's why I said I was going to test this as soon as we're done here.

52:48 Nice. Yeah, I'm doing Flask plus HTMX stuff. I'm a big fan of that. That's not even on my list of my suggestions. All right, here's another one I find really challenging is testing web apps. And yes, you should write very focused tests like, oh, here's the ecommerce section. And this is what the price is when I set a discount code and I'm not logged in and I tried to purchase it. But sometimes you want to know, will the thing just catch on fire and 500 or will it actually work if I were to push this to production? So this recommendation is that if you have a site map and most sites do, one of your tests can be just request all the pages and see if they 500 or 404 or if they return something that looks like a response, like 200, 201, three, two. Something like that.

53:34 I'm trying to remember what it was called. I think it was like PY test request or something like that that does something similar, but I love the idea of using sitemaps. I'm going to do a shameless plug. One of the things that we started doing with our search platform is adding a crawler that you can tell it to just go and brute force all of the links on your site and make sure they're good.

53:58 But you're going to miss something like you will miss something that way. But you can also just add a site map. So sitemaps are a great tool, and it's one of those things that a lot of like, I don't think Flask does it by default. Django doesn't do it by default, but there's usually a very simple way to add a site map to those applications. And I think if anything, this is just another reason to implement sitemaps. Also, search engines do like sitemaps. So if you want to get another bump in the SEO ranking, this is the way to do it.

54:31 Yes, absolutely. Super easy. It's not a lot of work for the relative benefit you get John out in the audience says ngrok. Sounds similar to Cloudflare tunnels, which are also free. That's awesome. I have no idea what cloud flare tunnels are, but it's a good recommendation. People can check that out. I had that to the list right on. All right. Here's. Actually, the code I put up there like it literally is 15 lines of code or something to do the site map test, which is pretty straightforward. Another one you're talking about the SEO aspect. Google has been paying attention to how fast your site responds and not just what is the server response, but how long does it take to get all the JavaScript and parse it and run it? How long does it take to read the HTML and then get the images and Resize them and all kinds of stuff? So there's a place called Page Speed Insights by Google, which you can just go put any web page, your root page or some sub page in there and it'll give you not just what they think your speed is, but what their recommendations are.

55:33 Your image is too large here on Wimpy processors like phones. It's going to slow down the page load. So you should Resize. Like you're saying 300 in your CSS, but the image is 1000. Just make it 300.

55:47 I'm writing the Orange on my side, so I'm at the high I'm like right underneath green. So I got some changes I can do. But one of the things that I thought about this and I love the idea, and I absolutely agree with it. 100% one. If you're doing static, static tends to be faster. Just throw that in there because I love static.

56:09 But it's not as easy of a fix as you would think. It's still a lot of problems you can have with a static page.

56:16 Yeah. And actually one of the things that I wanted to add on to that, speaking of scores and ranking is the idea of accessibility, scores and ranking as well.

56:27 We don't want to be Domino's. We don't want to be the company that gets sued for not having good accessibility. Luckily, I don't think anyone here is building stuff like that, and if you are Hi, welcome. I'd love to chat some time, but I do think that it's important to be good stewards in the community.

56:44 That's something that I think is really great. And if your site isn't accessible, you're cutting off a lot of people and a lot of people are like, well, it's hard to do this. And what else can I do? There are a lot of great tools out there. The one that I'm going to promote is Wave, which is the Wave Web accessibility tool, and it gives you a bunch of different things that even does its own evaluation.

57:08 And you can use it to say how accessible is my website.

57:13 Yeah, that's cool. Definitely. People should check that out.

57:16 This is important. I think it might even be legally required. And then also page speed is starting to be used for actual ranking as well. So we should consider that. All right. Here's an interesting one, which I don't know how you feel about this, but I find if I set up a server and the server's job is to run a website or an API and I log into it, there is about a half of 1% chance that I want to change details about the service of the system Python. There's a 99.5% chance that anything I need to change is with packages or details or commands involving the service I set up, and I found I was always I would log in and I'm like, okay, well, Where's the virtual environment? I got to activate this thing, and now I can issue the pip, install this new thing, or do some other command that I needed to do on the server. And then it occurred to me like, Why do I do this every time? Why don't I just set my ZSHRC to say, the last thing is to source activate the virtual environment. So now when my servers, when I log in, at least the ones that are web servers, it automatically activates the virtual environment that runs the web app.

58:21 So are you familiar with DRM? D-I-R-E-N-V?

58:25 Yes.

58:25 So to me, my solution here is DIRENV for those who don't tell people what this is. Yeah. So DIRENV is this way to load an environment based on the path that you're in most cases, this works for just environment variables, which I mean, I love it means I don't have to put stuff in open source. I don't have to risk putting a password in there. I can just point to an environment variable, load that stuff in and then know that if I'm actually in that folder, then the variables are loaded properly.

58:59 Right. Exactly. If you're in the folder that contains somewhere above it contains the virtual environment, it's going to use that. Exactly.

59:06 And the thing that's really cool about this is there's another tool called Asdf that uses something similar to Py environment or PyENV that you can put into your environment variables to say, layout, Python and the Python version. And it creates a virtual environment the same way that when you load into that directory, you're Loading into a virtual environment that you can control the actual version of Python that you want to run and that works for both Pip and the Python environment. So when it's like calling PyEnv every time you change directories into a certain path. And to me, this is the new way of doing it. When Python 310 came out, all I had to do when I wanted to test for 310 was change my NVRC to say layout. Python 3.9 .1 to 3.10.0. And from there, that was it. I CD out of it. Cd back in it created a new environment. I reloaded my requirements and I was off to the races.

01:00:08 That's pretty awesome. Yeah. Very cool. I think that's good as well.

01:00:13 I would definitely lean heavy on that for the Dev side for the servers. I'm like I might not log into the location I want to be in. It depends on if I have a bunch of services running, there just one. But yeah, those are good recommendations for sure. Especially like I said on the DevSide where you're doing lots of different projects. All right.

01:00:30 Last one is dependencies, and there's all sorts of dependency stuff going on here. So there's levels so you can Pip install some package like I could Pip install Pyramid that would install Pyramid.

01:00:41 It'll give me the latest one unless they already have it. And it says you already have it. So you're good. Even if there's a newer version, it's cool. So you just do upgrade and you get a new one. Right. But Pyramid might install Chameleon, and my chameleon might be out of date. But this Pip install Pyramid upgrade doesn't upgrade my chameleon, right? It doesn't upgrade the transit closure of all the dependencies, which is a hassle. And then you've got to remember to run these commands. What if there's, like, a security vulnerability that I just got a notification a couple of days ago, there was some security vulnerability, not something I'm using, but something that I'm using is using very indirect. So there's all these challenges I think around dependencies. You talked about GitHub having cool features if you pin a version in your Piproject.yaml or your requirements. Txt and there's a security problem if I say I'm using Flask one and there's a security vulnerability that was fixed in Flask two, GitHub will automatically create a PR for me and say, there's a problem, except this PR to fix it. Right. That's pretty cool. Right.

01:01:46 So one of the questions I had with this was does Pip tool solve this second problem of, like doing upgrades? But then it only upgrades like the top level and none of the stuff below.

01:01:58 Yes. And that is my current solution is I'm using Pip tools, and I think the command is actually Pip. Compile in there. I don't remember. I've aliased it away. So it's like on my mind, I just type I think it is Pip. Compile update all or something like Pip.

01:02:15 Compile upgrade, because I did the same thing. Except for I never thought that just alias the whole Pip. Compile upgrade. Plus Pip sync. That makes sense.

01:02:27 Exactly.

01:02:27 Yeah.

01:02:28 I've ALIAC syncs away. They're all down to like Pip installrrequirements. Dev. Txt is just P IRD if you want without the device Pir.

01:02:37 I'm all about the aliases my neovin because I could never remember. Nvim I just do VVI.

01:02:44 Yeah. Nice. Exactly. So the Pip tools is my current recommendation because what you do is you create a requirements in and you put the things you would have installed yourself. Like Pip, install Flask, Pip, install SQLAlchemy, not their dependencies, just the things you want. And then when you run the command that you talked about it'll, create the requirements TXT with the closure of all of the dependencies and actually indent them, showing why they're in there. Like Flask depends on it's dangerous. So it would put that in there and would be clear to the dependency of Flask and it pins the versions of all of them. And then if for say it drops it's dangerous requirement. And you rerun this again like that'll come out of your TXT file entirely, which is also nice.

01:03:29 I think this is fantastic. It sounds like you're using it as well.

01:03:32 Yeah. That's part of my default set up of any new project is install Pip tools, and then from there, and then immediately compile and upgrade.

01:03:44 Yeah. Awesome. Also package managers for the OS like Homebrew, I use Homebrew, my macOS. I know there's other things to use, but that works well. Windows has Chocolaty, which I think a lot of people on Windows are not using a package manager. I think Chocolatey is awesome. You can install Python that way. Obviously, there's apps and other things on Linux, right?

01:04:03 Yeah. I really like Homebrew.

01:04:07 I think they're now in one.

01:04:10 Ready? Yeah. Okay. Good.

01:04:11 On this computer we're talking on. I got this one in December 2020. It has the Intel Homebrew on it, but my new MacBook Pro, I put just a straight up the Apple Silicon version on there, and it's been working fine. I haven't had any problems.

01:04:26 Okay. Yeah. Homebrew. To me, it just makes sense.

01:04:29 The one thing that I will say is asdf if you're using that.

01:04:35 You don't want to run Pipin or Bruins install Python because then you have different. They're like your stems and stuff will get all weird.

01:04:45 So install Python through Asdf if you're using that. But other than that, yes. I think Homebrew is great. And I guess the other bonus to asdf is you can use that not just for Python, but if you're doing like Ruby and you have, like, RVM or you need to manage node versions, which I hate managing node versions, but you have to do it. I guess you can do all of those things in that environment control area in VRC, and again with Homebrew, it's like it works, but when it doesn't work, you're just like, okay, great. Now I need to uninstall this. I need to run Brew.

01:05:22 Doctor, I want to format the computer.

01:05:26 Exactly. You just need to just reformat your hard drive. It's destroyed.

01:05:30 It's destroyed. We won't upgrade Python anymore. We're done.

01:05:34 I've had so many times. We're just updating Python, and it's like, just giving me time to be like, well, I'm done with this.

01:05:40 Yeah. All right. A couple of other things out in the audience. Anthony suggests Pip deptree, which will show you kind of that. Here's the top level things you installed and what they depend upon, which is great. That's really a good one producton. Says pip Audit is a cool tool. If you want something on security, it's a project by Dustin Ingram, who is associated with PyPI. Org and PIP and stuff, which is awesome. One more thing I'll throw out there pretty new is PyPI changes. So this just came out and you type PyPI changes, and you point at the Python executable in a virtual environment, and it'll list all the things you have installed, what version they are, how old they were like, here's a thing. I've installed it's ten years old. Maybe I should think of something newer, but also whether or not there's an update. So this is a fun one as well.

01:06:26 That's nice.

01:06:28 Again, I'm really impressed with a lot of these tools and companies like, I mean, the fact that Python now has some folks that are dedicated to working on these systems, and it's what they do. I mean, talking about, like, Lucas and having a developer in residence. I think this is the benefit that we see of this is you get these little touches that just make each version of Python not just more performance, but also nicer to work with and nicer to play around with.

01:06:57 Yeah. It gives you joy and frustration as you work with some of these things, for sure.

01:07:01 Exactly.

01:07:02 All right. So those were the ten. How about I just threw a real quick thing out there for people as a delightful little takeaway nerd fonts. Have you played Nerd fonts?

01:07:11 I haven't. What is this?

01:07:13 So if you want fonts that are good for programming that support font ligatures, and, for example, the ohmy, posh I talked about, they have all sorts of weird continuation between transitional characters and stuff. All those things test against Nerd fonts to make sure every Nerd font will work well in that shell fancy extension. So if you go over here to the downloads, you can see there's, like a huge scroll bar. But of all these different fonts that support font signatureatures, nerd fonts, et cetera, et cetera that you get here, they all come with a ton of variations. So if you want to have a bunch of cool programming fonts, you've got like, Nedo, Nerd font looks pretty good. Pro font. Nerd font, not a nerd action.

01:07:55 That is just dyslexic that's if you like ligatures.

01:08:07 I love ligatures, but I don't want to battle that out right now, but I went and installed every one of these nerd fonts on my new MacBook. It took half an hour longer for that little font book app was like, locked up. I thought it destroyed my computer, but no, it just had 2600 font families to install or something.

01:08:27 I'm glad you don't use Photoshop. It probably doesn't like you either.

01:08:31 What are all these fonts?

01:08:33 Exactly?

01:08:35 No. But if you're looking for good programming fonts, I don't have one over the other to recommend, but there are many, many of them here. All right. And then I see Antonio out there in the audience, who is saying we got to wrap this up with a notable PyPI package.

01:08:51 I had two that weren't included in the list, and that was black. And I sort I'm pretty sure the folks listening know, like, Black is a great formatter for your code. If you're like me and Pep Aid is a thing that you want to understand and believe in. But from time to time, you're like, Well, what about this weird scenario? I don't think about that anymore. I just run black and then I'm done with it.

01:09:18 I think it's a real value that Black ads is not necessarily that it does. The formatting like I could open up PyCharm, go to the top level of a project, right click and save format everything in this directory, and it would format it the way I told PyCharm. I like it, but it solves the debate. It's like you don't have to debate. Is there a space before the comma or after the comma? Does it go on one line or does it go on three lines? Like Black puts it on the lines. We've agreed that we're just going to take this and nobody's going to be 100% happy. But you're going to be 84% happy. And we're just going to stop fighting about the formatting.

01:09:49 And I sort is the exact same, except for it does this with sorting your imports. And I will say sometimes when I'm writing code, it's messy. Thank goodness I have black and eyes or to make it not so messy whenever I have to give a talk and then someone goes, Is there a reap over this code? And I'm like, give me 30 seconds, black, I sort, okay, now there is.

01:10:14 Now I can.

01:10:16 Now I'm willing to share this. That's right. It's not embarrassing anymore. Also drawn out in the audience says I was just going to say, Black and I sword, get out of my head.

01:10:24 Jay man. Well, other than that, you've talked about Rumps so many times we can play the classics all the time here.

01:10:39 I try to not do a lot of installation of stuff, but if I go to some of my projects really quick and just open up, actually, I think I do know one. And let's see.

01:10:55 I can't remember what it's called.

01:10:58 Yes, I have an app I built with Rumps Python three and PyCharm app. It's running up in my Mac terminal bar. And if I'm really unlucky it'll get hidden in the notch of my new MacBook.

01:11:12 I haven't played with Rums recently. I need to do some more with Rums.

01:11:15 Yeah, rumps is good.

01:11:17 Honestly, some of these little dependencies that I add to some of my projects that I could probably do my own. But also, I don't want to, like, slug of again, a lot of this is just getting rid of how do I do this?

01:11:34 One of my projects that I just started working on is this idea of we've all done Markdown, and then you convert it to, like, a markdown table or you convert it to HTML, and you got to do some stuff with it, and then you got to process that HTML. But what about doing, like, Markdown to JSON where I have a markdown table, and I want to convert that table into a CSV file JSON file. So I'm like playing around with this. And in my head I'm like physically pulling my hair out. But I'm also like banging my head against the wall, going, like, what's the regular expression for this thing? And that's where stuff like validators is absolutely amazing, because you can just go, is this an email if it is. Okay. Good.

01:12:15 Run.

01:12:15 This. Is this a properly formed URL? It is good. Okay, run this. I don't need to rebuild those things.

01:12:23 Yeah. Awesome. A bunch of good recommendations. So thanks for being here, Jay. This was a lot of fun. I love just going through a bunch of these little tools because I learned a bunch from you and looks like people's audience have found a bunch of interesting ones that we covered as well.

01:12:36 I love it as always now that I'm a front runner for the Golden Jacket Club of Talk Python. I absolutely love coming on. And just now that you got the chat here, they're talking about products. I'm like, what's that? Let me add that to my list and I get to learn as much as everyone else does.

01:12:55 That's awesome. Yeah. I just want to give a shout out to the YouTube livestream. It's been really fun to have so many of you all come and join the streams and give us feedback and thoughts during the show. I think it lets the audience have a little bit of representation. If you want to watch that one, just go to the episode page. You can click it right at the top.

01:13:11 It will be there or subscribe to the newsletter. There's a link to the YouTube videos.

01:13:17 Every newsletter they are in there absolutely. Every time. It's awesome. All right.

01:13:22 Robert says, thanks again, Jay. Michael, this has been very informative. Thank you so much for being here. Robert J final word call action. People excite about this stuff. What will you tell him?

01:13:31 Honestly? Just play around with it. Have fun.

01:13:35 Be a good steward of the community and absolutely take someone that was like me seven years ago. That was like, this Python thing seems hard, but I really like Flask, so I'm going to keep trying it and just continue to pour time and energy into them. Trust me, it'll pay off for them in the future, and they'll be sure to thank you with all the drinks that they can.

01:13:59 If you ever want to get in touch with me, you can do. So I'm on Twitter, K-J-A-Y. Miller on Twitter, LinkedIn. That's kind of it.

01:14:06 Yeah, I'll definitely put that in the show notes as well.

01:14:08 Yeah. And again, if you're interested in my productivity takes and wild, hilarious opinions on things, but you want to get outside of the Python space. Check out Conduit on Relay.FM/conduit where we put out an episode every other week. This next one actually talks about having to do your job when you're in physical pain, which is something that you don't think about until you have that migraine for, like, the third day in a row and you're like, all right, how do I do this?

01:14:40 My most recent example was when I fell in a river and landed on some mossy rocks and broke my finger in three or four places and had a cast that went to the tips of my fingers. Could only work with one hand for two months. Let me tell you, you got to find some productivity tips to keep things going at that point. Absolutely. A couple of years ago, but still, all of a sudden, you realize, oh, boy, I got to keep going. But this is not so easy.

01:15:04 Oh, man. Yeah.

01:15:06 So people should check out Conduit. Thanks for being here. It's been great.

01:15:09 Absolutely.

01:15:10 Yeah. Bye.

01:15:12 This has been another episode of Talk Python to me. Thank you to our sponsors. Be sure to check out what they're offering. It really helps support the show.

01:15:20 Do you need a great automatic speech to Text API? Get human level accuracy in just a few lines of code, visit 'TalkPython.FM/AssemblyAI'. Want to level up your Python? We have one of the largest catalogs of Python video courses over at Talk Python. Our content ranges from true beginners to deeply advanced topics like memory and async and rest of all, there's not a subscription in sight. Check it out for yourself at 'Training .Talkpython.FM be sure to subscribe to the show, open your favorite podcast app and search for Python. We should be right at the top. You can also find the itunes feed at /itunes, the Google Play feed at /Play and the Direct RSS feed at /rss on 'TalkPython.FM' We're live streaming most of our recordings these days. If you want to be part of the show and have your comments featured on the air, be sure to subscribe to our YouTube channel at 'Talkpython.FM/YouTube'. This is your host, Michael Kennedy. Thanks so much for listening. I really appreciate it. Now get out there and write some Python code.

Back to show page