<p><strong>Watch the live stream:</strong></p>
<a href='https://www.youtube.com/watch?v=JW30g1cZpCQ' style='font-weight: bold;'>Watch on YouTube</a><br>
<br>
<p><strong>About the show</strong></p>
<p>Sponsored by: <a href="https://pythonbytes.fm/foundershub"><strong>Microsoft for Startups Founders Hub</strong></a>.</p>
<p>Special guest: <a href="https://twitter.com/TerraMeijar">Vuyisile Ndlovu</a></p>
<p><strong>Brian #1:</strong> <a href="https://github.com/darrenburns/dunk"><strong>dunk - a prettier git diff</strong></a></p>
<ul>
<li>Darren Burns </li>
<li>Uses Rich</li>
<li>“⚠️ This project is <em>very</em> early stages” - whatever, I like it.</li>
<li>Recommendation is to use less as a pager for it
<ul>
<li><code>git diff | dunk | less -R</code></li>
</ul></li>
</ul>
<p><strong>Michael #2:</strong> <a href="https://dev.arie.bovenberg.net/blog/is-your-python-code-vulnerable-to-log-injection/"><strong>Is your Python code vulnerable to log injection?</strong></a></p>
<ul>
<li>via Adam Parkin</li>
<li>Let’s just appreciate <a href="https://log4jmemes.com">log4jmemes.com</a> for a moment</li>
<li>Ok, now we can talk about Python</li>
<li>We can freak our the logging with line injection</li>
</ul>
<pre><code> "hello'.\nINFO:__main__:user 'alice' commented: 'I like pineapple pizza"</code></pre>
<p>Results in two lines for one statement</p>
<pre><code> INFO:__main__:user 'bob' commented: 'hello'.
INFO:__main__:user 'alice' commented: 'I like pineapple pizza'.
</code></pre>
<ul>
<li>The safest solution is to simply not log untrusted text. If you need to store it for an audit trail, use a database. </li>
<li>Alternatively, <a href="https://www.structlog.org/en/stable/">structured logging</a> can prevent newline-based attacks.</li>
<li>Padding a ton? One such case is abusing <a href="https://pyformat.info/#string_pad_align">padding syntax</a>. Consider this message: </li>
<li><code>*"%(user)999999999s"*</code></li>
<li>This will pad the <code>user</code> with almost a gigabyte of whitespace.</li>
<li>Mitigation: To eliminate these risks, you should always let logging handle string formatting.</li>
<li>See this discussion: <a href="https://discuss.python.org/t/safer-logging-methods-for-f-strings-and-new-style-formatting/13802">Safer logging methods for f-strings and new-style formatting</a></li>
</ul>
<p><strong>Vuyisile #3:</strong> <a href="https://books.agiliq.com/projects/django-multi-tenant/en/latest/index.html"><strong>Building multi tenant applications with Django</strong></a></p>
<ul>
<li>Free book by Agiliq, covers different approaches to building Software as a service applications in Python/Django.</li>
<li>Covers four approaches to multi tenancy, namely:
<ol>
<li>Shared database with shared schema</li>
<li>Shared database with isolated schema</li>
<li>Isolated database with a shared app server</li>
<li>Completely isolated tenants using Docker</li>
</ol></li>
</ul>
<p><strong>Brian #4:</strong> <a href="https://rednafi.github.io/reflections/pre-allocated-lists-in-python.html"><strong>Should you pre-allocate lists in Python?</strong></a></p>
<ul>
<li>Redowan Delowar</li>
<li>Discussion of 3 ways to build up a list
<ul>
<li>Start empty and append: <code>l=[]; l.append(1); …</code></li>
<li>Pre-allocate: <code>l = [None] * 10_000; …</code></li>
<li>List comprehension: <code>l = [i for i in range(10_000)]</code></li>
</ul></li>
<li>Interesting discussion and results
<ul>
<li>The times (filling the list with the index):
<ul>
<li>append: 499 µs ± 1.23 µs</li>
<li>pre-allocate: 321 µs ± 71.1</li>
<li>comprehension: 225 µs ± 711</li>
</ul></li>
<li>Python lists dynamically allocate extra memory when they run out, and it’s pretty fast at doing this.</li>
<li>Pre-allocation can save a little time.</li>
<li>Conclusion: use comprehensions when you can, otherwise, don’t sweat it unless you really need to shave off as much time as possible</li>
</ul></li>
<li>Of note: this was just measuring time, no discussion of memory usage.</li>
</ul>
<p><strong>Michael #5:</strong> <a href="https://mockaroo.com"><strong>mockaroo</strong></a> and <a href="http://talkpython.fm/tonic"><strong>tonic</strong></a></p>
<ul>
<li>Do you need to generate fake data?</li>
<li>Mockaroo let’s you generate realistic data based data types (car registrations, credit cards, dates, etc)</li>
<li>Tonic takes your actual production data and reworks it into test data (possibly striping out PII)</li>
</ul>
<p><strong>Vuyisile #6:</strong></p>
<ul>
<li><a href="https://www.brachiograph.art/">Brachiograph</a> —the cheapest, simplest possible Python powered pen plotter by Daniele Procida</li>
<li>Low tech Raspberry Pi project that can be built for < $50 using common household objects like a clothes peg ice cream stick</li>
</ul>
<p><strong>Extras</strong> </p>
<p>Brian:</p>
<ul>
<li><a href="https://discuss.python.org/t/github-issues-migration-status-update/14573">April 8 new date for Python Issues migrating to GH</a></li>
</ul>
<p>Michael:</p>
<ul>
<li><a href="https://ngrok.com">ngrok</a> has a <a href="https://ngrok.com/docs#getting-started-inspect">detailed web explorer</a></li>
</ul>
<p>Vuyisile: </p>
<ul>
<li><a href="https://www.thunderclient.com/">Thunder Client</a> : VS Code extension, Lightweight client for testing REST APIs
Postman alternative</li>
</ul>
<p><strong>Joke:</strong> <a href="https://www.reddit.com/r/ProgrammerHumor/comments/tqtuys/the_linux_world_is_in_tatters_now/"><strong>Linux world in tatters</strong></a></p>
<p>Related: Origin of the joke - <a href="https://www.windowscentral.com/lapsus-claims-leak-90-microsoft-bings-source-code"><strong>Lapsus$ claims to leak 90% of Microsoft Bing's source code</strong></a></p>
↧