Watch the live stream:

About the show

Sponsored by: Microsoft for Startups Founders Hub.

Special guest: Vuyisile Ndlovu

Brian #1: dunk - a prettier git diff

• Darren Burns
• Uses Rich
• “⚠️ This project is very early stages” - whatever, I like it.
• Recommendation is to use less as a pager for it
  • git diff | dunk | less -R

Michael #2: Is your Python code vulnerable to log injection?

• via Adam Parkin
• Let’s just appreciate log4jmemes.com for a moment
• Ok, now we can talk about Python
• We can freak our the logging with line injection

Results in two lines for one statement

• The safest solution is to simply not log untrusted text. If you need to store it for an audit trail, use a database.
• Alternatively, structured logging can prevent newline-based attacks.
• Padding a ton? One such case is abusing padding syntax. Consider this message:
• *"%(user)999999999s"*
• This will pad the user with almost a gigabyte of whitespace.
• Mitigation: To eliminate these risks, you should always let logging handle string formatting.
• See this discussion: Safer logging methods for f-strings and new-style formatting

Vuyisile #3: Building multi tenant applications with Django

• Free book by Agiliq, covers different approaches to building Software as a service applications in Python/Django.
• Covers four approaches to multi tenancy, namely:
  1. Shared database with shared schema
  2. Shared database with isolated schema
  3. Isolated database with a shared app server
  4. Completely isolated tenants using Docker

Brian #4: Should you pre-allocate lists in Python?

• Redowan Delowar
• Discussion of 3 ways to build up a list
  • Start empty and append: l=[]; l.append(1); …
  • Pre-allocate: l = [None] * 10_000; …
  • List comprehension: l = [i for i in range(10_000)]
• Interesting discussion and results
  • The times (filling the list with the index):
    • append: 499 µs ± 1.23 µs
    • pre-allocate: 321 µs ± 71.1
    • comprehension: 225 µs ± 711
  • Python lists dynamically allocate extra memory when they run out, and it’s pretty fast at doing this.
  • Pre-allocation can save a little time.
  • Conclusion: use comprehensions when you can, otherwise, don’t sweat it unless you really need to shave off as much time as possible
• Of note: this was just measuring time, no discussion of memory usage.

Michael #5: mockaroo and tonic

• Do you need to generate fake data?
• Mockaroo let’s you generate realistic data based data types (car registrations, credit cards, dates, etc)
• Tonic takes your actual production data and reworks it into test data (possibly striping out PII)

Vuyisile #6:

• Brachiograph —the cheapest, simplest possible Python powered pen plotter by Daniele Procida
• Low tech Raspberry Pi project that can be built for < $50 using common household objects like a clothes peg ice cream stick

Extras

Brian:

• April 8 new date for Python Issues migrating to GH

Michael:

• ngrok has a detailed web explorer

Vuyisile:

• Thunder Client : VS Code extension, Lightweight client for testing REST APIs Postman alternative

Joke: Linux world in tatters

Related: Origin of the joke - Lapsus$ claims to leak 90% of Microsoft Bing's source code