 Tommy Smith's serialization formats aren't toys. Hi, who uses XML? Do you like it? Do you use ML instead? Do you like it? Awesome. No, you're supposed to say yes. Everything I'm about to show you is a feature, not a bug. This is all there by design. It's there for you to use. You're going to love it. This is the code I'm using just as an example. As you can see, it's a bottle app, but don't worry about that. It's not complicated. I'm importing the serializer, and then I'm parsing. I'm importing XML, and then I'm parsing XML. I'm importing XML, and then I'm parsing XML. That's all you need to know. Loading data into your app is the most boring part of your day. You want to do stuff with that data. You're just going to go import YAML. Hey, it worked. YAML.Tab. Oh, there's a thing called load. I'll use that. That's great. This is some YAML, and this is the Python dictionary that you get out of it when you parse it. So far, so good. This is a cool little thing that YAML does. You tell it a module and an object, and it will instantiate one of those things for you. So that's how YAML does object serialization and deserialization. That's really useful. That's a feature. That's something they did on purpose. But look at the cool stuff you can do with it. It'll quite happily use sub-process to go check output, and it'll just happily shell out. So who uses YAML load? Keep your hands up as I go through some of these slides. Excellent. I know that Heat uses configuration in YAML or something. Anyway, sweet. Spoiler. So what other fun things can you do? So it just instantiate an instance of the system object and call it with that argument, rm star, and no kidding, I actually had to restart working on this talk. So that's my home directory gone. If you use YAML.load, then people can do whatever they want to your computer. Surely this doesn't actually happen in real life, right? Okay. November 2011, it hit Tasty Pie. It was at the time. No, definitely. Yeah, Tasty Pie and Piston, the two most common rest frameworks for Django at the time. In January 2013, it happened to Rails, and we made fun of them. And then it happened six weeks later, and we just felt bad for them. It happened to Puppet in 2013, and I was deeply disappointed in that. And then it happened to Node, and nobody cared. How do you actually protect yourself from this? It's really, really, really easy. Make the parser stupider. That feature is not a feature that you realized was there, and it's not actually a feature that you probably want, especially if you're just dealing with configuration files. I did have access to the clock, no, it's gone. With YAML, it's really trivial. All you have to do is use this thing called SafeLoad. And this drives me crazy because, of course, you went YAML.tab and you found the thing called load and it did what you wanted. You didn't go down to the bottom of the list and find something called SafeLoad and go, oh, I wonder why there's a SafeLoad. What does that imply about load? And in Ruby, you have to install an external module that actually monkey patches the YAML thing, and apparently that's just how Ruby worked here. Who uses XML? How much time do I have left? Oh, that's not enough time to talk about XML. Okay, this is called an XML entity, and it's just a Unicode code that's defining a little smiley. If you are feeding things to an XML parser, a fully compliant XML parser, which all of them are because they market themselves as compliant, you can define document types. Now that's you do things like defining entities. So you can have a little Unicode thing there, and I can call it smiley and then I can go a little smiley there and I get my little smiley there, right? That's awesome. But I can also do an entity which is a bunch of entities, which is a bunch of entities, which is a bunch of entities. So with one little S4, which is a bunch of S3s, which is a bunch of S2s, you have to be people until you do this. Who's seen this before? What's it called? Wrong. This is the 168 million laughs attack because I actually had to delete one thing off of the end to make it fit on the slide. So, but the point is your compliant XML parser will fall over and die because this takes about a couple terabytes of RAM to try and fit the parse tree in. One minute. What else can we do with XML XML rather than just blowing up people's computers. Well, that entity doesn't have to be a little unicode smiley face. It can be a system file on your parsers computer. The parsers computer is probably, because you're using XML, it's probably some sort of enterprisey Java type thing, which means it's running as root, so it can read any file on the file system. And if that parser, if the output of that parser ever gets reflected back to the user, then you've got a way of reading whatever file you want on the file system. And even if you were clever and you're not running your server application as root, as in you're not running Oracle, it'll still be able to read the file that has the database credentials for your application server, because by definition, your application server has to have access to that file. But that's not all. It can be something on someone else's computer. Your application server is probably behind your DMZ. It's probably on your internal intranet. It also doesn't have to be port 80. Oh, uh-oh. Yeah! Stop! Get off. Up next, we have Dominic Schmidt. On deck, we have William McKee. If you can be down here and ready to go soonishly, that would be fantastic. And Dominic, your time starts now. I love watching people log in during Lightning Talks. It's one of my favorite things. I have two questions. I think you can add it in the Python load that might be a good idea. It'll be hard to talk while it's hard to code. Can you hold the mic, please? Thank you. All right, let's make this a little bit bigger so you can see what I'm doing. He locked me out before. I already prepared for you previously. I find that talking in the correct name for your program works quite well. OK, please turn it and drop me. So, there's this thing in Python called the ellipsis. It comes from NumPy, where you can do slices for NumPy. I'll make an array real quick. So we have this array. NumPy does a really cool job of showing it to you. If you want a specific element in this array, you can do the usual thing that you do with two-dimensional arrays in Python. This will give you that element. NumPy also allows you to have slightly more expanded syntax such that you can do this. It's really useful for multi-dimensional arrays. Same as in Python, you can get a row by just giving the index like this. Getting a column in a pure Python array is a really tricky way to transpose first before you index it. NumPy has this really cool feature where you can say, similar to this, in any row, give me column number one. And that will give you this column. So I started toying around with this because I thought, hey, that's weird. What is it? Let's see. What's the type of ellipsis? Well, ellipsis, cool. Then I started thinking, what could I use this for? Turns out in Python, if you define a stub, you have to do parse because the parser needs a function body. But you could also be cute about it and say, oh, yeah. There's something that's supposed to be here. Let's just put ellipsis there. Another cute use would be if I could have, like, everybody here knows range, right? So 4x in range, 1, 2, 10, print x. This is Python 3. Yay. Cool. But wouldn't it be kind of cute if we could say sequence from 1 to, you know, kind of make it slightly smaller for a second? Whoa, what the? If you could do something like this, give it a bunch of examples, let it figure out the sequence, and then just run the sequence. Well, Python doesn't have that, but how about now? Well, then I started thinking about what else we can do with this. What's happening here? No idea. I'm fine. Well, it doesn't have to be restrained to linear sequences. It could just also use exponentials if you really wanted to. What the fuck? In short, because I'll be running out of time, you can do some fun things, say, like 2, 3, 5, 7, set of dots, and it will give you a list of primes. Ray? Be faster. Come on, everyone. Clinton Roy is up on deck. On now is William McKee. And hopefully they're going to be swapping over things at the moment, because I'm kind of getting impatient. I want to get everyone on stage, so I'm going to start your time now. It loads. Yay. OK, I'm going to talk to you about GetStrawn.com. This is a website that I made last year. It was created as an alternative to Reddit GetStrawn, since I got banned for my trial artwork on it. You can go to Reddit GetStrawn and check it out. OK, it's a Python script. It scrapes the most recent images from Reddit GetStrawn. Some of the libraries it uses is Dominate, BeautifulSoup4, Requests, and actually one really important one, Paral, which I've missed out on here, which is the Reddit Python wrapper. Can read this, get the script from there. OK, so the script runs the Chrome drop every hour. It downloads the images into a folder that's sorted by year, month, and day. So I have a nice archive of every image uploaded to Reddit GetStrawn from the last year. In the future, I want to redo the website with a framework. I'm thinking Nikela, because it's a static site generator that I'm quite used to and I quite like it. I've got an example of it running. And yeah, that's all. So James Mitchell is up on deck. If you can come sit down here somewhere, that would be really useful. Clinton Roy is now up here to talk to us about PyCon Australia 2016 and 2017. And your time starts now, about three seconds ago. Honestly, I think it's more important that everyone gets a chance to talk, than everyone gets their full five minutes. That's just me. I just need to. That's the slight shard in Florida of watching people have tech difficulties on today. Yeah, tech difficulty. Yay. Yay. Hi, everyone. My name is Clinton. I was the organizer of PyCon Australia this year and last year. So it is with a certain amount of pride and not small amount of relief that I get to tell you that I'm not organizing next year or the year after. Yay. I deserve that. So these dates are a little bit tenuous yet, but I wouldn't book your flight through accommodation yet, but definitely pencil them in in your calendar. So in sometimes warmer, sometimes colder Melbourne in August, so from Friday through to Tuesday. So we'll have all of the normal PyCon AU things. So we'll be having some wonderful keynotes, hopefully as good as the ones here. On the Friday, we will have a few mini comps. These are decided by the community and run by the community. We have two days of sprints on the Monday and Tuesday. That's where you guys just get food, some internet and coffee, and you go and hack away on the things that you want to hack away on. Lots and lots of presentations, a few tutorials, and most importantly, a really happy, friendly and inclusive community around that. So I hope to see as many of you there as possible. Thank you very much. Yay. So that was Clinton. So I'm just going to cross you out. Richard Shea, Grant Payton Simpson, and Danny Adea are next up on deck. James Mitchell is going to talk to us about running Python on AWS Lambda. Time starts now. Cool. Apparently, we can't use the desktop, so can everybody see that clearly? Good, good. If you want to follow along, because I see a lot of little laptops out there, just go to talk.mangafal, M-A-U-N-G-A-W-H-A-U, .NET, .N-Z. Choose any one of the talks. I'm going to do the one about Lambda. So, oh, no, no, it's funny this way. So I have a lovely matrix, which you can't see, which talks about deployment through the ages. The ancient pharaohs, obviously, had to provision their own hardware, buy them, put them into a data center, then put operating systems on them, then put the web app on them. We've come a long way from that. Some people use virtual machines. You don't have to provision the server, but you still got to put the operating system on. You're still going to get the web app. Some of us use platforms as a service, and we just care about putting the web app on, because everything else is done. AWS brought out this thing called Lambda. Now, instead of putting your whole web app in one place, you get to put a slice of it, functions. That sounds really cool. I kind of wish they supported more than just Java and Node.js, bam. However, a bunch of really cunning people figured out that they could do clever things, and they wrote a Node.js wrapper, which does, anyone like to guess? It calls to the system and doesn't exec. Hello, Python, Haskell, I don't care, but you can now run your favorite operating system in Lambda. So let's pretend that you can see this. It's a hello world. It's a Python script. Great. So just before I go, just before I go, the idea with Lambda is that you don't have a full EC2 instance running 24 hours a day, seven days a week, costing you lots of money. No, what you have is a tiny bit of code that is gonna be run in response to an event, something in the SNS notification, maybe something turning up in an S3 bucket, maybe an insert, delete, or update on your whatever that Amazon database thing is called, or my personal favorite, the API gateway. So, really simple REST APIs. You instantiate an API gateway that calls your Lambda function, which in an ideal world is just a tiny little thing that runs one thing. One call is hello world, for instance. If you're willing to live in Python 2.6, that's a 1K upload. I wasn't, so the slide you now can't see shows you that it's a 39 meg upload to get all of your virtual end of Python 3 up there to say hello world. But you can do it. Only it's more different. Turning it to scale and move it to the world. Thank you very much. All right, thank you very much, James. Lee Begg is up next on deck. Over here we have a bunch of people who you probably all have seen around here. They tend to be involved in this conference. They're gonna be telling us about the Python promotion booklet. And your time starts now. Yeah, right, hi. We all know Python's a great language. That's why we're at a Python conference. But a lot of people out there are wondering, is Python a safe choice? Is it a safe choice for them to learn? Is it a safe choice for them to use to deploy major mission critical applications and projects? To help answer that at the international level, there was a booklet. How many people have seen this? Yep, so that's pretty good. But we thought we need a local version because sometimes people say things like, can I get graduates in New Zealand? This is like that. So, at the last lightning talk, we said we'd make a booklet. And here it is, which we've all got. Okay, so my part of this is just to explain that there were an awful lot of people involved that many people gave their time. Probably first and foremost, there were nine companies that were willing to talk to us and tell their stories. Ag research catalyst, Canonical, Fisher and Pykel, Harper, Leapfrog, Roofing Industries, Yellow and Weta. In addition to that, there were people who gave their time to provide feedback and proofread. Catalysts were an amazing contributor in that not only were they allowing Grant to do stuff when, perhaps he shouldn't have been, and also gave us a graphic designer, basically, and who put the whole thing together. And lastly, you guys and other NZ Pug members contributed because it was money out of certain system conferences and membership fees that allowed this to be possible. So, thanks very much to all of you. Stop. Now, while this is mainly for decision makers, either in business, people who want to decide for Python or in education to decide what could the students become after they learn Python, we put a copy under your seat. No, we didn't. We put it into the bag. And you might be wondering, what are you gonna do with that? Because, I mean, you don't want to preach to the choir. And so I just want to quickly tell you how to use this in a guerrilla marketing style. So, at work, you probably have a lunch room. You just leave a copy there on the table and turn around and just get yourself a copy and let the rest happen all by itself. So, we don't even need everyone to read every page of this brochure at all. But we need to start conversations. We want people to know that it exists. And this could be in the teacher's break room or at work or you might have a customer, a client who could use it. If you can't use it, I don't want to see any in the rubbish bin. So, yeah, please do something with it. Have a look. There are big names, well-known household names, and it also looks a whole lot better than the international one, in my opinion. They got a nice title page, but this one is ad-free. And it's got a very nice clean design. So, please make use of this brochure and distribute and multiply. We have, yes, yes. We have 2,000 copies all up. 500 are in Auckland, 1,500 are here at the conference. So, if you want a box of 200 to take over to Australia. Well, tell them all about how fantastic New Zealand is when we're dragging our feet. Thank you. Thanks. That's a really exciting project. I'll have a look at mine when I remember where I put my bag. On deck, we have Gagan Sharma. And here, we have Lee Begg, who's going to be telling us about Recfile and Pi 3 progress. Your time starts now. Thank you. So, I'm Lee, and I've written these two free tools, and we can have a look at them. You're on the last slide, so don't pan it. So, I'm gonna talk about Recfile check first. So, here, who here uses a requirements.txt file? Pretty common, yeah? Good number. How many of you go and check if those packages have been updated regularly? Yes. And that's what I was doing too. So, I wrote myself a Django-based website that I can upload my requirements.txt files to, and it emails me every day when there's a change, and I get an email that looks like this. But this is the Django 1.8.4 update that happened about two, three weeks ago. So, it's really useful to see that I had multiple packages, multiple projects that I needed to update. So, you can go and sign up. It's a recfilecheck.big.digital. It has a self-signed certificate, sorry. And it uses a persona-filogue, and this was originally done by Mozilla, now in Community Management, I believe. So, you don't tell me anything other than your email address, which I kinda need if I'm gonna send you an email, right? So, it will get a nice certificate once, let's encrypt, get some going, which apparently is now November. Oh, yeah. That's kinda neat. But the other thing I'm gonna talk about is Py through Progress. This is a website that I've been doing. So, last year at PyCon.au, there was a presentation on the transitions to Python 3, and I basically said, we're not doing very well. I thoroughly disagree. I think we're doing very well. I've been collecting for the last two and a half years the stats on the 200 most downloaded packages from PyPI for a website called the Python 3 Wall of, well, well, shame, but now it's superpowers. In fact, it's been the wall of superpowers since about 2013, since more than 50% of the packages in the top 200 support Python 3. So, I produced this lovely long, getting longer, waterfall plot. Time goes from top to bottom. Most popular is on the left. And you can see that by the bottom, it's almost all green. And you can sort of see some lovely patterns like the red mostly goes to the right. And that's generally Python 2 packages that are getting less popular because they don't support Python 3. And the green stuff tends to head to the left. There's a few oddities in there, and there's some really neat things like about, oh, dear, is where Twisted went to Python 3, or at least part of, enough of it is supports Python 3. And there's not too many that say they're only gonna support Python 2 anymore. So, turning it around so you can see a little bit clearer, which unfortunately puts first at the bottom. But you can sort of see some really lovely patterns. There's some real oddities in there. There's much better picture on the website so you can go see that. But just taking in percentage terms, we're now about 85%. 85% of the 200 most used packages that are downloaded from PyPI support Python 3. This is great. Stop. Keep going. So here's the URLs. Hope you enjoy them. Apple. Thank you very much, Lee. So, on deck we have Simon Fellinas. Up next is Gagan Shadamah, who is going to be telling us about how fast is not furious. It says in brackets, stroke. I don't know, he'll explain. I'll explain that. Your time has started, by the way, so. Not my slides. I have got from my superstar, world renowned neurologist, Dr. Bruce Campbell. He works with me and I'm not a doctor, but I work with the doctors. I'm a neuroimaging scientist and I use Python for programming. I thought about delivering a community message at this forum, so let's get started. What this has to do with the Python? A lot. It has to do with everyone, because stroke remains the leading cause of disability in adults. One in six people will have a stroke in their lifestyle. 80% of the stroke is caused by the blocked blood vessels to the brain. There are a few other causes, but I'm not going to go through that. There are a few of the risk factors which you cannot control, but there are a few risk factors which you can control. When the clot blocks the blood flow, we have a dead region in the brain which is called the core being represented by the blue color. And then when the tissue is at the wrist, it is called penumbra being represented by the pink color on the screen. And it could be saved if we can restore the blood flow as soon as possible. At all Melbourne Hospital in Melbourne, we use a lot of different techniques for imaging, but we also use a technique called profusion imaging for detailed diagnosis. Some of you may know that. It's a technique which tells you how well the blood is flowing through the region of interest which is of course the brain in this case. And today we have also presented our work for the medical data visualization. As you can see that here the blood is, the signal is changing at certain stage and it's going back to its normal. At the Royal Melbourne Hospital, we have the clinical software which process these images and provide us with this sort of image. The pink means the brain tissue is dead. The green means that it is at the danger and we could save it because time is brain. The first 4.5 to 6 hour is very critical for everyone who is suffering from stroke. So they have to be treated as soon as possible and that's what the research shows. Sooner, the better. So what happens when someone has a stroke? We have to act fast. And what is fast? When you see someone cannot, someone's face is drooping, they can't pick their arms up, the SPC gibberish, it's time to call the ambulance. And when the ambulance comes, when the patient reach hospital, they can make a decision based on one number of factors. They can give a clot removal or the clot dissolving drug or they can take the clot itself out. Sometimes they have to put the stenting device in so that they can put that in and take the clot out. And once the clot is taken out, the blood starts flowing normally. But brain can only be saved if we act fast because time is brain. So fast is not always the furious. If you see these symptoms, please call the triple one in Melbourne, in New Zealand, I guess, and triple zero in Australia. Thank you very much. Thank you. Thank you. I love that. Fantastically important message there from Gagan. Alison Capture is on deck. Simon is going to be telling us about the unknown code. And his time starts now. Disclaimer, I recited the bottom of the programmer pyramid. The reason I'm here is because my friend from work brought me to Python. So I'm more like his sidekick in the computer realm. But in the real world is the other way around so I can live with that. This means I won't give you the coolest Python tricks. You already really skilled at programming this machine. So I just wanted to provoke your mind for a moment and bring your attention to the code that is happening on this side of the screen. Because we could be great programmers, but we might not necessarily be that great at programming our own machine. Thinking about this can be very scary sometimes because it may confront our habits. But I don't want to be the one who confronts you or tells you how to live. So I'll keep the lights in simple and I'll show you a few examples that show what I mean. We don't seem to have direct access to this library yet. So we have to make mistakes, debug and so on until we find what works for us to live well. And that is precisely what I mean by wisdom. Knowing how to live well, a happy balanced life with constant improvement. I think it's something we all look for regardless of what we do in life. So my first pearl of wisdom has to do with optimizing your red cycles. There's some evidence showing that blue light frequencies affect melatonin production and reduce our ability to enter deep sleep. There's even products on the market that help you to adjust jet lags based on this principle. Most of us have our circadian rhythms already messed up since we can't avoid staring at screens during the hours before sleep. If that is the case, you can at least install three apps that block blue frequencies from your screen and they get activated automatically after sunset. I'll try it for a while and notice less eye strain and even if it's just a possible I'm happy to get better quality rest. We're biologically designed to move yes less and the less of that happens these days as we spend most of the day sitting in front of a computer. It's a strong correlation between lack of movement and physical and mental deterioration. So I wanted to share my own case because I hate running and I hate gyms. So I need to spool my idiot brain with balancing on a tightrope or chasing a ball inside a court to make exercise more interesting that torturing myself in a gym. And there are plenty of options. So it's a matter of exploring and finding what's right for you. Good thing is our brain rewards us with self-regulated endocannabinoids so we can seek less of that on external substances. And even if you have physical limitations or you totally hate movement, you can apparently get away with very little exercise if you incorporate proper nutrition in your life. And all that's really easy, you just start by becoming paleo, then carnivore, vegetarian, then go gluten-free, vegan, raw, chocolate-erian, candy-erian, or what on earth. I find nutrition very hard because of the massive amounts of conflicting evidence telling us what's meant to be right or wrong. So I'll leave up to you finding, I'm personally a bit of a lone wolf. So that can be comfortable but not necessarily conducive to growth. And luckily I have friends that push me out of my comfort zone. For example, I would be avoiding my stage fright right now instead of standing right here if my friend hadn't dragged me along. And I also help him by constantly reminding him to go on holidays and play with his kids because otherwise he would end up taking over the world one day. Be ready to deal with struggle and plan for growth in your life. No one is exempt from a massive loss or overwhelming amounts of grief. This talk was motivated by Russell's lightning talk earlier this year because I've also faced great difficulties in my life and that can be paralyzing. The message was to seek help. What I have to say is pay more attention to what I showed in these slides. I won't expand on my own struggle but I can tell you that it helps if you're constantly planning for growth. So I encourage you to find a source of inspiration to transcend unpleasantness whether it is in psychology, spirituality, religion, group of family and friends, music, Python conferences or whatever helps you to reclaim a healthy form of balance and self-reliance in your life. Professional success is important and I know you're all great programmers but please prioritize looking after your own biological machine. Thanks for listening. All right, thank you very much for that, Simon. Katie McLaughlin, you are on deck. That's you. Katie, you're on deck. And Allison is going to tell us about the mystery object and your time. What's up? Yeah. Boom. Great, so I mentioned this morning that I love weird Python bugs and I wanted to show you my favorite right now. So the ellipsis came up earlier in the Lightning Talks. Has anyone seen one of these before? Do you know what this is, this object? Anyone want to take a guess? Say it louder. Great guess, totally wrong. So in this case, this is what we get when we have a list that contains itself. So this is the kind of thing you have, X is your list to insert into itself, this is how it prints. Pretty clever of Python to not just print forever, right? And so we can tell if this is a recursive list because the first element of X is X, great. So let's check that on our mystery object. I should say for context, I did not fill the mystery object. I found it while rooting around the garbage collector while debugging a memory error. So we'll come back to that. What? Cool. So we try to index into mystery, you find that indexing in it at position zero throws an index error. What? And in fact, it is of length zero. But it's a list. And it prints like we just saw. It gets better. So I was trying to find a place where memory might be leaking out of the Dropbox client. And I saw this and I was like, this is super weird. This can't be right, what's going on here? And I started digging around and then I was pretty stuck on this. So I emailed a colleague of mine who I thought might know, Guido Van Rossum. Sure enough, he did point me in the right direction. It turns out that this was not anything that the client was doing, this was built in Python itself. Because as we know, Python is smart enough to not print. For everyone that's got a recursive list, it keeps track of whether you're currently in a recursive container print call. So here's the code, it's kind of small. Actually, that's really small. What's going on here is there's a helper for printing containers that could contain themselves to check if we're currently doing that. And that method uses a list. And that was the list that I had stumbled on. And so by any time I was printing it, like there's nothing wrong with the actual object. It was in fact an empty list. But by printing it, I was modifying the representation and I was getting back this totally garbage thing that looks like this. And because the same list is used for printing dictionaries to contain themselves, you get the recursive hash version as well. So this is actually really easy to find. Get your own, amaze your friends with a strange Python weirdness. Grab it out of the garbage collector. You do need to print a list in the REPL first to create this thing, otherwise it won't be there. And then just filter out for length of zero lists and eyeball your list until you see it. This reproduces in most versions of the Python that I've seen. If you find one that doesn't, I'm super curious about that. Thanks. Oh, that was very exciting. On deck we have, oh, you're already there. Great, fantastic. Katie is up next, who's going to tell us, oh, he's going to yell at us about JavaScript and its attempt at global variables. And her time starts now. Here's two JavaScript books. The one on the left is JavaScript, the one on the right is JavaScript, the good parts. So if you've read my speaker bio, the last bit of it says that in my spare time, I enjoy cooking, making tapestries and yelling at JavaScript at its attempt at global variables. I was writing my speaker bio when I was dealing with this kind of stuff. So if we have an answer, our answer is an empty string. We have a function which has an answer that sets it to the answer. And if we were to call the variable answer on our console, we would get the empty string because we haven't actually run our function yet. If we run the output of our function to the console, we get the answer that we're expecting. And of course, if we try to output our variable again, we get the empty string because JavaScript likes to do things in Java and Java's awful. So the top one there is actually global, but the var in the middle of our function is actually local. And they don't really tell you this and it's really annoying when you find it nested 12 functions deep in your great big Java app script application. So what you're supposed to do is either make everything global, everything local because JavaScript, like every other language, has it at default global because it doesn't. But JavaScript also has duck typing which is really annoying because if you say add two numbers together, four plus two, you get six. And you can reverse that so you can go four minus two equals two. And because type safety, you can do four minus two is two. And four plus two, which is of course 42. Because Java, because we have the assumed types and of course the one that's the strongest overtakes the other one. But then you've got to raise an object. This can't be too bad, right? What do you think this is going to be? Empty string. And array plus an object. An object, well that makes sense. So if we reverse that because associativity, it's going to be zero. And then if you add two objects together, it's not going to be a number. What? So if we want to start actually playing around with arrays and objects, we can initialize an array that's ABC. And then if we wanted to say associated key, hello as in world, it would do that. And then if we wanted to print out the array, our association would not be there anymore. However, if we were to iterate through our array, it would be there because JavaScript. And if we were to append something to the array, we would get the number four out. And if we were to try to print out what the actual count of our array was in our own counter function, it would be five, even though it's four. Because JavaScript and equality, which is going to be really fun because, of course, zero is equal to false. No, it's not. It's not equal to false because you have double equals and triple equals because you've got the same with true as well, where you have a one equals a one. No, it doesn't actually equal a one because of type coercion. And this is awful, always use a triple equals unless you're doing type stuff. Because any language that has to be a triple equals as opposed to an actual equals is awful. And this is just frustration script. And when it's the glue that holds together the web, it's like, yeah, but it's okay. It's getting better because there's this thing called ECMA script six. How many, how much time do I have? One minute. Okay, so the old way of doing things, you would have to declare a function, empty brackets, but now you can do that in a couple of less characters, so that's cool. And in the old way, you would have to declare a local variable. And now you can use a let, which is completely the same, but different. And in the old way, if you didn't have a variable in there, you would have to assign it if it was empty, but now you can actually have a default parameter, which is kind of cool. And you can have constants where if you try to reassign the same constant, it'll explode at you. And you can do things like having the automatic expansion of an array into different local variables, which is kind of nice. And you can import JavaScript from other JavaScript files, which is awesome. And you can do things like you can have a function that takes as many parameters as you want, which is cool. AMA six, its script is not yet ratified, but unlike Python three, you can actually use it now because there's a compatibility. Depending on what browser you're using, you can use one or more of these functions, check the table because IE and Safari and all the awful ones don't do it, but the nice ones do. And that's the end. Thank you. Okay. Okay, that was KU. Up on deck, we have Lee Symes and Grant Payton Simpson. Robert Collins is gonna tell us all about pip constraints. And his time starts now. Cool. So pip constraints, who here uses requirements files? Great. Keep your hands up. Who here has more than one source tree that they work on? Right. You shouldn't be using requirements files. You should be using constraints files. For the same thing, but better. And I'll just move my mouse to the right place so that there's actually, oh, right, laptop. That would help. Right, so you go from that to that. You pull your project name you're installing out of the requirements file and you keep everything else exactly the same. The content stays the same. And this just says if you're going to install a thing, choose this particular version of it. So super, super simple. Gives you all the reliability of requirements files. Obviously, that's why you want to do it. As I just said, it doesn't apply installation, but the big thing it does is it saves coordination from across multiple trees. We're doing this in OpenStack, which is what we built it for. It's in upstream pip and it's really, really, really solved the problems we had because we've got about 40 different project trees we install and doing a separate requirements file for each, which is what we were doing, does not scale. I'm amazed we got to 40 before we actually had the pressure to fix this. If you're not using pip, you should be. Not a good enough reason. If you can't guarantee pip 7.1, you should probably rethink your life choices. Modern versions of pip fix a whole bunch of stuff. Do I have time to keep going? Yeah, sure. All right, so one more slide. Use pip 7 plus. It is really the best thing since last spread. We've got wheel casing. So if you're installing NumPy, who here uses NumPy? Are you using condor or something like that? Yep, great. Nice and fast. If you're not using condor and you're not using distro package, users saying, I'm gonna pip install NumPy, probably makes you cry. And that means your version of pip is too old because if you've got 7, it will build a wheel once, case it, and every install after that will take about three seconds. So that's really where you wanna be. If you are using your distro pip, stop using that. Use the pip from getpip.py. Yep. Cool. Thank you very much, Robert. Oh, onto the next page. Kara, you're on deck, and up now we have Leigh and Grant who are going to argue that coding is punctuation. Your time starts now. Oh, thank you. Well, Grant kind of chickened out. Yay! Stop. So it's just me. So I'm basically, hopefully if I get my computer set up all nice. So what is the most used character in Python 3 standard libraries? And I used iPython because I wanted to learn iPython. So let's learn up standard library and find out if I can get my, hey, does that work? Yes. So the most common character is, drumroll please, space. Followed by E, which is really exciting and everything, but not quite what we're after. So let's get rid of the boring ones. And we're left with underscore, followed by full stop. And a couple of others. And why is there 50 more closed brackets than open brackets? Who knows? So. Smiley's in comment. I hope so. So what does that look like in the graph? This was my first attempt at writing MatProtlib. So thanks Grant for putting up with me. Looks kind of cool, doesn't it? Yeah, so this is why programming is so hard. A lot of the time you do not spend typing symbols, you just type letters. But programming you do a lot of time typing symbols because that's what we use everywhere. So if you're having problems teaching people, how to program, remind them that symbols are hard and you need to know where they are to make it easy. So other interesting things. What about numbers? Well, we use a lot of zeros, which I guess is all right because zero, index, yay. Piping really doesn't follow the law of what numbers should be, but it looks kind of interesting, right? Other interesting facts always. How many tabs are in Python three? And you know what they guess is? Zero. Zero. Nine. Four. And just for the curious, there are 94 different non-ascii characters. Thank goodness we have UTFA, right? So here they are in lovely printed form. So that's all cool. Thank you for coming up with the idea and XKCD obviously. Hold on, dependencies. And just in case you were wondering where on earth those tab files were, oh no, it stopped working. Oh look, they didn't get text. So that was my thought, exactly. So that's me. Awesome. Yeah, so Jeremy stopped, you're on deck. Kara is going to tell us about honk? Hark. Hark, not honk. And writing. Your time has started. There's a beautiful canvas and seeing the duck. I'm just going to wing it without my slide. Yeah, it's basically like there's a photo of a duck and then my slide's to read, so it's fine. So yeah, sorry about that. I'm a systems engineer, which is a ridiculous role to have. Basically it means that you're expected to do engineering and systems administration, but it's actually, from what I can tell, it's becoming much more kind of popular role in companies like what I work and everyone talks about DevOps and so on. The problem is there's always experienced application developers who actually have a lot of trouble upskilling with the system side of things I've found and it really makes it hard for us to move people inside the organization onto our team. And I start to think about who do we think all these ops people and systems people actually are? So there's this kind of playful stereotype of like the grumpy bearded people or whatever. I mean, oh, that's ungenerous to CIS admins, but it also actually contributes to the culture of kind of exclusivity and toxicity that I think, like so many people have seen in systems teams and engineering teams. So this is the slide where it just says the word quack and I'm hoping that Christopher will quack for me. I do not quack on demand, why would I do that? Okay, so yeah, I saw these beautiful ducks on the way in this morning. Apparently they're not related to Australian ducks, supposedly, and you can tell because they make ridiculous sounds, they don't actually quack. They kind of do this weird like, aah, aah, aah, aah thing. And we were chasing them through and having a lot of fun making these sounds and I have to apologize for anyone who was in the keynote this morning while it was getting ready, you would have heard me trying to, aah, and stuff like that. It was pretty good. And this is, of course, what I tweeted at Chris just to kind of quack on a matter here. So I hope everyone gets to see the ducks before they go if they hadn't. And where I'm going with this is that, if a loose unit like me who's literally chasing ducks around the campus, making squealing sounds at them and then doing that in the keynote can be on a systems administration team, I think we need to revise the stereotype of what kind of people move into roles like that and have their skills. How long have I had? You have two minutes. Oh, God, okay, I was, okay. I was going to demo a tool that I have essentially written to help people get dropped into a shell easily. The inspiration came from it at the PyCon AU Sprint last year where we were trying to do a salt thing and we had an incredible amount of problem just getting everyone dropped into a Linux shell with some dependencies installed. And it's because it's not actually easy to give someone who doesn't have that much technical experience a virtual machine to spin up. So essentially I've created a project that I'm calling Hark, which is a little bit like Vagrant, but it's essentially configuration free. Like there's no configuration format, it's interactive only. And the project itself actually vendors all the operating system images that you'd want to run. So you can run up a free BSD image or Ubuntu or Debian or Fedora or whatever. It runs on Windows and OSX and Linux. And the idea is that you can just give the person this one operating system package to install and they run this one command like Hark and you and it takes them through the whole system set up of the machine, lets you SSH into them, manages them for you. You don't have to mess around with knowing you're working directly like Vagrant. And essentially the goal is to create a tool that teachers or tutors can use to kind of get people up and running with a box in a virtual box or VMware or whatever more easily. Because I find that it's a nightmare to be juggling, you know, you send someone an ISO and you just follow the, you know, go through the install wizard in Ubuntu and answer its questions about partitioning and decide whether you want this Ubuntu or that Ubuntu. It's just nonsense if you essentially want to teach someone some basic batch. And I guess the obvious use case for it for me is that I have several friends in the arts who I help kind of learn coding stuff like some of them are doing linguistics and they often need to install various native packages, you know, stuff like SciPy or whatever. And it's really hard for them to get up and running because they all use Windows quite reasonably. Yeah, so I can't actually show you the slide that has the link. It's called Hark because there's a great webcomic called Hark of Vagrant. And my project is kind of inspired by Vagrant, but it's trying to make things a bit easier to use. It's not a Python project, but it's kind of four people learning Python. Hey. Okay, so thank you, Kara, that was fantastic. Danny and Tommy, you're on deck. Jeremy is going to tell us about DIPy Slides. And his time starts now-ish. Cool, I'll just see if there's good work. I can almost read that. Hang on a second. The DIPy Slides is a great idea. So I'd write some slides for my talk and of course, instead of writing the slides, I figured out why don't I write a slideshow program? Because none of the sort of reveal Google Slides, oh no, my slides are not going to look good in that. So as a way of procrastinating, I wrote the slideshow program. It's for presentations, and it's written in Python. So you can do things like that. And you can have progression like that. And you can have titles, titles are neat. And you can have SDR images. You can go back as well. So it's back, next, previous. And you can use lovely colors, background colors, great colors, I only added cyan because of my logo, one of my logos needed cyan. And you can go back and overwrite text you previously had, and you can make the whole slide green. And so they were inspired by Presentee. If any of you at Linux.conf are you in Auckland earlier this year? Last year, this year. So James Blair wrote Presentee, and I thought that was really, really neat. So I wanted to write one myself, except I like electronic stuff, so I wrote one to run on a microcontroller. Can I have that question? There is there. So that's plugged in over here. And all the slides are actually just a TTY interface to the microcontroller. So that ripple that you saw before is actually running on the microcontroller. And so what does the program look like? You can pretty much, it opens up a slide that's on the SD card, and searches for some keywords replaces them. I've got a generator there, it's kind of cool. There was another section here that sort of took my next print back, and that's actually pretty much it. There's some ASCII, some anti-colors. So this whole colors work, it just searches for those terms, hyperprint underscore, because I haven't worked out escaping it. And it just basically replaces it with those anti-colors, which is what makes your terminal look really cool. So this is actually running on my microcontroller right now. And it's a Python 3, I think it's almost complete implementation of Python 3. Another standard library is just the language. So what do the slides look like? So you can see there, you write your slides, it's just text file, presentations in Python. I've got my title thing there, that's just search and replace for that ASCII outfit. And we've got that reset, which goes back to the beginning of the slide, and you can then go add your pauses in, your pauses just split up the slide, so that you can have your progression. Some of the things like introduction look really cool. So I've generated that, that introduction picture. What would you believe in? Is that, do you want to see the resemblance? So I didn't actually have license to, I'm sorry guys, don't look at that. I didn't have license to use that, but I'm not sure if computer-generated art, I don't know who owns that now. 15 seconds. Yep, that's pretty much it. Cool. Okay, Caitlyn Duncan is up on deck next. Danny and Tommy are going to tell us about why NZ pug is splendid. Is that the title you put down? And their time starts, this lightning talk again. Hey, I was pulled into this. We get one of these recurring lightning talks that show up every year. I'm wasting your time, by the way, you should be talking at the top. You're right. Brothers and sisters. Kiwi Python is so much fun, this warm fuzzy feeling. I want it again, and what can I do to help? You ask yourself. The New Zealand Python user group, and repeat after me, is not a mailing list. The New Zealand Python user group is actually an incorporated society, a not-for-profit organization with a committee that meets and spends time on doing things like organizing a conference or having an annual general meeting. I know that the majority of you were not at the annual general meeting because I was there, and there were only about 20 or so on IRC, that was, of course. And we had the quorum, just. But I would like to invite you to join us. There are branches in Auckland, Hamilton, Christchurch, and surely at some stage in Dunedin. I'm in Dunedin, that's all you need. And in Wellington, and we have meetings every month. And yeah, please join us. It's a very nominal fee per year that helps us run things, and we need to be more. And you can help us grow. So speaking of Kiwi Python, next year. Hello. Hi, tell me how are you? I'm gonna tell you a story, but I'm gonna do it very quickly because I don't have a lot of time. In 2011, I attended my very first Kiwi Python, and it was wonderful. And I attended, it was in Wellington, and I attended with a man who's not here today, so I'm gonna make fun of him, and it's gonna be great. Some of you know him, he's called Tim Penho. And he took me along to Kiwi Python, he said, oh, you really must come to this conference, it's gonna be amazing. And during the conference, there was a little meeting in a back room, and Danny was there, and the rest of the NZ Pub Committee were there, and the discussion that was being had at the time was who's gonna organize next year. And Tim said, hey, Tommy, we should do this. He said, we. And I kind of said, oh, how hard can it be? Like, I don't know, you throw some people in the room and magic happens. The next thing I knew, I was literally standing in the middle of the room with everyone around the wall going, yeah, yeah, Tommy's gonna be conference director in 2012, and it was the hardest thing I've done in my entire life, it almost killed me. It was good though, right? Who was there in 2012? Awesome. So, who here's had fun this weekend? You should all have your hands up right now. What I would like you to do, Merrick's not in the room right now, hopefully he's not listening too loud, but I would like you all to have, after he gets his closing, to have the loudest, rowdiest round of applause standing ovation carry him from the building because it's his first time doing this as well and it's an incredible amount of work. You'll notice his bags under his eyes and he's, you know, kind of not all here. It's entirely understandable. I'm telling you this because after 2012 happened, I swore I was never going to do it again. Never again. It almost killed me. After 2013, I was resolute. I said no, oh no, no, no. Never again, that was a lot of work. After 2014, I thought, maybe, like if things got a bit easier. And so it is with a certain amount of trepidation that I announced to you all that Picon next year will be in Dunedin and I am sadly organizing it. Yay, stop. If you would like to help out, that would be great. Please come and talk to me. If you have amazing ideas for what we should do next year, please come and talk to me. There are a few other people in the room who have foolishly agreed to help me. I wonder if you could stand up for a second and make yourselves known. Who's here? Chris, Bob, come on, who are Tom, you're there as well, come on. All right, so you can also talk to these people. We will need lots of help because we're programmers, we're terrible at event organization, but through random chance and good luck and a lot of good will, Dunedin will happen. It will be excellent. I would love to see you all there. Thank you. Okay, so up on deck we have Fraser and our next presenter is Kaitlyn Duncan, Duncan, rather, who is going to tell us about Code Club. That's Tom. I'll let Tom log in. I'm foreseeing technical, no, that's unfair, yeah. I can start without the slide anyway. Yay. Cool. Okay, hi everyone, I'm Kaitlyn and I want to talk to you guys today about Code Club Ate Roa. Has anyone here heard of Code Club? There's a few of you. Is anyone here involved with Code Club? Woo, there's some volunteers, that's awesome. Okay, so Code Club, for those of you who don't know, is a network of after-school coding clubs for kids in New Zealand. That's part of a wider, that's not my slide. It's part of a wider worldwide network started in the UK, now it's Code Club World and we've got Code Club Ate Roa going now. The idea is we don't really have programming computer science in the education system that much yet. We've got it in final years of school and if the Ministry of Education listened to me and my supervisor, hopefully it'll be in primary school soon. But until then, there's a big demand, well, we don't really need it, just have the website on it. Switch it way quicker. Yay! Is that it? Yeah. Give a big hand for our AB person. Ryan's very hard working. He's the best at most of it. Anyway, Code Club NZ is the website. You can also find us at Code Club NZ on Twitter and my Twitter will be up there soon as well if you want to contact me through that. The way it works is loads of skills and loads of kids who really want to learn this stuff. It's all really new to teachers and teachers are ridiculously busy so they don't really have time to learn this stuff very easily. So what we want to do is partner industry volunteers like all of you who already know programming and know a bit about that stuff with teachers and schools or other volunteers who don't have that foreign language but want to get things going, parents, everyone who wants to be interested. It's for about eight to 12 year olds but we're kind of lenient on that basically if they want to learn to code. We want to help them be taught. Our goal is to, by 2018, have a club available to any kid in New Zealand who wants to learn, doesn't matter where they live, where they're from and we want this club to always be free unfortunately that doesn't mean we have a lot of money to pay people who are working on it but hopefully that's all that's out at some point when the government gives us money. But until then we really need more volunteers doing clubs. It's really fun, the teaching materials are in scratch and piping so that's always good and we really want to get more of these going because everyone who does them really seems to enjoy them and we want the next generation to get more into software and get New Zealand going into the future. Thanks. Okay, so we only have one more left which is Fraser Tweedale who is going to tell us about network-bound encryption and his time starts now there. So who's deployed a web server with TLS, show of hands. Okay, keep your hand up if you have the private key sitting around unencrypted so that your server can come up without an operator entering the password. There's still quite a few people. Okay, that's bad, don't do that. So I'm gonna bring up a web server on this host. So, start, httpd. Oh, look, I have to enter the passphrase. Okay, good, it's up and running and now the server has had to be rebooted or something and we have to enter the passphrase again. Or do we? So in this directory here, data.d, I'm going to encrypt the passphrase for the server and then it's going to be able to communicate with a decryption server to automatically decrypt the passphrase for the encrypted private key on this host. So I'll just do a deo encrypt-a at C, I, P, A, C, A. So this is just a trust anchor. The deo server, which is f223.ipa.local and we're gonna save this to f443, which is how it will find the file to send to the decryption server when the server comes up and put in the passphrase, which is super secret. Okay, and now if we have a look here, we've got this file, encryption file, and I'll bring the server up, system control start, httpd, and the server's up and running. It didn't have to prompt us for a passphrase. And so the idea of this is that you can have your decryption server on a secure network firewalled away from the rest of the world. So hosts that need to decrypt private keys or other secret material that are on your secure network, on a trusted network, can do so without operator intervention. What else could this be used for? It could be used for disk encryption. So if you've got fully encrypted disks in your data center, your disk encryption can, the system can automatically decrypt disk without operator intervention come back up. So I'm gonna do that now, and I've never actually done this before. So hopefully it's gonna work. So I'll bring up this host here. It's gonna prompt me for the disk encryption password. And hopefully it's gonna come up quickly. How much time do I have left? Oh, two minutes. Two minutes, all right. See how we go. Bigger than that. Okay, a DAO set up. What's it want? It wants a D that will be dev. SDA2, hopefully. Anchor. Let's see. C8.cert and target F223.IPA.local. SDA, Sdb2. Hey. I can't see anything. Become smaller, smaller again. Oh no, it makes a mistake. Oh no. There's an SDA there. SDA, yeah. Ah. SDA1. Oh, I don't know how this thing works. Anyhow. Oh, Sulu. Oh, that's a good idea. Sulu, Sulu. Okay. This is Unix. Set up dash D dev Sd. It was A SDA2 dash A at CITACA.cert F223.IPA. We'll enter any passphrase. No. Okay, that's doing its thing. How does this story end? You'll have to ask Fraser in the break. So that is the end of our lightning talks for today. There's been 18 of them and I think they've all been pretty fantastic. So let's give all of our presenters a huge round of applause.