List of videos

[EuroPython 2024 — North Hall on 2024-07-10] Impersonation in Data Engineering: No More Credentials in Your Code! by Marian Špilka https://ep2024.europython.eu/session/impersonation-in-data-engineering-no-more-credentials-in-your-code Imagine stepping into your dream job as a python data developer, ready to dive into coding and show your talent, only to run into missing database credentials that leave you idle for days due to slow interdepartmental communications and permission issues. Frustrating, right? In my talk, I'll showcase how we can make this whole process much easier. I’ll explain how using something called “Identity and Access Management” (IAM) lets everyone in a company, including machines, get to work without these annoying holdups. Surprised to hear that a machine like Airflow can have its own identity? I'll explain how we use something known as Workload Identity as a crucial part in this ecosystem integrating Airflow within our infrastructure. A central pillar of the discussion will be the role of impersonation in our setup - how it ties together various elements to enable a harmonious, secure, and maintainable infrastructure. The resulting architecture not only fosters an improved developer experience, faster project delivery, increased productivity and transparency, but also serves as a foundation for more advanced concepts such as data mesh implementation. Join me in this talk to discover the synergy of IAM, Workload Identity, and impersonation. Let's equip you with a model that promotes easy team onboarding, transparent access management, and a secure, frustration-free workspace focused on delivery. And for those interested in having their code perform consistently, whether on a local machine or in the cloud, I will share a small but powerful Docker hack to achieve things consistently no matter where your code is running. --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] How to sell a big refactor or rewrite to the business? by Ivett Ördög https://ep2024.europython.eu/session/how-to-sell-a-big-refactor-or-rewrite-to-the-business In the world of software development, dealing with legacy code is often a necessary evil, especially for successful, fast-growing companies. The design stamina hypothesis suggests that legacy code is a sign of success, not failure. But how do we tackle this challenge smartly? This talk delves into the often-misunderstood realm of large-scale refactoring and rewrites, presenting a nuanced approach that contrasts with the traditional 'never rewrite' dogma. We'll delve into real-world case studies where companies have successfully navigated their technical debt, uncovering crucial insights. Specifically, we will identify two key properties of these successful rewrites that can make or break your efforts. Understanding these properties enables us to strategically manage technical debt without losing our competitive edge. This session is not just a theoretical discussion but a practical guide, concluding with a decision-making quadrant to help determine the most effective approach for your team's refactor or rewrite projects. Whether you're leading a team through growth or coaching developers on best practices, this talk will equip you with a deeper understanding and actionable insights into one of the most critical aspects of software development. --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] Aggregating data in Django using database views by Mikuláš Poul https://ep2024.europython.eu/session/aggregating-data-in-django-using-database-views Aggregating information is a common Django task, but using the aggregate method can be a bit cumbersome and in the case of large database tables, pretty slow as well. I will introduce the library django-pgviews-redux, which adds first-class support for database views (with Postgres), making that task much simpler. With that library, database views are wrapped around models, meaning you get many of the features you rely on with models for free, like querysets and filtering on those, admin, and any other feature which works with models. Defining a view is almost as simple as defining a model, by specifying what fields there are for the model and defining the SQL. This talk will walk through examples of aggregation in Django, and then show how one could simplify those examples using the library. Finally, we will get to materialized views as well, which stores the aggregation almost like a table in the database, providing big speed improvements on aggregation on large tables. --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] DFD(Documentation-First Development) with FastAPI by Taehyun Lee https://ep2024.europython.eu/session/dfd-documentation-first-development-with-fastapi Many software engineers, particularly web developers, recognize the critical importance of documentation for efficient collaboration. Yet, the challenge of maintaining up-to-date documentation remains a pervasive issue, often due to human errors such as failing to update documentation after changes in the codebase. This presentation introduces the philosophy of Documentation-First Development (DFD), a methodology I advocate for that leverages the code-based OpenAPI documentation generation capabilities of the FastAPI framework. I will discuss methods to embody this philosophy, including the use of a sub-application pattern to segregate API documents and the application of generic types for crafting reusable custom response models. Additionally, I will address the limitations of traditional approaches to API documentation and demonstrate how FastAPI, in conjunction with Pydantic, offers a more effective solution by automatically keeping documentation synchronized with the code. This presentation aims to enlighten attendees on the benefits of the FastAPI framework and provide practical insights into creating precise and well-maintained API documentation. It is designed for audiences interested in enhancing their documentation practices and those curious about the advantages of employing FastAPI for web development projects. --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] Zero Trust APIs with Python by Jose Haro Peralta https://ep2024.europython.eu/session/zero-trust-apis-with-python What does it take to deliver a properly secured API? When we think about API security, we first think of authentication and authorization. But there’s more to it. API security also includes protecting against SQL Injection attacks, Mass Assignment, Excessive Data Exposure, Server-Side Request Forgery (SSRS), and more. APIs are now the main attack vector on the Internet, and we gotta do something about it. Thankfully, Python boasts excellent libraries for API development, like FastAPI, the Django REST Framework, APIFlask, and more. When used properly, these libraries help us deliver secure APIs. In this talk, I’ll present a model of Zero Trust Security for APIs that applies robust data validation and sanitization across all data flows to help us deliver secure APIs. You’ll learn how your API design and implementation choices impact API security and how to discover and tackle vulnerabilities. We’ll walk through practical examples of SQL injection, mass assignment, big payload attacks, pagination attacks, and more. We’ll see how URL parameters and request payloads can become attack vectors when they’re not properly configured. You’ll also learn how to use tools like schemathesis and Spectral to automate and scale the process of detecting vulnerabilities in your APIs. By the end of this talk, you’ll be aware of the most important threats to our APIs and you’ll know how to discover and address them effectively. You’ll also get familiar with the concepts of API Security by Design, Shift-Left API Security, and Zero Trust APIs. --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] Deadcode - a tool to find and fix unused (dead) Python code by Albertas Gimbutas https://ep2024.europython.eu/session/deadcode-a-tool-to-find-and-fix-unused-dead-python-code No longer needed code creates technical debt if it is not removed from the code base. Unused code has to be maintained, it complicates code base and increases cognitive load. It might even depend on no longer necessary dependencies with vulnerabilities and might increase attack surface. Therefore, removing dead code saves time, money and reduces security risks. Recently, Ruff has became a de facto linter, which provides almost all existing linting rules from other linters. However, it is only capable to detect locally unused Python code, which is only a tiny portion of unused code. Vulture is the best known tool for detecting globally unused Python code. However, its configuration is not very flexible and disabling false positives in a larger code base might require a lot of effort. Also, unused code detection is sometimes inaccurate, because scopes are not taken into account, when detecting unused code. This presentation introduces a new Python package called `deadcode`, which tries to move globally unused Python code detection to the next level. First, it provides a large set of options to flexibly disable various types of false positives. Second, deadcode implements more rules for detecting unused code than Vulture. Third, an improved strategy which tracks scopes and namespaces into account is being used to more accurately identify unused code items. Fourth, a --fix option is provided, which allows to automatically remove detected unused code items. In addition, an idea to prune Python code in order to reduce its size will be consider, which might be relevant when serving Python code in a browser. Lets make Python ecosystem even more awesome! --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] Event Sourcing in production by Borjan Tchakaloff https://ep2024.europython.eu/session/event-sourcing-in-production Event Sourcing (ES) is a powerful concept that lets you adapt your business logic without losing data and past states. Whether your domain understanding changes or new requirements land on your lap, there is a path forward. Join us as we talk about some real-world tactics we relied on to manage Event Sourcing in production. We will accumulate a handful of patterns throughout the talk that will hopefully help you avoid pitfalls and bottlenecks. Our use cases build on the `eventsourcing` library, a mature and well-rounded Python library that deserves more attention. We will tackle the three key aspects of a successful event-sourced application: evolution, projection, and runtime. Software does not run in a vacuum, models need to change and evolve to reflect the world they live in. ES records the evolution of how we abstract our domain, how we see things. Eventually these abstractions can become clumsy or simply inappropriate. We can deal with that without breaking stride (losing data). ES also gives us the ability to revisit our perspective and change how we present the application state — by creating new projections and replaying the history. We will look at how it offers a cheap way to support optimal read-models, which we can can tweak and rebuild in the blink of an eye. Finally, we will present how such a system actually runs in a typical web application. Whether in the request loop (synchronous), or through eventual consistency (asynchronous). As a single process, or distributed for parallel processing. --- This talk assumes some familiarity with _Event Sourcing_ and its friends _Domain Driven Design_ (DDD) and _Command Query Responsibility Seggregation_ (CQRS). --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2A on 2024-07-10] Enhancing Decorators with Type Annotations: Techniques and Best Practices by Koudai Aono https://ep2024.europython.eu/session/enhancing-decorators-with-type-annotations-techniques-and-best-practices Decorators are powerful, magical syntax sugar, offering a convenient way to wrap and enhance functions. But sometimes, it's not clear how to use a defined decorator. What arguments should we pass to a given decorator? What functions does it target? Does it change the return type of the wrapped function? Have you ever faced these questions? If proper type hints are defined for decorators, static type checkers like mypy and pyright IDEs will point out the errors in usage. Thus, guiding you on the right path by catching bugs earlier, reducing unnecessary debugging and unexpected runtime behaviour. This talk will step you through type definitions utilizing `typing.TypeVarTuple`, `typing.Protocol`, `typing.ParamSpec`, `typing.Concatenate`, `Type Parameter Syntax`, and more, all of which are practical to implement and can make your project robust! --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/

[EuroPython 2024 — South Hall 2B on 2024-07-10] Animations from first principles by Rodrigo Girão Serrão https://ep2024.europython.eu/session/animations-from-first-principles How do you create an animation? What if you want to morph a circle into a figure eight? As it turns out, all you need is two or three functions and a loop! In this live-coded talk, we'll go over the basic concepts and code needed to create an animation _from first principles_. Because the talk presents the ideas and the code from first principles, you will be able to take the key concepts and build your own animations after! We'll start simple and build from there: - How can you draw a circle if all you can do is colour single pixels? - How can you animate the process of drawing a circle? - How can you animate the process of drawing something other than a circle? - How can you animate the process of morphing two figures? - How do you add colour to your animations? This visually appealing talk will show you all of the code without skipping a single line and by the time we're done you'll be jumping in your seat to create your own animations! --- This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License: https://creativecommons.org/licenses/by-nc-sa/4.0/