List of videos

Moritz Gronbach - What's the fuzz all about? Randomized data generation for robust unit testing
Moritz Gronbach - What's the fuzz all about? Randomized data generation for robust unit testing [EuroPython 2015] [23 July 2015] [Bilbao, Euskadi, Spain] In static unit testing, the output of a function is compared to a precomputed result. Even though such unit tests may apparently cover all the code in a function, they might cover only a small subset of behaviours of the function. This potentially allows bugs such as heartbleed to stay undetected. Dynamic unit tests using fuzzing, which allows you to specify a data generation template, can make your test suite more robust. In this talk, we demonstrate fuzzing using the hypothesis library. Hypothesis is a Python library to automatically generate test data based on a template. Data is generated using a strategy. A strategy specifies how data is generated, and how falsifying examples can be simplified. Hypothesis provides strategies for Python's built-in data types, and is easily customizable.Since test data is generated automatically, we can not compare against pre-computed results. Instead, tests are usually done on invariants of functions. We give an overview of such invariants. Finally, we demonstrate how we use fuzzing to test machine learning algorithms at Blue Yonder.
Watch
Tom Viner - Testing with two failure seeking missiles: fuzzing and property based testing
Tom Viner - Testing with two failure seeking missiles: fuzzing and property based testing [EuroPython 2015] [23 July 2015] [Bilbao, Euskadi, Spain] **[Full Video of Talk][0]** Testing with purely random data on it's own doesn't get you very far. But two approaches that have been around for a while have new libraries that help you generate random input, that homes in on failing testcases. First **[Hypothesis][1]**, a Python implementation and update of the Haskell library QuickCheck. Known as property based testing, you specify a property of your code that must hold, and Hypothesis does its best to find a counterexample. It then shrinks this to find the minimal input that contradicts your property. Video: https://www.youtube.com/watch?v=YGim-BL_ebE#t=53m17s Second, **[American fuzzy lop][2]** (AFL), is a young fuzzing library that's already achieved an impressive trophy case of bug discoveries. Using instrumentation and genetic algorithms, it generates test input that carefully searches out as many code paths as it can find, seeking greater functional coverage and ultimately locating crashes and hangs that no other method has found. I'll be showing how with **[Python-AFL][3]** we can apply this tool to our Python code. [0]: https://youtu.be/YGim-BL_ebE?t=53m17s [1]: https://hypothesis.readthedocs.org/en/latest/ [2]: http://lcamtuf.coredump.cx/afl/ [3]: http://jwilk.net/software/python-afl
Watch
Andreas Klostermann - Brain Waves for Hackers
Andreas Klostermann - Brain Waves for Hackers [EuroPython 2014] [22 July 2014] Using the Neurosky Mindwave headset we can read brain waves via bluetooth. In this talk I will present ways to interface with this device and to analyze their data, mostly from the perspective of a Python hacker, and not so much from the perspective of academic research or the development of production-ready software. I will convey the basic scientific and technical background, keeping in mind the non-medical audience, and touch on several practical applications, especially Neurofeedback and its use for personal mental training and potential therapeutic uses. The Audience can expect to walk away with a basic knowledge of EEG analysis, Neurofeedback and how to start experimenting with these devices on their own. ----- A new class of cheap consumer EEG devices allows ordinary hackers and even high school students a glimpse into the human brain. This talk will present how to use the "Neurosky Mindwave" headset with python software, and lay out the basic scientific and technical background. The Mindwave Mobile is a device that can be easily talked to using bluetooth, and it talks a binary protocol which is specifically designed to be useful without much computing power in the receiving device or advanced knowledge of signal processing. In fact, an Arduino with a few lines of code is perfectly capable of parsing some of the byte stream and reacting to the mental state of the user, while fully-featured python software can do advanced analysis using PyEEG and Pandas. The same hardware module and protocol is used in the Nekomimi headset (mind-controlled cat ears for cosplay) and some Boardgames (MindFlex). A python library for interfacing with the headset is presented and will be demonstrated on stage. Mostly kivy applications will be used. Also I will present some data analysis you can perform with pandas and scipy. Neurofeedback is a type of mental exercise where a computer uses the EEG data to direct the user towards certain mental states. In the easiest configuration a program would display a bar with the "concentration" level, and the user would learn how to tilt this bar upwards. In more complicated setups a game could react favorably towards states like relaxation or concentration. Using Gamification, Neurofeedback can provide a more engaging experience for children or adults, than other techniques with similar goals, like mindfulness meditation, and the more immediate feedback should enhance the effectiveness of mental training, though that has not been investigated scientifically yet. Neurofeedback has been shown to be effective (albeit not recommended as sole treatment) in Patients with Attention Deficit Hyperactivity Disorder (ADHD), Epilepsy and Dementia. Some background about these conditions and applications of Neurofeedback to them will be given. The first use of Neurofeedback was done in Cats, during early experiments with EEG electrodes in the 60ies. Cats where conditioned to exhibit certain wave patterns, and later, due to a coincidence, the researchers noticed that the conditioned cats where more resistant to epilepsy-inducing medications. The effect has since been reproduced in humans, in cases where medications did not work sufficiently. Ample hints on not to treat any of this information as medical advice will be provided. The goal of this talk is to promote Neurofeedback as a useful mental training and to encourage development of applications around Neurofeedback and the analysis of EEG data, from the perspective of a python hacker. I gave a similar talk at PyConDe 2013 in Cologne. The new talk will be in English, show some improvements on the software, and more advanced demonstrations.
Watch
Alexey Malashkevich - How Pony ORM translates Python generators to SQL queries
Alexey Malashkevich - How Pony ORM translates Python generators to SQL queries [EuroPython 2014] [24 July 2014] Pony ORM is an Object-Relational Mapper implemented in Python. It uses an unusual approach for writing database queries using Python generators. Pony analyzes the abstract syntax tree of a generator and translates it to its SQL equivalent. The translation process consists of several non-trivial stages. In this talk one of Pony ORM authors will reveal the internal details of this process. ----- [Pony ORM](http://ponyorm.com) is an object-relational mapper implemented in Python. It allows writing advanced queries to a database using plain Python in the form of a generator expression. This way queries look very concise. The main feature of Pony is to provide a method to write declarative queries to databases in pure Python using generators. For this purpose Pony analyzes the abstract syntax tree of a generator and translates it to its SQL equivalent. Following is a sample of a query in Pony: select(p for p in Product if "iPad" in p.name and p.price >= 500) This query translates to SQL using a specific database dialect. Currently Pony works with SQLite, MySQL, PostgreSQL and Oracle databases. In this talk one of Pony ORM authors will go through the process of the query translation and dig into the implementation details. Attendees are going to walk away with the understanding of: 1. Principles of building a programming language translator 2. Python to SQL translator implementation details 3. Approaches for creating a pluggable translator architecture The presentation outline: - Why Python generators are good for representing SQL queries - Main stages of Python to SQL translation overview - Decompiling Python bytecode into Python AST - Translating Python AST to database-independent SQL representation - Generating SQL for specific database - Pluggable translator architecture - Performance concerns: is such way of building SQL slower or faster then Django's and SQLAlchemy's?
Watch
Lynn Root - For lack of a better name(server): DNS Explained
Lynn Root - For lack of a better name(server): DNS Explained [EuroPython 2014] [23 July 2014] You've deployed! But your friends can't see it - what's wrong? I'm betting DNS. Maybe you've fixed a couple of entries, point some records to hostnames, waited patiently for new domains to resolve only to notice your nameservers are incorrect. But what actually goes on with DNS? Come to this talk to find out how DNS works, and how to interact and create a DNS with Python. ----- Following instructions of what entries to create where is easy enough when using a PaaS. But DNS is hard – deployment issues always seem to come down to DNS. A solid understanding of DNS will not only help with deploying your applications, but will also give a greater understanding of how the internet works, and more generally, distributed systems. In this talk, you will learn what DNS is, how it works and how to communicate with it, and how Python can make both interacting and spinning up your own DNS server simple (I swear!). Outline: * Intro (1-2m) * What DNS is (5 min) * URL -> IP addr, e.g. "phonebook" lookup (obligatory pun: Call me, Maybe?) * hierarchical system & resolution sequence (local DNS cache/resolver, ISP resolver, recursive DNS search) * popular types (primary, secondary/slave, forwarding, authoritative only, etc) * System components: what makes a DNS? * How to communicate with DNS (3 min) * Protocol: UDP * Operations: CRUD * Resource records (A, AAAA, CNAME, SOA, SRV, etc) * tools: dig/nsupdate/nslookup * Security overview (3min) (disclaimer: NOT a DNS security expert, not planning to get into the details here) * Server-Server, DynDNS: TSIG/GSS-TSIG * Server-Client: DNSSEC * Python + DNS (10 min) * plain UDP query in Python (no 3rd-party libraries/no magic) * Interacting with a DNS w/ Python (dnspython.py) * Sample DNS server with Twisted * "fake" demo (either local or pre-recorded screen cast) of querying/updating/etc of the Twisted DNS * Wrap up - resources page, github links, etc (1min) * Q&A - ~5 min
Watch
Hynek - The Sorry State of SSL
Hynek - The Sorry State of SSL [EuroPython 2014] [22 July 2014] Those web pages with shiny lock icons boasting that your data is safe because of “256 bit encryption”? They are lying. In times of mass surveillance and commercialized Internet crime you should know why that’s the case. This talk will give you an overview that will help you to assess your personal security more realistically and to make your applications as secure as possible against all odds. ----- The rule of thumb for people without degrees in cryptography on securing data on the Internet is “GPG for data at rest. TLS for data in motion”. And it’s actually a very good rule everyone should follow. The only kicker though is that configuring (and using!) TLS properly is not as simple as it sounds and if you’re not diligent as a user, developer, and ops engineer, you can easily compromise your data’s security despite best effort of everyone else. This talk will be multifaceted; you will learn: - how SSL and TLS roughly work and why their state is sorry, - server- and client-side duties for best possible security, - what alternatives you have for using TLS in Python, - things to keep in mind when configuring servers, - and what perils outside your control still can trip you up. In other words, the leitmotif is to show you the most common traps you should know about when using and deploying applications relying on TLS for transport layer security and how to avoid them.
Watch
Honza Král - Lessons learned from building Elasticsearch client
Honza Král - Lessons learned from building Elasticsearch client [EuroPython 2014] [24 July 2014] Lessons learned when building a client for a fully distributed system and trying to minimize context-switching pains when using multiple languages. ----- Last year we decided to create official clients for the most popular languages, Python included. Some of the goals were: * support the complete API of elasticsearch including all parameters * provide a 1-to-1 mapping to the rest API to avoid having opinions and provide a familiar interface to our users consistent across languages and evironments * degrade gracefully when the es cluster is changing (nodes dropping out or being added) * flexibility - allow users to customize and extend the clients easily to suit their, potentially unique, environment In this talk I would like to take you through the process of designing said client, the challenges we faced and the solutions we picked. Amongst other things I will touch on the difference between languages (and their respective communities), the architecture of the client itself, mapping out the API and making sure it stays up to date and integrating with existing tools.
Watch
plaetzchen - Don't fear our new robot overlords!
plaetzchen - Don't fear our new robot overlords! [EuroPython 2014] [23 July 2014] This talk will show you GoldenEye. A setup of a robot, image recognition and Python. What could be better? GoldenEye uses computer vision to detect icons on an attached mobile device and then tells a robot to tap them. All off these tests are written in python's unittest module and the API is as easy as possible to make writing complex tests an ease. ----- GoldenEye is our solution for mobile front end tests. Testing on mobile devices can be quite devastating: On iOS you can write front test in JavaScript in Instruments but it is quite impossible to connect Instruments to you CI solution of choice. On Android the situation isn't much better. Other front end test frameworks can work with mobile devices (or simulators) but they lack the ability to see. Of course you can check if a color is set correctly, if a frame has the right x and y coordinates but in a world of different screen sizes writing these tests can be quite challenging as well. In the end you will always need to look on your screen again and again trying to spot any issues. GoldenEye takes a different approach. It does not need to run on your development computer, you don't need a Mac for running tests on iOS devices and you can have real touches on your controls. This is archived by using openCV and it's python bindings, Pythons's unittest module and the Tapsterbot, an OpenSource delta robot made with 3D printing and an Arduino controller. To write a test you just take some screenshots on your device, cut out the icons you need to tap or inspect and write a very simple unit test using a high-level API that takes away the hard parts. WARNING: This talk features a real robot. In case of machine world-domination: RUN!
Watch