List of videos

Python sigue evolucionando con forme pasan los años, y de igual manera lo hacen las herramientas que giran entorno a nuestro lenguaje. En esta charla veremos el pasado (distutils, setuptools), el presente (flit, poetry, build, twine), y el futuro (pyproject.toml, hatch) del empaquetamiento en Python, la parte mas crucial para el crecimiento de todo un ecosistema. Vamos a usar una mirada holística para analizar el estado actual y como podemos mejorar el flujo de trabajo para empaquetar y distribuir aplicaciones en Python. Esta charla es para mi? Esta charla esta pensada para cualquier persona con o sin experiencia en Python que quiera aprender o mejorar la forma para empaquetar paquetes en Python.

"Green computing" es un término que nació en 1992 y que busca reducir el impacto ambiental de las actividades digitales. En esta charla vamos a ver que es el green computing (también llamada computación verde) y que estudia esta área de la informática, con algunos ejemplos de mejoras de data centers. También vamos a ver algunas cosas que podemos hacer en nuestro día a día y una introducción al el green programming con python (o codificación ecológica) La tecnología tiene un potencial muy alto de ayudar al medio ambiente, ¡el objetivo de esta charla es que todos lo sepamos! Veremos también que podemos hacer con python para saber cuanto es green nuestro código. (No hay prerequisites, esta charla es para todos los públicos)

(English version below) Aprende a hacer una API lista para producción en muy poco tiempo usando FastAPI... explicado con memes. Con documentación y validación de datos automáticas, basada en estándares, alto desempeño y otras ventajas. Además, puedes escribir todo el código con autocompletado y chequeos de errores de tipos, incluso para tus propios datos. En esta charla verás de qué se trata FastAPI, qué beneficios te da y por qué sería útil para ti. También verás cómo declarar datos para recibir en cada request (cada mensaje HTTP), usando tipos de Python estándar. Incluyendo parámetros en el path, en queries, y en cuerpos (body) de mensajes. También verás cómo declarar cuerpos de mensajes complejos con datos muy anidados. Y así, aún con código muy simple, tener documentación para todo tu API, serialización (conversión de datos) y validación, todo siguiendo estándares, y todo automáticamente. Learn how to create an API ready for production in very little time using FastAPI... explained with memes. Your API will have automatic validation, documentation based on standards, high performance, and several other features. All this, having editor support including autocompletion everywhere. In this talk you will learn what FastAPI can do, and how it could benefit you. You will see how to declare the data you want to receive in each request using standard Python type annotations. Including path parameters, query parameters, body payloads with JSON, etc. You will also see how to use simple, standard, Python type annotations to declare complex JSON body payloads with deeply nested structures, and get automatic data validation, serialization, and documentation.

Spanish: ¿Y esto cómo lo testeo? Al momento de escribir tests, no siempre es simple saber qué cosas hay que testear o cómo hacerlo. En esta charla voy a hablar de mocks, de buenas prácticas, voy a dar algunos tips y voy a mostrar ejemplos de todo esto usando pytest. La charla se va a dividir en tres partes: - ¿Por qué (y para quién) testeamos? - ¿Cómo escribir tests? Ejemplos de tests y cómo escribir código preparado para pruebas unitarias. - ¿Cómo le sacamos el jugo a pytest?: Ejemplos de fixtures, parametrizaciones, etc. English: So, how do I test this? When writing tests, is not always easy to know what to test and how to do it. I’m going to talk about mocks, good practices, a few tips, and I’m going to show some examples using pytest. The talk is splitted in three parts: - Why (and for whom) do we write tests? - How to write unit tests? (Some test examples, and how to write code ready to be tested). - How to take advantage of pytest main features? (Examples of fixtures, parametrize, etc.).

The key of debugging is observability and reproducibility. Despite a series of the asyncio stdlib improvements for the last few years, it is still challenging to see what’s happening in complex real-world asyncio applications. Particularly, when multiple asyncio libraries and your codes are composed together, it is hard to track down silently swallowed cancellations and resource-hogging floods of tasks triggered by internals of 3rd-party callbacks. Moreoever, such misbehaviors are often observed only in production environments where the app faces the actual workloads and I/O patterns, making it even harder to reproduce. In this talk, I present an improved version of aiomonitor, called aiomonitor-ng (next generation). The original aiomonitor provides a live access to a running asyncio process using a telnet socket and a basic REPL to inspect the list of tasks and their current stacks. After getting several times of assistance in production debugging with it, I have added more features to help tracking the above issues of asyncio apps running in production: task creation tracker and termination tracker. These trackers keeps the stack traces whenever a new task is created or terminated, and provides a holistic view of chained stack traces when the tasks are nested with arbitrary depths. aiomonitor-ng also demonstrates a rich async TUI (terminal UI) based on prompt toolkit and Click, with auto-completion of commands and arguments, far enhancing the original version’s simple REPL. With the improved aiomonitor-ng, I could successfully debug several production bugs. I hope this talk would help our fellow asyncio developers to make more complex yet stable applications at scale.

Over the past several years, large-scale hacks triggered by compromised software supply chains have dominated the news. The aftermath has inspired the creation of new organizations, tools, and systems to help prevent and respond to similar lines of attack in the future. In this talk, you'll learn about the insidious nature of supply chain attacks, common points of intrusion, and why the open source ecosystem is especially vulnerable. Next, you’ll learn about the basic concepts and terms involved in supply chain security and learn about open source projects and frameworks you can apply to protect the integrity of your own software. Lastly, you’ll learn about ways that you can evaluate the supply chain security practices of the dependencies you rely on. You’ll leave the talk understanding how supply chain attacks happen, why they’re so difficult to detect, and take away actionable solutions allowing you to be better prepared for the next wave of supply chain attacks.

Code signing is coming to the Python packaging ecosystem, in the form of Sigstore: individual package maintainers and users will be able to sign for and verify the authenticity of their Python packages, respectively, without the historical and technical baggage of PGP. This talk will serve two purposes: (1) as a introduction to Sigstore, and its security model, to Python developers, and (2) as a technical overview of ongoing efforts to integrate Sigstore into Python packaging. Attendees will be introduced to the cryptographic fundamentals of codesigning, how Sigstore accomplishes codesigning without long-term key material (a critical downside to PGP), as well as the guarantees they can derive from strong codesigning in the Python packaging ecosystem. They'll also be introduced to the technical aspects of Sigstore's integration into Python packaging, including a peek behind the scenes at the standardization process and other foundational efforts required to introduce a new codesigning format to one of the world's largest packaging ecosystems.

Async python is a relatively recent addition to Python’s longstanding concurrency options of processes and threads - and offers a very different programming experience. Where processes run independently and threads switch at the whim of the kernel scheduler, async tasks take a different tradeoff: managing shared state is as easy as in single-threaded synchronous Python, but it’s on you to ensure that there are enough await, async for, and async with statements where tasks can switch to make steady progress. In this talk, we’ll explore the advantages of structured concurrency - especially error handling, timeouts, cancellation, and readable code - and both convenient and reliable ways to mitigate the problems of cooperative concurrency (when one uncooperative slow task can bring your whole program to a halt). I’ll introduce you to static analysis with flake8-trio and explain how to write your own AST-based tools, and show how dynamic analysis can help us catch anything that slips past that quick and convenient check. With a system like this in place, you don’t have to be an experienced or paranoid software engineer to write beautiful async code - to serve or scrape a website, control a bundle of processes, or write a game - it just reads like normal Python, and your tools will catch you if you fall.

Generator functions have been a part of Python for many years already, and are a well known technique for creating iterators. But generators have a few lesser-known aspects, including their “send” method and the “yield from” syntax. Many Python developers shy away from using them, unsure of what they would do, or how they would be useful — seeing coroutines as a solution looking for a problem. In this talk, I’ll tell you why coroutines can be useful, and how thinking about them as in-process “nanoservices” puts us in the right frame of mind to determine when they would and wouldn’t be appropriate.