Transcript: Aymeric Augustin

00:00.0

Hi, welcome to another episode of Django Chat, a weekly podcast on the Django web framework.

00:10.9

I'm Carlton Gibson, joined as ever by Will Vincent.

00:12.8

Hello, Will.

00:13.4

Hi, Carlton.

00:14.3

Hello, Will.

00:15.1

And today we've got Emmerich Augustin with us, who's a long-time Django contributor,

00:18.7

member of the Django Technical Board and more.

00:21.0

Hello, Emmerich.

00:21.5

How are you?

00:22.3

Hello, folks.

00:23.0

I'm fine.

00:23.7

Fine.

00:24.1

Thank you for coming on so much.

00:25.6

It's a pleasure to be on the podcast.

00:27.4

So, okay, well, I'm just going to, a few smart, mildly for a moment, because you're, you know, when I've got into Django, you're one of the big sort of people there.

00:38.4

You're one of the people who were contributing then, you're still around now, and it's just like, wow.

00:41.8

So can you tell us about how you got into Django and, you know, how did you find the project and, you know, kind of some of your backstory there?

00:49.6

Well, I think it's mostly a happy accident.

00:53.1

So it goes back to 2010, I think.

00:57.4

And at this point, I was working in a company

00:59.5

whose favorite framework was Rails,

01:02.4

which is a good framework, by the way.

01:04.3

And then one of my colleagues,

01:05.9

one day he tells me about this framework,

01:08.0

he found that it's called Django,

01:09.6

and he was doing Python.

01:11.1

And so, well, I had used a bit of Python earlier in internships,

01:14.5

but I didn't know much about the language.

01:17.1

And so this guy, Jeremy Lenné,

01:19.4

is really enthusiastic about Django.

01:22.6

And so I check it out,

01:24.6

And I'm not sure exactly what happens next.

01:28.4

Probably I use it for a personal project or something.

01:31.7

And then I stumble on a bug, and I discover there's a bug tracker,

01:35.3

and I start triaging bugs.

01:37.9

And so people have weird hobbies.

01:39.9

Some people do crosswords, and I triage.

01:45.6

And then I do a lot of triage.

01:48.3

And eventually I start knowing a lot about the dark corners of Django

01:52.3

where no one ever goes,

01:54.0

except when you're finding a bug in the framework

01:55.9

or trying to figure out if something is actually a bug.

01:59.9

And I start knowing a lot about Django.

02:03.8

And at one point in 2011,

02:08.0

there's a new project where I get to choose a stack.

02:11.8

And so I decided, okay, let's do a real thing with Django this time.

02:15.0

Everything Django.

02:17.3

And so we become fairly heavy users of the framework

02:21.2

so that was for building Autolib

02:23.5

which was a car sharing service in Paris

02:25.7

and so

02:27.8

we're invoicing car

02:29.8

rentals and so we're invoicing

02:31.7

by the minute because it's a service

02:33.3

you take a car, you drop it back

02:35.9

and so

02:37.7

we need accurate billing

02:38.9

and then since we're good engineers

02:41.3

we start

02:43.2

thinking what happens

02:44.8

during the day

02:47.7

like savings time change

02:48.9

Are we going to invoice minutes, minutes, 20 minutes if someone takes the car at 2.50 and returns it at 2.10?

02:59.7

And that's how I discovered that Django doesn't have support for aware date times.

03:06.7

So when you're publishing on the blog, a naive date times are just fine.

03:09.9

When you're doing a newspaper, which is what Django was built for, it's fine.

03:14.7

But when you're doing enterprise stuff,

03:18.2

it can be a bit limited.

03:20.7

And so that's how I started writing a proposal

03:24.3

to support aware date times,

03:27.4

date times with time zone information in Django.

03:32.6

And eventually, this led up to me joining the team.

03:38.3

So at the time, one of the criteria

03:41.0

for joining the Django core team was

03:42.8

you must have written a major patch.

03:44.7

And so I had the patch almost written and the team let me commit it.

03:49.2

So yeah, that's how I become a contributor.

03:53.0

Well, that's fantastic.

03:54.2

That's like, wow.

03:57.5

Well, that was, I think it's 1.4 was when time zones was added in.

04:02.9

I'm not completely sure when we began to do LTS.

04:09.6

1.4 was definitely a big release.

04:13.1

Then in 1.5, we started working on Python 3.

04:18.3

1.6 was partly about making Python 3 work correctly.

04:22.2

And then the next big one, which was hard to get to, was 1.7,

04:27.2

since there was a new migration framework.

04:29.7

And also, I broke a lot of stuff with uploading,

04:32.8

which I still believe to be a good thing in the grand scheme of Django as a framework.

04:38.8

But it was sometimes a cause of some upgrade pain.

04:42.9

And then you were responsible for templates as well, weren't you?

04:46.7

So that's what I did in 1.8, if memory serves,

04:50.6

so the pluggable template engines.

04:52.6

This one was probably less significant

04:56.4

because there were third-party applications

05:01.5

that made it possible to use Ginger 2 in Django,

05:03.9

which was one of the primary requirements there.

05:07.5

But having it built into the framework was good,

05:11.1

And also it was an opportunity to clean up some parts of the template engine

05:15.0

that still relied a bit too heavily on global status.

05:18.5

So now it's a bit more library-like.

05:21.2

Yeah, okay.

05:21.7

Can you talk about, so who were the active Django contributors back then?

05:26.2

Because I feel like a lot of that knowledge is locked away

05:29.1

in a small number of people's brains.

05:30.7

I don't know exactly who that was.

05:33.4

I mean, I have a vague sense Carlton came before me, but after you.

05:37.7

Do you recall who, you know, who was there at that time in, you know, 2011, 12?

05:43.8

Okay, I'm definitely going to forget some people.

05:47.2

So this is a tricky question.

05:50.2

One very active contributor at the time was Yanis Leidel, alias Segesdez.

05:57.6

So, well, actually, he became a core developer a couple of years before I did.

06:03.8

He contributed to countless libraries and also a lot to Django Core.

06:11.8

Then at the time, well, we didn't have fellows yet, this came later, we already had a team

06:20.3

of maybe 20 or 30 commies, and so the project was still driven, let's say, by the second

06:32.7

team. I mean, there was a very original team, which was Adrian Jacob, who was a creator

06:38.2

of the framework. Then shortly after came Malcolm and Russell, who is still around.

06:46.0

And another couple of people, I think, but they were less active when I joined. So I

06:54.5

I didn't need them as much as I did these original four.

06:59.3

And then the team grew to maybe 20 or 25.

07:04.9

And at this time, people were still writing

07:07.2

and committing their own code,

07:09.0

which is something we stopped doing now.

07:11.1

Everything goes through the fellows, et cetera.

07:13.8

So back then, someone had written a patch,

07:17.3

uploaded it to track, you took the patch,

07:19.1

you tweaked it a bit, you committed it to SVN, of course.

07:23.3

So, yes, it was a bit different.

07:25.3

That's what I like about the track.

07:26.9

So something that comes up every so often is people are like,

07:29.9

why don't we move to GitHub issues?

07:31.3

Because GitHub's more user-friendly or more, not user-friendly,

07:34.6

but it's more accessible to new contributors.

07:38.0

But, like, the track has this amazing history.

07:40.4

So, like, all the old subversion commits are mapped,

07:43.9

and you just click on them, and they map back,

07:46.2

and they end up opening up in GitHub with, like,

07:49.5

This was the patch that was done 13 years ago by, you know, so-and-so.

07:56.3

You know, I like that whole, the history is still maintained.

08:01.1

Yes, we've kept a lot of history in track.

08:05.5

It must go nearly 14 years now, I think.

08:08.5

Yeah, something like that.

08:10.3

And when talking about track versus GitHub issues,

08:14.9

I always feel a bit old school.

08:19.6

Well, I'm a Django core dinosaur.

08:22.6

Stay away from that.

08:23.7

Get off my lawn.

08:26.4

Yeah, exactly.

08:28.3

And because things were that way once

08:30.6

doesn't mean there's the only way to do it.

08:33.5

One thing we always said we were very attached to

08:37.3

is anyone being able to try HBug.

08:43.3

And so for a very long time in GitHub,

08:45.8

only contributors who had comic access

08:49.7

could tag issues, could close issues.

08:55.5

Perhaps this is a bit theoretical

08:56.9

because in fact, most of the triage

08:59.3

is done by just a few people

09:01.0

and now most of it is done by fellows,

09:02.7

so including yourself, Carlton and Mariusz.

09:07.4

So I'm not sure these arguments hold all that well.

09:11.2

And also GitHub introduced this feature

09:13.1

to allow anonymous triage

09:14.7

or at least to make it much more open

09:16.4

a few months ago.

09:18.9

And I haven't checked it out.

09:21.2

So now the other things to consider

09:23.8

if we wanted to move to GitHub issues

09:25.5

is first, how do we preserve the history?

09:29.5

I've come across a lot of projects

09:31.3

who imported their bug tracker

09:33.8

to GitHub issues.

09:35.2

And often some information is kept,

09:38.5

but a lot is lost.

09:39.4

Many links are broken.

09:41.5

And I think the history in track is valuable.

09:44.2

Very often I find valuable information

09:46.3

that dates back to five or ten years

09:48.6

because we are very conscious about writing

09:51.4

why we do things in ticket discussions.

09:55.9

And the other is more an open source purist thing.

10:00.9

GitHub is a closed source run by a corporation.

10:04.7

Probably there's a way to export the data,

10:06.8

but it looks like, okay, use the API and scrape with the API.

10:11.5

And somewhat we're comfortable with our self-hosted track where we have the database and we know where the data is.

10:17.3

I think the big one there for me is the history.

10:19.7

Because on a day-to-day basis, we get three new tickets a day on average.

10:25.4

And it'll be like, oh, there's some issue with model form and this has got to have come up before.

10:30.8

And you're able to search and you're able to think.

10:32.7

You're able to say, look, this was discussed six years ago in this comment and here's why that...

10:36.5

And that's just amazing.

10:37.8

and you know so the other project i've worked on a lot is django rest framework and that's always

10:43.6

used github and you you're in the position where you're like oh i'm sure this has come up before

10:48.5

but i just can't find it it's just it's there if you if you if you happen to find it but to track

10:54.4

it down it's a much more laborious issue so you know whilst github is i don't know it's exciting

11:01.4

or whatever it's i just i don't think it's as powerful but the python project are migrating

11:05.6

now right they're migrating all their bug tracker to github so we we get to see what happens to them

11:11.1

and how they manage it and then we can make a decision based on that example yeah and and it's

11:18.5

good that you're well you have a comparison point with drf which is already a mature project it's

11:25.8

been going for at least eight years i guess or maybe 10 um and well somewhat it reinforces that

11:32.2

We can live with track even if it's, well, perhaps a bit newcomer unfriendly.

11:39.0

And then the other argument, well, the GitHub closed source, et cetera, yes, it's a purist

11:44.4

thing, but some people feel very, very strongly about that.

11:49.2

And that's always a factor when you need consensus to change that sort of thing.

11:53.6

Yeah, that's right.

11:54.6

Well, I did want to mention, I don't know if we have in the podcast.

11:57.0

just around new contributors

11:59.1

that Carlton has been doing a lot of work

12:00.9

to apply to Google Summer of Docs,

12:04.5

which Django has been accepted for.

12:07.4

And so we're hoping we'll be getting money

12:10.3

to have someone to,

12:12.0

a professional technical writer,

12:13.3

to work on just specifically

12:15.1

the contribution section of the Django docs,

12:17.9

which I think could use some fresh eyes.

12:21.4

So I'm excited about that.

12:23.1

And I know Carlton's been doing a lot of work on that.

12:25.0

So I wanted to call that out, Carlton,

12:26.8

Yeah, no, I'm excited about this. I've been sort of beating the more contributors drum for, you know, last couple of years. And the feedback that I've had several times is it's just really hard to get going. And yeah, it's a kind of wall of text that contributors got. It's brilliant. There's everything you need to know, but maybe it could be smoother.

12:47.4

but you know we're we're not technical writers by you know not as a group that's not where we

12:52.7

focus so to have if we can have someone come in and give that a fresh look that's quite exciting

12:57.2

for me i don't know yeah and it's nice to have outside money to help us do that i guess it's

13:02.8

part of it too yeah it's really cool that we're getting uh um people dedicated to this uh we're

13:09.3

going doing okay at writing code uh i think we've done much better than many other projects uh at

13:15.7

writing documentation yeah and so if you print to pdf the django documentation i think it runs

13:21.2

1500 pages or so yeah and so there's really a lot of information i think we we raise the bar

13:29.5

very impressively uh now it's still expert documentation written by experts i i have

13:35.2

written some pages in in that documentation from scratch and then i read them three years later

13:39.5

and i decided i should really write them differently but i don't know exactly how to

13:44.2

go about it uh because while i understand uh the the let's say um well what's important when

13:54.1

writing good documentation i can see good documentation when i when i see it i recognize it

13:58.6

um but i can't write it myself and i'm not the only one i think that's that's a fair well we had

14:06.7

we had mikey ariel on uh who is a professional technical writer and i think one thing i've

14:11.7

realized, being much more junior programmer than you all, is that there's a big difference between

14:17.2

documentation and tutorials. So one of the complaints, perhaps, of someone new to Django

14:22.7

is they'll go into the docs and see a documentation that airdrops in and says, okay, well, we have

14:28.1

this existing site, and then we're just going to add this little thing. So they show the view

14:35.2

portion, they show the model portion, which if you know Django well, you can use that. But if

14:41.3

you're a beginner intermediate, you need all the rest to get you to that point. You can't just

14:45.3

airdrop in. So initially I was frustrated with the Django docs that they didn't do that. But I

14:50.9

understand now that a tutorial and documentation are very different things. So a lot of what I do

14:55.8

is tutorials to kind of ramp someone up. So when they get to the docs, they can see, oh, this is

15:00.2

relevant, but they have the context for it because docs is intentionally written for an intermediate

15:06.8

advanced level, I would say. And that makes a lot more sense to me than, you know, I mean,

15:10.9

If it was tutorials, it would be 100,000 pages, the documentation.

15:14.4

Well, to be fair, there was foresight in the way the Django documentation was written.

15:19.7

In fact, a great number of things were done right very, very early when Django was open sourced.

15:28.2

I think I heard Jacob explain once how he bought books and read them about essentially how to do an open source project right.

15:36.1

And one of the things that was done in the documentation

15:40.4

was to separate tutorials from how-to guides

15:44.8

from reference documentation

15:48.3

and then the contributing documentation.

15:51.6

And then it grew from there.

15:53.1

But the distinction, the original distinction between tutorial,

15:57.1

here's how you get started, how-to,

15:59.6

you want to do specific things,

16:01.3

here's a whole bunch of explanations on a given topic,

16:04.6

And reference is everything you need to know on this part of the framework, the API, etc.

16:11.2

It was there.

16:13.2

And if you look at the index page, it's right there under your eyes.

16:17.6

Now, if you come to the docs through Google, you don't know if you're landing in a how-to or in a reference page.

16:25.1

And you don't know that it's a tutorial.

16:26.8

So the doc is good if you get to the homepage and start reading it.

16:30.4

perhaps it's a it's a it's a bit different if you get airdropped by google somewhere

16:34.5

and you don't understand the whole logic especially when they're 1500 pages yeah no fair enough i mean

16:41.1

it's i still think django docs are the gold standard uh i mean i and i guess part of it is

16:46.2

i'm thinking of this for my own work as a content creator where if i want to do something if i want

16:51.2

to demonstrate sitemaps for example i just have a recent tutorial on it i want to show the sitemap

16:56.6

part, but I also need to have all the preamble. And so what I've, just with my own stuff, what

17:03.4

I'm going to be doing is having a canonical, like a recipes app where I say, okay, here is this one

17:08.7

place I will walk you through all the steps. And then all these other things like the search or

17:13.0

this fancy thing or this specific thing, I'm going to jump from this starting point. So if you need

17:18.2

the help, here you go, but I'm not going to just start from start project every time, which is what

17:23.2

I've been doing with my stuff, which I think is helpful for people, but is unmaintainable for me

17:27.7

to start from absolute scratch every time. And I know that Django, there's a number of,

17:33.1

there's the polls app, there's university examples. When I kind of airdrop in through

17:37.9

Google, there's, I suppose it would be nice if there were a couple canonical reference points,

17:43.6

but there's so much information in the docs, it's probably more than could be done from scratch.

17:49.2

But anyways, that's the context I think of that. I think it's nice to be able to say,

17:52.2

if you need the help it's here but i'm not gonna you know i can focus on the point that i want to

17:58.6

focus on well the docs is still a living project and regularly someone goes in and improve a section

18:06.3

yeah and it's really like gardening i mean things have grown and people have grown some pages some

18:14.2

content and then at some point someone needs to rationalize it uh and it helps and um sometimes

18:21.2

also we are facing the limits

18:23.4

than what

18:24.8

Django core devs

18:27.3

so now we no longer have core devs, we removed this

18:29.4

but for a long time these were the people who created

18:31.2

all this and perhaps they were not

18:33.4

the best people at writing a tutorial

18:35.0

and now everyone admits that the

18:37.3

Django Girls tutorial is a better one

18:38.9

and so we freely point

18:41.2

people to that tutorial

18:42.4

and the official tutorial is still there

18:45.0

because we need one

18:46.5

but well, that's a

18:49.3

kind of local optimum

18:50.7

and no one has taken the task of explaining

18:54.8

what a better tutorial for Django could be

18:57.3

besides the Django tutorial that already exists

18:60.0

so there's no need to do anything about it

19:01.4

I mean it's a massive job to write such a thing as well

19:03.6

not everything has to be in the Django docs too

19:07.5

I like that there's room for content creators to come

19:11.0

and add things around the core documentation

19:14.3

but just the other day I had someone tweet at me on Twitter

19:17.6

thanks for the docs, they're amazing

19:19.1

it's like well you know you're welcome i didn't write them but you know you're welcome and perhaps

19:24.5

going back to for tutorials for just a comment uh i think tutorials are one of the hardest things to

19:31.0

write because you need to decide that you are not going to talk about a bunch of things that are

19:36.0

very important uh but not fundamental and so you're going to stick to the fundamentals and

19:41.7

take some shortcuts uh hide a few things just for the sake of getting to the end of the tutorial in

19:48.6

in a decent amount of time and this is really hard and prone to bike shedding so

19:53.4

a bit difficult to do in an open source community yeah i'm smiling when you say that because that is

19:59.1

the the show versus tell um tension is one that as a content creator i have all the time it's

20:06.2

it's probably the top feedback i've gotten with my beginner stuff is that i i just sort of show

20:11.5

the steps without explaining everything that happens but it's because if i explained everything

20:15.8

that happened, it wouldn't be for beginners. And so there is a balance there between getting it to

20:21.4

work and then understanding everything. And I like to say, you know, hey, everything is magic

20:26.7

at some point. And so it's just a question of adding in, okay, this is how this works. This

20:32.2

is how that works. I can use it without understanding all of it. Because ultimately,

20:35.9

why do people use Django? They want to build a site. So if I can show them, you know, build a

20:40.8

blog and then we can then we can loop in and talk about some of the internals which i think become

20:46.5

interesting once you have spent time with them but you know an outsider i think doesn't particularly

20:52.5

care about the internals they just want an outcome it only comes with time that they find the

20:57.5

internals interesting and that's yet another bias of the people who wrote the code it's like

21:01.6

they would like to show off all the smart things that they did in the code yeah

21:05.5

Well, it's definitely not what needs to be in a tutorial.

21:12.2

Another thing that I find very hard is that when you write documentation,

21:16.5

you need to stick roughly at the right distance from what people already know.

21:22.2

If you are too basic, well, the documentation is slow and people get bored.

21:27.6

And if you are too far, it's simply not understandable.

21:33.4

And, well, perhaps if you're doing a lot of writing for beginners or intermediate people, you get a better feel about this distance.

21:41.6

But I find it really hard, in fact, to judge.

21:44.7

You have to make an assumption, I think is what it comes down to.

21:47.8

You have to make an assumption about their level and then go from there.

21:52.1

So a blog for a beginner is different for an intermediate, is different for advanced.

21:57.1

And the hard part is deciding and then sticking to it.

22:00.8

especially, you know, for me, as my own knowledge has advanced, I find it, it's not interesting for

22:05.8

me to show another very beginner thing. But because I interact every day with beginners,

22:11.8

it kind of keeps me in that mindset where it's interesting and not just monotonous for me. So

22:17.2

I'm, I certainly feel I don't really want to code beginner stuff, because I kind of know that. But

22:22.9

at the same time, I don't. I get the perspective of beginners and their frustrations. And I recall

22:29.0

my own frustrations. So I, yeah, it's, it's a hard thing. And that's why I say with the docs,

22:32.5

you have to, to me, I think the docs are at an intermediate level as they should be. Um,

22:37.5

and it's sort of one of the things actually I want to do in my own online site is mimic what

22:42.8

you would do in person where in person, the first thing you would do is kind of say, well,

22:46.0

what's your level? Cause then I will talk to you at that level. Uh, so one thing I've,

22:50.7

I think I will be doing is having a, okay, are you a beginner? Are you intermediate? Are you

22:55.0

advanced like tell me and then i will point you to tutorials that go from that jumping off place

23:01.5

because without that it's yeah it's it's hard to know where someone's at and it's hard to write

23:05.3

those things i think it's harder to write the beginner things actually than the advanced things

23:09.3

because you can't assume anything um i think it's harder actually to write the beginner ones

23:13.9

let's say because if you have the knowledge of it's very easy um to skip an implicit piece of

23:22.1

information and without that information uh the gaps the the storage example that comes to mind

23:30.3

there is imports so quite a lot of times in the documentation we'll get a pull request saying can

23:34.5

we please add the import for you know this particular class that we're showing using because

23:38.5

people come to the docs and it's like well where do i get this where is this class it's it's just

23:44.2

not shown and then as soon as you as soon as you add the import to the code example it's become so

23:48.4

much more useful.

23:49.4

There are a couple of tricks for interacting with the Django docs.

23:54.1

And I know them and I feel bad about them.

23:58.1

So one is that it's usually better to type

24:00.7

site colon docs.jangoproject.com

24:03.4

your query in Google than use a built-in search engine

24:06.6

because Google is just better at search engines.

24:10.0

And the other one is when you hover

24:13.1

the name of a function in API documentation,

24:18.4

you get a link and in that link there is an anchor

24:20.9

and the anchor contains a full import path.

24:24.1

and so this is how you know uh that's completely implicit uh and and people i've explained in

24:33.9

tracks that we're doing this usually when they asked making the import implicit explicit i mean

24:39.5

uh but yeah it's bad that we're relying on this i mean there's probably some sphinx plug-in that

24:45.5

we could find that would fix all of that for us but we're yet to find it one thing i wanted to

24:49.7

to talk to you about, Emmerich,

24:50.6

was, while I've got you on,

24:51.7

is the Django static file story.

24:54.3

Because these, you know,

24:55.3

back in the day,

24:56.2

very much static rendered HTML,

24:58.6

and, you know,

25:00.4

I'm a big fan of that still,

25:01.8

and it's got, you know,

25:03.1

I like to render templates

25:04.2

and serve up HTML,

25:05.3

but a lot of times

25:06.3

we serve up API data,

25:07.8

and then there's a single page application,

25:10.6

and we merge it with React,

25:12.7

or, you know, Vue,

25:13.7

or some, whatever, rich client.

25:18.2

And something that comes up

25:19.6

every year i think is is what's django static file story or can we improve it and i know you've got

25:23.9

thoughts on this so i did want to sort of while we had you ask you to comment on that if you can

25:29.9

yes um i think static files is a vastly uh underappreciated part of django uh and janice

25:38.1

has been doing an amazing job there um to bring it to a level where it's very generally useful

25:45.0

without becoming a full asset pipeline

25:48.6

that would have no place in Django.

25:50.7

I mean, at some point, if you want Webpack, use Webpack.

25:53.9

So if we rewind the story,

25:57.1

when, well, originally,

26:00.1

you deploy Django on Apache with ModPython

26:04.8

or ModWhiskey later,

26:07.9

and Apache is going to store your files,

26:13.1

CSS, JavaScript, user-uploaded media.

26:17.7

Well, I mean, user-uploaded, well, I mean, at first it was a newspaper,

26:20.3

so it was editors uploading images that would get served together with a website.

26:23.8

And so Apache says all this.

26:25.7

So one of the first distinctions that crops up

26:28.8

is that user-provided media is not the same as JavaScript and CSS.

26:36.6

And so this is when Django starts separating static files from media files.

26:42.6

This is not completely clean yet.

26:45.6

When you define a form, there's still a form, a media API,

26:49.2

which is actually static files.

26:52.0

And, well, we could clean this up.

26:55.3

It's not a very big deal, but it's unclean.

26:58.8

So then, as the world progresses

27:02.7

from just stacking a bunch of jQuery plugins and CSS files,

27:08.2

as things like Sass appear,

27:12.1

So, then, best practices for managing scripts and styles appear,

27:19.0

and essentially practices about cache invalidation.

27:24.6

So, the most reliable way to invalidate a resource on the web

27:30.8

is not to mess with HTTP headers,

27:34.1

because there's always a browser that will get it wrong.

27:36.3

It's just to change the name of the file and cache everything forever.

27:40.2

So modern static files does this well.

27:43.8

It takes a bunch of CSS and JavaScript,

27:46.1

spread out your Django application,

27:49.1

hashes the content of the file,

27:52.4

adds a hash in the file name,

27:54.0

and then you can serve everything cached forever.

27:57.5

And then if you use white noise,

27:59.5

you can do everything inside your WSIGI application

28:03.4

with good performance,

28:05.0

and you no longer need to care about serving static files

28:07.6

separately from the website itself.

28:11.5

So this is really good.

28:14.2

And it's also compatible

28:16.5

with modern JavaScript practices

28:21.0

because if you, let's say,

28:24.9

you've built a front-end with something like React

28:27.1

or Vue or whatever, Ember,

28:29.6

you bundle it with a bundler such as Webpack,

28:33.7

this produces a bunch of JavaScript files

28:37.2

you can tell Django

28:39.6

to use the directory

28:42.0

where these files end up

28:43.2

you put it in static files

28:44.9

and then

28:47.5

this is how you can

28:49.1

bridge between Django

28:51.8

and a front-end framework when you're still

28:53.6

building something that looks like a traditional

28:55.8

website where everything

28:57.7

is served from the same URL

28:60.0

and so if you want to

29:01.8

optimize this

29:02.6

you can do a few things like avoiding

29:05.5

double hashing. If Webpack

29:07.5

hashes once and Django hashes a second time

29:09.7

you can also live with it

29:11.5

because honestly it's not a big deal.

29:14.8

But

29:15.3

very often people get

29:17.6

confused about how do I

29:19.1

do modern

29:21.3

JavaScript frontend with Django

29:23.5

and the answer is just do your

29:25.5

frontend and then give the file to

29:27.5

Django and let static files handle the

29:29.5

rest and it

29:31.5

can result in a fairly

29:33.5

simple deployment pipeline.

29:35.5

So now if you want to know all the gory details,

29:39.0

there's a few posts on my blog

29:41.4

where I explain how to do this.

29:43.5

I call it the hybrid app model

29:46.2

because it's hybrid between a traditional Django

29:49.0

plus templates, server-side stuff,

29:51.7

and a modern browser-side application.

29:56.8

Yeah, we're definitely going to link to those.

29:58.4

I think it's three posts that you wrote.

30:00.0

I found those to be excellent.

30:02.4

I mean, obviously excellent,

30:03.3

but Illumina, for me, when I was going through this,

30:05.4

I think, two years ago, because it is a common thing that comes up.

30:08.4

And I recall seeing Jacob Kaplan-Moss give a talk on static files at PyCon 2019,

30:15.9

where he sort of spent a lot of time to think,

30:19.2

is there a much easier story than what we have,

30:21.6

I guess, just for coupling static files?

30:24.0

And his answer was, not so much. Keep it simple.

30:27.5

Well, there's another fairly simple story,

30:29.8

which is the single-page application architecture.

30:33.5

When you deploy on one side a static HTML index

30:39.1

that is just there for booting some JavaScript

30:41.4

that builds the entire application,

30:43.7

on the other side, you deploy an API,

30:46.5

and the only thing you need to get right

30:49.4

is cross-origin requests,

30:55.1

because the API will run on a different domain

30:57.5

from where the HTML is served,

31:00.7

and usually authentication.

31:03.0

So this is also something, when I was doing consulting,

31:07.0

I've repeatedly seen people tying themselves into knots with this,

31:12.3

bringing up JWT into the mix,

31:15.3

which is honestly not necessary for this purpose.

31:18.7

Just authenticate with cookies on the domain of the API,

31:23.3

if we were just fine,

31:24.7

and set up your cross-origin request headers properly.

31:29.3

And in one of these blog posts, you just mentioned the whole story.

31:33.0

uh but again if you think you need jwt to do this you're probably opening yourself to security risks

31:39.3

and you shouldn't we just had david sanders on who wrote the jango simple jwt package which is now

31:47.9

i think the default um jwt package and just for those who want further discussion of jwts

31:54.0

i wanted to ask you about jango sesame which is one of your projects that

31:57.9

uh i find really interesting so this is magic links where url one click login can you talk

32:03.7

about the why you wrote this and how it might be used because i'm i'm probably gonna be using it

32:08.5

for something very soon so when i found this i forget who showed it to me i was like oh my god

32:12.8

it was me oh it's carlton of course it was carlton of course it was carlton a really cool

32:18.8

backstory about this one uh and also some hot news um so um like any uh self-respecting geek

32:27.2

I'm not going to give my

32:29.1

photos to

32:30.7

a proprietary car system because I care

32:33.2

about my photos and I still want to have them around

32:35.3

in 50 years. So I'm storing

32:37.4

them in JPEG in a file system that I can

32:39.4

sync anywhere. So they used

32:41.3

to be synced on my laptop, on a server I owned

32:43.5

and on F3 and now I have decided

32:45.3

that F3 is fairly reliable and so

32:47.2

they're just on my laptop and on F3.

32:49.5

So anyway, I still

32:51.0

like watching my photos on the web and F3

32:53.1

is not a very convenient way to do that

32:55.0

and so I built

32:57.0

a small application that's called Django Gallery

32:59.3

or Mix Gallery because it's just my own

33:01.2

to have an index of the photos of the database

33:05.1

and a few views

33:06.2

to show them by albums

33:08.7

so very basic stuff

33:09.9

and nowhere near as good anything you'd get

33:12.8

on any cloud-based service

33:14.9

but it works

33:16.6

with my directory of photos on S3

33:18.9

and then I got

33:20.9

children and I wanted to show the photos

33:22.7

to my family and so then

33:24.6

a way to access the photos, but I didn't want to put them on the whole internet, obviously,

33:29.7

and so I need to give access to my personal website.

33:33.4

And at some point, giving to your parents a login and a password to watch the photos

33:38.2

on your personal website starts feeling a bit weird, and so I decided I was just going

33:43.2

to send something that they can click and be authenticated with django.contrib.auth

33:50.0

and get access to the photos.

33:52.8

And then there's a super elaborate permission system

33:56.0

in MixedGallery that's so complicated

33:57.7

that I never implemented it fully.

33:59.5

But that's yet another story.

34:02.7

So Django, Sesame,

34:05.0

which used to be called Django URL Oath,

34:08.3

but there was another Django URL Oath,

34:09.9

so I had to change the name,

34:12.3

was created to do this.

34:14.3

It's a niche use case,

34:17.1

but there are many other and much more common use cases

34:22.4

for using tokens.

34:24.1

And so then I generalized the system

34:26.3

to support tokens that could expire,

34:28.7

which didn't matter in the original use case,

34:31.4

to support one-time tokens, that sort of thing.

34:35.7

And the product has a little bit of success.

34:38.9

I love that backstory.

34:40.6

For the hot news,

34:43.2

recently a contributor suggested

34:46.5

a better design for the tokens.

34:50.9

So it's a fairly theoretical argument.

34:54.5

Since I want tokens to be invalidated on password change,

34:58.0

this is a decent way to invalidate tokens,

35:00.9

I'm hashing the hash of the password in the token.

35:05.5

So it's supposed to be secure,

35:07.1

but when you take the hashed password in Django database

35:10.7

and put it into something that will be in URLs,

35:13.6

in emails, in web server logs, virtually everywhere,

35:17.1

it feels a bit shaky.

35:19.9

even if you think you're cryptographically secure.

35:24.7

And so this guy said,

35:25.7

why don't you take just the hash part

35:29.1

and not the salt and the algorithm and everything else?

35:32.2

Then it's more secure

35:33.3

because you have entropy from the salt

35:35.5

in addition to entropy from the password.

35:37.8

So pretty good idea.

35:41.0

But this requires changing the token format

35:43.8

and then supporting two token formats, etc.

35:48.8

So I've been working on this for the last few weeks

35:51.1

I'm going to put out a new release, which will have much shorter tokens,

35:56.8

which will be much more elegant in URL, so this matters to me.

36:00.1

And the trick is that instead of putting the identifier of the user,

36:05.8

so the primary key, a hash of the email and last login date,

36:10.5

and then hashing the whole thing with Django.core.signin,

36:14.0

which produces fairly long tokens, I'm doing a single hash.

36:18.0

I'm putting just the primary key and doing a single hash that encodes all the rest of the functionality I need.

36:24.4

And so the token can be shorter.

36:25.7

Awesome.

36:26.3

Yeah, so I think it's a really tricky thing to spend a bunch of hours trying just to store the tokens for something that makes absolutely no difference in practice.

36:35.8

But they will look better.

36:37.7

I was just thinking, as you were saying, you know, there's a saying that every developer, when they want to write a blog, they end up writing a static site generator from scratch.

36:45.7

And I feel like every developer who has kids wants to have photos that aren't on Instagram or somewhere because I've built a prototype of this.

36:54.2

I think maybe it's like the next level for a developer.

36:56.7

You have kids and you're like, I don't want to put my pictures up on the wide web.

37:01.1

And then I built a simple Django site and I was sharing logins with parents and it's too much.

37:05.9

And I love that you played that out further.

37:09.5

And that's the backstory for this package.

37:11.7

we don't judge people who have children and decide they need to build shelves in their

37:16.6

house or something so we shouldn't judge developers who who think they need to write

37:20.8

their own for the website so we're we're coming a little bit up on time i have a note here to

37:27.5

ask you about django debug toolbar yeah because you were you were you wrote that or you were

37:31.6

you're maintaining it for a while or did you like what's the backstory there because it's

37:35.9

one of the major pieces of infrastructure i i still think i picked it up uh at a time where

37:41.4

it was in need of some maintenance um i modernized it a bit uh probably deprecated some some stuff

37:49.4

that uh that felt difficult to maintain so i don't remember if this started uh because i had

37:56.2

made changes in django that would break the toolbar it's possible that i started when i did

38:00.8

the template stuff and

38:02.4

the toolbar which uses a lot of internal

38:04.7

Django APIs

38:05.6

needed to be updated to account for it

38:09.0

then I

38:10.5

didn't do it for

38:11.7

very long because it's fairly

38:14.6

stable and I think other people

38:16.8

picked up the flag so it was a

38:18.5

temporary thing. Yes, it's part

38:20.8

of the jazz band thing now

38:22.6

the jazz band group. You have

38:24.9

the Python WebSockets

38:26.6

repo

38:28.1

So what's the backstory on all that?

38:31.5

The backstory is that I was working at a company

38:38.7

where we had a project to deploy batteries,

38:44.8

like big batteries to power homes or cars or that sort of thing,

38:49.4

in Africa, and we'd need to manage them.

38:54.0

And we wanted a protocol that was fairly easy to use from, let's say, modern software.

39:01.2

So like sending ROTC packets or UDP packets felt a bit low level.

39:07.3

And we thought that WebSockets would be convenient to manage centrally

39:13.4

and could be deployed in any small Linux board that could be next to the batteries

39:21.1

and connected to the battery management system.

39:23.8

and be used for supervision.

39:27.2

So when I started this, actually, I was about to leave the company,

39:31.9

so it was one of the last choices I made,

39:34.4

and I started building WebSockets for this purpose,

39:37.3

also because AsyncIO was brand new,

39:39.9

so it was still called Tulip at the time,

39:42.5

and I wanted to learn it,

39:45.2

and so WebSockets was a way to learn AsyncIO.

39:49.6

Also, since the name was available on PyPy,

39:51.9

I think it was a good time to grab it,

39:53.8

basically name squatting

39:57.7

I'm going to have this name, I need a library

39:59.7

so that was a bit

40:01.8

boldy but I still think WebSockets is a pretty good

40:03.8

library for doing WebSockets in Python

40:05.6

I think

40:07.5

it is

40:09.4

very correct

40:11.7

perhaps not always

40:13.8

super convenient

40:14.6

but at least it doesn't do

40:17.7

weird stuff

40:18.2

it's also very robust

40:21.3

for instance at some point the Python community

40:23.8

discovered that you

40:25.8

had to handle back pressure in AsyncIO

40:28.0

if you didn't want your buffers to grow forever

40:30.1

and

40:30.9

Nathaniel Smith I think wrote

40:34.0

over the past explaining all this

40:35.5

and it turned out that WebSockets was the only

40:37.9

library that did this well so it included

40:39.8

correction in the article. So that was my

40:41.8

moment of pride with WebSocket.

40:43.5

I got at least one thing right with AsyncIO.

40:47.3

So anyway

40:47.9

WebSocket grew with AsyncIO

40:50.2

it has suffered a bit from the

40:51.9

churn in API since AsyncIO

40:54.2

as AsyncIO matured.

40:56.5

And now, well,

40:58.6

it does one thing well.

40:59.9

It gives you a basis for building

41:01.5

servers or clients in Python.

41:06.6

I've been working

41:07.7

on and off since one year

41:09.8

to move it to

41:11.7

a Sanrio model.

41:14.4

So Sanrio was

41:15.8

very fashionable two or three years ago.

41:17.8

I don't know if it's a long-term trend.

41:20.7

While working on this, I have discovered that if you want to do some IOs,

41:24.3

so you have the core part of the protocol that implements everything except reading and writing bytes,

41:31.6

and you do it on both ends, you end up re-implementing a lot of things inside.

41:36.4

For instance, you need something like a stream reader.

41:40.2

Bytes get written to this, and then you can ask for read and bytes, or read until the end of line.

41:47.0

And when you use AsyncIO, sure, you are coupled to the I.O.,

41:50.5

but at least AsyncIO gives you a stream reader for free.

41:54.6

Then you start thinking about the writer,

41:57.6

and so you start reasoning about how you are going to write the bytes

42:00.9

to the network eventually.

42:02.9

And so the more I've been working with Song.io,

42:06.3

the more doubts I've had about if it was a good thing.

42:12.8

And so I have a brand that is in the middle of nowhere.

42:15.0

So, perhaps there will be a Sanrio version of WebSockets in a few years.

42:19.2

Perhaps not.

42:20.1

But it's a good learning exercise either way, no?

42:22.8

It is.

42:24.3

The actual reason for doing that is that Tom Christie was working on HTTPX.

42:34.4

And there were discussions about having WebSockets supported there.

42:38.0

So, it could have been done with WebSockets as a core Sanrio thing.

42:43.0

Also, there is Sanic, which is depending on WebSockets,

42:46.8

but the integration is a bit shaky

42:48.4

because I never designed WebSockets for this,

42:50.4

for being integrated into another server.

42:52.5

So it would be much cleaner if I did this.

42:54.9

So now it's really a matter of whether I find time

42:58.1

and interest to go forward with this.

43:00.1

Yeah. Okay, interesting.

43:02.3

So the one thing I wanted,

43:04.5

the other project of yours, which I like a lot,

43:06.7

it's called Django Sequences,

43:07.9

which enables you to, from potentially multiple requests,

43:14.3

guarantee that you're going to get an ordered sequence of identifiers,

43:19.4

which you might use.

43:21.3

The reason I use it is for invoice generation,

43:23.6

if you need sequential invoice numbers.

43:25.7

But perhaps tell us a little bit about that.

43:27.8

That's why it exists.

43:30.0

So you remember I talked earlier about Autolib, the car sharing service,

43:34.3

and then one day

43:35.7

our accounting

43:36.9

which we had written

43:37.9

in the system

43:38.7

gets an audit

43:40.0

and the auditors

43:41.3

come back saying

43:42.1

it's one of the best

43:43.2

homegrown accountings

43:44.2

they've ever seen

43:45.0

because the error level

43:46.1

is

43:46.5

I don't know

43:47.8

it was 0 point something

43:48.8

percent but good enough

43:49.8

but we have gaps

43:52.1

in the invoices

43:52.8

and this is bad

43:54.2

and because

43:54.9

no one told us

43:56.6

you were not allowed

43:57.2

to have gaps

43:57.8

in the sequence

43:58.9

of invoices

43:60.0

and we had them

44:01.3

because of transaction

44:02.0

rollbacks

44:02.5

because we

44:03.0

well we we discovered that when you have a transaction rollback in postgres it can swallow

44:07.8

a number in the sequence of primary keys so general sequences wow fair enough but i mean

44:16.5

it's the sort of thing everyone learns one day i mean you don't know that invoice numbers have

44:20.3

to be sequential but someone tells you you messed up yeah uh so i think we're pretty much out of

44:26.2

time uh is there anything any other projects you're working on or or work things you want

44:31.1

to mention before we go um well right now i'm trying to uh to give uh some maintenance to

44:38.9

most of my patent projects and um well in fact there's a good chance uh that i uh write open

44:45.0

source in other technologies as i'm about to to take a new job which is very good except there's

44:50.0

no django in there uh it's a rails amber and go uh all of which are good technologies i think

44:56.0

uh but uh well probably i'll be writing more ruby and and go and javascript going forward than

45:03.5

python uh perhaps a bit of python for data for data anyway uh since it's going strong there

45:09.8

but well we will see well i suspect you'll find your way back to django one way or another

45:16.3

professionally and the lessons you've learned from those communities will will cycle back so

45:20.5

sure well i'm also looking forward to appreciating uh rails uh more uh i've wrote some ruby on rails

45:28.8

very long ago um i think uh 12 years ago roughly uh and back then uh i decided that django was

45:36.3

probably better uh now with a decade of experience uh i will probably have a different judgment

45:43.1

uh probably more measured uh and there's something something that the rails world gets right and in

45:50.7

the jenga world we've been missing and so i'm really looking forward uh to uh well uh seeing

45:57.7

what i what i can bring across from one ecosystem to the other thing i really like about rails is

46:02.4

the controller gives it just gets you like it's like generic views but it gets you there that

46:07.7

much quicker and you know there's a little bit less it's like you're out the gate slightly

46:14.0

faster with rails that's what i i really like about it and then you know as you get deeper in

46:18.1

it's the you know you can do whatever in either but i i think that's something that we could

46:24.2

try to emulate more in django is that you know i've got i've got a model that's all fine and

46:29.6

then how do i get you know the form view in place really quickly and they do things like the ajax

46:34.7

forms which will you know nice and then the turbo links is built in and it's you know maybe we don't

46:40.9

have to copy any of that but it's that's what i like when i'm using it i think yeah this is good

46:44.9

yes there are some differences in things raised laws and we wouldn't do them in django it's it's

46:50.4

also nice if each framework has its preferences uh that cater to the taste of different people

46:56.6

uh well generally uh python and django has been much more boring uh which i enjoy a lot uh but

47:05.8

again 10 years have passed so perhaps raisins become boring as well uh that's really good

47:09.9

yeah if you if you read hacker news it's definitely boring like django and rails they're

47:13.8

always in the you know people are rediscovering they're like yeah i thought this wasn't anything

47:17.9

but wow compared to this javascript thing django's rails are pretty good that sounds like

47:23.2

yeah yeah well thank you so much for taking the time to come on i mean from the beginning

47:28.7

you've been one of the people i really wanted to have on and and talk to you i've never i've

47:32.9

never spoken to you before but i know you know your reputation is so huge in the community so

47:37.2

um thank you for thank you for doing that and thank you for coming on to talk about it

47:41.2

well thank you for having me on the broadcast talk to you soon yeah super thanks all right be well

47:46.6

bye