Transcript: JWTs and AI - David Sanders

00:00.0

Hello and welcome to another episode of Django Chat, a weekly podcast on the Django Web Framework.

00:10.0

I'm Will Vincent, joined by Carlton Gibson. Hi, Carlton.

00:13.0

Hello, Will.

00:14.3

And this week we are joined by David Sanders. Hi, David.

00:17.2

Hey. Hey, guys. Thanks for having me.

00:18.8

Hello, David. Thanks for coming on.

00:20.5

So you maintain the current JWT package, which is almost mandatory for use with Django REST

00:27.5

framework. So we want to ask you about that and all your other work. But first, what's your

00:32.2

backstory? How'd you get into programming and specifically Python Django? Let's see. Yeah,

00:38.0

I was trying to think about how I would come about this question as I was showering in the morning.

00:45.6

Let's see. I think I probably got into programming for similar reasons to a lot of other sort of

00:54.5

nerdy kids growing up in the 90s um and you know i was like i like video games and things like that

01:01.1

and uh but yeah it also just so happened that i went to a high school which had some

01:08.2

classes for that which i think was not super common in the 90s um i mean i mean i grew up

01:15.1

in the 90s and there was zero programming classes even in a college town right right i mean so it's

01:20.4

pretty early on and so you know this is when computers were just starting to become sort of

01:27.0

household fixtures and uh and the internet was we had email we had email i remember in my high

01:34.2

school we were very proud of that like yeah right late 90s but it sort of stopped at email

01:39.0

no programming classes that's good that gives you an idea that's like a good litmus litmus test for

01:44.3

what we're talking about here because email had just showed up and and it's uh you know to the

01:49.6

average person and it's probably most early form and yeah i remember my middle school actually had

01:57.1

email or like it allowed you to sign up for a unix account and this was in like 93 or something

02:04.6

and that was in boulder by the way where i'm living now yeah well well there there's probably

02:08.4

some similarities because i'm from basically dartmouth um and so dartmouth had its own

02:12.6

homegrown email system way back in the day yeah and i think the high school system yeah they and

02:19.0

then the and they you know created the term ai at some conference in the 50s um but they the

02:24.6

high school's email system was based on dartmouth which was called blitz i believe so i think you

02:30.9

could you know you could aol you could like you know cds were flying around you could connect

02:34.2

that way but to have uh you know high school run email system in the mid 90s was unusual but

02:42.4

probably not atypical for high schools in you know university towns where you had that was some

02:46.9

degree of knowledge that was it because um i remember boulder valley school district had a

02:53.0

had this unix server which um you know at the time i was just like okay so we have that but i guess

02:59.5

later i found out that the server was actually at cu or the university of colorado at boulder

03:04.6

so it was actually located there and i assume it was part of you know uh the technology departments

03:11.5

or the engineering school or something so yeah so so that was lucky and i think that was a big

03:17.7

reason why they were programming classes and why um why i was able to you know pursue that interest

03:26.3

um early on that's interesting as well that you had unix available because when i was you know

03:33.4

i was in the 90s it was for me it was all windows and you know that was great and it was all fun but

03:37.8

i didn't discover unix till i got to university 97 i was like what's this how do i how do i do

03:44.1

anything here yeah right and i didn't actually i started on a macintosh machine and this is like

03:50.2

way before oh wow we're like even really a thing i mean they were but they were definitely kind of

03:56.0

less common well i did i mean i did too if i think back because like in the in the 80s mac

04:01.5

or apple made a big push to get in school systems so the old what mac twos that was what we had

04:07.3

actually that's true i remember that yeah so they they were like you know they were in all the

04:11.5

schools and then they went away and then they came back as being super high price but for a while it

04:16.3

was i mean because i remember my middle school we had a computer class where you learned how to type

04:20.3

and someone uh told me if if you just took the test in the beginning that was an option so i

04:26.1

did that so i remember just playing oregon trail and like manhole for a semester which was pretty

04:31.4

fun yeah that's a good point because i do remember that i always saw max in schools and you know um

04:39.8

and we didn't have an apple 2e we had a macintosh so we actually had a color monitor which was like

04:45.8

13 inches or something um yeah well well i was remembered of remembering sort of that time

04:51.4

because i just um the game missed i played yeah i played around that and yeah yeah and i it was

04:58.5

middle school for me so 93 94 yeah that was me too yeah yeah sorry carlton um no no no i'm loving

05:06.3

it i'm just thinking old man talk about computing yeah no but i was gonna say that early days of

05:11.1

technology is really fond memories yeah well that game was is so good and then you you can get on

05:15.9

the ipad now and since i've been quarantined with a bunch of kids and i've totally forgot the game

05:20.9

so i've been so i downloaded it and i've been playing and it's still so good and then my

05:25.9

year old daughter i was feeling kind of good that i remembered a couple things but it's yeah think

05:30.1

about it she's just like touching stuff she zipped through like more than i did she was like three

05:34.5

times as good as i am yeah so it's sort of humbling this is such an interesting like uh road marker

05:41.4

because i remember the time it came out it just blew my mind how amazing it looked and of course

05:47.8

it was just pre-rendered videos essentially and and it was yeah it was basically written in

05:53.1

powerpoint you know that it was this thing called a hypercard um and so you know if powerpoint had

05:59.2

a scripting language which maybe it does but i don't think that's really a selling point of it

06:03.9

that's that's how you could orient yourself in this conversation like this video game was like

06:09.5

very popular and was written in powerpoint essentially and just embedded videos and

06:14.7

powerpoint slides um well the update is um it's pretty fun on the ipad because they've they've

06:21.3

redone it so you can it's not you can sort of move around a little bit make it 3d and the graphics

06:26.4

are slightly improved but sorry last thing on this because i've been um so there's another

06:30.6

game riven which came after yeah in high school 97 98 yeah and i haven't gotten that yet on the

06:37.3

ipad but i'm going to but i remember playing that there's like four discs on it and you have to go

06:41.5

between worlds and so every time i had to move i had to like swap discs and besides the fact it

06:47.3

was like way harder and i had to cheat to finish it i remember just endlessly swapping discs which

06:52.6

was super frustrating so i'm excited to not have to do that on the ipad coming up soon yeah anyways

06:58.6

total tangent sorry yeah no that's that's great though i i mean this this is in a way kind of the

07:04.2

story of how i got into programming like i just loved things like this when i was a kid probably

07:10.0

a little bit before a lot of other people took interest in these kind of things and um and then

07:15.3

I was lucky enough to have access to educational resources. And, and so it just kind of went from

07:21.1

there. And in school, I sort of did engineering. I kind of didn't, I was kind of half did it.

07:28.0

Um, but then of course, uh, yeah, sorry. Yeah. And university and college. And, um,

07:34.9

but then eventually, of course I ended up doing it for a living either way. So,

07:38.6

yeah when did python factor in right when did you just get into the python world yeah so let's see

07:49.3

um so i basically ended up getting a music degree uh that's my formal education so that's kind of an

07:59.4

interesting tidbit about me which is something i choose it now now i've decided to broadcast that

08:05.7

to the world it seems so um it's not something well musicians make musicians make some of the

08:12.1

best programmers i mean where i am in in boston there's this berkeley school of music and a lot

08:16.2

of those a lot of the best programmers in boston are former berkeley musicians who you know it's hard

08:21.8

to make a living but they are very used to dedicated practice yeah right right and so

08:27.4

it translates extraordinarily well to programming yeah maybe there's a sort of kind of abstract

08:33.1

ability to go deep on things somehow that becomes useful um anyway so let's see uh

08:41.0

where was i going with this i feel like we're going so you studied music in school

08:45.7

yeah oh right right and so so then i can't i was coming out of that degree i just decided to um

08:53.0

you know just get back into technology for obvious reasons because it's it's hard to make it as a

08:59.5

musician um and so some of the first jobs i was finding at the time were like php sort of web app

09:06.9

type stuff um and that was how i kind of reintroduced myself into the tech world and i

09:14.0

had had even a few sort of software jobs before finishing school um but that was sort of a

09:20.8

different era of software and so yeah as i sort of got back into the tech world i think that was

09:28.5

like 2008 or nine it was like right about when smartphones had happened and um you know social

09:37.8

media was starting to kick off a second sort of dot-com boom essentially and so there were lots

09:42.6

of kind of uh web app type there was a lot of web app work available so getting into php and that

09:50.5

transitioned into my next job uh doing python and django and it was all in the vein of like web

09:56.4

application work um and yeah so i that was when i joined a company called fusion box in denver

10:04.0

which i believe is still around um and they were a python shop and they had a number of really

10:11.1

talented python developers doing django development and that was where i got into it and that i think

10:18.1

that was about 2011 or so that's still relatively i mean early ish for django um yeah what would you

10:25.8

say carlton i mean i know it's been out for a while but it wasn't that's popular that's a sort

10:30.9

of similar time um that i found it and in similar sort of reasons you know um 2006 doing php mysql

10:41.0

and then i know 2007 to that found found python and you know i i went to a web conference uh a

10:47.9

tech conference called future web apps and everyone's talking about django django django

10:51.0

this thing that's been released now in home typed in it's like the web framework for perfectionists

10:55.1

with a deadline right that's me yeah you know it wasn't just django it was python as well and it

10:59.9

was like ah brilliant so and then yeah writing writing web apps along with mobile apps and that

11:06.0

kind of same time exactly that same sort of timeline same time zone so about around the

11:11.9

django 1.0 1.1 versions that kind of thing yeah so that was right that was around that was in the 1.0

11:18.7

days and i can't remember what version i it was like 1.3 or something i think when i started

11:25.1

working on it anyway yeah that was how i got started well that's very early days i mean for

11:32.8

me i didn't really start programming till 2013 and then i was i was in san francisco at startups and

11:38.5

it was like rails or django and right i think django was the less popular choice and i'm sort

11:43.6

of a right um iconic uh what's the word not iconoclast um what's the word carlton johnny

11:51.1

come lately no no anyways i was like i'm not gonna do the popular thing um and i like the

11:57.6

look of python so i jumped on yeah um but it wasn't what was the popular thing then react

12:02.2

yeah i mean the company the company i was at was um php um yeah and then and everything was

12:12.7

rails i mean we were right we were right next to twitter square stripe um so yeah it was all rails

12:19.6

boot camps had just started and nobody was really doing um python or django right so i'm remembering

12:25.6

the react of the day was this thing called boost uh what was it um ember no it was it was a thing

12:34.2

by written by jeremy ashkenaz he was the guy who did oh yeah yeah yeah back back back bone

12:40.2

yeah so that was like an early form of like um javascript's uh spa framework you know

12:49.0

what had all the great helper functions that kind of made their way into javascript itself

12:55.2

yeah and did i say his name correctly jeremy ashkenaz it's been so long since i think i think

13:00.6

so right because he's he's done a whole bunch of stuff too he's done some other i'm sure he's

13:04.6

gotten involved in a lot of other cool stuff yeah seemed like a very prolific technologist so

13:09.6

yeah those people so well so how did you um so do you i mean i guess it was a while back but do you

13:17.9

recall i want to get to um your jwt package like did you start working on apis with django was it

13:24.2

server side like what was the progression if you recall yeah so i think that was the reason um

13:30.0

because right when i first started using django i was doing a lot of uh what would you call it

13:38.8

um traditional sort of server-side rendered web apps and of course eventually the industry

13:47.8

transitioned more towards just apis interacting with uh you know front-end clients essentially

13:54.4

written in javascript and so the eventually i went to work for one of our clients when i worked at

14:01.9

fusion box which is specialized bicycles which is kind of a funny like you know place to find

14:08.3

yourself as a software developer some might guess um because you know specialized obviously and i'm

14:15.3

talking about the you know if you know bicycle brands it's the specialized you're thinking of

14:20.0

uh in the united states there's a kind of a bike brand that's that's kind of on the same

14:25.7

tier as tech or trek rather um and yeah that's specialized so they had a number of kind of uh

14:33.5

data collection services essentially that they needed to be written in-house um and that's what

14:40.0

i was working on when i was there and those were supporting all these kind of like um they were

14:46.8

doing a lot of like body metric collection with like these little digital measurement devices

14:53.4

they were making and and so i was writing the apis that would receive data from those devices

14:59.7

and so this is like pre-strava was it gps or was it like power do they have like power um meters on

15:06.8

the um drivetrain um oh yeah so there was things like that um and actually it was really around

15:12.9

the same time as Strava. But our stuff was more just kind of like data collection. And so we had

15:19.2

a few devices that we made to sort of give to people who were running specialized shops. And

15:25.6

they could use it to like measure people's bodies to like suggest products to them and things like

15:30.0

that. So anyway, yeah, so I was running a lot of APIs. And we, like I said, this specialized had

15:39.2

been a client of fusion box and um and so they had already been contracting with us to have some

15:48.3

developer some django uh apps that we were writing and so we had we had a few more kind of like um

15:56.7

traditional apps that were server-side rendered and then we were starting to do some kind of

16:01.6

javascript front-endy stuff with them and so it was kind of a natural transition to just continue

16:06.5

using django and um yeah so was that django rest framework or is that tasty pie what was the time

16:13.8

frame uh it was rest framework because it was it was pretty early yeah right so it's fairly

16:19.6

for rest framework um i mean and i i'm not maybe tom would correct us but it seemed early again

16:27.1

from my perspective well look give give give you an idea the rest framework version 3 kickstarter

16:33.3

was in 2014 so there must have been 2000 i was using rest framework okay it's already on version

16:40.0

one version two in like 2011 2012 something like that yeah and it was kind of competing with tasty

16:47.3

pie and i do remember that it was it seemed a little more newish and maybe sort of unproven

16:52.8

again tom might correct us but uh um but it did seem like i just sort of i got the impression that

17:01.2

that it just seemed a little more kind of clearly organized and things like that and

17:06.4

um and so i just we just made a call to use rest framework for the stuff we needed that kind of

17:14.7

thing for and then i just continued to use it you know at jobs after that so um or sorry we as in

17:23.0

fusion box guys decided to use rest framework so so yeah we were using that for our specialized work

17:29.9

and eventually we just needed a way to sort of do

17:33.9

sort of single sign-on-y, like mobile client off stuff.

17:41.7

And JWTs were, again, from my point of view,

17:45.4

seeming kind of like they were just showing up

17:47.6

or just starting to be used.

17:50.3

And this was probably, this was like, I don't know,

17:53.4

2013 or 14, around that time.

17:57.8

Maybe a little later, 16 or 17.

17:59.9

so did you yeah i wanted to ask so you you created um like the default right now simple jwt but um

18:07.6

jose padilla had a really popular package back then i assume there was i mean his was still

18:12.7

you know more maintained um so do you recall you know why why create a a new one yeah and i was

18:19.9

trying to think about my reasons for this too as far as i remember so i was looking around for like

18:25.6

what was available to use,

18:31.0

and of course I ran across Jose's package.

18:34.6

And I remember thinking that it seemed possible

18:37.5

that it was maybe starting to be maintained less often.

18:41.6

That was the general pulse I got on it

18:43.4

when I was looking into it at the time.

18:45.8

And so I started poking around under the hood with the package

18:48.9

and it seemed to me like there were really just a few classes

18:52.0

he had written which were really kind of driving the package.

19:00.7

And I kind of thought, well, this stuff is,

19:04.9

there's just a little bit here

19:06.2

And so I think I will just take what I need from this and start to just make something.

19:14.2

It was almost like just sort of an academic exercise, too.

19:17.1

I was kind of like, how would I just sort of factor out the essential core of this and make my own version of it and do it in as few lines of code as possible?

19:25.9

And so I started doing that and it just kind of came together pretty quickly.

19:32.8

and so i just decided to go with my own sort of version of it um and of course eventually i got

19:39.3

in touch with him and i sort of let him know that i had done this and he was very encouraging because

19:44.4

he was i think at the time already starting to feel like it was sort of the package was going

19:50.1

into disrepair a little bit and that it was maybe useful for someone to come along and

19:54.7

just sort of take up the reins or kind of reinvent it or something like that and so

20:01.5

it seemed like the timing was good there because yeah i just i i had a need for that kind of thing

20:07.9

i happened to notice that it seemed like maybe there there could be another sort of a reworking

20:12.9

of it um so yeah that's how that's how that happened and yeah so we just started and now

20:20.3

you find yourself in the same position yeah so it's really funny because like i i did it just

20:26.1

because i i just had a habit of i think i had developed a habit in my career of poking around

20:33.8

under the hood of things and just seeing is is there just some like central core to how this

20:39.6

works that i could just some simple concept i could use and um and so i just happened to do

20:49.1

that with jose's thing and i also am just kind of a perfectionist somewhat and so i just thought

20:55.7

well if i were to make this something that people wanted to use then i might as well just kind of

21:00.8

like try to do it cleanly and sort of pretend like i'm making an open source package here that

21:06.3

people might want to use and yeah was it your first was it your first interesting open source

21:12.8

package that you've done for django anyways i mean definitely the first one that took off like

21:18.6

i had done a few little sort of things that were on my github there was sort of like a smorgasbord

21:24.3

of just sort of like half-baked things in my github account um but then i think i think the

21:32.9

real critical like difference was that yeah it was just a time in my career where i just

21:38.2

i just had enough experience to know how to put something together that's reasonably coherent

21:43.3

and i also had i happen to have enough time and a reason to do it and um i also yeah but not too

21:51.0

much experience to hesitate to do it right right yeah I didn't know what I was getting into and so

21:56.8

and I also reached out to Jose and and also Tom Christie because I had sort of borrowed components

22:03.5

of their project to make this thing and there were enough differences that it didn't feel like

22:09.2

just a fork that I could just or like a something I could make a PR for and so I felt obligated to

22:16.3

sort of notify them that i had done this and uh or in particular jose and i was he was very

22:23.6

receptive and positive about it and then also i reached out to tom and i said okay i think in like

22:30.0

i don't know whatever chat channel is linked from the rest framework website and i told him

22:36.0

that i had done this thing and uh i wondered if he wouldn't mind adding a link in the rest

22:41.6

framework documentation to it and that was i think when it really kind of took off and the

22:47.2

the star account started just like exponentiating on github you know so if you linked from the docs

22:55.8

and then you know people are looking for it and you know i think it became clear after a while

23:01.7

that jose wasn't able to maintain um drf jwt and then you came along with the you know the perfect

23:10.2

replacement and it's like yeah that's super yeah and really my goal actually i think a particular

23:16.1

goal i had when i was making it was like i said as few lines of code as possible as transparently

23:23.1

implemented as possible so that if anybody came along was like oh this doesn't do what i want or

23:29.2

this has some issue or whatever then it shouldn't be hard for them to just like modify it to do what

23:35.4

they want and create their own port and that was a big goal for me so i was striving for that but

23:40.4

that makes it more maintainable as well because you're able to say to people hey look that's out

23:44.0

of scope for what i want to do but you know you could quite easily implement it like this off you

23:47.9

go and yeah yeah right right i'll link to the the notes in um django con 2018 i did a talk on auth

23:54.9

with django s framework and um actually where i met carlton and i remember asking jose i was like

24:01.2

hey, I'm doing this talk. Is your package still active? I've been using yours, but there's this

24:08.3

simple JWT one. And he was like, oh, no, no, no, no, use the other one, use yours.

24:13.7

Oh, wow, interesting. It's so funny. Man, there must be like a sort of constellation of

24:19.2

activity in the community I'm just completely unaware of, because I don't really make the

24:23.5

rounds at conferences very much. Well, that was my first one. I mean,

24:30.5

this podcast came out about because going to one I was like oh there's people talking about Django

24:35.5

like I never get that my normal life so I wanted to share it um but he was very I mean we had Jose

24:42.5

on the podcast too there's a past episode but um yeah he was anyways just he was very much like oh

24:47.9

yeah like I use use David's so so I did so it's in there yeah well actually so another thing that

24:56.1

happened which i became aware of is that it seems somebody did a because i i can see sort of like

25:01.8

analytics for where activity comes from or like where people how people get to my github page

25:09.0

for the project um and there was a fair number of links that came from like a screencast somebody

25:15.5

did where they were like this is how you do jwt with django like use this package oh

25:22.4

and I wonder I wonder which one that was it was I yeah I'm not sure if it was like a particularly

25:30.0

well-known screencaster but um but it definitely seemed like there were some clicks coming from

25:35.6

there so well well I mean YouTube has crazy numbers for online tutorials things and I've

25:42.0

learned in particular that anything Django rest framework for tutorials or for Django con talks

25:47.7

um there aren't many of them uh so they they get a lot of clicks uh like for example that talk from

25:56.5

2018 is the has the most views of any talk from 2018 so i think part of me i was like thinking

26:05.8

like well i did a good job but then i did a different talk in 2019 and i'm just like bottom

26:10.6

of the barrel and the top talk is another one on jenga rest framework so it's it's very much like

26:15.6

yeah people just want to learn about that uh because i think also django knots a lot of them

26:22.4

don't know django rest framework or they don't like i i have a book on it and i kind of thought

26:26.9

that'd be my most popular book actually and it's by far my least popular book because and i think

26:33.2

it's because professional django developers basically only write back-end apis if you're

26:37.8

at an agency or a reasonably sized company but i think when you're learning or if you want to do

26:43.1

a smaller project generally you're just in the server side world because it's too much to do

26:47.9

django plus you know whatever shots for framework of the week so so i've found that interest i've

26:54.5

tried to communicate that and i think i'm still not quite getting that across to people they just

26:59.3

don't if they're learning on their own they just don't understand why they would really use django

27:04.5

rest framework um or they don't have teammates to do it so anyways side note i i yeah i so i so

27:11.9

actually so i initially was like jenga for beginners jenga for apis and then this prose

27:16.5

book and it just turns out that apis is actually like the last one people read and it's really only

27:22.7

in the context of once they get their first team job that they do it because i mean because writing

27:28.3

an api is like what's the point for yourself unless and then and then you gotta go learn

27:33.5

javascript and yeah that's a lot for people i think you were hinting at it's probably a big

27:38.7

ask to really sort of expect that somebody just getting into that stuff would be able to

27:44.3

learn all the ins and outs and quirks of javascript and whatever you need to sort of

27:50.0

get up and running with um you know with that kind of stuff and uh and do that in addition to

27:57.5

learning about python and you know server site development and all that kind of thing so yeah

28:02.7

right well and specifically authentication i found you know once once i internalized what a

28:08.1

serializer does authentication is the part where and i think this is still the case from um from

28:13.6

people who contact me that's the part where people go what because you know you don't really

28:18.3

have to understand sessions and session um authentication with django it just kind of works

28:24.0

but then the official docs i think still list four there's four built-in options and then there's

28:29.2

just like a dozen third-party packages and i i don't think it's that much clearer to people

28:36.0

kind of what best to do i mean i think there is a sense of jwts are a good idea but then even

28:43.0

there's multiple ways to do it um so that's the confusion point for people once they get past

28:48.3

serializers is like i didn't know auth could be so hard yeah so maybe make the make maybe make

28:54.0

the case for so why use a jwt or how do you think about that do you um how do you think about that

29:00.0

clearly you wrote the package so you use them but if someone came to you and either cases where you

29:05.9

wouldn't or you wouldn't recommend using it so i remember when i was first considering using them

29:12.9

i think i basically had two needs for them uh like i said we were talking about doing single sign-on

29:21.4

and so i think i was finding information about jwts um because there's this idea that you could

29:33.9

just have the same verifying key across different services and so you only really need to sign on

29:40.2

with the service that has the signing key and so they can sort of function as a single sign-on

29:46.3

system in that way but the other need i had was that uh that we were gonna write an api for a

29:56.3

mobile client and i think we were working with some contractors from a different agency to do

30:01.9

this and those guys were just comfortable using jwts because i think they had gained enough of a

30:07.9

footing in that sort of area of tech that they were already being used for that kind of thing

30:13.2

so yeah so i think those were a couple of reasons i started to use them um i mean as far as like

30:20.0

i still think it's interesting how you can just sort of avoid database hits um to authenticate

30:27.0

requests and that's kind of like uh one of the attractive things about jwts you know because

30:33.7

like you don't have to go query the database to find a session record like you can just verify

30:39.1

the signature and that's all you need and that's like a that's a relatively inexpensive operation

30:45.7

compared with a trip to and from the database um so if you're really trying to go after

30:50.9

performance in the service, then I feel that that could be a consideration.

30:57.8

And I feel like I've tried to sort of emphasize that with that package. I mean, I feel like there

31:04.7

are other ways that that tends to get broken. Like if you want to implement blacklists,

31:10.5

you know, token blacklists and things like that, then you just kind of have to do a database

31:14.6

query anyway. And so you've kind of thrown that out the window. Or I don't know, I mean,

31:19.6

maybe there are ways you could optimize that but you know but yeah you if it performance were an

31:24.2

issue you'd put a caching layer in and blah blah blah and all those kind of right yeah you can you

31:28.9

can cache things and be smart about it but um but you still have to sort of open up a socket to your

31:34.2

caching server and yeah you can't just do it completely within the the confines of the uh

31:41.3

gunicorn process or something you know like you have to do some io in order to serve that request

31:47.4

um but i guess you're doing that already anyway you're doing io with the uh the web server anyway

31:55.0

you know what i'm saying like yeah there there are some considerations along those lines um

31:59.9

and so i've tried to sort of remind people of that because a lot of people come

32:04.3

in the issues of the jwt um package and they're like well why don't you just do blacklist by

32:12.2

default or this or that and kind of like well yeah like ideally you wouldn't have to do that

32:17.8

kind of thing if you don't want to and um yeah so that's one of the things i kind of harp on

32:23.4

in the issues section um as far as reasons not to use it i mean i think in general when you're

32:30.5

trying to make any decision about some technology to use it's just good to understand a little bit

32:36.4

about how it works internally and so in this case you know understand a bit about digital signing

32:43.1

and why you can authenticate a request without hitting a database just by checking the validity

32:48.7

of a signature and so when you understand a few of those basic bullet points about something you're

32:53.6

trying to use then you know exactly why you would use it you know and if you if your you know use

33:00.6

case doesn't match those criteria then just don't use it you know just use oauth or use just

33:06.2

database sessions or you know in other words don't use it just because it's cool and new and shiny

33:12.4

right so yeah i think the reason most people got into it particularly at that time i'm sure there

33:19.9

are other token-based systems available now but back in the you know a few years ago in the mobile

33:25.2

the mobile boom it was like i need a token-based system that's because it's much easier than trying

33:29.8

to get a cookie which i can then send along you know to try and do session auth with a mobile

33:34.1

you know from ios yeah you can do it but you're jumping through hoops whereas if you can just get

33:38.3

a token and attach it to the request bam i'm in the business multiple mobile clients multiple

33:42.8

platforms ah this is yeah this is exactly what we need brilliant yeah that's i think that's where

33:47.3

most people arrived at jay that's how people think of it although i to be a little bit of a stickler

33:54.1

in a in a funny way a cookie is a token you know like yeah well it's a random number which you use

33:59.8

to look up a session so so yeah i don't know it's but i don't want to be a jerk and like try it yeah

34:06.4

you know no no you should be i mean we're all opinions matter um i was going to say so a reader

34:12.5

was recently trying to correct me saying in my book i say well if you have a token you could

34:18.2

store it traditionally in local storage or in cookies and he was making the point of i think

34:23.2

he saw um oh what's his name's um there's um who had that there's a long piece on why local storage

34:32.9

is evil by i'm blanking on it anyways i'm curious on on thoughts around security for where one

34:41.6

should store a cookie or a token because that often comes up in the context of like don't you

34:46.4

know don't use local storage or don't use a cookie it's insecure and i see there's actually there was

34:50.2

a reddit thread on this just very recently and um there's a lot of misinformation out there so i'm

34:55.6

curious uh what both of you think about what advice you would give around storing it carlton

35:01.9

you're a former maintainer you're a django fellow you know i'm just a writer so yeah

35:07.9

you're familiar with this you're familiar with this with this um well i could say debate i think

35:16.3

really i mean you know for sure yeah actually there's been this sort of open pr it's just i

35:22.7

feel ashamed to even mention it there's been a pr open i forever and i have not merged it in

35:29.0

it's just been one of these things where it's like just big enough that it's just too much

35:33.1

work for me to look at it and i never have enough time to do it um yeah and it's this pr to do http

35:39.7

only cookies and to have that be where the JWT is stored and I mean I think I understand the

35:50.8

reasoning behind that because you know that's out of the reach of JavaScript so if you if your site

35:58.2

has been XSSed somehow then you're okay as far as that goes or at least that's my understanding

36:06.4

of it so i i mean i guess that's the trade-off for me like local storage you know javascript

36:11.4

has access to it and if somehow somehow if someone somehow manages to inject javascript

36:19.1

into your site then you're hosed um but if you if you're using http only cookies then you're not

36:25.4

so that's kind of the main difference as far as i can see it uh i should probably read this piece

36:31.0

that you're talking about i maybe i remember seeing it let me i'm just trying to i was just

36:36.0

looking at it yesterday um give me i'll i'll add it um because there's and there's literally like

36:41.5

i mean i almost feel like we should there's there's this whole reddit thread um just on this

36:46.0

very issue and lots of um misconception um what is his name oh randall randall degs deeks yeah

36:53.7

actually i think i should comment that um the reason that was not included by default in my

37:01.8

package is because, as I mentioned, we were using this framework with mobile clients.

37:10.5

And so there's really no concept of a distinction between different kinds of storage.

37:15.1

on a mobile client you know you just it's just on the client right and so you just send it along

37:22.4

with the request in a header and it's up to the client to figure out where they want to store it

37:26.7

and so that was kind of the attitude that I think led to that not being available but that's that's

37:34.5

the main thing that needs to that I just need to like sit down and grow up and just merge that PR

37:40.6

and get it taken care of.

37:42.8

Yeah, but it's not, well, there's two things to say.

37:46.1

One is, from the maintainer's point of view,

37:48.5

it's not as simple as just, oh, I need to merge.

37:50.8

It becomes this rock that you have to carry around with you

37:53.9

all the time.

37:54.7

Exactly, and that's why, yeah, right.

37:58.0

And it's not that you don't care

38:00.5

or that you aren't committed or that you,

38:03.8

it's that, ah, I just literally haven't got the mental space

38:06.8

to deal with this quite difficult topic.

38:09.3

yeah properly and it just you know the maintenance of an open source package becomes

38:15.4

really difficult over time for that exact reason and it's such it's so funny like my perspective

38:21.9

on that whole thing obviously has changed considerably since this package became popular

38:27.4

because i used to be i think like a lot of typical open source users where they just kind of show up

38:33.6

and you know if the package doesn't do what you want it's frustrating you've got work you have to

38:38.9

get done and you just feel like you know why why does the package do this it should do this you

38:44.7

know yeah you feel entitled long essays long essays on the issue tracker about why your package should

38:50.4

be better but no pr to make it better right yeah the time that could have been spent to fix it is

38:55.5

spent complaining yeah for sure yeah i was that person and i i think back on it i feel sad and

39:02.3

now i obviously the tables have turned and i i'm like okay now i get it it's hard like and like

39:08.2

you're saying you just don't have the mental space and you might have a certain standard that you're

39:12.4

trying to maintain yeah exactly quality and you feel obligated to sort of essentially rewrite

39:17.6

people's prs in a lot of ways and um yeah but you you also you you've got x number of users you

39:23.9

can't merge something that you're not confident of and put a new package out you have a responsibility

39:28.8

to the people using it the damage to a broken fix is more than the the benefit of getting the

39:35.1

so yeah it's kind of a conservative as your package gets more popular it becomes increasingly

39:41.2

conservative if necessarily yeah right and actually i've seen a lot of people who sort of

39:46.2

take this approach to um the life cycle of any project where you have like a decreasing version

39:53.4

number and when the version number gets to one or zero or some you know magic just stop merging

39:59.1

you just you can't make any more additions to it and so you sort of like you better be working

40:04.2

towards the definitive like watertight version of the package or you're going to be in for trouble

40:09.7

you know yeah i really like that towards jingo rest framework adopting something similar to that

40:16.4

i think he's um yeah yeah no it makes a lot of it makes a lot of sense i was gonna i think the

40:22.7

thing with rest framework is that there's um like it's on 3.12 to be soon you know 3.11 now 3.12

40:28.9

will be soon just soon as you know we get the you know the pandemic lets us get the prs finished

40:33.5

get it out the door but um you know that what's there is no dying need for django rest framework

40:40.6

version 4 so it's going to be three point you know so then at what point well okay can we can

40:45.5

we refresh the version numbering to say give a more time-based um idea or perhaps to say keeping

40:51.6

up with django and say okay we make version 4 match django version 4 and say you know if you're

40:56.3

to be on django version 4 use rest framework version 4 maybe these are some ideas but the

41:01.1

idea being that django rest framework is kind of the done it's kind of done now it just needs to

41:05.0

keep ticking over and i think it's it's weird because that's actually an extremely healthy

41:10.8

attitude to have towards a software project although it's sort of not fashionable because

41:15.6

you know you always want to give the impression that your project is like hot and there's like

41:19.8

lots of activity going on but i i think it's better to strive towards some core like useful

41:26.7

thing which is like coherent and useful enough that it can just sort of stand on its own

41:32.1

like for the ages you know um and yeah that's like i think that's a a better approach to take

41:42.0

but django is exactly like this right django is super stable 15 years old super stable gonna keep

41:47.5

just keep growing new features all the time but it's it's that reliable rock of the ages thing

41:52.3

and then rest frameworks around it and there's django filter and crispy forms and i know whatever

41:56.3

package that is packages that have been around for for forever and you know yeah they're not

42:02.3

going anywhere part of what allows them to do that is like i was saying there's some set of

42:06.8

core concepts that really upholds the the project or the package and they've just been dialed in

42:13.3

really precisely and they work really well and it's kind of a testament to something that was

42:18.3

really well thought out you know and and it's it's like just uh i mean django is a complex framework

42:24.5

but one of the things i try to go for when i write software is just to simplify as much as possible

42:30.8

like there's some there's just a few lines of code essentially that's doing what what is important

42:37.1

and you just really need to zero in on that i think that that holds true django as well like

42:42.2

you've got the core http handlers they're you know certainly 160 lines in the file in the file

42:47.0

it's not complicated yeah and like the core like form classes and things like there's only a couple

42:52.0

of classes yeah that's right yep i think you have to be at an expert level to see that but it is

42:57.3

it is the case i mean that's like i always think if you can't if something seems incredibly

43:02.0

complicated to you you don't really i mean that's what einstein's thing right like you don't fully

43:05.3

understand because if you can just go well there's this and this and then blah blah blah i mean you

43:10.1

can boil most things down to that but it's not always easy to do that like when i like to total

43:16.1

beginner with django i often try to say like well you need you know a model url view and a template

43:21.1

and once you kind of internalize that for a single page like you're good um yeah i can say that

43:27.5

until i turn blue in the face but um but then when you get the other side you're like yeah or then

43:33.1

you can say like like carlton's talk he gave last year where like what is django it's basically

43:37.1

middleware and it's just like a onion in a way a little bit or um you know but that's easy to say

43:44.7

that doesn't mean anything though anyways what i think is interesting too

43:49.2

yeah i like that um authentication in general is uh is challenging and changes because the web

43:58.7

changes i mean this is uh you know for django itself if we had i saw so i'm on the board and

44:04.5

trying to raise money and if we had a whole slug of money the auth package is something that we

44:08.7

would put it towards if we're going to do updates like authentication in particular is something

44:14.5

that needs work and i think maybe even more than other things changes on the web as as best

44:19.7

practices change would you agree with that carlton yeah i think that's on the list i mean you know

44:25.0

they're discussing jwt on the mailing list just this week and you know um yeah there's comments

44:30.5

about it being an overly complicated protocol and so we you know security issues have come up

44:36.4

because of that yeah so well okay well if we're not going to have there's a talk about bringing

44:40.6

jwt or at least some of the foundations of it into um django so that packages could build on it

44:46.4

and it was like well no not jwt because it's overly complex and then there are better algorithms but

44:51.0

we haven't all better um protocol better uh specs better specs to follow that are simpler and do

44:58.2

the same thing give you all the benefits but without the the downsides of what would they be

45:02.6

what might we do you know this is an ongoing discussion yeah it seems like you could just

45:08.2

take a subset of the jwt spec and just sort of enshrine that as the approved like configuration

45:16.0

of jwt or something yeah i mean somebody mentioned um paste or platform agnostic security tokens on

45:23.8

the list as you know it's supposed to be everything you love about you know jwt or whatever but

45:29.2

without the the design baggage i don't know coming a little bit up on time but i did want to ask you

45:36.4

about what you've been doing these days where i think you've you're currently at a company called

45:40.1

unsupervised and you're more dipping into the ai world is that accurate yes yeah that's right and

45:46.4

of course i just came from i've kind of been through oh ethereum yeah yeah i've been through

45:50.8

an interesting tour of different areas of the technology world in the past couple of years

45:55.9

um because yeah i feel like i can't i can't just skip over the ethereum foundation stuff

46:02.3

um but yeah i had a i'll just touch on that briefly if that's okay before

46:08.8

um yeah because i had a friend who uh and and i probably shouldn't name names too much because

46:17.0

people in the crypto world are kind of sensitive about um being having really public personas

46:23.6

because they tend to be very big targets security wise so um but yeah I had a friend who

46:31.3

uh who I worked with earlier in my career who was kind of involved with that organization from

46:38.1

pretty early on and so that was my connection there and I hadn't previously really been into

46:44.3

crypto stuff like there's a certain sort of category of technology people who are super

46:49.2

passionate about that and super into it and um i wasn't really one of those people but i i sort of

46:57.5

came away and in a way i'm glad because i i came in very sort of innocent like with no preconceived

47:04.5

like ideas about what i was getting into and and even actually a fair bit of skepticism

47:11.5

uh because you know i recognize there's this just sort of inherent hype factor around cryptocurrency

47:18.0

stuff that just to me is just sort of a critical thinker just kind of turned me off frankly of it

47:24.6

um me too and but i came away just being with a different kind of attitude like oh well there's

47:31.9

kind of a very interesting trend in distributed systems happening that's that's that was my

47:36.5

takeaway you know like some people figured out kind of this clever way to have a a shared uh

47:43.8

verified you know cryptographically verified database and other people are also working on

47:49.0

kind of uh next generation like peer-to-peer like file sharing networks and there's just a lot of

47:55.9

interesting kinds of projects in that space and so that was definitely eye-opening and a very

48:01.5

useful experience for me so yeah without spending too much time on that um i just wanted to touch

48:08.4

on it so yeah so but but the thing i should say is that even before ethereum the area of tech i

48:17.9

was starting to just personally be very interested in was the machine learning deep learning scene

48:22.8

and um and i had taken andrew ung's uh i think that's how you pronounce his name

48:31.4

yeah i'm not sure either different things yeah uh andrew ung's uh machine learning course on

48:38.3

coursera um i think i took so you completed it yeah you actually completed it yeah because i

48:44.4

know i think it's like a hundred thousand people signed up and like maybe a couple hundred completed

48:48.9

that or something i definitely and it i think it connected with sort of uh how could i say it like

49:01.1

like one of the things i think that inspired me to get really into programming originally

49:08.2

or one of the things i found myself pondering like really early on when i was learning to

49:14.3

write code is just I think any person who learns to write software has this sort of initial learning

49:21.1

curve of how do I translate my thoughts into discrete steps that a computer could understand

49:26.9

and that's just like a naturally hard thing for humans to do like any person I mean it seems from

49:33.7

my point of view any person who's not accustomed to writing software has this initial phase where

49:40.5

they just have to learn how to think clearly and discreetly like because you know when you ask

49:47.0

yourself how do i like divide a number like well you just do it like it's just kind of a single

49:51.8

motion of like handwriting on the paper and um but when you actually think about how you have to do

49:58.4

it with some like primitive set of operations um it's difficult and so you know there's and and

50:08.1

also there are certain classes of things which are like processes which are very natural to

50:14.7

represent mechanically and there are other things that which are not like you know mathematics

50:20.5

number crunching calculation or i should say calculation not mathematics calculation is very

50:27.2

natural to represent with a computer um but you know recognizing an object in the environment

50:34.8

like humans do naturally in a funny sort of ironic way some of the things we do most naturally are

50:41.3

the hardest to represent like mechanistically right like how do we recognize objects in the

50:48.2

environment how do we even like um like recognize textures colors like these things um it's kind of

50:58.2

interesting when you start you look at the spectrum of phenomena and like you there's like

51:06.7

this gray area where things start to be very difficult for a computer to deal with right and

51:11.8

so i think really early on that was just an interesting thing to me like just observing

51:17.8

how i learned how to write software and how like say if i wanted to write a video game character

51:23.4

and i wanted it to behave naturally and not like sort of awkwardly and robotically like how would

51:29.5

i even do that like i i was asking those questions really early on and so um i also had a good

51:36.5

fortune of sharing an office um at one of my earlier jobs with a guy who had done a proper

51:44.6

phd in ai um way back in the 90s and 80s this is like a totally different era of ai you know

51:52.1

and yeah um and so i think my relationship with him also helped me really get curious about that

52:01.0

topic um and i remember he showed me how to implement a backprop neural network because

52:08.1

this is a concept which has been around since like the 80s or probably even earlier like the

52:14.6

whole basic idea of a perceptron and um like there's some of this really early work has been

52:20.7

in the literature since decades ago and just didn't really come into popularity until recently

52:27.2

for all kinds of different reasons and so so i got some early exposure to that and so

52:34.3

you know fast forward so by this person i shared an office with was in the late 90s

52:41.8

around the turn of the millennium and fast forward uh 10 15 years suddenly you know we have

52:51.5

a few sort of algorithmic advancements um hardware advancements like people start using gpus to do

52:59.3

compute and so all these critical elements come together and there's this kind of renaissance

53:05.8

revolution in deep learning and you know it's just one of the things that I noticed happening

53:13.5

in the technology world I noticed this this starting to happen and I was thinking oh yeah

53:18.0

this is I used to be really interested in this and all these learning resources start popping

53:22.7

up like Andrew Ong's course and things like that and so I just personally got back into it I just

53:28.1

found it naturally fascinating like from a technology point of view from a philosophical

53:32.8

point of view like there's just so much about it which is uh there for me so yeah and so what is

53:39.8

on so you're working on this product or this startup unsupervised yeah so i think

53:45.1

there's like there's only a certain amount i can really say but um the well the tagline is

53:53.9

autonomous analysis exactly that's that's it so i guess that's the headline on our page it's on

54:00.9

the website so i assume you can say that i wasn't even aware of that so that's it uh there's like a

54:05.8

certain sort of collection of things that data scientists tend to do to help companies understand

54:12.7

data and we're basically trying to automate that and we're trying to use ai in order to explore

54:20.1

the space of possible ways of looking at data automatically and also intelligently like not

54:27.6

just like doing a grid search through, that's like a kind of technical term, like grid search

54:33.3

through the parameters of how you might configure a data processing pipeline, but trying to

54:40.3

sort of leverage some actual developments in AI algorithms to effectively search through

54:49.1

that space of possible ways of looking at data.

54:51.3

And so the idea is that we should be able to give a company access to our data analysis system and they can just sort of send their data in.

55:04.2

And the system comes back and says, hey, you should look at this group of customers.

55:08.2

There's a lot of interesting activity happening in this area.

55:11.7

Or you should like, what do you think about this, this way of looking at things?

55:16.6

Is this interesting? Is this not interesting?

55:18.6

and you can sort of like give some feedback and have that modify the behavior of the system and

55:23.9

so yeah does that interact with with django or i mean there's a web component that's a like as a

55:32.0

broad naive question i'm always curious how web interacts with machine learning because you need

55:37.6

to store it and interact with people in some way even though it's not the main focus yeah um and i

55:43.4

I mean, we do have web apps, which are kind of like the interface to the system, obviously.

55:52.6

It's not necessarily Django.

55:54.8

Like, it's just kind of, you know, because I came into the company after a lot of those choices had already been made about what technologies to use.

56:04.1

I mean, it is Python, but not exactly Django.

56:10.3

Is it not exactly Flask either?

56:13.0

Oh, it is Flask.

56:14.0

I can say it's Flask.

56:14.9

I mean, there's two options, basically.

56:16.4

And when you say Flask, that just encompasses everything else.

56:20.1

You know, it's...

56:20.9

Yeah, so we use Flask a fair bit.

56:22.6

Yeah. I was going to... There's this book, AI Superpowers, that came out in 2018 that I read,

56:29.7

which for a layman like myself was a really good introduction to machine learning and the

56:35.5

capabilities. And the author, who I think got a PhD in Carnegie Mellon back in the 80s, and then

56:42.4

he ran Google in China and Apple and Microsoft. And he was making the point, kind of what you said,

56:47.7

that basically we finally have these deep learning algorithms that we were waiting on.

56:54.4

He said there's three things you need.

56:55.6

You need computing power, you need the algorithms, and you need the data set.

57:00.7

And so his argument is we have the computing power, we have the algorithms,

57:03.4

they're all academic, they're out there, and so it's a question of data.

57:08.4

And I think he's from China, he grew up in the U.S., but he's back.

57:12.9

I mean, he has a Chinese point of view.

57:15.4

So he's very much like China is just going to crush the world.

57:18.9

And he gives the example of when with the Go, was it DeepMind?

57:24.2

The Go game in 2013 beat AlphaGo.

57:28.3

Yeah, he says that was a Sputnik moment in China.

57:32.2

Yeah, right, I've heard that analogy used.

57:34.1

Yeah, and he said they kind of realized, oh, wow, this is a big thing.

57:38.6

And he gives examples of how China is sort of throwing cash in sort of a government kind of way, setting up these innovation centers and this and that.

57:47.2

And, you know, that combined with they kind of skipped the landline Internet and went to phones.

57:52.2

He's very bullish on the Chinese approach and kind of glosses over the surveillance stuff.

57:59.1

Yeah. But anyway, that was.

58:01.1

Sorry to interrupt. Go on.

58:03.3

Yeah, no, that's all I was going to say.

58:05.2

Yeah, I just wanted to comment because you said, you know, you need the algorithms, you need the compute, you need the data.

58:11.4

That's what he says, yes.

58:12.3

That's interesting to say because that touches on one of the things that I think we're trying to do at Unsupervised, which is, you know, indicated in the name of the company.

58:23.1

So we're really focusing on this class of algorithms called Unsupervised Learning Algorithms.

58:28.2

And the reason we're doing that is because, in a way, we don't have the data.

58:34.4

people who people who have the data are google and amazon but google and amazon are two you know

58:41.3

very specific organizations which have the data most people don't have the data so to speak because

58:48.4

they don't have the the massive data sets necessary to really train these uh algorithms

58:56.9

correctly or supervised learning algorithms and so there's this whole other class of algorithms

59:04.5

where there's not a need to have a very large very well curated data set or there's less of a need

59:11.4

and so we're sort of targeting that area because we think there's a lot of promise and i think that

59:17.2

would um the world of unsupervised learning algorithms is the the area which has to be

59:22.9

developed in order for ai to really become like the sort of future world technology that we think

59:27.7

of it you know like um ubiquitous like used for everything uh there needs to be a way that we can

59:35.1

find to leverage all the data whether or not it's labeled that's kind of the the key takeaway like

59:41.4

well because i think the again just going off of the book he was mentioning that many of the

59:45.5

the deep learning algorithms you need narrow discrete kind of data like you know is it a car

59:52.6

is it not a car so the quality of the data set is paramount as opposed to what you know yeah maybe

59:57.7

what you're you're saying with you know most of the world isn't organized like that the data so

60:01.6

yeah and actually that's probably how i should have said it like you know obviously we all have

60:05.8

access to a lot of data these days like we can do a google search we can we can just go crawl the web

60:11.8

for just random information but only a few organizations have access to really where

60:16.8

well curated data and that's that's people like when i don't know if that's if that's the same

60:23.2

type of um machine learning where there's the idea that it would like with with go you kind of know

60:28.4

where you want to you you feed data to the to the algorithm that says like this is what a car is and

60:33.6

then the computer figures out its own metrics for determining what a car is so it works backwards

60:38.1

in a way from the solution, right?

60:41.0

I think, I believe that's kind of the central idea

60:42.6

of why you need that structured data

60:44.1

because the computer will find its own way,

60:45.8

you know, or a deterministic game like chess or Go,

60:50.0

it will figure out how it wants to get there,

60:52.8

but it needs to kind of know where it needs to go.

60:55.5

That's why it needs to be structured.

60:57.1

Does that make any, is that accurate?

60:59.3

Yeah.

60:60.0

That was my, that's how I've been thinking about it, but.

61:02.9

Yeah, well, so I guess I can say it's,

61:06.8

i'm wondering how how intelligently i can comment on this um more than more than i can i'm sure so

61:14.5

so when you're when you're training a supervised algorithm you're essentially training a statistical

61:20.6

model yeah you know and so so if the if the statistical variations in the data set don't

61:29.9

include uh information about the correct way to look at the data set then in a way there's nothing

61:35.9

to train on that's kind of one way to say it like like if you don't have this sort of like if you

61:43.1

have a bunch of uh samples you need a notion of fit yeah right exactly you're trying to fit

61:48.2

something you're trying to fit a uh you know a curve or you're trying to fit a certain style

61:53.8

of like categorizing things and if you don't have that information then you can't you can't cue off

62:00.6

that but there are different ways to kind of look at it like you can i think well so i'm not really

62:08.9

a super expert in this area but this is like stuff i'd like to learn more about i think one of the

62:14.3

approaches is to look for the sort of latent statistical information in a data set and then

62:20.6

try and find trends in that sort of latent statistics in those latest it's kind of what

62:27.7

a human analyst does right you they get some data they try they they put it into different

62:33.3

graphing structures and see which ones oh yeah look at clusters like this yeah right that and

62:37.6

the human eye is very good at picking that out and that's sort of one of the early um descriptive

62:42.1

statistics that you do early on before you before you get down to the proper number crunching it's

62:45.9

just looking at it it's just all right look here's the shape of the distribution here's and we can

62:50.2

already learn some things but humans are good at that but i don't know that machines yet are well

62:55.2

so so here's the one sort of uh here's a particular sort of topic which i found interesting

63:01.5

and like i was saying when you train a deep learning model you you have to have this uh

63:09.1

this target that you're trying to get to like you have to have this set of correct classifications

63:16.0

of things you're trying to classify like if you have a bunch of images you need to know is this

63:21.0

a dog? Is this a cat? So on and so forth. A different approach is to train a deep learning

63:28.4

model to simply output whatever it's given. But what you're doing in the process is you're forcing

63:35.4

this data to flow through a representation that's less, what's the word, has less fidelity than the

63:43.4

original input. And so what the model is then forced to do is find the essential patterns in

63:50.0

the data that you're giving to it because it has to it has to find a way so when you're training

63:56.4

this model it goes through this sort of narrow sort of low fidelity representation but then the

64:01.8

goal is to reconstruct the original input and so what the model is then forced to do is to find the

64:08.7

most important sort of latent patterns in the data set and that's like sort of a shortcut in a way

64:16.4

like you're finding this sort of patterns which are just inherently there in that kind of data

64:21.8

and then you're saying okay well well those patterns are are clearly what's important so

64:29.2

we don't have to waste a lot of time sort of training those up from just raw classifications

64:34.0

like that that stuff is going to be there or not whether or not we have classifications and so

64:38.8

that's one sort of i think direction people are going in to try and find a way to leverage unlabeled

64:44.8

data and that's that's kind of tied in with this area of research uh with things called auto

64:51.2

encoders variational auto encoders and um so that's that's a really interesting particular

64:58.0

topic in that area to me which i want to learn more about um but that's just an example of like

65:03.1

unsupervised versus supervised models you know as we kind of wrap up how would you recommend

65:09.2

you know say someone who knows a little bit about python and django but is curious about

65:13.6

ml what sort what would be uh where should they start i mean because andrew

65:19.0

ang's course is sort of famously fine fine fine and then like oh my god math yeah um is there a

65:26.4

way that you would that was my experience with it um what would you suggest to like a listener

65:32.8

of the podcast or a you know co-host who's interested in this area because i think this

65:37.1

stuff is like the coolest stuff right i mean web stuff is a little bit you know it is what it is

65:40.8

sort of a solved problem but yeah right this is all uncharted frontier um i mean i would say

65:48.6

the course is definitely a good place to start i mean you definitely get to that math point

65:54.2

but i think you can just tell yourself like well as much as i can get away with ignoring the math

66:02.8

for now i should try to do that and just just try and go work through the exercises and see how far

66:08.7

i can get um and you probably have to struggle through things a little bit in that sense up front

66:15.1

uh but i think what's cool about those courses is that if you can get things working it's just

66:24.7

really satisfying and it's really interesting to see it work um like i took actually there was

66:30.1

another course i took which was also by andrew hung there's a series of courses all about deep

66:36.0

learning and there was a little bit later on in the series they get into this neural style transfer

66:41.8

algorithm where you you have two input images uh to the algorithm one is an image which contains

66:50.7

some artistic style essentially and the other is an image which contains some content that you want

66:56.7

the style applied to and so of course the output is the content image in the style of the style

67:03.0

image so you can take like a picture of yourself and make it look like van gogh painted it or

67:08.6

something like that and uh and the algorithm works remarkably well and to see it work is just amazing

67:17.4

in my opinion like to to imagine that we're at a point now where a computer algorithm could so

67:24.1

effectively sort of deal with artistic styles in this way that it's doing is just mind-boggling to

67:30.9

me and so i guess my point is just if you can somehow get hands-on with the algorithms and

67:36.8

see them work it's just really interesting and inspiring and i would hope that that would kind

67:42.3

of eventually lead a person to try and learn more about the mathematics because i i personally

67:47.3

believe there's a lot there to that you could get as well but um well you i'm sure you've heard like

67:54.2

these algorithms will you know write a piece like bach or beethoven or haydn and it's crazy how

68:00.8

you know they how kind of like they it sounds like you know they pick up the underlying

68:07.2

algorithms of those composers and it's a new piece and you know maybe it's not quite as good

68:11.8

but it's like it does sound like sound like well i mean so again it's like uh i would i just want

68:19.7

to urge people not to give up on the math because especially in the case of the neural style transfer

68:25.5

algorithm. If you understand a thing or two about the math, in my opinion, it can tell you a little

68:32.1

bit about the artistic process in humans and why people do art at all. I mean, I know people

68:40.2

who are in the AI space are always kind of like a little bit cautious about making pronouncements

68:47.8

like that, like, you know, drawing too many direct comparisons between the ways that like

68:53.3

deep learning algorithms work and the way that biological brains work because obviously there's

68:58.7

a there's well not obviously but it it is supposedly the case that there's a fair bit

69:03.9

of complexity in a biological brain which is just not represented in a algorithm algorithmic brain

69:12.1

i guess you would say um but when i was learning about that algorithm it in my it taught me

69:19.8

something i believe that i just never realized about art and like why do humans at all care

69:26.7

about abstract forms shapes like why why do we care about um representing things from the real

69:35.2

world in this abstract form that we call art like why is that important to us and it seems like it

69:41.3

could actually serve an important function in just the way that the brain works like when you look at

69:47.5

deep learning algorithms there's all these neurons kind of packed in the middle of the algorithm

69:53.0

which are doing things that we kind of don't really know what they're doing we don't we don't

69:57.0

have much insight into it and it seems to me like it's possible that artwork could kind of serve to

70:03.5

to give access to those kind of hidden layers somehow so yeah and again that's like i feel

70:09.4

like that came to me just from understanding a bit about the math of how those things work so

70:13.2

i encourage people to to look into that fair enough that's cool i can't think of a better way

70:17.7

to to end you are looking for help with the um simple jwt package yeah is that correct i've

70:25.5

recruited i've recruited a um a couple people recently who are trying to do some triage just

70:32.0

on issues to um just hopefully help people out with some of the more simple things that come

70:38.6

into the issues section i i've been just extremely busy just with work lately so i haven't had a lot

70:43.9

of time to actually look at prs and merge them uh but i'm kind of aware that that's an issue so yeah

70:51.2

potentially looking for more people to help with that um especially people that have like lots of

70:56.6

just real experience um and you know association with other like prominent projects in the space

71:05.2

And I also was looking into maybe getting it added to this organization called Jazz Band for a while.

71:13.4

Well, yeah, because Django Rest Auth was just merged over, which is a very popular way to do it.

71:22.5

It kind of gives you pre-built auth stuff.

71:24.6

That seems to be successful that they merged that over in the last year or two to Jazz Band.

71:29.3

Yeah, I still am strongly considering that.

71:32.9

I was kind of back and forth on it because I thought maybe it'd still be nice to sort of have a sense of ownership over the project, but it may not be realistic for me to try to do that.

71:44.6

But I was actually having a little bit of trouble contacting them, so I should try again and see if I can get through.

71:51.5

Well, it's a foundational piece of the modern Django web stack. So hopefully someone listening can help us make those connections because we need, you know, we need that package to work.

72:05.2

well and so the good news i'll just remind people is that um it's it's a pretty simple package like

72:11.2

there's just not many lines of code there so if it has fallen a little bit into sort of like

72:16.6

you know if i haven't had a lot of time to look at it recently i don't think it would be very hard

72:21.1

to sort of uh get it back into shape um so yeah you know i'll say i'll say my bit here which i

72:30.2

always say is that contributing to an open source project is a great learning opportunity and it's

72:34.5

a really good way of boosting your profile and it's a really good way of giving back to the

72:38.1

communities and you know if you've been thinking about it you know and you use jade at simple jwt

72:44.0

then you know maybe the planets align yeah yeah please please come and uh and you know make your

72:53.2

contribution and please be patient as people find time to to look at it and whatnot so yeah we should

73:01.5

say that to all the people with the issues like be patient like you've got to realize that it's

73:05.6

it's not some um you know organization with lots of people and lots of hands it's one person

73:12.0

i'll just look at one more ticket like you know yeah well i guess there's one last point i wanted

73:18.2

to say you were saying earlier about you know being one of those people who uh or people who

73:24.0

get worked up about something that isn't solved versus solving it themselves i mean i'm that way

73:28.4

too but a lot of times that's the type of person if someone's passionate enough about something

73:32.2

even if it's in a negative sense that can be turned into something good in the same way that

73:36.0

like for companies i've worked out if someone takes the time to write in or someone takes the

73:39.2

time to tell me my books are terrible i can usually engage and flip that person it's people who aren't

73:44.3

passionate who don't care that have no engagement with yeah yeah that's true for the community so

73:50.0

i think it's good to harness that passion and i always look at it as whether it's an open source

73:55.3

thing or one of my books if someone takes the time to do that and they have that passion

73:58.2

they're basically saying convince me you know convince me and they can be convinced it's the

74:04.3

person who doesn't even bother writing or complaining that isn't gonna yeah that's true

74:10.2

it's a opportunity to communicate well we have links to everything in the show notes thank you

74:17.5

so much for taking the time to come on and yeah thanks a lot guys share your journey it's been

74:23.0

really interesting all right well everyone we're at chat django on twitter and we'll see you all

74:27.5

next week bye