Transcript: Django & Healthcare - Jacinda Shelly

00:00.0

Hello, and welcome to another episode of Django Chat, the weekly podcast on the Django Web

00:09.5

Framework. I'm Will Vincent, joined by Carlton Gibson. Hi, Carlton.

00:12.9

Hello, Will.

00:13.5

We're pleased to be joined by Jacinda Shelley of Apro Health. Welcome to the show.

00:17.2

Hi, it's great to be here, Will and Carlton.

00:19.8

We're thrilled to have you on. I've been a fan from afar of your talks and some of your writings.

00:25.1

So maybe to jump right in, could you tell us how you got into Django and then we can talk

00:28.6

about all the cool stuff you've been doing with it uh django specifically was or python i or you

00:35.0

know you can give us the origin story as as short or as long as you like okay i'll i'll try and keep

00:40.6

it compressed and then we can expand if we want to i um so i i started learning to program in

00:48.8

in python um when i was at uh mit actually right right after they switched their introductory

00:55.9

computer science course. I was a transfer student there when they made the transition from Scheme

01:01.6

to Python. And so that's where I first got into Python and loved the language and was fortunate

01:07.7

enough that the first job I had after university was at a place where all of our back-end code

01:14.4

was in Python. And our front-ends for the web applications were in JSP and Java server faces

01:24.1

at the time. But a couple of years in, got the chance to sort of rework that for a different

01:30.9

prototype project. And we worked with Django. And then my husband, who's also a programmer,

01:37.9

used Django for a side project. And so we started working, we both started working with it,

01:42.6

I think around 1.2 or 1.3 back in 2011, 2012. Okay, that's back in the day. I'm curious,

01:50.2

What does a backend not written in a framework look like with Python?

01:54.0

Was it using something else or is it just sort of raw from scratch, the first job?

02:00.9

It was a sort of from scratch JSON RPC API interface.

02:07.4

And what was in connecting?

02:08.6

Do you remember what type of database?

02:11.5

Was it like MySQL?

02:13.3

It was originally MySQL and then we transitioned to Postgres.

02:19.7

the we were using mod python with apache at the time okay doctor on demand where you were was

02:25.6

jenga from the beginning is that correct yes uh that was the first project where i was

02:31.4

lucky enough to get to choose this the stack and i was honestly quite nervous about building

02:37.8

something completely from scratch um yeah no constraints no no constraints really um

02:46.8

and got to choose Django.

02:49.3

But it is such a different beast.

02:50.7

Like, I've been really struck by the fact that,

02:54.9

yeah, I mean, your average, you know,

02:56.1

Django engineer expert,

02:58.8

you almost never get to start something from scratch.

03:00.9

And so it's not that you don't know where the pieces are,

03:03.3

but a number of people I certainly look up to

03:05.9

have pinged me being like,

03:07.3

oh, I was, you know, I'm doing a side project

03:08.8

and I haven't done one for a couple of years

03:10.1

and I was trying to do something

03:11.5

and I looked up a post by you and I'm like,

03:14.1

oh, really, you looked up something by me?

03:15.8

like, you're, you know, you're this genius. But anyways, the different spheres and, you know,

03:20.2

the startup phase is a different one. But I totally agree. Like, it's, it also does feel

03:25.0

like this burden of like, I don't want to, like, I'm almost done with a relatively big project on

03:30.0

my end. And I'm totally overthinking it. Because I'm like, I should architect it perfectly, right

03:34.3

with what I know. But there is that balance between like, just ship it to that's, that's

03:39.3

always the balance, right? It's like, I definitely felt this pressure, like everything I did was kind

03:44.5

going to cascade down. But then I also eventually realized that if it did cascade down, that would

03:52.7

mean that people were actually using it. And so it's, you know, if you're lucky enough to have

03:57.5

technical debt down the road, it means that something went right on the business end.

04:04.0

Oh, no.

04:04.4

Because nobody cares about technical debt on an unsuccessful project.

04:08.6

Yeah, right.

04:09.3

Right. Well, I think, too, there's, I've started to think more and more about

04:12.5

the patterns and the fact that it does sometimes seem like some things are

04:16.8

easily easier to change than others um but yeah at the end of the day like it's all

04:23.0

code it can all be changed it's just some things to take a little more effort than others so maybe

04:27.9

i personally i've gone full circle well i've been like oh i really don't want to have to

04:30.8

back in these things if i don't you know over engineered up front and that's like well

04:35.0

just to your point though it's like it's all fixable and tech yeah tech no one talks about

04:39.9

technical debt and something that failed so that's what i did like um at the time that i started it

04:46.5

was right when uh audrey and uh danny were were publishing the the first edition of uh two scoops

04:55.4

of django and so i i had an early review copy of that um and basically used it as like a checklist

05:04.9

of everything that i needed to keep in mind like i i read the book essentially cover to cover

05:09.8

and then took notes on all of the things

05:12.7

that I needed to make sure to keep in mind

05:15.3

as I was building out the initial product.

05:18.0

And I have to say that that helped a lot.

05:19.5

And their book was something that as the team grew,

05:24.6

we actually would buy for engineers coming on board

05:28.3

because we're like, yeah,

05:29.9

we don't do absolutely everything in here,

05:33.1

but if you use this as a starting point,

05:35.3

then you'll have at least a solid foundation.

05:40.7

Yeah, I think that was the first Django book

05:43.2

that I read more than once and really enjoyed.

05:47.3

And actually, I remember,

05:48.7

so before I got into publishing,

05:50.4

to make this about me,

05:51.2

before I got into publishing as a book editor,

05:52.8

and they had a whole bunch of typos,

05:55.3

and I actually sent them,

05:57.3

and they were really sweet.

05:59.7

They had problems with its and its,

06:01.8

and they sent me an autographed copy after,

06:04.4

And so I was such a fanboy. I was like, oh, my God, you know, these crazy people did this thing.

06:10.5

But it was such I agree. It's like it's basically the Bible still.

06:13.2

I mean, and I think, you know, even though they haven't updated it, it's still on 111.

06:17.7

I hope that they do, because the advice is, you know, 90 percent of it hasn't changed in terms of being rock solid.

06:24.5

I definitely bought the new editions as they came out.

06:28.6

And it's funny, you mentioned like a typo, like I got it like just a couple months before they

06:33.3

published it. But I did find like one typo. So I think my name is right at the end for the first

06:39.4

edition because of that. And I was like, this doesn't seem like enough. Just finding one typo

06:43.6

should not be a reason that my name isn't there. Oh, yeah, I think I'm in there too. It's a really

06:49.8

nice. Yeah, now that I'm thinking about it, because it's a really nice thing to do. I think I did

06:53.4

on my first book, I had a whole bunch. But now I'm in so many people catching so many things.

06:58.6

I sort of stopped doing that.

07:00.6

But anyways, but on architecture, I'm curious.

07:02.6

So Doctor on Demand, so you just started it and then it grew to this massive thing.

07:06.3

I guess the other thing I've been thinking about recently is, I mean, there is no architecture

07:10.3

that starts small and scales all the way up like there.

07:12.8

It has to change.

07:14.5

So I'm curious what if you can look back and think of like, yeah, what were those big changes

07:19.9

in terms of architecture or were there some tipping points where you said, oh, we need

07:23.3

to you know we need to change how we structure our apps to larger things around i don't know

07:29.9

what were the things right because that's such an amazing journey to go from like the initial

07:33.2

lines of code to like a large code base with a lot of engineers yeah it was people i think don't

07:38.3

get to do it was an incredible journey i was super fortunate to get to work with like really

07:44.3

incredible people and and stay long enough that i saw the team go from like myself and the two

07:50.9

mobile engineers who started right after i did uh all the way to like they have about 50 engineers

07:55.7

now and uh handle thousands of video visits a day um interestingly enough uh whether by luck or

08:06.2

um probably mostly mostly luck and like copying people who i i admired uh

08:14.5

large portions of the architecture

08:17.4

are still the same.

08:19.7

Like, it's still a Postgres database.

08:23.1

And I think one of the things

08:26.4

that helped in scaling

08:28.0

was trying to, like, use things

08:33.7

in the way that made sense for them.

08:37.3

So, like, we use Postgres for relational things,

08:40.9

but then also make really heavy use of Redis for things where Redis makes more sense.

08:47.5

So like caching, simple key value stores, and then a lot of the priority queues are done in Redis

08:58.6

because Redis makes that really easy, but it can also be persistent,

09:03.1

which queuing is a big part of the backend architecture at Doctor on Demand

09:09.4

because you imagine like people are waiting to see a doctor

09:13.5

and the routing mechanism there is based on the state

09:18.7

that the patient is located in.

09:21.4

So in the U.S., you have to be routed to a doctor

09:25.8

that's licensed to practice in the state that you're located in.

09:29.8

So we have to do a lookup.

09:32.8

We do a geolocation lookup to find out where you are

09:36.2

and then match you to a doctor that's licensed in your state.

09:39.4

One of the things that is an interesting story, I think, is premature over-optimization and not

09:48.0

doing some simple math ahead of time. I over-engineered the original version of how we

09:56.4

route patients. So I think you had a reference in some of our notes to the first talk that I gave

10:03.9

on like how we were using celery. And one of the things that I did early on was like, well,

10:10.0

if we need to scale to like every state, it probably makes sense for like every state to

10:15.8

have its own celery queue. But that got really unwieldy whenever providers had multiple state

10:24.5

licenses in terms of like tracking when doctors were and weren't available in different states,

10:32.9

if they could see patients across multiple states

10:36.2

and tracking the state there.

10:39.2

Turns out that even at like massive scale,

10:43.3

the scale at which humans need to see doctors

10:47.7

is sufficient to just run through a single process.

10:53.3

So later, like after someone was like,

10:55.6

so how scalable would this have to be

10:58.0

even in like your wildest dreams?

11:01.6

And I did some back of the envelope math and I was like, yeah, that's fast for a human, but for even for Python to be routing, like you could handle basically all the patients, like even if 1% of everyone in the US was sick and needed to see a doctor over a single 24 hour period, you can run it through one routing system and it's totally fine.

11:25.1

And when I realized that, I was like, oh, well, this is a lot simpler now and actually a lot more stable and kind of automatically fixed a lot of bugs.

11:35.3

So it's not the typical scaling story, actually, where it was like I made a realization that I'd overcomplicated something and then simplified it.

11:44.8

I think that's really cool.

11:46.7

I think that's more typical than you say, though.

11:48.7

like we you know you read um you know high scalability or whatever and it's high and you

11:53.6

think oh i've got to build a system like this but i think 95 98 99 of web apps have exactly this kind

12:00.3

of phenomenon where you're actually a simple stack and you might get a slightly bigger server but one

12:06.1

of them's enough and a slightly bigger database but you don't need you know redundancy and that's

12:11.8

that's a common story i think i think you know you see these blog posts will django scale yeah

12:16.6

It will scale more than you need it.

12:18.5

Yes, if you get to the point where you're worrying about it scaling,

12:21.4

that's a good problem to have.

12:24.2

And if you're having trouble scaling Django

12:26.7

with a site that has less than hundreds of thousands of visitors a day,

12:33.3

there's probably something in your configuration or your code

12:37.3

that's the issue.

12:38.0

It's not Django.

12:39.3

That was the other thing was keeping an eye on queries

12:41.3

because the database and always learning about how the ORM works

12:46.6

And when it makes queries and the single biggest thing that helped in not having to shard or do crazy things with the database is just making sure that the queries were efficient and that the ORM was used correctly.

13:09.9

are there any examples you can give so i mean prefetch select related jump out but what were

13:15.2

like what are like next level prefetch and select related but then also realizing that like

13:19.9

iterating over a query set as opposed to like pulling all of the values at once um can be a

13:27.0

big time saver uh on certain tables depending on what you're storing like only can be really

13:33.6

valuable um especially if you have certain columns that store like large amounts of data so you can

13:40.6

either like use only or exclude certain columns um that can be a an easier way to to eke out

13:47.7

performance than like trying to redo the whole schema and and keeping an eye on like and using

13:53.7

django debug toolbar was was always super helpful anytime i saw that there were like a thousand

13:58.2

queries coming from a single API endpoint or a single web page. I was like, there's something

14:06.7

not right here. Yeah, it's like an N plus one. I was going to ask, yeah, beyond Django debug toolbar,

14:12.6

but then we're probably getting into monitoring tools because I find Django debug toolbar gets

14:17.7

me a lot of the way there. And if there's a problem, like, so I guess, did you have rules

14:22.2

of thumb for beyond seeing, oh, there's a thousand queries?

14:24.5

queries, like just looking and saying, oh, this feels slow. Like how did you, when you have so

14:29.2

many things you have to deal with on a growing platform, like what jumped out at you as like,

14:32.7

oh, this deserves to be optimized versus something else? I think that'd be like,

14:36.6

that's a really interesting question when you're in charge of the tech stack. How do you decide?

14:41.7

Or what jumps the queue? Early on, the this feels slow thing was a reasonably good benchmark,

14:48.7

to be honest um but also over time um we put in place monitoring so our architecture was such that

15:00.4

because we actually launched on mobile before web we kind of got a clean separation between

15:06.2

front end and back end um because the ios and android platforms were using uh an api so when

15:14.4

we added on a web browser it was just like okay this is going to be a single page web app that

15:19.4

is using the exact same api so at the api endpoint level um we tracked how long on average each

15:28.6

endpoint took to respond and then we could evaluate like and we had some rule of thumb

15:33.8

thresholds based on we we definitely didn't always um follow these especially for certain

15:43.1

endpoints that weren't used as often, like I think the part of me that is like the engineering

15:49.5

purist was like, no, we should have a threshold where like no API endpoint can go above this.

15:54.2

And then the other part of me that was thinking about the business from the startup was like,

15:59.4

there are other things that are more valuable that we could be working on.

16:02.5

And this is good enough.

16:04.3

And that's always a tough balance.

16:07.3

But monitoring the API response time, average time, got us a long portion of the way there.

16:14.5

That's pretty forward-thinking to be mobile first back in, was that 2013, I think you said?

16:19.6

I mean, because now that's sort of, I would say, standard practice.

16:22.9

But I think even then, right, I mean, iPhone had only been out, well, I guess four or five years.

16:26.9

But was that a big decision to make?

16:29.6

I mean, because that's very prescient.

16:32.6

But I don't think that was the case really back then that you would default to that.

16:36.9

This is one case where I definitely can't take credit.

16:39.4

Our CEO at the time was like, we're launching on mobile, and we're not going to do browser first, I think, for a few different reasons.

16:50.3

Because we were trying to be next generation was probably part of it.

16:56.0

But also it ended up being that, yeah, that's one where actually the requirement came from outside of me.

17:03.8

And I was like, okay, cool, I'll design around that.

17:05.7

and so i i can't really take any credit for that for my experience i i did um that mobile app

17:13.1

development around that time and it that was the real that was like the the mobile app gold rush

17:17.9

days that you know 2013 2014 people are like oh i've got an idea for an app you couldn't you

17:22.8

couldn't go anywhere without people telling you their app idea and expecting you to build it for

17:28.3

free it was it was crazy equity carlton equity yeah no but and don't get me started on that

17:34.4

those little scars from the past but yeah well then um and i assumed you used django rest framework

17:39.2

um is that correct you know this is actually a funny story we we did not um and okay interesting

17:46.2

and there was a transition to using rest later um it it certainly stemmed from the the previous

17:56.8

job that i had had where we were using json rpc and so i was very familiar with rpc and because

18:05.8

partly in my head it was like oh this is my there is like some tight coupling in terms of state

18:12.4

between the client and the server where it was important to be tracking what state a call

18:21.7

connection like a video call connection was in over time and like the progress i certainly

18:27.7

looking back uh it's one of the things where it's like oh i wish i had started with django rest

18:34.3

framework um but i didn't have experience with it and i did have experience with json rpc and

18:40.2

used it previously and it uh worked sufficiently well that it lasted for a long time um i think

18:48.5

also at the time and and this was probably my own inexperience uh just with the community and the

18:57.0

the framework honestly where i remember that drf was i think there was a kickstarter project in

19:04.4

2013 and so i was like oh they're making this big transition i don't know if i want to do something

19:10.4

right on this transition or it felt like that without digging deeper into it um do you have

19:16.6

insight Carlton on what that when we just yeah we were just talking to Tom Christie last week and

19:21.9

like he was going over the history and yeah that time that transition from two to three or

19:26.2

one to two I think it was one to two yeah one to two in the kickstarter there and yeah yeah I also

19:32.1

vaguely remember thinking that I I might want to do the entire API uh in in engineering idealist

19:39.4

terms like well if I do it in JSON RPC then there's a potential that I could do it entirely

19:44.7

over web sockets and like not be tied to uh rest based constraints which in some part of my mind

19:55.5

seemed very appealing um but you're thinking like so you've got real-time syncing between the client

20:00.8

the mobile client app and the the api back end right so i was going to ask you what was how are

20:06.2

you handling that kind of um communication on the back end uh to the back end that was actually one

20:13.5

of the the first places where we used redis so i um had a poor man's state machine um james

20:21.8

bennett works at doctor on demand now and he can probably like laugh at my my first implementation

20:26.9

of this which was i mean it lasted long enough but it was i could have done it so much better

20:34.0

um right but that's always true that's the software right uh so we use redis to track

20:41.3

the state that a doctor was in and that was tied to like um a call id we never did the actual real

20:49.2

time video we were um forward thinking enough to and i had had experience like building out

20:55.4

video infrastructure at a smaller scale and so i was very pleased when the founders were like yes

21:01.2

we already have a company that we're using that you just have to interact with their api for the

21:06.5

actual video part so we just had to track the state of a call and it would transition from you

21:12.3

know like someone uh makes a request that they want to talk to a doctor and then uh the doctors

21:21.8

have to be paged um and then they can either accept or reject a call if they accept then

21:30.8

the call goes into a connecting status and the video connection happens like peer to peer

21:36.6

and then once it's confirmed as being connected then it moves into like okay the call is now in

21:41.1

progress and so that status was was tracked in like the state for each doctor was stored

21:50.3

in redis um since it had to be updated frequently and was was more of a key value entity

21:58.9

but also kind of needed to be persistent if a call got disconnected or someone came back later

22:05.2

or something like that and so i'm on my mobile phone and i've i've got a i'm a patient and the

22:10.3

doctor's accepted my call and i'm i'm in the connecting state how are you how were you like

22:14.9

polling or were you using a what were you doing to communicate the connection state back to the

22:20.3

to the back end just from the client because that's kind of uh the back end that's kind of

22:25.2

tricky question the back end was the arbiter of all state um which which was actually a good

22:31.6

decision so the client if it did get connected it would have to ask the server what state the

22:38.2

call was in um and then as state transitions happened that was where we used web sockets so

22:44.2

and push notifications so when us so say you were the patient and you made a call your call

22:55.9

once a doctor accepted we'd use the web socket connection to push a notification to the client

23:03.7

that the call had been accepted with information on like what state it was now in and then the

23:10.5

client if it hadn't received uh a push notification in a while it could use polling as a backup

23:15.9

mechanism because polling was much more expensive yeah you got the whole http overhead and all of

23:22.3

that yeah super that's really interesting so it's you know i don't know how it comes across on the

23:26.4

podcast but that's super interesting yeah i i don't know exactly like uh how how getting into

23:32.1

that level of detail will come across on the podcast but um oh the other thing that we used

23:36.5

that was successful once I got the configuration working

23:41.1

was Celery from the perspective of using scheduled events.

23:45.0

So if there needed to be timeouts on something,

23:47.6

like if something hadn't happened in two minutes,

23:52.5

using Celery for that was a very successful choice.

23:56.3

Although from an infrastructure perspective,

23:58.3

like it could also be frustrating at times

24:03.0

because it has so many little knobs

24:05.7

in terms of configuration, that the first few times that I started using it,

24:12.1

there were some deadlocks that happened at like 1130, and I was the only person on call.

24:19.7

And that interrupted like a trip to New York. Definitely have to thank my husband for being

24:28.1

very patient that first winter after we launched, where I was like, yeah, I need to go find a

24:33.8

Starbucks um and get wi-fi because I would get text message alerts on my phone um if anything

24:41.3

it for for any like errors that happened um so speaking of that what was it like scaling up the

24:47.4

team because you you said there's now something like 50 engineers I guess in terms of I don't

24:53.9

necessarily want to get into the hiring because that's this whole old topic but for you being the

24:58.3

like letting go and then managing people um that's always i mean that's a super deep topic

25:04.9

but what are your i don't know what are your sort of rules of thumb that you take away from that

25:09.0

that you're now applying to your new startup right because especially the first time it's such a

25:13.7

i mean there's so many balls in the air you have to juggle to keep something going bring on new

25:18.6

people find stuff for them to do let go of certain things all that yeah the balance between like

25:24.5

letting go and implementing has has always been challenging for me um and actually like this is

25:30.4

the sort of like third kind of sine wave in my career um i think i'm a little bit unusual in

25:38.1

terms of engineers in that like i actually also enjoy the management piece of it um but i get

25:44.9

a little bit antsy sometimes if i if i haven't done code so um at my first job i started as

25:53.0

an engineer. I was actually hired as an engineer, and it was also a very small company. I showed up

26:00.1

on my first day, and they were like, by the way, you're now leading this team. You have one person

26:05.5

reporting to you, and you need to hire someone else. And I was like, wait, what? I remember this

26:12.0

was my first job after college. What's a vote of confidence? It was a terrifying vote of confidence,

26:21.9

to be honest. Like, it's like, what are you thinking? Um, but, but was able to like expand

26:32.9

in scope of responsibilities and always enjoyed like organizing projects and like figuring out

26:38.2

how different people could fit into pieces together. Uh, but after that job, I, I wanted

26:44.1

something more hands-on for a while. Uh, so that's why one of the reasons why Dr. On Demand was very

26:49.9

attractive as like a first engineer because like i was excited to be very hands-on again um the

26:56.5

trickiest thing for me in in scaling a team was was was learning to get i think the same

27:02.8

sort of dopamine rush that you get from getting a piece of code to work from helping other people

27:10.8

build systems that would let them get code to work and thinking of it right it's a longer term thing

27:19.9

And it's definitely a I don't know if it's entirely a personality difference or like some people, I think, just naturally seem to be better at it than others.

27:30.7

It's always been something that's been challenging for me to to let go more of.

27:38.1

I think some people are get a little tired of coding.

27:41.1

So, I mean, I think part of it is, and maybe it's an idea that, you know, effective technical managers do oscillate between, you know, rolling up their own sleeves and managing others.

27:51.8

But, yeah, it's hard to say.

27:53.0

It's one of those, I just read that book, Technical Managers, just came out two or three years ago talking about all these things and all these tensions from the woman who was CTO of, I think it was Rent the Runway.

28:06.7

Oh, cool.

28:08.0

And there is no, anyways, my quick takeaway is there is no person who has like a perfect equilibrium on this thing.

28:14.1

I mean, the very things that make you a good engineer, the kind of things that make you go, you know, maybe sometimes not want to deal with other people's issues.

28:19.4

But then if you are the type of person who can see that helping others, you know, is a magnifier and also in some ways feels better than your own individual stuff.

28:27.9

So, yeah, I haven't seen anyone with an answer.

28:29.9

Carlton, I don't know what your thoughts on the matter are.

28:33.4

Of course, I live a hermit lifestyle for a reason, you know.

28:38.1

You're an IC for life?

28:39.7

Yeah, no, I do like mentoring.

28:43.5

I do like helping other people and working in a team environment, you know, to work.

28:49.1

help on other people reach it i see that it's great but do i choose to do that as my main thing

28:55.6

no i don't choose to do that as my main thing yeah that's why it's just and it's impressive

28:59.6

that you've been able to do both because it's either one is a lot of work and to do both

29:03.5

three times now um yeah it's not for the faint of heart so i do want to talk about your your

29:10.0

current thing um and maybe we can transition to that you know so round three like tell us

29:15.3

what is AproHealth? What's been different, you know, on the technical side versus Doctor in

29:20.6

Demand, having gone through that journey? AproHealth is a medical billing startup. So

29:28.6

probably tackling a challenge that, you know, it sounds terribly boring. But if we get...

29:37.7

I mean, it's very relevant. I'm dealing, I think anyone of a certain age is just dealing with this

29:42.3

All the time. If you have family, it's just how, yeah, I understand the problem.

29:46.4

But I was exposed to the problem when I was at Doctor on Demand when we, because originally we only took cash pay, which was very straightforward.

29:56.9

When we started accepting insurance, things got in order of magnitude more complicated than I expected.

30:06.3

And we were working with an outsourced medical billing partner who was supposed to handle a lot of the complexities.

30:14.9

And so watching the way that they operated, I started thinking about like two or three years ago, I was like, this seems like an area that there's just not overlap between people who really understand software and who also really understand billing, because they both take, I think, a lot of time to fully understand the complexities.

30:40.2

Interestingly, my husband had been looking at various ideas because he wanted to

30:47.4

found something of his own. He has a connection with a family medical practice. And I was like,

30:53.7

well, for a doctor on demand, this is a big pain point. Maybe you should talk to your family's

30:59.8

practice and see what it's like for them. And I was not, this was several years ago,

31:06.8

there were like so many things that I wanted to do at Dr. On Demand that I was like, yeah,

31:11.7

it's not something that I can work on right now. But I think there's definitely like

31:15.8

problems that could be fixed there. So he started looking into that, also was looking into

31:22.2

other ideas. So it didn't really go anywhere for a while. I was working on Apero and then

31:28.2

eventually came back to it. And he had been working on this since the end of last year.

31:36.8

Um, and was accepted into YC, which is kind of when, when I decided that it was something that I also wanted to pursue. So one of the differences so far has been like, yes, we're still using Django. Um, but one of the differences has been like coming into a project that already has like a significant amount of, uh, engineering work that, that was done before I got there.

32:01.8

um and also like i until really the last month um had been much more in operations and sales

32:10.7

and wasn't even like touching the code so that was a whole other exercising a different part

32:16.3

of my brain i'm just i'm just thinking of the dynamic of like not just looking at someone

32:21.0

else's code but a spouse's code i can't even imagine um what is this robin it goes both ways

32:28.8

right so it's it's also with django is it also postgres like what's the quick kind of stack

32:36.6

django postgres uh running on google app engine um but uh using uh drf and graphql for some things

32:49.2

um react on the front end so it's an interesting mix of things but mostly like mostly boilerplate

32:56.8

and pretty much what you'd expect if you've seen the tech stack

32:59.4

that I've been working with for the last seven or eight years.

33:01.9

Well, I mean, it scales.

33:03.3

We just had Wenbin Feng, who wrote a popular post on the boring tech

33:07.8

behind a one-person tech company, was talking about lists and notes,

33:12.4

his company, and, I mean, if you can do it, if it works, it works.

33:16.8

Yeah, and when you say boring, or no, you didn't say boring,

33:20.8

but when you say it's pretty vanilla in how you would expect

33:23.9

if you knew the stack, but that means you're using it right.

33:26.1

You know, you're going with the grain of the state of the wood.

33:30.9

You know, you're not fighting it.

33:32.6

And then it does scale.

33:33.9

Then it does work.

33:34.7

I mean, that's what David Hennemeyer Hansen was saying with Pride when we talked to him about Ruby on Rails is that both Shopify and GitHub are now on vanilla Rails, whereas they had custom this and that over the years.

33:49.3

But, you know, it's a point of pride to be even at their scale on vanilla releases.

33:55.9

So, actually, so maybe that's a relevant question. Django just updated. I'm curious, either at Doctor on Demand or at APRO, how up-to-date were you all with the Django versions? What were those transitions like, you know, being hands-on?

34:13.9

Yes. I can talk about this now. At Dr. On Demand, it was something that I felt like I had to hide for a long time. But it's relevant to the point about vanilla rails. And it's also relevant to choosing dependencies carefully.

34:36.9

Yeah, that's always what it is.

34:39.9

Early on, I was actually, like, very diligent about keeping up to date with the versions.

34:46.5

And then, but there was one dependency I was using that needed a patch on something.

34:56.5

And so for that reason, we, like, forked Django.

34:59.7

And then we didn't have to after 1.7.

35:01.4

But the transition from 1.7 to 1.8 took a very long time.

35:09.9

actually one six to one seven and then one seven to one eight took a long time yes so

35:14.6

going from and and it was because uh this library that that i chose which it was an address library

35:27.5

um that you know had a what seemed at the time like a good idea from an architecture standpoint

35:33.7

where you have like uh a table for um for countries and for states and then like everything

35:42.2

only has one key but you end up with like lots of joins um and looking back on it that's one of the

35:50.2

things where i'm just like yeah i i should have just created an address model with all of the

35:57.4

fields and been done with it. Um, because the, the pain associated with using this third party

36:06.2

library and some of the things that digging under the hood later they had chosen to do and like

36:12.6

undoing that after like we were using addresses in all sorts of places, um, was, was more painful

36:20.1

than, than it should have been. Yeah. I think, I hope I, I hope I didn't already mention this

36:24.7

on the podcast but i've i i told carlton um someone emailed me the other day because i get a lot of

36:29.5

emails from people learning django saying yeah will um how do i which django apps are good ones

36:35.1

to use how do i tell and i was like oh that's i mean i sort of love the naivete of that question

36:41.8

but it's such a deep question because it really it often is you know you install something you

36:46.2

know when you're prototyping or you need it and then that's what caused you to come behind on

36:50.0

Django. And at least personally, I'm sort of, yeah, I'm always extremely reticent to add any

36:56.1

third-party packages to my stuff. If I can, I'll try to reverse engineer it just for this very

37:00.7

reason. But that's not a practical mindset. I mean, you just, you know, you sort of want the

37:04.7

technical debt, but yeah, you always don't really look under the code until you have to. And I don't

37:11.1

know, Carlton, what are your thoughts on this? It's just such an interesting question.

37:14.2

i've been burned so hard so many times for this like i've wept tears of blood over third-party

37:22.0

dependencies that i wish i'd never installed so what would i do no no no like that process

37:28.5

have been different you know you have to learn you have to learn why it is that this pip install

37:34.1

magic package like yeah it's not a good idea folks like there are okay so there are there

37:41.5

are what a dozen or 20 or 30 right really top-notch long-term mature django packages out there that

37:48.6

you just wouldn't there's no way would you build your own you just use them because they've got a

37:53.9

history they're reliable you know you know but yeah but be cautious so go on the there was a

38:00.0

post on the forum.djangoproject.com the django forum uh which packages do you like and that is

38:04.8

gold you know people have got i started that one right you still well well done but there were

38:10.0

you know 10 20 people with like different overlaps of their best packages that was amazing

38:16.3

that's great use those packages but don't you know be careful so like you know there's um

38:20.9

something came up on twitter the other day hash id so for slugs you want yeah yeah yeah you want

38:25.7

a unique id i use i use hash ids but i don't use the django hash ids project not because that might

38:32.3

that might be great i don't know but i just won't go near it because i won't take on a dependency

38:38.2

that i can't vouch for and i learned that the hard way yeah well that i think that we'll link

38:45.2

to it i think i i think the question on the jenga forum was uh top five third-party packages because

38:50.1

i was curious if there was a standard overlap and i think you know it quickly becomes really

38:54.9

like 10 15 for most people that they're using on every project um but that is one of the things i

38:59.5

think about in terms of is there a way to shortcut to that without uh you know tears and pain to

39:06.1

to provide a counterpoint like i'm still very pro dependency um and and there are there are

39:12.1

other dependencies where i'm like so glad that i found them um yeah yeah there's there's one

39:18.2

called that's and it's actually not super well known um but it it just works um and it's it's

39:24.9

called uh qr but i think it's it's hard to find because um you can't google for it but because

39:34.0

there's another package that also has it and like it looks like it i'll i'll have to find it and put

39:41.5

it in the show notes but it's it's what i used um as a wrapper around um redis queues and it worked

39:49.5

really well and the whole thing like was one of the one of the reasons i didn't have qualms

39:56.3

using it either was the whole thing was like probably like 500 lines of code and i could like

40:02.7

grok it and like see what it was doing it was like okay this this is like fine um and i don't

40:10.0

have to write this myself and thank you to the author for like putting this out there because

40:15.1

it was incredibly reliable and easy to use interface um but yeah there are libraries

40:22.9

that i wouldn't start a project without but it's i sort of have this someone asked me about this

40:30.2

once um if i had a philosophy around like what tech i chose to use and i said something along

40:39.1

the lines of like i like to use things that are new enough that people don't cringe when they hear

40:47.1

you're using them but mature enough that uh i'm not getting woken up at two in the morning

40:54.1

more often than necessary i think it's a good rule of thumb well i'm just gonna say i like what you

40:59.3

said about like it it's only 500 lines i can grok it so the sort of cast iron test for a new

41:04.7

dependency is if push comes to shove if if this never gets another commit in its entire thing

41:10.7

could i take this on and maintain this as part of my you know daily job if i for the for the good of

41:15.7

this project in that case yeah okay maybe take it on but if it's you know loads of models and loads

41:20.9

of views and loads of stuff and it's like is this is this really what i need for my project yeah

41:26.4

And that was one, actually, I think the dependency that I mentioned

41:28.5

is actually one that we upgraded to Python 3 because we used it.

41:33.3

I have to check it.

41:34.3

I think they open-sourced it.

41:36.4

Is it Django RQ? Is that the one?

41:38.4

It's just called QR.

41:40.6

And if you look it up on GitHub, it's TNM slash QR.

41:43.8

And I was able to find it because it's one of Dr. Arnimand's public repos is QR3,

41:50.5

which is the Python 3 version of it.

41:52.7

just before we move on just um just like about going back to the history of Django like I think

41:59.0

that upgrade period between like 1.5 1.6 1.7 1.8 the whole migrations coming in and that was just a

42:06.5

you know that was a massive difficult period for a lot of people a lot of projects um and I think

42:13.7

it sort of marks the difference sort of up to 1.8 and then 1.9 1.10 1.11 2 you know it's there's a

42:21.3

a different world now right it's much smoother much easier yeah it's sort of changing and and

42:27.7

to that point i am level of the framework i am actually so grateful that we started with 1.5

42:32.3

and not 1.4 um because going from 1.4 to 1.5 would have been uh painful yeah so it's a different like

42:39.5

it's just like a different epoch in django's history right those early days to to now yeah

42:44.5

well and even uh 3.0 it just came out sounds like a big leap from 2.2 but i just updated a whole

42:49.7

bunch of projects and it's really not much of a leap um which is which is really really nice

42:56.4

that's how you that's how you want it so thank you carlton marius and everyone else for making

43:00.8

that happen it's the contributors and tim graham again for like putting putting the systems in

43:06.3

place such that django has you know the stability that it needs as a mature framework yeah just and

43:13.6

wanted to ask you about, so you've given a tutorial on security, I think at least the last

43:18.9

two Django cons, and I haven't been able to attend in person, but I've gone through all the slides.

43:24.0

It's really fantastic. I wonder if you could just sort of tee that up in terms of, you know,

43:28.9

because I think you, what is that tutorial like? And I hope you keep doing it, right? In terms of,

43:34.2

I think you take a Django app and then ask people to hack it and run through kind of best practices,

43:39.4

which are super relevant to you know medicine yes um it's it's one of the things that i actually

43:45.9

really like about django is how seriously they they take security um like even when there was

43:54.3

a time period where we were using an unsupported version of django uh we we made sure to like

44:00.2

backport any security fixes um and keep keep on top of that um much better when you're on

44:09.7

vanilla and you don't have to worry about that because you get it for free uh yes but the

44:15.8

security tutorial is again another thing that i i can't take credit for it's actually originally

44:20.4

um ashisha's tutorial that he gave at pycon um i want to say 25th 2014 2015 um

44:30.8

i have to to double check um but i i was giving a tutorial at pycon yeah pycon 2015 i gave a

44:39.9

tutorial on the django admin actually which um i had also given at uh django con 2014 which was

44:48.6

my first ever DjangoCon. And I was crazy, simultaneously crazy enough to propose a

44:57.7

tutorial and a talk. And then the organizers accepted both of them from a first time presenter.

45:03.8

It was, it worked out fine.

45:07.8

Yeah, we'll link to that talk. That's a fantastic talk because you talk about

45:11.0

building out the early version of Doctrine and Demand.

45:14.3

But I was giving an admin tutorial at PyCon in 2015, and Ashish had sent out a request for TAs for a security tutorial he was giving.

45:25.8

And I was like, sure, I'd love to help out.

45:29.3

It seemed like an awesome idea.

45:31.0

He set up a deliberately insecure Django web app, and then you go through all of the instances around Heroku.

45:40.2

So you're split up into teams and there's a short period of lecture where you go through like various pieces of the OWASP top 10.

45:48.7

And then your team that you were assigned to has a Heroku instance that you try and like find the vulnerabilities and you can see like why you're not supposed to use raw SQL and why you shouldn't put CS or F exempt on on things.

46:10.2

And, like, how a cross-site scripting attack actually works and what it looks like.

46:15.7

And it's a lot of fun because people, like, will do unexpected things to each other.

46:21.5

And, like, they'll find the vulnerabilities.

46:23.9

And then because you're working in a team, like, someone will come up with, like, people who are much better at JavaScript than I am.

46:32.4

And have, like, crafted their own, like, fun little things that are surprising for folks.

46:39.7

I think someone probably rickrolled all of the other teammates at one point, which is great.

46:48.7

I loved that tutorial, and a couple years later, I met Ashish again and thanked him for doing it.

46:57.9

It was like, that was an awesome tutorial.

46:59.1

And he mentioned, yeah, I don't have time to work on it anymore, but if you ever want to take it, it's all open source.

47:04.4

You're welcome to give it yourself.

47:07.0

And so I did, I updated it from 1.4 to 1.8 last year, or no, when I gave it at DjangoCon 2018.

47:23.9

Yeah, last year.

47:24.8

definitely remember or maybe it was to 111 um regardless i i realized why he hadn't used one

47:32.0

seven because that was the most recent version because like django introduced some stuff that

47:36.2

made one of the vulnerabilities much harder to execute oh yeah in one seven and so i like was

47:43.4

banging my head against the wall like how can i get this vulnerability to to work again um it has

47:49.3

to do with like cookie-based session storage and and how you um can hack that and like why the

47:57.5

django secret key should remain secret and so django has gotten progressively secure more secure

48:03.1

over the years and so i remember um complaining was like i had to spend so much time to get this

48:09.1

vulnerability to work again uh and and and i was talking to james he was like are you really going

48:16.0

to complain about django getting more secure i was like well yes but my yeah yeah it is well

48:25.2

and i think i don't i don't know if either you know when the deployment uh checklist that um

48:30.2

is part of django that uh i think we've talked about in the show i mean i find that so helpful

48:35.7

right because it really is there is like the dev version and the production version and

48:39.1

for someone who hasn't done it before like i go into some depth in this in my book but it's

48:43.6

it's quite a leap to, you know, to understand what are the differences and then why would we

48:47.4

not just have it be secure all the time? And, um, and then it would be what, you know, I, I love the,

48:52.8

you know, pen test version of like hack this site, which is, I think, yeah, such a fun way to do

48:58.9

these, what can be sometimes dry things. Um, and I, I didn't realize it was actually, yeah, you just

49:03.7

spin up a dedicated Heroku for each site. I mean, I guess, I guess you need two accounts, right?

49:07.1

Cause you only get five free accounts from Heroku, but it's doable to do that.

49:11.0

Yeah, I have a paid account.

49:15.9

But I don't think I've ever even, even with the tutorial, having used it,

49:20.5

I don't think I've ever had to really pay very much at all for the way it's being used.

49:27.5

And all of it is, like, all of the slide content and web app content is all available on GitHub.

49:38.5

And so anyone can go through it.

49:41.0

and like set it up. The basic takeaway of the, the tutorial is, uh, don't override Django's

49:49.9

defaults. Um, unless you really know what you're doing and are you really sure that you know what

49:56.0

you're doing? Right. I also wanted to ask you about, I saw this year at PyCon, you gave a talk

50:03.7

on speeding up the Django admin. Oh yeah. I guess I'm curious at what point do you leave the Django

50:09.4

admin in terms of playing around with your data and stay in it because you showed all these fun

50:12.9

optimizations but um with your experience what's your kind of rule of thumb for when are you abusing

50:18.4

the admin and when are you improving it um you're definitely abusing the admin if it's your primary

50:24.3

customer support tool um that's that's one one key indicator um i forget did you put i don't think

50:33.7

you i've seen people like throw elastic in the search there i don't recall if you i remember

50:37.9

you showed you stepped through how to speed up like some queries i i did not do that but i know

50:43.1

um i know the woman who gave the talk about throwing elastic search in there and it's it's

50:49.8

quite a good talk i definitely encourage people to go watch that one as well i think she gave it

50:54.0

at django con this year or well we'll find it and link to it but i mean i loved i loved your

50:59.9

presentation because you took like a really slow query and then you you kind of stepped through

51:03.4

ways to improve it which i love that teaching approach rather than just giving the answer

51:08.3

because without the context it's just like some code you've memorized but i assume that came from

51:12.8

some real world examples of using the admin to do lots of stuff oh yeah the admin is a great way to

51:19.8

like get a quick overview of data and like make quick changes i think if it's i think the general

51:26.1

rule of thumb that the documentation gives if if you're using it primarily for like internal use

51:31.7

then that's great if it's i don't want to give like a blanket rule because it's like it's such

51:36.9

a useful tool uh yeah but i think it can get tricky if it's like something that is externally

51:45.9

facing like that's probably a you know i don't want to say blanket bad but uh application smell

51:53.1

maybe like are you are you really sure this is a good idea uh kind of thing yeah i mean you can

51:58.7

you can do a lot of permissions i i would i'll 100 agree you shouldn't show outside or customers

52:05.3

your admin panel i mean even and even you know basic thing the clue is the user model right it's

52:10.9

got an is staff flag and if you're not staff you can't log into the admin by default right so go

52:17.4

with that if everyone is staff you might be doing something wrong right but well right you know if

52:23.4

internal side internal app you know well i mean because you might have i don't know customer

52:28.5

or some support versus engineers.

52:30.3

Some people can do reads, some people can do...

52:32.3

The addition of view permissions, I think,

52:35.0

was really nice from the perspective of,

52:39.8

I don't know, depending on your perspective,

52:41.2

either making the admin more flexible

52:42.7

and more useful for more people, but safer,

52:45.5

or from the perspective of just encouraging people

52:48.1

to quote-unquote abuse it more.

52:49.9

I don't know.

52:50.9

That's potentially one of those,

52:52.3

like, we could go down a deep rabbit hole here.

52:55.5

Yeah, well, I mean, I think on some level

52:57.3

have to take responsibility if you have enough knowledge to customize the admin go for it i mean

53:03.4

not go for it but like you know it's a little bit how i feel like when i'm when people ask me about

53:07.9

like setting things up at computers and they're using linux it's like well you're in linux world

53:12.3

like i exempted yourself into a different category without sounding trite with with great power comes

53:17.6

great responsibility yeah well yeah exactly i was gonna say on the admin and this just came up

53:22.9

uh two days ago the thing one if i could solve one thing it's like don't have your admin it's

53:28.9

admin like i was looking at some somewhat prominent django company and i was like i was

53:35.6

like i wonder if admin's exposed yeah it's exposed and then i was like you know doing past you know

53:40.8

so change that like i would rather you give outside access to your admin than have that

53:46.4

slash admin personally carlton you agree it's so easy to change it's so easy to change instagram.com

53:54.5

forward slash admin or whatever well and i mean i just i just i just yeah i just really judge

54:03.3

harshly it's a little unfair but i looked at that as like nope they just dropped a whole bunch of

54:08.6

notches like you got to change that anyway sorry your your talk though i think you focused a lot

54:13.9

on on queries right on speeding up i forget that that schema that you were dealing with yeah i

54:19.1

think an alternate title for that talk could be like basic usage of uh django debug toolbar for

54:27.8

analyzing um for analyzing queries and it just happens to be really easy to like demonstrate

54:34.1

that against the admin because it's very easy to create um oh in queries when when using the list

54:42.4

view so so one other talk that you've given that isn't technical i think was on becoming a parent

54:47.3

um i'm curious if you will link to that if you could share you know the non-technical side of

54:52.8

being a coach yeah um i think being a programmer has been simultaneously like a huge blessing when

54:59.5

when becoming a parent because it's fortunate that it's a it's a job that in some cases can

55:05.3

can be more flexible and and i was really fortunate um that at doctor on demand the

55:11.2

culture was such that like, I was able to take, I was, I was able to have a, an extremely flexible

55:19.0

working schedule, especially after my, my daughter was born. Um, and so in that talk, I discussed

55:25.1

some of the things that like, I totally didn't expect becoming a parent. Um, and it was, it's

55:33.2

different from most of the other talks that I've given that, that you'll find. Uh, my daughter

55:37.6

actually ended up on on stage uh towards the end of that talk because she was she was 10 months old

55:44.0

and she was being held in in the front row for a good portion of the talk and then she decided that

55:49.5

that she was just not not happy there oh okay i you know what i have seen this talk then yeah

55:56.9

programming post progeny because i i do remember that talk and actually i love that i think you

56:01.4

you generally bring her to the conferences because i've seen you a number of conferences that

56:04.7

you're there because it actually makes me feel like oh man i should have brought my kids too

56:08.3

she she definitely comes along yeah um to a lot of conferences and it's been really fun as she's

56:13.7

gotten older and like different things the expos are always a really good time that's one of the

56:18.4

things that coming for the language and staying for the community has been a big part of python

56:25.1

and django for me like when i started it was because i appreciated like the technical aspects

56:29.4

of it and now going to the conferences is also for me like just a connection with a really fantastic

56:38.2

group of people that i love being around yeah i would agree and i think too i mean just for me

56:43.6

like i've i'm now my second year going to conferences they they just get more fun because

56:48.7

then you already know people and you um you still meet new people but um yeah it's a very welcoming

56:54.7

community right jacinda thank you very much for coming on the show what a super chat i'm you know

56:59.7

everything technical details all the way through to community and family and life and things like

57:05.8

that so super yes thank you for thank you so much for having me and for like having a podcast for

57:12.7

the community and definitely very much appreciate all the people who who spend time putting out

57:19.5

content for people. Well, thank you for sharing your stack too, because I think we're not afraid

57:25.0

to dive into the details because for people listening, it is interesting. Thank you so much.

57:30.0

And I hope you have a great rest of your day. And you. That was Django Chat. We're on Twitter

57:34.9

at ChatDjango and join us next time. Bye-bye.