#485: Secure coding for Python with SheHacksPurple

What do developers need to know about AppSec and building secure software? We have Tonya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and services. Episode sponsors Posit Bluehost Talk Python Courses Links from the show Tanya on X: @shehackspurple She Hacks Purple website: shehackspurple.ca White House recommends memory safe languages: whitehouse.gov Python Developer Survey Results: jetbrains.com Bandit: github.com Semgrep Academy: academy.semgrep.dev Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Have you heard about HTMX? We've discussed it a time or two on this show. We're back with another episode on HTMX, this time with a real-world success story and lessons learned. We have Sheena O'Connell on to tell us how she moved from a React-Django app to pure Django with HTMX. Episode sponsors Posit Bluehost Talk Python Courses Links from the show Sheena O'Connell: sheenaoc.com An HTMX success story essay: sheenaoc.com Sheena's HTMX Workshop: prelude.tech - discount code: talk_python Talk Python's HTMX Courses HTMX + Flask course: training.talkpython.fm HTMX + Django course: training.talkpython.fm Build An Audio AI App course: training.talkpython.fm HTMX: htmx.org Playwright: playwright.dev django-template-partials: github.com Michael's jinja_partials: github.com django-guardian: github.com Talk Python Courses HTMX Example: training.talkpython.fm/courses/all Alpine.js: alpinejs.dev David Guillot SaaS video: youtube.com awesome-htmx: github.com Guild of Educators: guildofeducators.org The big rewrite song: youtube.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Let's say you want to create a web app and you know Python really well. Your first thought might be Flask or Django or even FastAPI? All good choices but there is a lot to get a full web app into production. The framework we'll talk about today, Reflex, allows you to just write Python code and it turns it into a full web app running FastAPI, NextJS, React and more plus it handles the deployment for you. It's a cool idea. Let's talk to Elvis Kahoro and Nikhil Rao from Reflex.dev. Episode sponsors Posit Bluehost Talk Python Courses Links from the show Elvis: github.com Nikhil: github.com Reflex Framework: reflex.dev Reflex source: github.com Reflex docs: reflex.dev Reflex Roadmap: github.com AG Grid: ag-grid.com Warp terminal: warp.dev A Stroll Down Startup Lane episode: talkpython.fm PuePy: Reactive frontend framework in Python episode: talkpython.fm Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Do you struggle to make sure your code is always correct before you check it in? What about your team members' code? That one person who never wants to run the linter? Tired of dealing with tons of conflicts and spurious git changes? You need git pre-commit hooks. We're lucky to have Stefanie Molin on this episode who has done a bunch of writing and teaching of git hooks. Episode sponsors Sentry Error Monitoring, Code TALKPYTHON Bluehost Talk Python Courses Links from the show Stefanie Molin: stefaniemolin.com Talk Python Blog: talkpython.fm/blog How to Set Up Pre-Commit Hooks: stefaniemolin.com Common Pre-Commit Errors and How to Solve Them: stefaniemolin.com A Behind-the-Scenes Look at How Pre-Commit Works: stefaniemolin.com Pre-Commit Hook Creation Guide: stefaniemolin.com (Pre-)Commit to Better Code Workshop: stefaniemolin.com exif-stripper: stefaniemolin.com exif-stripper on GitHub: github.com docstring-validation-using-pre-commit-hook: numpydoc.readthedocs.io Data Morph: Moving Beyond the Datasaurus Dozen: stefaniemolin.com Data Morph on GitHub: github.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Hynek has been writing and speaking on some of the most significant topics in the Python space and I've enjoyed his takes. So I invited him on the show to share them with all of us. This episode really epitomizes one of the reasons I launched Talk Python 9 years ago. It's as if we run into each other at a bar during a conference and I ask Hynek, "So what are your thoughts on ..." and we dive down the rabbit hole for an hour. I hope you enjoy it. Episode sponsors WorkOS Bluehost Talk Python Courses Links from the show Hynek Schlawack on Mastodon: @hynek Why I Still Use Python Virtual Environments in Docker: hynek.me Production-ready Python Docker Containers with uv: hynek.me Attrs: github.com uv: astral.sh What’s New In Python 4: python.org BusyBox: busybox.net Hynek's YouTube Channel: youtube.com MOPUp for macOS: github.com Homebrew Python Is Not For You: justinmayer.com argon2-cffi: Argon2 for Python: github.com pytest-freethreaded: github.com LM Studio: lmstudio.ai StackOverflow Trends Graph: trends.stackoverflow.co Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

If you work in data science, you definitely know about data frame libraries. Pandas is certainly the most popular, but there are others such as cuDF, Modin, Polars, Dask, and more. They are all similar but definitely not the same APIs and Polars is quite different. But here's the problem. If you want to write a library that is for users of more than one of these data frame frameworks, how do you do that? Or if you want to leave open the possibility of changing yours after the app is built, same problem. That's the problem that Narwhals solves. We have Marco Gorelli on the show to tell us all about it. Episode sponsors WorkOS Talk Python Courses Links from the show Marco Gorelli: @marcogorelli Marco on LinkedIn: linkedin.com Narwhals: github.io Narwhals on Github: github.com DuckDB: duckdb.org Ibis: ibis-project.org modin: readthedocs.io Pandas and Beyond with Wes McKinney: talkpython.fm Polars: A Lightning-fast DataFrame for Python: talkpython.fm Polars: pola.rs Pandas: pandas.pydata.org Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

You're about to launch your new app or API, or even just a big refactor of your current project. Will it stand up and deliver when you put it into production or when that big promotion goes live? Or will it wither and collapse? How would you know? Well you would test that of course. We have Anthony Shaw back on the podcast to dive into a wide range of tools and techniques for performance and loading testing of web apps. Episode sponsors Sentry Error Monitoring, Code TALKPYTHON WorkOS Talk Python Courses Links from the show Anthony on Twitter: @anthonypjshaw Anthony's PyCon Au Talk: youtube.com locust load testing tool: locust.io playwright: playwright.dev mimesis: github.com mimesis providers: mimesis.name vscode pets: marketplace.visualstudio.com vscode power-mode: marketplace.visualstudio.com opentelemetry: opentelemetry.io uptime-kuma: github.com Talk Python uptime / status: talkpython.fm/status when your serverless computing bill goes parabolic...: youtube.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Do you have kids? Maybe nieces and nephews? Or maybe you work in a school environment? Maybe it's just friend's who know you're a programmer and ask about how they should go about introducing programming concepts with them. Anna-Lena Popkes is back on the show to share her research on when and how to teach kids programming. We spend the second half of the episode talking about concrete apps and toys you might consider for each age group. Plus, some of these things are fun for adults too. ;) Episode sponsors WorkOS Talk Python Courses Links from the show Anna-Lena: alpopkes.com Magical universe repo: github.com Machine learning basics repo: github.com PyData recording "when and how to start coding with kids": youtube.com Robots and devices Bee Bot: terrapinlogo.com Cubelets: modrobotics.com BBC Microbit: microbit.org RaspberryPi: raspberrypi.com Adafruit Qualia ESP32 for CircuitPython: adafruit.com Zumi: robolink.com Board games Think Fun Robot Turtles Board Game: amazon.com Visual programming: Scratch Jr.: scratchjr.org Scratch: scratch.org Blocky: google.com Microbit's Make Code: microbit.org Code Club: codeclubworld.org Textual programming Code Combat: codecombat.com Hedy: hedycode.com Anvil: anvil.works Coding classes / summer camps (US) Portland Community College Summer Teen Program: pcc.edu Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

Do you have text that you want to process automatically? Maybe you want to pull out key products or topics of conversation? Maybe you want to get the sentiment? The possibilities are many with this week's topic: NLP with spaCy and Python. Our guest, Vincent D. Warmerdam, has worked on spaCy and other tools at Explosion AI and he's here to give us his tips and tricks for working with text from Python. Episode sponsors Posit Talk Python Courses Links from the show Course: Getting Started with NLP and spaCy: talkpython.fm Vincent on X: @fishnets88 Vincent on Mastodon: @koaning Programmable Keyboards on CalmCode: youtube.com Sample Space Podcast: youtube.com spaCy: spacy.io Course: Build An Audio AI App: talkpython.fm Lemma example: github.com Code for spaCy course: github.com Python Bytes transcripts: github.com scikit-lego: github.com Projects that import "this": calmcode.io Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

A couple of weeks ago, Charlie Marsh and the folks at Astral made another big splash with a major release of uv called "uv: Unified Python packaging" which has many far reaching features. We had to have Charlie on the show to give us the inside look into this development. Let's get to it. Episode sponsors Posit Talk Python Courses Links from the show Charlie Marsh on Twitter: @charliermarsh Charlie Marsh on Mastodon: @charliermarsh Episode follow up: Wrote up how we use uv at Talk Python: mkennedy.codes uv: Unified Python packaging: astral.sh Python executable management: astral.sh Projects: astral.sh Tools: astral.sh Scripts: astral.sh Rye and uv: August is Harvest Season for Python Packaging: lucumr.pocoo.org Python Build Standalone releases: github.com Rules: astral.sh Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy