We’re back after a few weeks away! We discuss the Django Community Survey results, virtual conferences taking place, upcoming Django Technical Board vote, and more.
Our podcast does not have a sponsor and is a labor of love. To support the show, please consider purchasing one of the books on LearnDjango.com or suggest one to a friend.
Carlton Gibson 0:06
Hi, welcome back to Django Chat, a fortnightly podcast and the Django web framework. I'm Carlton Gibson joined us over by my co host Will Vincent. How are you? It's been so long. I know.
Will Vincent 0:15
I'm good. Hi, Carlton. It's this is the first one since mid July, we had a little break for the first time. We were just discussing before we went online, we both have we have seven kids between us all under the age of 12. So that's been interesting, but everyone's juggling stuff. But it feels nice to be back in sort of a routine, I guess, with school virtual and otherwise.
Carlton Gibson 0:35
Ya know, for me, it's still very much like swimming through treacle, literally. The kids finished school on the 13th of March and they went back on the 14th of September. So that's six months, literally six months out of school. So you know, 2020 I saw a tweet the other day when 20 there's only three months to 2020 left. But mentally I never left February I really resonated with me. I'm like, Yes, that's that's exactly how this year has gone. But
Will Vincent 1:00
yes, but stuff has happened. So as you, as you mentioned in the intro, so we are going to be going every two weeks going forward. We did weekly for 70 to 74 weeks in a row, but we're going to be going every two weeks. This episode, we're gonna be talking about the Django Community Survey updating everyone on what's happened in Django the last couple of months, but most of the episodes are going to be guests. We have a whole bunch of guests lined up for the fall that we're excited about. So it'll be mainly guests talking about using Django out in the wild. What's happened 3.1 came out Carlton, you and Mario's Yes, it
Carlton Gibson 1:35
Yes, Mariusz was released manager for that. So he basically did all the hard work and I was there with like the supportive cup of coffee and metaphorical you know, remote coffee and remote Dola as they you know,
Will Vincent 1:46
yeah. Did Tim videos time or is that the first without him?
Carlton Gibson 1:51
No, he didn't. He didn't make an appearance but he has been active. He's been working on the cockroach DB back end. I think there's there's progress progress there or making that more money for fully more fully feature because Tim keeps making these little prs. So that's nice.
Will Vincent 2:06
Yeah. I've seen that. Well, that's good you and there's already been a security release. So 3.1 point one and 2.2. Whatever came out a couple days ago,
Carlton Gibson 2:16
yes, that wasn't super high protein. It was a strange permit to make do the opposite. The behavior of makers changed in Python 3.7 to not set the permissions of intermediate directories that it creates. And then so when you run, collect static or whatever, you had to make sure that we've seen the correct permissions. It's not particularly high, high impact one in that, you know, someone's got access to your file system, you've probably got bigger problems already. But yeah, you know, we got that out and we got a lot of quick fixes out so 3.1 the, you know, the 3.1 point one that that first point release is always quite hectic because there's new feet And then people finally try, you know, give them a try against their production environments and they find all kinds of issues. So the few with the new admin sidebar, CSS kind of issues, we'll resolve those, or we resolved a lot of those with a couple more that will get resolved in 3.1. Point two and then hopefully it should be like, yeah, okay, we've got the worst of that JSON field, a couple of little ones there and a few few regressions in the RMA change, you know, if you've got particularly complex queries, which, you know, and Sydney covered by the test suite, because it's like I'm aggregating here, and then grouping by, you know, all the group by and then ordering on the aggregation. It's like, these things can be tricky. So a few of those.
Will Vincent 3:39
Yeah, the LRM can be tricky. Yes. Well, kudos to that. I'm glad you know,
Carlton Gibson 3:44
came out marish. Really, I mean, Marius worked like an absolute Trojan is the phrase, he really, you know, he really sweated it, and it's my turn for 3.2. So I'm a bit like,
Will Vincent 3:56
you're alternating. Is that the friend?
Carlton Gibson 3:57
Yeah, yeah, cuz like we said, We alternate the monthly releases, but then also the major releases. We take turns on that because they're a lot more work.
Will Vincent 4:05
Yeah. And 3.2 will be yes. apartness will be the LTS. Yeah. Is that even more worrying for for the two of you? No,
Carlton Gibson 4:13
no, it's exactly the second like the LTS is just the same. So there was a mosquito tournament me so I just had to attack it. Um, the LTS is the same. You know, if we're gonna sit
Will Vincent 4:27
still, I just, I'm smiling because we make a lot of efforts to have good quality audio, and you're, you're smacking your hands loudly. We're all together.
Carlton Gibson 4:33
Oh, yeah. Yeah, no, sorry. I do apologize. Mosquito versus guests. It's like mosquito,
Will Vincent 4:40
yeah. What else? I added all my books. So this time, I will use the beta release, as you would say, and so they all came out. I had to redo screenshots for every single admin view, because there's the new admin sidebar, but also the Chrome browser changes so anyways is complete, start to finish redo of everything, but as of late Get that out and then take a little bit of a break. So that I read,
Carlton Gibson 5:04
Nick, would you would you read up wrote a post or perhaps just a series of tweets where you're saying that rewriting the books is kind of like I can remember exactly what you said, but more like doing scales. Yeah, you use the yes scales. Like, because you go through it and you tweak it and
Will Vincent 5:20
I'm trying to be Zen about it. Yeah, I think that's accurate that because I go through for every every major release, I go through everything from scratch new codebase, new screenshots, and it is the, the bane of the existence of people who create content is you have to update all the time if it's technical. And so most people don't and I've, I'm on now my fourth or fifth time updating for Django. I think the first time I did was 110. But yeah, I think it's, I think it is for like musical scale. So I played music. My kids played music. And you know, my we spent a bunch of time during the break with my my brother in law who's a professional violinist. And he plays you know, five hours a day and he plays Scales every day on top of everything else. So I think there is something true about that that you know, going through because there's things that change in Django. There's things that change in Python, there's externalities, but there's also just how I feel about teaching stuff changes. So I try to, you know, there's an opportunity to do that. I mean, for example, some of the changes that I made in the book, well, the book size changed actually. So the paperback trim, it was eight and a half by 11. And now it's more closer to seven by nine, which is more standard sized. So people probably won't notice that but that was a whole ton of work for me to do. And that's gonna be hard to find on the bookshelf, though. It'll be hard to find a bookshelf
Carlton Gibson 6:38
Yeah, cuz it will not blend in with all the others who became flushed.
Will Vincent 6:43
Yeah, I mean, I would like to have, you know, hire a professional developer designer and make it all perfect, but I updated all the time. So But anyways, I think it I think it's better. The path lib is a big change in 311 and three, one so the settings.py file. defaults. If you do start project to pathlab, I saw I updated everything to use pathlab instead of just OS. What else? And I guess the other one that I've had a bunch of questions about is I decided to for project names. In the past, I would, if it was a book project, I would call it book underscore project, or, you know, to do underscore project, but I've adopted more than calling everything config. That's a project folder. So it's, it's completely superficial. But I made that I implemented that in the books, as well as I've been doing that my tutorials because I think it's one less thing to worry about, because it is one of those things that you have in every project. And so it just seems, I like to standardize it. And I think Jeff triplet cued me onto that pattern. So
Carlton Gibson 7:46
so that's because you've got a folder for the apps. And then one of those apps isn't really the app, it's the project folder. It's got the settings in there. Yeah.
Will Vincent 7:52
So that's why I would do I would make a point of doing you know, underscore project which just to reinforce that Anyways, so yeah, those are, there's so many moving parts in the Django project in app. So to the extent that some things are standard, try to name them as such and treat them as such across the different examples that I give. What else? Django people has been sunsetted. So that was a project that's been around for a long time. Not really maintained. There's a post up on the Django site we'll link to it wasn't being used. So it redirects to I think that blog loading page now.
Carlton Gibson 8:33
Yeah, yeah, holding page. I think that that's the point. It wasn't being used. It wasn't being maintained. And so whilst Jango snippets is still being maintained, and that's up to date, and you know, that that's keep going nicely. Django, people was in need of love. And then there's this folks who were like, ah, I need to reset some credentials, or I need to change some details that and they weren't able to log in and we weren't able to recover accounts and at that point is no longer sustainable.
Will Vincent 8:59
Yeah, I mean, Because there is this constellation of Jango things that are maintained by the Django Software Foundation. So now Django packages will be moving into that orbit. What else is there? There's there's a list of things that the ops team is in charge of. So anyways, that's it. People won't probably miss it. But that's changed. Django news newsletter. So that's something I've been doing with Jeff Triplett, that's still going along. We'll put a link that's a weekly link of all sorts of Django news projects, videos. There's a whole bunch of conferences that have happened. So pi con Australia happened. There's a Django track. We'll link to that pie con Africa happened. There is a whole number of Django talks will have links to that. And Django con Europe is coming up this weekend, which you're speaking Yeah,
Carlton Gibson 9:48
yet Well, speaking, I'm busy trying to make a recording. So it's very
Will Vincent 9:53
talks about
Carlton Gibson 9:55
Yeah, my talks about optimizing model choice field and In order to have an example for that they've got this crazy database query that goes insane. And then trying to record the demo. I wasn't actually able to record the demo because my computer wouldn't capture the video and process all the database requests without doubling the time because it was busy. Like, I don't know what, God what they do. time sharing. And so basically, I'm having to go slides only because I can't I can't do the demo, but I hate live demos. I even recorded live demos. It's a live
Will Vincent 10:26
coding even a recorded video doesn't work is what you're saying.
Carlton Gibson 10:30
Yeah, no, I'm not live coding any date, you know? No. So I'm actually happier that I'm doing slides. But that means I'm still working on it, even though the deadlines really soon. But it's fine if I'm quite excited about it.
Will Vincent 10:41
Yeah. Well, there's a great list of talks. So there's your talk. Adam Johnson has one on how to hack a Django site, but I'm really interested to see because he would know Tom Dyson of wagtail has won on new ways to deploy Django app. Marcus Holdren has one of migrations. Aaron Bassett, has one ht TP headers. Sage abdulah has one on cross tvj Some fields. Andrew Godwin therof. So, the whole list of people. I'm really excited to see the talks.
Carlton Gibson 11:06
Yes, I am. I'm excited about Tom Dyson's talk because he's gonna look at three different ways of deploying from, from the first one being like a static site. So what I will know is what how's he going to get a static site out of its Django thing? Is you going to use web get and Mirror mirror the Django site? Or like, or is he got a little command line to do that? I'm quite interested in that. I think the second one is like a more normal deployment. And third one, some sort of containers. Seven Yeah. All in space number.
Will Vincent 11:34
Yeah, no, I really interested to see I think it's gonna be great. And I'm glad that that that the conference is happening. I think there's there two more things and then we'll get into the survey. So Django technical board vote is coming up. So this is a really big deal. This has been in the works for two years, I think. But Django will have a technical board have three members who will be the final deciders when there is a big issue. Is there anything more you want to say on that? So people should there'll be so people who are members, there's 200 odd. individual members of the Django Software Foundation will be the ones who vote on that. And that election is important and upcoming.
Carlton Gibson 12:15
Yeah, this is Yeah, I mean, they're all I'd say is that this is the culmination of the whole dissolving Django core or renaming Django core and introducing a more modern government governance. Django is such a big project now that it needed something more formal than what it grew up with when it was much smaller project. And, you know, we've talked about Django core and how it became stale and you know, various other things and not representative of the wider community. And the technical board. This final technical board election is kind of like the final piece of that debt game change. We've had the mergers, we've had the Maris myself included the mergers, and then we've got, you know, Maurice, and I do the releases and that was all part of the 10. But the thing we'd be missing is this official election of the 10 Cool. Yeah. So that was excited about that.
Will Vincent 13:03
Yeah. And yeah, I mentioned, one last thing that the Django Software Foundation has been doing is adding corporate badges. So corporate members, will now have something they can show on their sites. That will be up soon.
Carlton Gibson 13:19
Yeah, I'm working on that this week issues.
Will Vincent 13:21
Yeah. So that's a good something for the corporate sponsors. So that's important. Okay. Community Survey. We get Should we get into right? Yeah.
Carlton Gibson 13:30
Yeah, no, this was super.
Will Vincent 13:31
Yeah. So this was this was an i this happened right before I took my break, too. I sort of just like, you know, put out the charts and was like peace for a couple weeks. But we had fantastic responses we had for 4379 people responded, which is great. And we hadn't done a survey in five years. The last one was, Tim Graham had had done one in 2015. But you know, Python has an annual survey. And there's a For the fellows and for the, you know, the court, not the core teams, but the Django developers, it's important to know what usage is because Django does not track anything. So we're very much in the dark on what people are using. So this was really, I think, will hopefully guide future discussions around, you know, we'll go through them, but how is it actually being used? which database back ends? All that kind of stuff that we can only wonder about?
Carlton Gibson 14:24
Yeah, she should have done you do a lot of work on something you're like, well, is anyone actually using this? And it's nice. Yeah. So, you know, let's jump the gun. There was one on the test framework, which test framework you're using, we do a lot of work on the Django test client to get that up to date and keep that running. And who's using it turns out a massive portion of the user base are using it so
Will Vincent 14:44
right yeah, cuz it is you started that timer. Is everyone just using pi test? Why do we bother but
Carlton Gibson 14:48
yeah, it's right. Yeah. So anyway, that was that's what we'll come back to that when we let's go through them in order because otherwise we'll get lost. We'll cut back and forth.
Will Vincent 14:55
Okay. Yeah. So there's links to them. It's up on the site. So the first one The question is what is your primary operating system? And so I think for next year, I'm going to rephrase this because I think the better question would have been what is your local operating system? And what is your server operating system? So 45% said Linux 27%, Mac and 27%. Windows? I think the I suspect the Linux question is your, you know, there's some combination of your server and not just your local client, because anecdotally at least, yes, people use Linux. But I was surprised by this. So we could ask it in a way to confirm that it's actually a local client versus server.
Carlton Gibson 15:38
Yes, yes. But the big the big thing for me was the, the there are as many people, you know, borrow a margin of 0.2% met as many people using Windows as on Mac. And it's like, we always think Windows is the minority operating system. No, it's not right. It really isn't. And,
Will Vincent 15:58
yeah, you know, what's magical Regular
Carlton Gibson 16:00
contributors are either on Linux or Mac.
Will Vincent 16:02
Yeah, it's I mean, I'm certainly biased against when, you know, I don't have to fancy computers I work on I'm I use mainly Mac, I mean, use a Mac, you know, Andrew Godwin's on Windows, other people are on Windows. I know from my install Python three site, there's tons of people looking for Windows installs. But if anything, I thought that Windows would be bigger than Mac, you know, are demonstrably bigger. It seems about the same. So that was interesting question. I think for next year. Hopefully, this will be an annual survey that we can do. I would want to distinguish between client server because I suspect some of the Linux is that but moving on, so what do you what do you so when you start a new project, what do you use? So 75% said they use the latest stable release and 30% 75% LTS? Yeah. And I guess maybe, if you're starting a new project, why wouldn't you be in the latest one? It's more a question of You know in practice it's the upgrades which maybe we can we can even skip to where people say yeah how often do you upgrade and the majority say every stable release? Yeah, I think it's probably different you know, there's a difference there between a corporate site and a personal site because that's fantastic to see. But most companies I know are behind they're not on the latest release.
Carlton Gibson 17:25
Yeah, it's difficult because like so we there's a whole series of questions around upgrades and one of them was how easy it is and there's a big bump around easy and then a few people like you know, okay, it was harder and it's injured we can dig into the reasons why it's harder in a minute but like, why for me at the moment why would you be on the LTS there's just no reason to be on the LTS you should be on the latest version because
yeah, like
like if you're not gonna maintain maintain your application, then fine. You might think oh, we're not going to maintain it will be on the LTS so we don't have to maintain it. If you're not going to be beat maintain, you might as well They'll be on the latest version because it's got loads of bug fixes, which the LTS doesn't have. Right. And if you're not maintaining it Well, what's the difference?
Will Vincent 18:06
Well, and that's, you know, so there, there were responses to a couple of questions, including how do we make upgrading Django easier? And I think one of the one of the things people point out is that, you know, it's always your dependencies. So it's third party packages. You know, the major third party packages, by and large, are excellent at staying up to date. But, you know, who knows how many you're using dozens and dozens, and then maybe you have something custom? And, you know, so I think I know that that is why companies fall behind is because the dependencies, it's not Django itself,
Carlton Gibson 18:36
but this, this is the thing is, is that you get there anything, I need something and it's like, I'm just going to bring in this package, and then six months later, you realize that you can't update because it's not maintained or it's, you know, it's not compatible with the new version. And then what are you going to do? Are you going to dedicate the resources to commit back to that upstream package and fix it? Are you going to somehow patch around it or you're going to, you know, you got to be really cautious. Without taking on developer dependencies, you know, a lot of Django, third party apps are awesome. But a lot, something you could build in an afternoon, especially if you've had a look. And you've sort of seen Okay, yeah, that's an I'll take inspiration for that. But I'll write my own version, because then I'm on top of it.
Will Vincent 19:16
Right? Well, you and I are in that camp. I think that is definitely as as you progress in your Django career, you are more wary of taking on something. And so absolutely. For me, if I'll take a look at the source code, and if I think I can reverse engineer it pretty easily, easily being within a couple days, then I'll do that. But, yeah, so that's part of it. Someone had one of the good comments was, someone was asking about a Django admin command to show deprecation warnings, because I do think that a lot of people don't use the dash big W to see the warnings. Yeah, flags. You know, I don't know if we can make that clear in the docs, or, I mean, it's a little bit of video. He's super efficient,
Carlton Gibson 19:58
but there is a whole guide on upgraded. I don't say yeah,
Will Vincent 20:01
maybe it's an education issue more than
Carlton Gibson 20:05
anything else, there is a whole guide. The issue to me is, with that kind of thing, where it's like wrapped putting a wrapper around functionality, there's already there is that that wrapper needs to be maintained, and the surface area of the codebase. And then it takes away from, quote unquote, real features real work. Like it's, I understand that. If you don't know how to run with the warning flags enabled, then that might help you discover it. But But if you just read the doc one time, you'll know about it.
Will Vincent 20:39
Yeah, I agree. It's, we don't want to just put rappers on rappers and rappers it is there. If you search for it, you'll find it once you do it. Once you know about it, you use it all the time. You know, I don't know if we I think we do. Is it linked to when there's a new version that comes out? I don't know if we put it in. If it's put in a release notes. I
Carlton Gibson 20:58
think it is I would have to have We'd have to there's this thing at the top, which says, you know how to update? Yeah.
Will Vincent 21:03
Why in case listeners know, know about the flags to use them.
Carlton Gibson 21:07
Right? But But like, how do you love learn about these facts you learn about these flags by the first time you need them. But let's have a look. Yeah, there's so right. So at the top of the 3.1 release, it says, See the upgrading Django to a newer side if you're updating the project, right, that's, that's right in there. We get anywhere. And then it says about Python compatibility. So I don't know, I just think that adding that kind of stuff is great in principle, if we had much more human power available to developing code on the framework, and we don't, so we have to be very selective about what code we take on and what code we add. And people are, you know, can we have this really minor feature that will add a teeny bit of complexity for this for this corner case? It's like well, no implemented subclass. Keep that in your own project. Because if we implement each little minor edge case, it becomes unmaintainable.
Will Vincent 21:57
Yeah, yes, well, Speaking of resources, so one of the questions on which built in database to use, so, right, Postgres, the dominant one, as expected, SQL lite, second, MySQL and Maria dB. So Maria DB is just basically a different version of MySQL and an open source version of MySQL or Oracle's at 2.2%. You know, Oracle is always one of those ones in terms of resources. I mean, I think if this is still the case that for you in Mario's it's more work to make Oracle work than the other databases just on its own. Is that still the case?
Carlton Gibson 22:36
Yeah. I mean, I defer to Maurice on that. But yeah. Like, Maurice is is an Oracle expert. He knows it. He uses it well, but yeah, at times. It's it's fundamentally different from the other databases. I would say it certainly takes more than 2.2% of the time to maintain Yeah. And what really gets me is that Oracle Corp aren't prepared to Support the Django Software Foundation in all, apparently, you know, as we've had various conversations which haven't gone anywhere, Oracle core pump had to support the Django Software Foundation at that point you think, come on people like this isn't this is a massive corporate enterprise a massive corporate, they just bought right trans closed source, like a platinum caught sponsorship of the Django Software Foundation would be one than one kind of license, one license for Argo would be cool. Yeah, we covered that. And there's just it's just like crickets when we talk to them. So I do get a little bit upset with the lack of I don't know, input from Oracle.
Will Vincent 23:43
Yeah, well, I think there probably will come a time when there's something that requires a lot of work from the fellows and others around Oracle. And that may be the time when it's okay. You're the only non open source database. And, yeah, I think
Carlton Gibson 23:58
that time is just a bit Little bit for me, it's a little bit disappointing from Oracle Corp that they aren't prepared to stand up and support the project in any way. It seems.
Will Vincent 24:07
Yeah, I try to be positive and in public, so I'll just we'll move on from Oracle, but seems Yes. Have a peace with how they how they operate. database back ends. So mem cat, excuse me Redis was the twice as much as memcached, which I think that makes sense. Read it if you're starting from scratch. Redis does seem like it's the default choice. Not there's anything wrong with mem cache, but Redis more powerful.
Carlton Gibson 24:37
Okay, yeah. And this is, is but from, just from the caching point of view, like equally agree, I think people like they've got Redis in play, or they were thinking about Redis in play, or Redis is, you know, on their radar, so they go with that. The interesting for me is we don't have a back end in core for Redis. And yet, 76% of our users say they're using it, so We really need one. I mean, we're at the point where we're going to have three versions of the memcached. back end in core, and none Herrera has and that just seems
Will Vincent 25:10
wrong. Also, what is it? What is it? So what does it take to have that happen? It's just it's something,
Carlton Gibson 25:17
somebody to sit down and write the back end. So the API is quite small, it's only half dozen methods. And, you know, wrap that round read as pie, whatever there's, so there's Django Redis and Django Redis Cache, which are the two third party packages, they could be used for inspiration. It's just a question of the time to set that sit down and put them in but I think, yeah, at this stage with the survey results as the I think there is a clear case for a Redis Cache back end in core. And then, you know, the third party packages can add can expose the further capabilities of Redis.
Will Vincent 25:49
Right. Jango environment. Yeah, that's right. So moving along, but that was one of the interesting. Yeah, well, that that was one you know, that's the point of the survey. That was something I think had suspected that was the case but is very, very much validated that that is what the usage is in the community. Moving on to so apps that people contribute apps, admin, number one, that's probably not surprised off number two right there. I don't know what else I mean syndication, not a lot of people, people using syndication, but I guess, you know, that's not terrible surprise, flat pages still being used, but smaller amounts. So you know, the Python packages one was really interesting to me. And I will say, so I did not. So the list came from looking at the top pie pie downloads, and wagtail was added was only added after a couple days. So the wagtail numbers are low, lower than they would be. That would be the two things I would change for next time as I would include wagtail. And I would, from the beginning, it was only a couple days, but I think it was it was like Today Yeah, there's a wagtail virtual conference going on and, and Jeff said, you know, people are saying to write in wagtail I was like, wait, I can I can add that in. I should have added that in. But that's so that I think I know that's under represented. But you know, top one psycho PG for using Postgres. Yeah, that makes sense requests. sort of makes sense pillow that was a little surprising pillow. I mean, we would use for image uploading manipulation, you know, I mean, but everyone's using like, sore thumbnail or
Carlton Gibson 27:32
Yeah, see thumbnail Oh, these kind of things and they will use pillow right. So any kind of upload an image minimize it?
Will Vincent 27:39
Yeah. Anything with images? gunicorn is there g unicorn pi test? I mean, not surprised that pi test is there. You know, batoh three. So that would be for s3 storage for your media files or whatever else.
Carlton Gibson 27:53
Oh, no, everyone, but lots of people are using it.
Will Vincent 27:55
Yeah, black. So that's interesting. So the Python format or that's which is now part of Python. I think It's official, I think in some way, I think it's the PSF I believe is supporting it hosting. They're doing something with it. You whiskey. Yeah. That makes sense that I would think g unicorn would be a little bit higher than you whiskey, but also quite popular coverage. You know, that makes sense for testing, as well.
As usual Usual Suspects like white noise.
Yeah, you kind of have white noise. So anyways, it was interesting to to see. I mean, there's clearly there's, you know, what, 10 that jump out and then not a lot of others. So
Carlton Gibson 28:32
well, it's a massive long tail, right?
Will Vincent 28:34
Yeah. Yeah, maybe even next time. I wouldn't include all those all those options,
Carlton Gibson 28:40
I think for the third party yet. Right. So we've got Django rest framework, debug toolbar, and then Django celery like come on, folks. There are other cues well,
Will Vincent 28:46
chorus chorus chorus headers was number two, was it? Yeah, I mean, so it's, you have to hover over so this is the default Google Play. I don't have control over it. Yeah, chorus headers is actually number To then debug Django filter, rolling in there Django, celery Django, celery that you know Django, celery and Django Redis. Right there and what fifth and sixth. So, you know, Django extensions right below that. Someone was actually asking me why they're asking me but they're saying Oh, I wish shell plus was part of Django itself itself because it is true that Django extensions has. I mean, I use that a lot of people use that if we had unlimited funds, there's probably some things from there we could just roll into Django itself but it's Yeah, I mean package so
Carlton Gibson 29:32
so what shell plus does it automatically imports your model files, right? That's Yeah,
Will Vincent 29:35
exactly. So it syncs every time you go to the shell, you probably need them so and then run server plus I forget with that, that has some extra goodies, though. It's you know, Django is updating but run server plus is another one of the I mean, it's a Swiss Army knife for Django stuff. But certainly for the shell. I always use that Django all off you know, that's fantastic package up to date. Always used Django celery beat you know, that's I have actually haven't used that myself. But that got 700 votes. So Oh, and that was like shedule results. Yeah. And then we scheduled tasks, and then Django rest framework JW t. So there was a whole me discussion about JW. Ts. And I suppose we might as well,
Carlton Gibson 30:19
you know, let's talk about it, because it's kind of important in that JW T's people come around to the idea and like it's slowly propagating to the wider community that JW T is a badly designed algorithm. It's not it's sort of insecure by default, because there are so many configuration options that people simply can't help but get it wrong and not. It's just far too complicated. And as a result of that, there are frequent security breach breaches because of it or security poles because of it. So it came up well, what should we be using for authenticating my you know, single page application will probably just sessions still You know, if you're in a browser use sessions, if you're in another other client somewhere else, well, they can use cookies too. So hey, just use sessions perhaps. But perhaps Django needs a more rounded story here. But JW T, perhaps isn't the go to option it should be
Will Vincent 31:17
well, clients don't want to handle it all. And handle auth at all themselves, is basically part of the issue, right? Your your iOS or your Android app, just wants to deal with the cookie, but doesn't wanna,
Carlton Gibson 31:30
but pretty much every library is able to handle cookies. So it's not like you're writing network code yourself, you're using some networking library. And most of those have the ability to start to get a cookie from one request and then attach it to subsequent requests. It's no different than the token, right? The cookie is just the head that you send. With the request, it's cookie, and then there's your cookie string, right whereas a JW t goes in authentication, right. And then there's your token, or, you know, OAuth token. So it's just it's from a sort of HTTP request perspective, it's just setting a different header. So but you think B,
Will Vincent 32:11
do you think the onus is on Django to change this? Or it's on the clients, the mobile clients? I think
Carlton Gibson 32:17
it's like Django. So to get a cookie, on a response, it's just a question of implementing a view, which calls authenticate, and Django will do the rest, right. So that kind of simple cookie setting login view is, is is not going to change at all. What can we do? I don't know. I mean, is it our job to go through and say, of every login option? No, this is the one you should use this one you shouldn't. But I think we could perhaps call out that, hey, JW tees aren't the way to go. And you should be using session authentication still, where you can
Will Vincent 32:53
what muddies the water a little bit is that a session ID there's one session ID so you have a session. Id For your web client, and there would be a separate one for your iOS. Yeah, right that that. I mean, that's why tokens exist as a way to have a token generator.
Carlton Gibson 33:10
But you can log in from two browsers, right. So you can have Safari open and you can have chrome open and you can have Firefox open, you can be logged into your Django site and all three all three of them will have a separate session ID and yeah, separate sessions. Yeah, no, no, I'm staying with a mobile guy. So okay, back in the day, I wrote mobile clients using JDBC because I was learning came picked up rest framework, and I was like, I need some sort of authentication for my iOS client back. We're not you know is 345 I What do I do I hear you I can use JW t said the new hotness, everyone's recommending them. Right. Brilliant. They work perfectly well. I don't think about it anymore. But okay, with now knowing more and you know, reading more in the last few months, it's like, hang on. I should have been using sessions all along. I just never thought Oh, no, I can implement sessions. I don't know, it's difficult because developers don't know any better. And I didn't know any better at a time when I was using token or and you know, for, for things like I was that's what you're still using a kind of token, if you've got a bearer token and which you've got off of off of the server when you did the OAuth login, and you use that as your credentials. Yeah,
Will Vincent 34:21
it does seem like there's there is becoming this consensus, I mean, Django rest framework, the site lists, you know, that was almost a dozen different ways you can do authentication, in part because it doesn't want to be the arbiter of what you should do. But perhaps it's something Django itself could look at. Other than saying, you know, don't use JW T's if you're going to ask some people
Carlton Gibson 34:41
but there are I think there's this was it. Paste off Stein, I can't remember what they even called now, but that you know, an attempt to invent token based authentication which gets over the problems of JW T and that family but then that would need a you know, that need a Django rest from framework simple. This off rather than JW
Will Vincent 35:03
rated every two years or so the last section was asking about how people follow Django development. And so the top place is the blog, which is good because it's infrequently updated, but it's important things on there. Stack Overflow was number two, which I not sure how you'd follow development of Django and Stack Overflow. But I suppose there's advice and questions on there, and everyone's on there. Anyways, you know, Twitter, Twitter, a lot of us are on Twitter, Reddit, a lot of you on Reddit, I'm not on Reddit, but Django news newsletter. It's nice to see on there which renders, fill in the gap a little bit. Google Groups down the list. Do you have any thoughts on things that are how people follow Django development? I mean, it'd be nice if the Google Groups were higher since that's actually how development is being talked about. But I think this is more the broader community has questions about Jango as opposed to cutting edge features.
Carlton Gibson 36:03
Yeah, I mean, I think if I'm following it, I want to subscribe to the blog. I want to make sure I follow the blog. And then you know, if I'm on Twitter, I can follow a few people there. Django news, I think for a week weekly update is just a super resource. I mean, it's brilliant. You and Jeff doing an awesome job there. Do I think more people need to be following the day to day conversation on Django developers? It'd be nice, you know, if you've got some time to think about, yeah, come along, join in. Because that, you know, quite often someone will post Hey, I've got a proposal for this kind of thing. And there's half a dozen people who are like, you know, well, let's not have that
change.
And yeah, but maybe you maybe you need that feature. Maybe you want that feature, maybe you can talk about it. And and if you do, hang out and Django developers, then you know, you can, you can have a say you can be involved. And, you know, it's it's the official forum, so to speak. It's like, yeah, we've got the forum, which is for discussion, but if there's anything that's going to get discussed as is this going into Django, beyond Django developers, and we see consensus, then we just, you know, we take a kind of Yeah, we try and seek consensus, we try and see, you know, so there's this objection can we can we work with that? can we can we resolve something where there is a general consensus? And if there is a general consensus, we'll make a change?
Will Vincent 37:23
Yeah. It's working in public.
Carlton Gibson 37:26
Yeah, yeah. I mean, but that's what we aim for. That's super good book as well. Like this. Yeah.
Will Vincent 37:31
If we're gonna have you have you gotten it yet?
Carlton Gibson 37:33
Yeah, I've got now I'm about a third a third of the way through, you finished it, but it is working in public. It describes the the, the dilemmas facing open source, open source projects, and it kind of describes Django to a tee like, yeah, I mean, the the issues we face on a day to day basis. And so I'm a third of the way through, I'm really excited.
Will Vincent 37:51
Yeah, that the descriptive part was great to see that it's just these things that are endemic to open source, the challenges for contributors and maintainers. Anyway, in the first chapter, this this graph Have commits by contributor. And it's the exact same graph. And it's not
Carlton Gibson 38:03
because it's got different axes and different labels. But it's the exact same graph. It's I put up a Django con a couple of years ago in my website, we need to talk. It's like, that's the situation we're in, you know,
Will Vincent 38:15
yeah, that everyone's in and that I mean, I love the analogy someone made reviewing the books described the goodwill hunting analogy for open source. Do you recall this? Or he's like, don't don't you start off isn't. He started off as a genius and ended up as a janitor, with any open source project.
Carlton Gibson 38:33
Yeah, no. But like, that's the fellow role, right with very much now, handling the incoming requests triaging the incoming requests, and we do a little bit of the
Will Vincent 38:45
the code code around the site, but the fellows job is is to be the janitors to keep it clean to keep it from moving forward. If If I could have added sections to the book, I would have been interested to see how other frameworks and projects man Because I don't think it's that common to have paid contributors to do that. But it seems especially the size Django is. I mean, wouldn't work without that, right? It didn't have regular releases. You know, because the three types of projects are you have a solo developer, basically, you have something corporate, sponsored by Facebook, or Google or whatever. And then you have nonprofit. And there's not as that that structure is not as common as well as having paid contributors is less common. Because I think one of the, you know, as we're wrapping up the podcast, one of the things she noted is that what really takes time away from maintainers is just a tension, right? It's the volume of, you know, maybe relatively low quality interactions, you want to encourage people, but that becomes very draining. And so it's, you spend all your time kind of doing maintenance and inbound as opposed to coding and moving forward, which is the rewarding part.
Carlton Gibson 39:54
Yeah. I mean, there could be high quality interactions as well, like it could be Yeah. You know, some some Really quite sticky point, which, you know, there's not necessarily an agreement on and so you know, it can take an hour to craft the perfect reply, and then it doesn't quite it's not turns out it wasn't the perfect reply. And so it's like and then it's like, but I can't spend all week on this one issue. Yeah, we get we get five new tickets a day, every day.
Will Vincent 40:22
Yeah, I mean in a in a much more minor way but I, I have that issue with I I get my email out to anyone who buys my books and places and so I get a lot of emails. And it's a lot of time for me and it's sort of, I think keeps me in tune with the community. But sometimes I think, I wish I had fewer emails, but I can't. There are these fantastic emails from random people asking me either a really deep question I hadn't thought about or rephrasing how I show something or finding a subtle bug. There's fortunately, very few bugs in my books because they're kind of out but You know, I can't just look at something and tell if it's quality or not. It deserves attention. But there is a cost of that.
Carlton Gibson 41:07
Yeah, every single thing you have to give it enough thought to determine whether or not it's valid,
Will Vincent 41:14
right? Yeah, because it's a real issue. The technical and sometimes I batched them, so I can hit them first in the morning or I see something. I'm like, Oh, you know, either, you know, maybe maybe they have something wrong in their end. But it also could be something in Django could be, you know, it could be something I really dive into, but similar type of thing. So it can be draining, but it's also educational. Anyways, I think we believe
Carlton Gibson 41:35
that. Yeah, no, that was something of a working public awesome book came up this summer. We'll put a link to that in the show notes.
Will Vincent 41:41
Yeah. And we will. So this is coming out. We will have a whole bunch of guests coming up. We'll have guests in two weeks, and that'll be the new schedule and we're gonna try that out. It's, hopefully be fine for everyone. Anything else as we head out, Carlton? No, no, just welcome back and I miss talking to you, Carlton. We haven't talked.
Carlton Gibson 42:00
Yeah, no. It's been. It's been a funny here, but yes, I've missed. Yeah, Mr. Little did that.
Will Vincent 42:10
Yes, I'll add links to the Django con Europe. videos as well in here when when not all is up looking forward to your talk. Thank you. You can follow us on Twitter at chat Django or Django chat.com. And we'll see you all in two weeks. Bye
Carlton Gibson 42:25
bye. Join us next time. Bye bye