Sentry

Bandit with Tim Kelsey, Travis McPeak, and Eric Brown - Episode 62

Summary

Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!

Brief Introduction

  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.com
  • Linode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project. And they just doubled the RAM for their introductory level servers, so that $20 will get you even more performance.
  • We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!
  • Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.
  • To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers
  • Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.
  • Your hosts as usual are Tobias Macey and Chris Patti
  • Today we’re interviewing Tim Kelsey and Eric Brown about Bandit which is a static analysis engine for finding security vulnerabilities in your Python code.

Interview with Eric Brown, Travis McPeak and Tim Kelsey

  • Introductions
  • How did you get introduced to Python? – Chris
  • What is Bandit and what was the inspiration for creating it? – Tobias
  • How did you each get involved with the Bandit project? – Tobias
  • At what stage of the development process would you want to use Bandit? – Tobias
  • What kinds of analysis does Bandit do on the source code that it is run against? – Tobias
  • How does it determine whether a particular segment of code is introducing a vulnerability and what means does it use to determine the severity? – Tobias
  • What does the generated report include and what can be done with that information? – Tobias
  • What are some of the biggest design and implementation difficulties that have been encountered in the process of creating Bandit? – Tobias
  • How does bandit compare to similar tools in other languages such as Ruby’s BrakeMan? – Tobias
  • What are some of the most interesting extensions that you have seen for Bandit? – Tobias
  • What is on the roadmap for the future of Bandit? – Tobias

Keep In Touch

Picks

The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

Sentry with David Cramer - Episode 61

Visit our site to listen to past episodes, support the show, join our community, and sign up for our mailing list.

Summary

As developers we all have to deal with bugs sometimes, but we don’t have to make our users deal with them too. Sentry is a project that automatically detects errors in your applications and surfaces the necessary information to help you fix them quickly. In this episode we interviewed David Cramer about the history of Sentry and how he has built a team around it to provide a hosted offering of the open source project. We covered how the Sentry project got started, how it scales, and how to run a company based on open source.

Brief Introduction

  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show, subscribe, join our newsletter, check out the show notes, and get in touch you can visit our site at pythonpodcast.com
  • Linode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project
  • We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!- Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.
  • Your hosts as usual are Tobias Macey and Chris Patti
  • Today we’re interviewing David Cramer about Sentry which is an open source and hosted service for capturing and tracking exceptions in your applications.

Interview with Firstname Lastname

  • Introductions
  • How did you get introduced to Python? – Chris
  • What is Sentry and how did it get started? – Tobias
  • What led you to choose Python for writing Sentry and would you make the same choice again? – Tobias
  • Error reporting needs to be super light weight in order to be useful. What were some implementation challenges you faced around this issue? – Chris
  • Why would a developer want to use a project like Sentry and what makes it stand out from other offerings? – Tobias
  • When would someone want to use a different error tracking service? – Tobias
  • Can you describe the architecture of the Sentry project both in terms of the software design and the infrastructure necessary to run it? – Tobias
  • What made you choose Django versus another Python web framework, and would you choose it today? – Chris
  • What languages and platforms does Sentry support and how does a developer integrate it into their application? – Tobias
  • One of the big discussions in open source these days is around maintainability and a common approach is to have a hosted offering to pay the bills for keeping the project moving forward. How has your experience been with managing the open source community around the project in conjunction with providing a stable and reliable hosted service for it? – Tobias
  • Are there any benefits to using the hosted offering beyond the fact of not having to manage the service on your own? – Tobias
  • Have you faced any performance challenges implementing Sentry’s server side? – Chris
  • What advice can you give to people who are trying to get the most utility out of their usage of Sentry? – Tobias
  • What kinds of challenges have you encountered in the process of adding support for such a wide variety of languages and runtimes? – Tobias
  • Capturing the context of an error can be immensely useful in finding and solving it effectively. Can you describe the facilities in Sentry and Raven that assist developers in providing that information? – Tobias
  • It’s challenging to create an effective method for aggregating incoming issues so that they are sufficiently visible and useful while not hiding or discarding important information. Can you explain how you do that and what the evolution of that system has been like? – Tobias
  • I notice a lot of from future import in Sentry. Does it support Python 3 and/or what’s the plan for getting there? – Chris
  • Looking back to the beginning of the project, what are some of the most interesting and surprising changes that have happened during its lifetime? How does it differ from its original vision? – Tobias

Keep In Touch

Picks

The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

Mercurial with Augie Fackler - Episode 60

Visit our site to listen to past episodes, support the show, join our community, and sign up for our mailing list.

Summary

As developers, one of the most important tools that we use daily is our version control system. Mercurial is one such tool that is written in Python, making it eminently flexible, customizable, and incredibly powerful. This week we spoke with Augie Fackler to learn about the history, features, and future of Mercurial.

Brief Introduction

  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. For details on how to support the show you can visit our site at pythonpodcast.com
  • Linode is sponsoring us this week. Check them out at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for your next project
  • We are also sponsored by Sentry this week. Stop hoping your users will report bugs. Sentry’s real-time tracking gives you insight into production deployments and information to reproduce and fix crashes. Check them out at getsentry.com and use the code podcastinit at signup to get a $50 credit!
  • Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.
  • To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers
  • Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.
  • Your hosts as usual are Tobias Macey and Chris Patti
  • Today we’re interviewing Augie Fackler about the Mercurial version control system

Interview with Augie Fackler

  • Introductions
  • How did you get introduced to Python? – Chris
  • Can you describe what Mercurial is and how the project got started? – Tobias
  • How did you get involved with working on Mercurial? – Tobias
  • What are some of the features that can be found in Mercurial which are lacking in similar tools such as Git or Bazaar? – Tobias
  • One of the common complaints with Git is that its human interface could use some work. How is Mercurial’s UX an improvement over Git? – Chris
  • For someone who is using Mercurial to work with a Git or other VCS repository, what are some of the edge cases that they should watch out for? Are there certain operations that could be performed in Mercurial which would break that compatibility layer? – Tobias
  • How is Mercurial architected and what are some of the design choices that allow for it to be so flexible and extensible? – Tobias
  • One of the core goals of Mercurial is for it to be safe. Can you explain what safety means in this context and how it is architected to achieve that goal? – Tobias
  • One of the noteworthy aspects of Mercurial is the strong focus on making extensions a first-class concern in the project, so much so that a number of the core functions are written as extensions. Can you describe why that is and how the extensions plug into the core execution engine? – Tobias
  • What are some of the most notable extensions that are available for use with Mercurial? – Tobias
  • For someone who is familiar with Git, what are some of the concepts that they would need to learn about in order to use Mercurial in an idiomatic way? – Tobias
  • A large part of the reason that Git has seen such large adoption is due to the prevalence of GitHub. There is the option of using BitBucket when using Mercurial. Are there any other noteworthy Mercurial hosting options? Do you think that the dearth of open source mercurial servers is partially due to the fact that Mercurial ships with a functional server built in? – Tobias
  • Can you share some of the most recent features that have been added to Mercurial? – Tobias
  • What do you have planned for the future of Mercurial? – Tobias
  • How do you think current day DVCS systems like Mercurial, Git and Darcs might evolve in the future? – Chris

Keep In Touch

Picks

Links

The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA