Django Chat

JWTs and AI - David Sanders

Episode Summary

David is the author of the popular django-rest-framework-simplejwt package. We discuss authentication, JWTs, and his current role at an AI startup.

Episode Notes

Episode Transcription

Will Vincent 0:05
Hello, and welcome to another episode of Django Chat, a weekly podcast on the Django web framework. I'm Will Vincent joined by Carlton Gibson. Hi, Carlton. Hello, Will. And this week we are joined by David Sanders. Hi, David. Hey,

David Sanders 0:17
guys. Thanks for having me.

Will Vincent 0:18
Hello, David. Thanks for coming on. So you maintain the current JW t package, which is almost mandatory for use with Django rest framework. So we want to ask you about that, and all your other work. But first, what's your backstory? How did you get into programming and specifically Python? Django?

David Sanders 0:36
Let's see. Yeah, so I was trying to think about how I would come about this. This question, as I shower in the morning. Let's see, I think I probably got into programming for similar reasons, to a lot of other sort of nerdy kids growing up in the 90s. And, you know, I was like, I like video games. Some things like that, and but yeah, it also just so happened that I went to high school which had some classes for that, which I think was not super common in the 90s. I mean,

Will Vincent 1:14
I grew up in the 90s. And there was zero programming classes. Yeah. In a college town.

David Sanders 1:19
Right, right. I mean, it's, it's pretty early on. And so, you know, this is when computers were just starting to become sort of household fixtures and,

Will Vincent 1:30
and the internet was we had email, we had email. I remember in my high school, we were very proud of that, like, Yeah, right. 90s you sort of stopped at email. Programming. That's good.

David Sanders 1:40
That gives you an idea. That's like a good Litmus litmus test for what we're talking about here. Because email it just showed up and, and it's, you know, to the average person, and that's probably most early form. And, yeah, I remember my middle school actually had email or like it laughs To sign up for a Unix account, and this is in like 93 or something, and that wasn't folder, by the way, we're living that. Yeah.

Will Vincent 2:06
Well, well there. There's probably some similarities because I'm from basically Dartmouth. And so Dartmouth had its own homegrown email system way back in the day. Yeah. And I think the high school system, yeah, they and then they, you know, created the term AI at some conference in the 50s. But they the High School's email system was based on darkness, which was called Blitz, I believe. So I think you could, you know, you could AOL, you could like, you know, CDs were flying around, you could connect that way but to have you know, high school run email system in the mid 90s. was unusual, but probably not a typical for high schools in you know, university towns where, yes,

David Sanders 2:46
that was some degree of knowledge. That was because I remember boulder Valley School District had a had this Unix server, which, you know, at the time, I was just like, Okay, so we have that, but I guess later, I think found out that the server was actually at CU or University of Colorado Boulder. So it was actually located there. And I assume it was part of you know, the technology departments or the engineering school or something. So yeah so so that was lucky and I think that was a big reason why they were programming classes and why why I was able to you know, pursue that interest early on

Carlton Gibson 3:28
interest interesting as well that you had Unix available because when Yeah, I was in I was in the 90s it was for me it was a Windows and you know, that was great and it was all fun but I didn't discover Unix till I got to university 97 I was what what says how do i do anything here?

David Sanders 3:44
Yeah, right. And I didn't actually I started I Macintosh machine. And this is like, way before laughs were like, even really a thing. I mean, they were but they were definitely kind of less common.

Will Vincent 3:57
Well, I did I mean, I did too if I think back cuz like In the in the 80s Mac, or Apple made a big push to get in school systems. So the Old mac twos, that was what we had actually, that's

David Sanders 4:07
true. I remember that.

Will Vincent 4:09
Yeah. So they were like, you know, they were in all the schools and then they went away and then they came back as being super high price. But for a while it was I mean, cuz I remember my middle school, we had a computer class where you learn to type. And someone told me if, if you just took the test in the beginning, that was an option. So I did that. So I remember just playing Oregon Trail and like manhole for a semester, which was pretty fun.

David Sanders 4:32
Yeah, good point, because I do remember that I always thought Mac's in schools, and you know, and we didn't have an Apple TV, we had a Macintosh. So we actually had a color monitor, which was like 13 inches or something.

Will Vincent 4:48
Yeah, well, I always remembered of remembering sort of that time because I just the game missed. I play

David Sanders 4:54
Yeah, I play. And,

Will Vincent 4:57
yeah, and I it was Middle School for me. So 90 394 Yeah. Yeah, yeah.

Carlton Gibson 5:04
Sorry, Carlton. No, no, I love just a good old computer.

David Sanders 5:08
Yeah, that's gonna say that early days of technology is really fun memories. Yeah.

Will Vincent 5:13
Well, that game was so good. And then you you can get an iPad now. And since I've been quarantined with a bunch of kids, and I totally forgot the game. So I've been I saw a download, so I downloaded it. And I've been playing and it's still so good. And then my seven year old daughter, I was feeling kind of good that I remembered a couple things, but it's Yeah, I think about it. She's just like touching stuff. She's zip through, like more than I did. She was like three times as good as I am. Yeah, so it's sort of humbling

David Sanders 5:39
thing like, road marker because I remember at the time it came out, it just blew my mind how amazing it looked. And of course, it's not just pre rendered videos essentially. And, and it was Yeah, it was basically written in PowerPoint, you know that it was this thing called hypercard. And so you know if PowerPoint had a scripting language Which, which maybe it does, but I don't think that's really a selling point of it. That's great yourself in this conversation like, this video game was like, very popular and was written in PowerPoint, essentially. And just embedded videos and PowerPoint slides.

Will Vincent 6:17
Well, the update is, it's pretty fun on the iPad because they've, they've redone it. So you can, it's not you can sort of move around a little bit, make it 3d and the graphics are slightly improved. But sorry, last thing on this because I've been so there's another game ribbon, which came after high school 9798 Yeah. And I haven't gotten that yet on the iPad, but I'm going to but I remember playing that there's like four discs on it. And you have to go between worlds. And so every time I had to move I had to like swap this. And yeah, besides the fact that was like way harder and I had to cheat to finish it. I remember just endlessly swapping discs, which was super frustrating. So I'm excited to not have to do that on the iPad coming up soon. Yeah. Anyways, total tangent sorry.

David Sanders 7:00
Yeah, no, that's that's great, though. I mean, this this is, in a way, kind of the story of how I got into programming. Like, I just loved things like this when I was a kid and probably a little bit before a lot of other people took interest in these kind of things and and then I was lucky enough to have access to educational resources. And so just kind of went from there. And in school, I sort of did. Engineering, I kind of didn't, it was kind of half did it.

Will Vincent 7:28
But then it's like college or,

David Sanders 7:30
yeah, sorry. Yeah. And university and college. And.

But then eventually, of course, I ended up doing it for a living either way. So.


Will Vincent 7:42
When did Python factor in? Right? When did you just get into the Python world?

David Sanders 7:47
Yeah, so let's see. Um,

so I basically ended up getting a music degree. That's my formal education. So that's kind of interesting, too. A bit about me, which is something I choose not now I've decided to broadcast that to the world that seems so

that's something musicians make

Will Vincent 8:10
musicians make some of the best programmers, I mean, where I am in, in Boston, there's this Berklee School of Music and a lot of those. A lot of the best programmers in Boston are former Berkeley musicians who, you know, it's hard to make a living, but they are very used to dedicated practice. Yeah, right. Right. And so that translates extraordinarily well to programming.

David Sanders 8:30
Yeah, maybe there's a sort of abstract ability to go deep on things somehow that becomes useful.

Anyway, so let's see. Where was I going with this?

Will Vincent 8:43
feel like we're going so you studied music in school?

David Sanders 8:46
Yeah. All right. Right. And so so then I can't I was coming out of that degree. I just decided to, you know, just get back into technology for obvious reasons, because it's hard to make it as a musician. And so some of the first jobs I was finding at the time were like PHP, sort of web app type stuff. And that was how I kind of reintroduce myself into the tech world. And I had had even a few sort of software jobs before finishing school. But that was sort of a different era of software. And so yeah, as I sort of got back into the tech world, I think that was like 2008 or nine, it was, like read about when smartphones had happened. And you know, social media was starting to kick off a second sort boom, essentially. And so there were lots of kind of web app type. There was a lot of web app work available. So getting into PHP, and that transitioned into my next job doing Python and Django and it was all in the vein of like web application work and Yeah, so I that was when I joined a company called fusion box in Denver, which I believe is still around. And they were a Python shop. And they had a number of really talented Python developers doing Django development. And that was where I got into it. And I think that was about 2011 or so

Will Vincent 10:20
that's still relatively, I mean, early ish for Django. Yeah. What would you say, Carlton? I mean, I know, for a while, but it wasn't that's

Carlton Gibson 10:30
sort of as much similar time that I found it. And it was similar sort of reasons, you know, to, to to thousand six, doing PHP, my SQL and then I noticed that 70 out found found Python and you know, I went to a web conference of tech conferences for future web apps, and everyone's talking about Django, Django, Django, this thing has been raised now in home tidying, it's like the web framework for perfectionist with a deadline. That's me. Yeah. It wasn't just Django. It was Python as well. And it was Brilliant, so, and then yeah, writing, writing web apps along with mobile apps and that kind of same time. exactly that same sort of timeline, same time zone. So about around the Django 1.0 1.1 versions, that kind of thing.

David Sanders 11:15
Yeah. So that's right. That was around. That was 1.0 days, and I can't remember what version I it's like 1.3 or something. I think. I started working on it.

Anyway, yeah, that was how I got started.

Will Vincent 11:31
Well, that's very early days. I mean, for me, I didn't really start programming till 2013. And then it was I was in San Francisco at startups. And it was like rails or Django and right, I think Django was the less popular choice and I'm sort of a right. icon. What's the word iconoclast? What's the word Carlton?

Carlton Gibson 11:50
Johnny come lately? No.

Will Vincent 11:54
Anyways, I was like, I'm not gonna do the popular thing. And I like to look at Python. So I jumped on.

David Sanders 11:59
Yeah. So what was

Carlton Gibson 12:00
the appropriate thing that reacts gel nails

David Sanders 12:03
knows this way before react?

Will Vincent 12:05
Yes, the company, the company I was at was PHP. Yeah. And then and everything was rails and we were right. We were right next to Twitter square stripe. So yeah, it was all rails boot camps just started. And nobody was really doing Python or Django,

David Sanders 12:24
right? I'm remembering the React of the day was this thing called boots? What was it? Ember?

No, no, it was it was a thing by written by Jeremy ashkenaz. He was the guy. Oh, yeah. Yeah, yeah. Back Back budget.

Carlton Gibson 12:39
Like, yay.

David Sanders 12:42
Like an early form of like, JavaScripts. spa framework, you know,

Will Vincent 12:49
what had all the great helper functions that kind of made their way into JavaScript itself.

David Sanders 12:55
Yeah. And did I say his name quickly. Jeremy ashkenaz.

Will Vincent 12:58
It's been so long since I think I think so. Right? Cuz he's he's done a whole bunch of stuff. He's done some other.

David Sanders 13:03
I'm sure he's got involved a lot of other cool stuff. Yeah. Seemed like very prolific technologists. So

Will Vincent 13:10
yeah, those people. So well. So how did you? Did you? I mean, I guess it was a while back. But do you recall, I want to get to your JDBC package like, did you start working on API's with Django? Was it server side? Like, what was the progression? If you recall?

David Sanders 13:27
Yeah. So I think that was the reason.

Because right when I first started using Django, I was doing a lot of logic, you call it traditional sort of server side render, web apps. And, of course, eventually, the industry transition more towards just API's interacting with, you know, front end clients, essentially, written in JavaScript and so the eventually I went to work for One of our clients when I worked at fusion Max, which is specialized bicycles, which is kind of a funny, like, you know, place to find yourself as a software developer, some might guess. Because you know, specialize, obviously, and I'm talking about the, you know, if you know, bicycle brands, that's the specialized you're thinking of, in the United States, there's a kind of bike brand fits that's kind of on the same tourist tech or trek rather. And, yeah, that's specialized. So they had a number of kind of data collection services, essentially that they needed to be written in house. And that's what I was working on when I was there. And those were supporting all these kind of like they were doing a lot a like body metric collection with like these little digital measurement devices they were making, and, and so I was writing the API's that would receive data from those devices.

Will Vincent 15:00
So this was like pre Strava. Was it GPS? Or was it like power? Do they have like power? meters on the drive train?

David Sanders 15:09
Oh, yeah. So there was things like that. And actually, it was really around the same time as Strava. But But our stuff was more just kind of like data collection. And so we had a few devices that we made to sort of give to people who are running specialized shops. And they could use it to like measure, measure people's bodies to like suggest products to them and things like that. So anyway, yeah, so I was reading a lot of API's. And we, like I said, this specialist had been a client of fusion box and and so they had already been contracting with us to have some developers some Django apps that we were writing. And so we had, we had a few more kind of like traditional apps that were server side rendered and We were starting to do some kind of JavaScript front end stuff with them. And so it was kind of a natural transition to just continue using Django. And


Will Vincent 16:10
so was that Django rest framework? Or is that tasty pie? What was the timeframe?

David Sanders 16:14
It was REST Framework. Was it because it was it was pretty early. Yeah.

Will Vincent 16:18
Right. So it's fairly for rest framework.

David Sanders 16:21
I mean, and I've maybe Tom would correct us, but it seemed early. Again, from my perspective. Well, look,

Carlton Gibson 16:29
give give give you an idea. The rest framework, version three, Kickstarter was in 2014. So there must have been 2000. I was using rest framework, okay. It's already on version two in like 2011 2012, something like that.

David Sanders 16:45
Yeah. And it was kind of competing with tasty pie. I do remember that. It was it seemed a little more newish and maybe sort of unproven. Again, Tom might correct us but but it did seem like I just sort of cut it. got the impression that that it just seemed a little more kind of clearly organized and things like that and and so I just we just made a call to use rest framework for the stuff we needed that kind of thing for and then I just continue to use it, you know at jobs after that so are sorry we as an infusion box guys decided to use rest framework so so yeah, we were using that for a specialist work and eventually we just needed a way to sort of do sort of single sign on he like mobile mobile client off stuff and JW tees where again from my point of view, seeming kind of like they were just showing up or starting to be used.

And this was probably this was like

2013 14

around that time, maybe a little later

Will Vincent 17:58
16 or 17 So did you. Yeah, I wanted to ask. So you've, you've created like the default right now simple JW t but Jose pedia had a really popular package back then. I assume there was, I mean, his was still, you know, more maintained. So do you recall? You know why? why create a new one?

David Sanders 18:18
Yeah, I was trying to think about my reasons for this too, as far as I remember. So I was looking around for like, what, what was available to us and, of course, I ran across Jose's package. And I remember thinking that it seemed possible there was maybe starting to be maintained less often are those general pulse I got on it when I was looking into it at the time. And so I I started poking around under the package and it seemed to me like there was there really just a few classes he had written, which was which were really kind of driving the packet. And I kind of thought, well, this stuff is there's just a little bit here. And so I think I will just take what I need from this and start to just make something. It was almost like just sort of an academic exercise to I was kind of like how would I just sort of factor out the essential core of this and make my own version of it and do it in as few lines of code as possible. And and so I started doing that, and it just kind of came together pretty quickly. And so I just decided to go with my own sort of version of it. And, of course, eventually, I got in touch with him and I sort of let him know that I'd done this and he was very encouraging because he was, I think, at the time already starting to feel like it was sort of the package was going into disrepair a little bit. And that it was maybe useful for someone to come along and just sort of take up the reins or kind of reinvented or something like that. And so it seemed like the timing was good there. Because, yeah, I just I had a need for that kind of thing. I happen to notice that it seemed like maybe there, there could be another sort of a reworking of it.

So yeah, that's how that's how that happened. And

Will Vincent 20:19
yeah, so we just start and now you find yourself in the same position.

David Sanders 20:22
Yeah. So it was really funny because like, I did it just because I, I just had a habit of, I think I had developed a habit in my career of poking around on the under the hood of things and just seeing is there just some, like central core to how this works that I could just some simple concept I could use and, and so I just happen to do that with Jose's thing. And I also am just kind of a perfectionist somewhat. And so I just thought, Well, if I were to make this something that people wanted to use, then I might Well, I just kind of like try to do it cleanly and sort of pretend like I'm making an open source package here that people might want to use.

Will Vincent 21:09
Yeah. Was it your first? Was it your first I interesting, open source package that you've done for Django anyways?

David Sanders 21:15
I mean, definitely the first one that took off, like I had done a few little sort of things that were on my GitHub, there was sort of like a smorgasbord of just sort of, like, half baked things in my GitHub account. But then I think I think the real critical, like difference was that, yeah, it was just a time in my career where I just, I just had enough experience to know how to put something together that's reasonably coherent. And I also had, I haven't had enough time and a reason to do it. And

Will Vincent 21:50
I also without too much experience to hesitate to do it.

David Sanders 21:53
Right, right. Yeah, I didn't know what I was getting into. And so and i also reached out to her say and and i So Tom Christie because I had sort of borrowed components of their project to make this thing. And there were enough differences that it didn't feel like just a fork that I could just or like a something I could make a PR for. And so I felt obligated to sort of notify them that I had done this and, or, in particular, Jose, and I was, he was very receptive and positive about it. And then also, I reached out to Tom and I said, Okay, I think in like, I don't know, whatever chat channel is linked from the rest framework website. And I told him that I had done this thing, and I wondered if he wouldn't mind adding a link and the rest framework documentation to it. And that was, I think, when it really kind of took off Indeed, the start count started just like exponentiating on GitHub, you know.

Carlton Gibson 22:54
So if you linked from the docs, and then you know, people are looking for it, and you know, I think It became clear after a while that Jose wasn't able to maintain DRF j WT. And then you came along with the, you know, the perfect replacement. It's like, yeah, that's super.

David Sanders 23:12
Yeah. And really my goal, actually, I think a particular goal I had when I was making it was, like I said, as few lines of code as possible, as transparently implemented as possible. So that if anybody came along was like, Oh, this doesn't do what I want, or this has some issue or whatever, then it shouldn't be hard for them to just like, modify it to do what they want and create. That was a big goal for me. So I was striving for that.

Carlton Gibson 23:40
But that makes it more maintainable as well, because you're able to say to people, hey, look, that's out of scope for what I want to do. But you know, you could quite easily implement it like this Off you go. And yeah,

Will Vincent 23:48
yeah, right. Right. I'll link to the the notes in Django con 2018. I did a talk on auth with Django rest framework and actually, where I met Carlton, and I remember Asking Jose I was like, Hey, I'm doing this talk. Is your package still active? You know, I? I've been using yours but there's this simple GBT one. And he was like, Oh, no use use, you know, use the other one use yours.

David Sanders 24:13
Oh, that was so funny. Man. There must be like a sort of constellation activity in the community. I'm just completely unaware of because I don't really make the rounds at conferences very much.

Will Vincent 24:26
Yeah, well, that was my first my, I mean, my first one. I mean, I mean, this podcast came out about because going to one I was like, oh, there's people talking about Django. Like I never get that. My normal life so I wanted to share it. But he was very I mean, we had Jose on the podcast, too. There's a past episode, but yeah, he was anyways just he was very much like, Oh, yeah, like, I use use David's. So so I did. So it's in there.

David Sanders 24:54
Yeah, well, actually. So another thing that happened, which I became aware of is that it seems somebody did it. Because I can see sort of like analytics for where activity comes from, or like where people help people get to my GitHub page for the project. And there was a fair number of links that came from like a screencasts. Somebody did, where they were like, this is how you do JW t with Jango. Like, use this package. Oh.

Will Vincent 25:23
And I wonder, wonder which one that was? It was I

David Sanders 25:26
yeah, I'm not sure if it was like, particularly well known screencasts. But,

Will Vincent 25:32
but it definitely seemed like there was some clicks coming from there. So Well, well, I mean, YouTube has crazy numbers for online tutorials, things and I've learned in particular that anything Django rest framework for tutorials or for Django con talks, there aren't many of them. So they they get a lot of clicks. Like for example, that talk from 2018 is the has the most views have any talk from 2018. So I think, partly I was like, thinking like, well, I did a good job. But then I did a different talk in 2019. And I'm just like bottom of the barrel, and the top talk is another one on Django rest framework. So it's, it's very much like, yeah, people just want to learn about that. Because I think also Django nuts. A lot of them don't know, Django rest framework, or they don't like I have a book on it. And I kind of thought that'd be my most popular book, actually. And it's by far my least popular book. Because and I think it's because professional Django developers basically only write back end API's if you're at an agency or a reasonably sized company. But I think when you're learning or if you want to do a smaller project, generally you're just in the server side world, because it's too much to do Django Plus, you know, whatever. A week. So, so I've found that interest. I've tried to communicate that and I think I'm still not quite getting that across to people. They just don't think They're learning on their own. They just don't understand why they would really use Django rest framework. Or they don't have teammates to do it. So anyways, side note I, I, yeah, I so I so actually, so I initially was like Django for beginners, Django for API's, and then this pros book and it just turns out that API's is actually like, the last one people read. And it's really only in the context of once they get their first team job, that they do it because because writing an API is like, what's the point? Is it for yourself? Unless and then, and then you gotta go learn JavaScript. And

David Sanders 27:34
yeah, for people, I think you were hinting at, it's probably a big ask to really sort of expect that somebody just getting into that stuff would be able to learn all the ins and outs and quirks of JavaScript and whatever you need to sort of get up and running with you know, with that kind of stuff in the end, do that in addition to learning about Python, and you know, server Say development and all that kind of thing. So

Will Vincent 28:02
yeah, right. Well, and specifically authentication I found, you know, once once I internalized what a serializer does, authentication is the part where and I think this is still the case from, from people who contact me. That's the part where people go, What? Because, you know, you don't really have to understand sessions and session. Authentication with Django just kind of works. But then the official docs, I think, still list four, there's four built in options, and then there's just like, a dozen third party packages. And I don't think it's that much clearer to people kind of what best to do. I mean, I think there is a sense of JW tees are a good idea, but then even there's multiple ways to do it. So that's the confusion point for people once they get past serializers is like I didn't know auth could be so hard. Yeah. So maybe make the make maybe make the case for why use a DWT or how do you think about that? Do you? How do you think about that? Clearly you're at the package, so you use them. But if someone came to you in either cases where you wouldn't, where you wouldn't recommend using it.

David Sanders 29:07
So I remember when I was first

considering using them, I think

I basically had two needs for them. Like I said, we were talking about doing single sign on. And so I think I was finding information about JW T's because there's this idea that you could just have the same verifying key across different services. And so you only really need to sign on with the service that has the signing key. And so they can sort of function as a single sign on system in that way.

But the other neat I had was that

that we are going to write an API for a mobile client. And I think we were working with Some contractors from a different agency to do this. And those guys were just comfortable using JW tees, because I think they had gained enough of a footing in that sort of area of tech that they were already being used for that kind of thing. So yeah, so I think those were a couple of reasons I started to use them. I mean, as far as like, I still think it's interesting how you can just sort of avoid database hits, to authenticate requests. And that's kind of like, one of the attractive things about JW T's you know, because like, you don't have to go query the database to find a session record. Like you can just verify the signature and that's all you need. And that's like a, that's a relatively inexpensive operation compared with a trip to and from the database. So if you're really trying to go after performance and a service, then I feel that could be a consideration. And I feel like I've tried to sort of have emphasized that but that package. I mean, I feel like there, there are other ways that that tends to get broken, like if you want to implement blacklists, you know, token black lists and things like that, that you just kind of have to do a database query anyway. And so you've kind of thrown that out the window. Or, I mean, maybe there are ways you could optimize that. But

Carlton Gibson 31:21
you know, but yeah, you it performance are an issue, but the caching there in about, right,

David Sanders 31:28
yeah, you can, you can cache things and be smart about it. But um, but you still have to sort of open up a socket to your caching server, and you can't just do it completely within the confines of the gonna corn process or something, you know, like, you have to do some IO in order to serve that request. But I guess you're doing that already. Anyway. You're doing IO with the, the web server Anyway, you know what I'm saying? Like, yeah, there there are some considerations along those lines. And so I've tried to sort of remind people of that because a lot of people come in the issues of the GBT package and they're like, Well, why don't you just do blacklist by default? or this or that? And kind of like, Well, yeah, I deal with that kind of thing if you don't want to. Yeah, so that's one of the things I kind of harp on the issues section. As far as reasons not to use it. I mean, I think in general, when you're trying to make any decision about some technology to use, it's just good to understand a little bit about how it works internally. And so in this case, you know, understand a bit about digital signing and why you can authenticate a request without hitting a database, just by checking the validity of a signature. And so when you understand a few of those basic bullet points about something you're trying to use, then you know exactly why you would use it, you know, and if you if you're You know, use case doesn't match those criteria, then just don't use it. You know, just use OAuth or use just database sessions or, you know, in other words, don't use it just because it's cool and new and shiny. Right. So, yeah,

Carlton Gibson 33:15
I think the reason most people got into it, particularly at that time, I'm sure there are other token based systems available now. But back in the day, you know, a few years ago in the mobile, mobile boom, it was like, I need a token based system. That's because it's much easier than trying to get a cookie, which again, send a lot, you know, to try and do session auth with a mobile, you know, from iOS. Yeah, you can do it, but you're jumping through hoops. Whereas if you can just get a token and attach it to the request, bam, I'm in the business, multiple mobile clients, multiple platforms. This is, yeah, this is exactly what we need. Brilliant. Yeah. So I think that's where most people arrive.

David Sanders 33:50
That's how people think of it. Although I did a little bit of a stickler and in a, in a funny way a cookie as a token, you know, like, Yeah, well, your random number which you use, yeah. Look up this session. So.

So yeah, it's, but I don't want to be a jerk and like, try it.

Will Vincent 34:06
Yeah, you know what I know you should be. I mean, we're all opinions matter. I was gonna say so a reader was recently trying to correct me saying, in my book, I say, Well, if you have a token, you could store it traditionally in local storage or in cookies. And he was making the point of I think he saw What's his name's? There's who had that there's a long piece on why local storage is evil. By I'm blanking on it. Anyways, I'm curious on on thoughts around security for where one should store a cookie or a token, because that often comes up in the context of like, don't you know, don't use local storage or don't use a cookie. It's insecure. And I see there's actually there was a Reddit thread on this just very recently, and there's a lot of misinformation out there. So I'm curious what both of you think about what advice you would give Around storing it, Carlton, you're a former maintainer, your Jenkins fellow, you know, I'm just a writer. So

David Sanders 35:07
yeah, I'm

Will Vincent 35:11
familiar with this. You're familiar with this with this?

David Sanders 35:14
Well, I could say me, I think really? I mean, yeah, for sure. Yeah. What would you say there's been this sort of open PR. It's just I feel ashamed to even mention it. There's been a PR open forever, and I have not merged it in. It's just been one of these things, where it's like just big enough that it's just too much work for me to look at it, and I never have enough time to do it. Yeah, and it's this PR to do HTTP only cookies. And to have that be where the JW killer. And I mean, I think I understand the reasoning behind that because, you know, that's out of the reach of JavaScript. So if you if your site has been accessed, somehow Then you're okay. As far as that goes. There, at least that's my understanding of it. So I mean, I guess that's the trade off for me like local storage, you know, JavaScript has access to it. And if somehow somehow, if someone somehow manages to inject JavaScript into your site, then your host

Will Vincent 36:22
but if you are if you're using HTTP only cookies, then you're not so that's kind of the main difference as far as I can see it. I should probably read this piece that you're talking about. I maybe I remember seeing I mean, I'm just trying to I was just looking at it yesterday. Give me I'll, I'll add it. Because there's no there's literally like, I mean, I almost feel like we should there's there's this whole Reddit thread just on this very issue and lots of misconception. What is his name? Oh, Randall Randall DAGs, Deeks.

David Sanders 36:53
Yeah, actually, I think I should comment that

the reason that was not interested By default, in my package is because as I mentioned, we were using this framework with mobile clients. And so there's really no concept of a distinction between different kinds of storage on a mobile client, you know, you just, it's just on the client, right? And so you just send it along with a request and a header and it's up to the client to figure out where they want to store it. And so that was kind of the attitude that I think led to that not being available. But that's, that's the main thing that needs to that I just needed to like, sit down and grow up and just merge that PR and get a thing.

Carlton Gibson 37:42
Yeah, buddy. Yeah, but it's not as it was two things to say that one is, is often to maintain his point of view, it's not as simple as just, I need to merge, it becomes a cyst, this rock that you have to carry around with you all the time and it's even. Yeah, and it's it's not that you Don't care or that you hope that you aren't committed or that you it's that I just literally haven't got the mental space to deal with this quite difficult topic. Yeah, properly. And it just, you know, but maintenance of an open source package becomes really difficult over time

David Sanders 38:18
for that exact reason. And it's such it's so funny, like my perspective on that whole thing. Obviously, it's changed considerably since this package became popular, because I used to be I think, like a lot of typical open source users where they just kind of show up and you know that if the package doesn't do what you want is frustrating, you've got work you have to get done and you just feel like you know what, why don't why does the package do this? It should do this, you know? Yeah.

Carlton Gibson 38:47
Long essays long essays on the issue tracker about why your package should be better but no PR to make it better. Right?

Will Vincent 38:52
Yeah. I could have been spent to fix it is spent complaining.

David Sanders 38:56
Yeah, for sure. Yeah, I was that person and I Think back on it, I feel sad. And now I obviously the tables have turned and I am like, okay, now I get it, it's hard. Like, and like you're saying, you just don't have the mental space. And you might have a certain standard that you're trying to maintain your body and you feel obligated to sort of, essentially rewrite people's prs in a lot of ways. And,

Carlton Gibson 39:20
yeah, but you also you've got X number of users, you can't merge something that you're not confident of put your

David Sanders 39:26
package out your visibility to the people,

Carlton Gibson 39:30
the damage to a broken fix is more than the benefit of getting the merchant. So yeah, this kind of a conserve, your packet gets more popular becomes increasingly conservative necessarily.

David Sanders 39:42
Yeah, right. And actually, I've seen a lot of people who sort of take this approach to the lifecycle of any project where you have like a decreasing version number, and when the version number gets to one, or zero or some, you know, magic stuff, you can't Make any more additions to it? And so, you sort of like you better be working towards the definitive, like, watertight version of the package or you're gonna be in for trouble. Yeah, I really like working towards

Will Vincent 40:13
Django rest framework adopting something similar to that. I think he's, yeah, yeah, it makes a lot of sense. I guess.

Carlton Gibson 40:22
I think the thing with rest framework is that there's like some three point, you know, 12 to be soon, you know, 3.5 now three point 12 will be soon as soon as you know, we get the, you know, the pandemic, let's get the PR to get it out the door. You know, that? What's there is no need for Django rest framework version four. So it's gonna be three point, you know, so then At what point well, okay, can we can we refresh the version numbering to say, give them more time based idea or perhaps to say keeping up with Django and say, okay, we made version four, match Jango version four and say, you know, you're going to be on Django version four use rest framework, but maybe these are some ideas. But the idea of being that Django rest framework is kind of the done. It's kind of done though, it just

David Sanders 41:05
took it over. And I think it's, it's weird because that's actually an extremely healthy attitude to have towards a software project. Although it's sort of not fashionable because, you know, you always want to give the impression that your project is like hot, there's like lots of activity going on. But I think it's better to strive towards some core like useful thing, which is, like coherent and useful enough that it can just sort of stand on its own. Like for the ages, you know. And yeah, that's like, I think that's a better approach to take.

Carlton Gibson 41:42
But Django is exactly like this right. Django is super stable. 15 years old, super stable, gonna keep pace keep growing new features all the time, but it's, it's that reliable rock of the ages thing, and then rest frameworks around it, and there's Django filter and crispy forms, and I know whatever package that is packages that have been around for, for forever. Yeah,

David Sanders 42:01
the night going. And part of what allows them to do that is like I was saying, there's some set of core concepts that really upholds the, the project or the package, and they've just been dialed in really precisely. And they work really well. And it's kind of a testament to something that was really well thought out, you know, and, and it's like, just, I mean, Django is a complex framework, but one of the things I try to go for when I write software is just to simplify as much as possible. Like, there's some there's just a few lines of code essentially, that's doing what, what is important, and you just really need to

Carlton Gibson 42:39
zero in on that. I think that that Telstra Django is really like she got the call HTTP handlers. So you know, the hundred 60 lines in the in the file. It's not true. Yeah.

David Sanders 42:48
And then like the core, like form classes and things like

Carlton Gibson 42:51
this, only a couple of classes. Yeah,

David Sanders 42:52
that's right. Yeah.

Will Vincent 42:54
I think you have to be at an expert level to see that but it is it is the case. I mean, that's like I always think of If you can't, if something seems incredibly complicated to you, you don't really I mean, it's what Einsteins thing right? Like you don't fully. Because if you can just go well there's this and this and then blah, blah, blah. I mean, you can boil most things down to that. But it's not always easy to do that like when I like total beginner with Django, I often try to say like, well, you need, you know, a model URL view and a template. And once you kind of internalize that for a single page, like, you're good. Yeah, I can say that. The light turned blue in the face, but but then when you get the other side, you're like, yeah, or then you can say like, like Carlton's talk he gave last year were like, what is Django? It's basically middleware. And it's just like a onion, in a way, a little little RM, you know? But that's easy to say. And that doesn't mean anything. Anyway, what I think is interesting, too, is that, like, authentication in general, is, is challenging and changes because the web changes I mean, this is You know, for Django itself, if we had I saw, so I'm on the board and trying to raise money. And if we had a whole slug of money, the auth package is something that we would put it towards if we're going to do updates, like authentication in particular is something that needs work. And I think maybe even more than other things, changes on the web as best practices change. Would you agree with that, Carlton?

Carlton Gibson 44:22
Yeah, I think that's on the list. I mean, you know, they're discussing JW t on their mailing list just this week, and you know, yeah, there's comments about it being an overly complicated protocol. And so we, you know, security issues have come up because of that. Yeah. So Well, okay, well, if we're not going to have is there's a talk about bringing JW T, or at least some of the foundations of it into Django, so that packages could build on it. And it's like, well, no, not jadibooti because it's overly complex. And then there are better algorithms but we have a better protocol better. specs, better specs to follow the simpler and do the same thing. Give you a The benefits but without the downsides of what would they be what might be Do you know, this is an ongoing discussion?

David Sanders 45:05
Yeah. It sounds like you could just take a subset of the JW t spec and just sort of enshrine that as the approved, like, configuration of JW T or something.

Carlton Gibson 45:18
Yeah, I mean, somebody mentioned, hey, sto platform agnostic security tokens on the list, as you know, it's supposed to be everything you love about, you know, JW T or whatever. But without the, the design baggage.

Will Vincent 45:33
Other coming a little bit up on time, I did want to ask you about what you've been doing these days where I think you've, you're currently at a company called unsupervised, and you're more dipping into the AI world. Is that accurate?

David Sanders 45:44
Yes. Yeah, that's right. And of course, I just came from I've kind of been through it all with cerium. Yeah, yeah. That's really interesting tour of different areas of the technology world in the past couple of years. Cuz, yeah, I feel like I can't, I can't just skip over the etherion Foundation stuff. But yeah, I had a that. I'll just touch on that briefly if that's okay before. Yeah, because I had a friend who. And and I probably shouldn't name names too much because people in the crypto world they're kind of sensitive about being having really public personas because they tend to be very big targets security wise. So

But yeah, I had a friend who,

who I worked with earlier in my career who is kind of involved with that organization pretty early on. And so that was my connection there. And I hadn't previously really been into crypto stuff like there's a certain sort of category of technology people who were super passionate about that and super into it, and I wasn't really one of those people, but I sort of came away and in a way I'm glad because I came in very sort of innocent, like with no preconceived, like ideas about what I was getting into and, and even actually a fair bit of skepticism. Because I recognized there's this just sort of inherent hype factor around cryptocurrency stuff that, just to me is just sort of a critical thinker. It just kind of turned me off frankly of it. Me too. And I came away just being with a different kind of attitude like, Oh, well, there's kind of a very interesting trend and distributed systems happening. That's, that's that was my take away, you know, like, some people figured out kind of this clever way to have a shared, verified, you know, cryptographically verified database and other people are also working on kind of next generation, like peer to peer, like file sharing networks, and there's just a lot of interesting kinds of projects in that space. And so that was definitely out Opening in a very useful experience for me. So, yeah, without spending too much time on that. I just wanted to touch on it. So yeah so but but the thing I should say is that even before in the area of tech I was starting to just personally be very interested in was the machine learning deep learning seen and and I had taken Andruw Jones I think that's how you pronounce his name Hang on.

Will Vincent 48:32
Yeah, I'm not sure you can tell if it's Yeah.

David Sanders 48:34
Andrew Owens machine learning course on Coursera

Will Vincent 48:39
I think I took some completed it Yeah, you actually completed it? Yeah, no, no, I think it's like 100,000 people signed up and like maybe a couple hundred completed it or something.

David Sanders 48:49
I definitely.

And it I think it connected with sort of

How can I say it like? Like one of the things I think that inspired me to get really into programming originally, or one of the things I found myself pondering, like, really early on, when I was learning to write code is just, I think any person who learns to write software has this sort of initial learning curve of how do I translate my thoughts into discrete steps that a computer could understand. And that's just like a naturally hard thing for humans to do like any person. I mean, it seems from my point of view, any person who's not accustomed to writing software has this initial phase where they just have to learn how to think clearly and discreetly. Like when you when you ask yourself, How do I like divide a number like well, you just do it like it's just kind of a single motion of like handwriting on the paper and, but when you actually think about how you have to do it with some light primitive set of operations. It's difficult and so, you know, there's and also there are certain classes of things which are like processes, which are very natural to represent mechanically. And there are other things that which are not like, you know, mathematics number crunching calculation, or I should say calculation, not mathematics calculations, it's very natural to represent with a computer. But, you know, recognizing an object in the environment, like humans do naturally, in a funny sort of ironic way. Some of the the things we do most naturally are the hardest to represent, like mechanistically, right? Like, how do we recognize objects in the environment? How do we even like, like, recognize textures, colors like these things. It's kind of interesting when you start you You'd look at the spectrum of phenomena and like you, there's like this gray area where things start to be very difficult for a computer to deal with. Right? And so, I think really early on, that was just an interesting thing to me like just observing how I learned how to write software, and how like, say, if I wanted to write a video game character, and I wanted it to behave naturally, and not like sort of awkwardly and robotically, like how would I even do that? Like I, I was asking those questions really early on. And so I also had the good fortune of sharing an office. One of my earlier jobs with a guy who had done a proper PhD in AI, way back in the 90s and 80s. This is like a totally different era of AI, you know, and yeah. And so I think my relationship with him, also helped me really get curious about that topic. And I remember he showed me how to implement a backprop neural network because this is a concept which has been around since like the 80s. Or probably even earlier, like, the whole basic idea of a perceptron. And like that there's some of this really early work has been in the literature since decades ago, and just didn't really come into popularity until recently, for all kinds of different reasons. And so, so, I got some early exposure to that. And so, you know, fast forward that so by this person I shared an office with was in the late 90s, around the turn of the millennium, and fast forward 1015 years, suddenly, you know, we have a few sort of algorithmic advancements. Hardware advancements, like people start using GPUs to do compute And so all these critical elements come together. And there's this kind of Renaissance revolution in deep learning. And, you know, it's just one of the things that I noticed happening in the technology world, I noticed this, this starting to happen. And I was thinking, Oh, yeah, this is I used to be really interested in this. And all these learning resources start popping up like Andrew Yang's course, and things like that. And so I just personally got back into it. I just have found it naturally fascinating, like, from a technology point of view, from a philosophical point of view, like there's just so much about it, which is there for me. So

Carlton Gibson 53:38
yeah. And so what is on to working on this product, or this startup unsupervised?

David Sanders 53:43
Yeah. So I think there's like, there's only a certain amount I can really say, but

Will Vincent 53:51
the will the tagline is autonomous analysis. Exactly.

David Sanders 53:56
That's That's it. So I guess that's

Will Vincent 53:59
that's the headline. on our page, it's on the website. So I assume you can say that even

David Sanders 54:02
aware of that. So that's it. There's like a certain sort of collection of things that data scientists tend to do to help companies understand data. And we're basically trying to automate that. And we're trying to use AI in order to explore the space of possible ways of looking at data automatically. And also intelligently like, not just like doing a grid search through that's like, kind of technical term, like grid search through the parameters of how you might configure a data processing pipeline, but trying to sort of leverage some actual developments in AI algorithms to to effectively search through that space of possible ways of looking at data. And so the idea is that we should be able to give a company access to our data analysis system. And they can just sort of send their data in. And the system comes back and says, Hey, you should look at this group of customers. There's a lot of interesting activity happening in this area. Or you should, like, what do you think about this? This way of looking at things? Is this interesting? Is this not interesting? And you can sort of like give some feedback and have that modify the behavior of the system. And so

Will Vincent 55:26
yeah, it does that interact with with Django or I mean, there's a web component. That's a like as a broad, naive question. I'm always curious how web interacts with machine learning, because you need to store it interact with people in some way, even though it's not the main focus.

David Sanders 55:41
Yeah. And I mean, we do have web apps which are kind of like the interface to the system, obviously. But it's not necessarily Django. Like it's just kind of, you know, because I came into the company after A lot of those choices have already been made about what technologies to use. I mean, it is Python. But not exactly. Django

Will Vincent 56:10
is Oh, no, exactly flask either. So it is, I can say it's, I mean, there's two options, basically. And when you say, flask that just encompasses everything else, you know, it's

David Sanders 56:20
Yeah, so we use flask a fair bit.

Will Vincent 56:22
Yeah. I was gonna, there's this book AI superpowers that came out in 2018. That I read, which for a layman like myself was a really good introduction to machine learning and the capabilities. And the author who I think who got a PhD in Carnegie Mellon back in the, like the 80s. And then he ran Google and China and all the Apple and Microsoft. And he was making the point kind of what you said that, basically, we finally have these deep learning algorithms that that we were waiting on. He said, there's three things you need, you need computing power, you need the algorithms, and you need the data. And so his argument is we have the computing power, we have the algorithms, they're all, you know, academic, you know, they're out there. And so it's a question of data. And he's, I think he's from China. He grew up in the US, please back. He's a Chinese point of view. So he's very much like China's just gonna crush the world. And he gives the example of when with the go deep was a deep mind, the go game and the 2013 beat AlphaGo Yeah, that he says that was a Sputnik moment in China. Right? Because, yeah, that and he said, they kind of realized, oh, wow, this is a big thing. And, and he gives examples of how China's sort of throwing cash, you know, in sort of a government kind of way setting up these innovation centers and this and that, and you know, that combined with they kind of skip the landline internet and went to phones. He's very bullish on the Chinese approach and kind of glosses over the surveillance stuff. Yeah, but anyways, was a

David Sanders 58:01
good, so

Will Vincent 58:02
let's go on. Yeah, no, that's all I was gonna say.

David Sanders 58:05
Yeah, I just wanted to comment because you said, you know, you need the algorithms, you need the compute, you need the data.

Will Vincent 58:11
That's what he says

David Sanders 58:12
yes. Interesting to say, because that touches on one of the things that I think we're trying to do at unsupervised, which is, you know, indicated in the name of the company. So we're really focusing on this class of algorithms called unsupervised learning algorithms. And the reason we're doing that is because in a way, we don't have the data. People who people who have the data are Google and Amazon. But Google and Amazon are two, you know, very specific organizations, which have the data. Most people don't have the data so to speak, because they don't have the massive data sets necessary to really train these algorithms correctly, or supervised learning algorithms and So there's this whole other class of algorithms where there's not a need to have a very large, very well curated data set, or there's less of a need. And so we're sort of targeting that area, because we think there's a lot of promise. And I think that would, the world of unsupervised learning algorithms is the the area which has to be developed in order for AI to really become like the sort of future world technology that we think of it, you know, like, ubiquitous, like use for everything. There needs to be a way that we can find to leverage all the data whether or not it's labeled. That's kind of the the key takeaway.

Will Vincent 59:41
Well, because I think the, again, just going off of the book, he was mentioning the many of the, the deep learning algorithms you need narrow, discrete kind of data, like, you know, is it a car? Is it not a car? Yeah, the quality of the data set is paramount, as opposed to what you know. Yeah, maybe what you're saying with the most of the world isn't Organize like that the data? So

David Sanders 1:00:01
yeah, and actually, that's probably how I should have said it. Like, you know, obviously, we all have access to a lot of data these days, like we can do a Google search, we can, we can just go crawl the web for just random information, but only a few organizations have access to really well curated data. And

Will Vincent 1:00:20
that's, that's people like when I don't know if that's, if that's the same type of machine learning where there's the idea that you would like with with go, you kind of know where you want to you you feed data to the to the algorithm that says Like, this is what a car is, and then the computer figures out its own metrics for determining what a car is. So it works backwards and away from the solution. Right, I think I believe that's kind of the central idea of why you need that structured data because the computer will find its own way, you know, or a deterministic game like chess. Or go, it will figure out how it wants to get there, but it needs to kind of know where it where it needs to go. That's why it needs to be structured. Does that does that make any Is that accurate? Yeah. That was my that's that's how I've been thinking about it. But yeah,

David Sanders 1:01:02
well, so I guess I could say it's

I'm wondering how intelligently I can comment on this.

Will Vincent 1:01:12
More than more than I can I'm sure.

David Sanders 1:01:14
So So when you're, when you're training a supervised algorithm, you're essentially training a statistical model. Yeah. You know, and so, so if the, if the statistical variations in the data set, don't include information about the correct way to look at the data set, then in a way, there's nothing to train on. That's kind of one way to say it, like, like, if you don't have this sort of, like, if you have a bunch of samples, you need a notion of fit. Yeah, right. Yeah, exactly. You're trying to fit something you're trying to fit a you know, a curve or you're trying to fit a certain style of like categorizing things. And if you don't have that information, then you can't you can't Qf that, but there are different ways to kind of look at it like you can, I think, well, so I'm not really a super expert in this area. But this is like stuff I'd like to learn more about. I think one of the approaches is to look for the sort of latency desisted statistical information in a dataset, and then try and find trends and that sort of latent statistics. And those latest,

Carlton Gibson 1:02:27
it's kind of what a human noun analyst does, right? You get some data, they try it, they put it into different graphing structures and see which ones are Yeah, look at clusters like this. Yeah, right, that and the human eye is very good at picking it out. And that's one of the early one descriptive statistics that you do early on before us before you get down to the proper number crunching, it's just looking at it. It's just I look, here's the shape of the distribution is and we can already learn some things but humans are good at that, but I don't know that machines yet. Up.

David Sanders 1:02:54
Well, so. So here's the one sort of, here's a particular sort of topic, which I found interesting. And like I was saying, when you train a deep learning model, you you have to have this, this target that you're trying to get to like, you have to have this set of correct classifications of things you're trying to classify. Like, if you have a bunch of images, you need to know is this a dog is this a cat, so on and so forth. a different approach is to train a deep learning model to simply output whatever it's given. And, but what you're doing in the process is you're forcing this data to flow through a representation that's less what's the word has less fidelity than the original input. And so what the model is then forced to do is find the essential patterns in the data that you're giving to it. Because it has to, it has to find a way so when you're training this model, it goes through this sort of narrow sort of low fidelity representation, but then the goal is to reconstruct the original input. And so what the model is meant for us to do is to find the most important sort of latent patterns in the data set. And that's like sort of a shortcut in a way, like you're finding this sort of patterns, which are just inherently there in that kind of data. And then you're saying, Okay, well, well, those patterns are, are clearly what's important. So we don't have to waste a lot of time, sort of training those up from just raw classifications like that, that stuff is going to be there or not whether or not we have classifications. And so that's one sort of, I think, direction people are going in to try and find a way to leverage unlabeled data. And that's, that's kind of tied in with this area of research with things called auto encoders variational auto encoders. And so that's, that's a really interesting particular topic in that area to me, which I want to learn more We're about. But that's just an example of like unsupervised versus supervised models.

Will Vincent 1:05:06
You know, as we kind of wrap up, how would you recommend, you know, say someone who knows a little bit about Python and Django, but is curious about ml? What sort of what would be a? Where should they start? I mean, because Andrew Yang's courses, sort of famously Fine, fine, fine. And then like, Oh, my God, math. Yeah. Is there a way that you would I was my experience with it. What would you suggest to like a listener of the podcast or, you know, co host who's interested in this area? Because I think this stuff is like, the coolest stuff, right. I mean, web stuff is a little bit, you know, it is what it is, but sort of a solved problem. But yeah, right. This is all unchartered front. Yeah.

David Sanders 1:05:46
I mean, I would say the course is definitely a good place to start. I mean, you definitely get to that math point.

I think

you could, you can just tell yourself like well As much as I can get away with ignoring the math for now, I should try to do that and just just try and go work through the exercises and see how far I can get. And probably have to struggle through things a little bit in that sense up front. But I think what's cool about those courses is that if you can get things working, it's just really satisfying. And it's really interesting to see it work. Like I took actually there was another course I took, which was also by Andrew and it was a series of courses all about deep learning. And there was a little bit later on in the series, they get into this neural style transfer algorithm, where you, you have two input images to the algorithm. One is an image which contains some artistic style, essentially. And the other is an image which contains some content that you want the style applied to. And so of course, the output Is the content image in the style of the style image. So you can take like a picture of yourself and make it look like Van Gogh painted or something like that. And, and the algorithm works remarkably well. And to see it work is just amazing, in my opinion, like to imagine that we're at a point now, where a computer algorithm could so effectively sort of deal with artistic styles in this way that it's doing is just mind boggling to me. And so I guess my point is just if you can somehow get hands on with the algorithms and see them work, it's just really interesting and inspiring. And I would hope that that was kind of eventually lead a person to try and learn more about the mathematics because I personally believe there's a lot there to that, that you could get as well. But well, you I'm sure you've heard like these algorithms that will walk you know, write a piece like Bach or Beethoven or hyden. And it's crazy how, you know, they, how kind of like they, it sounds like, you know, they pick up the underlying algorithms of those composers, and it's a new piece and you know, maybe it's not quite as good, but it's like, That does sound like, sound like, Well, I mean, so again, it's like I would I just want to urge people not to give up on the math because, especially in the case that the neural style transfer algorithm, if you understand a thing or two about the math, in my opinion, it's it can tell you a little bit about the artistic process in humans and why people do art at all that I mean, I, I know people who are in the AI space are always kind of like, a little bit cautious about making pronouncements like that, like, you know, drawing too many direct comparisons between the ways that like deep learning algorithms work and the way that biological brains work. Because obviously there's a there's well Obviously, but it is supposedly the case that there's a fair bit of complexity and a biological brain, which is just not represented in a algorithm algorithmic brain, I guess he would say. But when I was learning about that algorithm, it in my it taught me something, I believe that I just never realized about art. And like, Why do humans at all care about abstract forms shapes? Like, why do we care about representing things from the real world and this abstract form that we call art? Like, why is that important to us? And it seems like it could actually serve an important function and just the way that the brain works. Like, when you look at deep learning algorithms, there's all these neurons kind of packed in the middle of the algorithm which are doing things that we kind of don't really know what they're doing. We don't we don't have much insight into it. And it seems to me like it's very possible that artwork could kind of serve to give access to those kind of hidden layers somehow. So, yeah, and again, that's like, I feel like that came to me just from understanding a bit about the math of how those things work. So I encourage people to, to look into that for school.

Will Vincent 1:10:16
I can't think of a better way to attend. If you are looking for help with the simple JW t package,

David Sanders 1:10:24
yeah, exactly. I've recruited I've recruited a couple people recently who are trying to do some triage just on issues to just hopefully help people out with some of the more simple things that come into the issues section. I've been just extremely busy just with work lately, so I haven't had a lot of time to actually look at prs and merge them. But I'm kind of aware that that's an issue. So yeah, potentially looking for more people to help with that. Especially people that have like lots of just real experience and You know, associated with other like prominent pop projects in the space and I also was looking into maybe getting it added to this organization called jazz band for a while.

Will Vincent 1:11:12
Well yeah, cuz cuz Django rest off was just merged over, which is a very popular way to do it kind of gives you pre built off stuff that seemed to that seems to be successful that they merge that over and over here to, to jazz band.

David Sanders 1:11:29
Yeah, I I still am strongly considering that I was kind of back and forth on it because I thought maybe it still be nice to sort of have a sense of ownership over the project, but but it may not be realistic for me to try to do that. But I was actually having a little bit of trouble like contacting them. So I should try again and see if I can get through.

Will Vincent 1:11:51
What's it it's a foundational piece of the modern Django web stack. So hopefully someone listening can help us make those actions Cuz we need, you know, we need that package to

David Sanders 1:12:04
Yeah, well, instead of where it is, I'll just remind people is that it's, it's a pretty simple package, like, there's just not many lines of code there. So if it has fallen a little bit into sort of like, you know, if I haven't had a lot of time to look at it recently, I don't think it'd be very hard to sort of get it back into shape.


Carlton Gibson 1:12:26
yeah, that's, you know, I'll say, I'll say my bit here, which I always say is that contributing to an open source project is a great learning opportunity. And it's a really good way of boosting your profile, and it's a really good way of giving back to the community. And, you know, if you've been thinking about it, you know, it's a huge a simple JW t then, you know, maybe the planets align. Yeah,

David Sanders 1:12:47
yeah, please, please come in.

And, you know, make your contribution and please be patient

as people find time to look at it, when

Carlton Gibson 1:13:00
Yeah, we should say that's all the people that with the issues like Be patient, I realize that it's not some, you know, organization with lots of people and lots of hands. It's one person, I'll just look at one more ticket, like, you know.

Will Vincent 1:13:15
Yeah. Well, I guess there's one last point I want to say you were saying earlier about, you know, being one of those people who are people who get worked up about something that isn't solved versus solving it themselves. I mean, I'm that way too. But a lot of times, that's the type of person if someone's passionate enough about something, even if it's in a negative sense, that can be turned into something good in the same way that like, for companies I've worked out, if someone takes the time to write in or someone takes the time to tell me my books are terrible, I can usually engage and flip that person. It's people who aren't passionate, who don't care, that have no engagement with Yeah, that's true, that can be it. So I think it's good to harness that passion. And I always look at it as whether it's an open source thing or one of my books. If someone takes the time to do that, and they have that passion. They're basically saying can be Me, you know, convinced me, and they can be convinced it's the person who doesn't even bother writing or complaining. That isn't good enough.

David Sanders 1:14:09
Yeah, it's true. It's a opportunity

Will Vincent 1:14:14
to communicate. Well, we have links to everything in the show notes. Thank you so much for taking the time to come on. And yeah, thanks a lot guys. Share your journey. It's, it's been really interesting. All right. Well, everyone, we're at chango on Twitter, and we'll see you all next week. Bye. Bye.

Transcribed by