Aaron is a developer advocate at MongoDB and Board Member of the Django Software Foundation. We discuss relational vs non-relational databases, the developer advocate role, and giving virtual conference talks.
Our podcast does not have a sponsor and is a labor of love. To support the show, please consider purchasing one of the books on LearnDjango.com or suggest one to a friend.
Carlton Gibson 0:05
Hi, welcome to another episode of Django Chat, a fortnightly podcast on the Django web framework. I'm Carlton Gibson joined as ever by Will Vincent Halliwell. Hi, Carlton Halliwell. And this way we've got with us our ambassador, lead developer advocate for Mongo and all around good guy, a member of DSF. Board norango guy. Hello, Aaron. Hey, Carl, thank you for joining us. Thank you to the show. Um, let's kick off. Let's go. Tell us about yourself and how you got into Django and how we know you and all those things. So we've got your backstory? Oh, gosh.
Aaron Bassett 0:33
Yes, as you mentioned, I'm a developer advocate for MongoDB, which I know is not probably the first thing people think of I think of Django MongoDB. But I've been a kind of member of the Django community for since before Django hit version one, to be honest, I used to before I got into developer advocacy, I was a software engineer, worked for a couple of different software agencies. And one of them I was lucky enough to be able to convert from a homegrown PHP CMS into using Django. So that's kind of where my my love affair started. And I've been a heavy user of Django ever since. Talked several times at Django, con Europe and Django con us and as you mentioned, have no been a member of the DSF board for the Well, almost a year and I elections coming up soon.
Carlton Gibson 1:23
I remember the first time I saw you was at Django con European Florence. So you gave a great talk on the testing pyramid.
Aaron Bassett 1:30
I'm glad you said that was a great talk, because I was incredibly Illa. De so I'm glad that didn't come across. That was actually the conference as well, where I decided to become a developer advocate, I was still working in a software engineering at the time for a company based out of Edinburgh. And I'd come to Florence to get the talk had been asked to to help Mark Smith at the next mo booth. And they were a bit short staffed. And then kind of realized, like, Oh, so you give talks and go to conferences for a living like you don't pay to be here. And that's why I decided to make the move myself.
Carlton Gibson 2:12
That was what prompted it, like the lifestyle or the because it's an issue of lots of people in the agency environment. And it's quite high pressure. And you've got these constant deadlines. And, you know, I don't know about the agencies you worked in, but that was the agencies I worked in. And so yeah, what what was the appeal of being a Developer Advocate?
Aaron Bassett 2:32
To be honest, I kind of been doing it for many years before I officially started. You know, I, whenever I used to live in Glasgow, many years ago, there wasn't a huge tech community there. You know, there was a tech community in Edinburgh. And that was really seen as being the heart of kind of software engineering and development in Scotland. But Glasgow really didn't have that same sense of community. There was a lot of developers in Glasgow, most of them working in finance. But there wasn't really any kind of meetups and there wasn't any kind of social events or anything like that. And a group of us got together and decided to fix that we were very community minded when it's to have an excuse to have a couple beers of similar minded folks. So we started a meetup called web centric. The founders of that when then went on to find things like tech meetup in Glasgow and bar cam, but and code craft and a bunch of different ones. But it was really that trying to look for since the community which got me into in the first place, I was still just working as a regular kind of engineer in like an agency at the time. When you start to like give talks at meetups, does anybody who's organized can have regular meetups with speakers will tell you it's gonna be quite difficult to get speakers lined up every month, like, yeah, yeah. So it got to the situation where I was speaking at a fairly regular cadence at these different meetups. You know, anytime we couldn't have didn't have somebody to fill us the slot and it was like, Okay, well, what's the topic of this month made up of html5? Okay, we aren't gonna talk about that. That's fine. Let's just put him in there.
But it wasn't until 2014. I think Django con Europe, the time in Poland when they held it in the big circus tent. Like got up and give like a lightning talk. Yeah, it was it was a great conference. Like I'm actually probably my first ever Django con. And also my first time on stage, I didn't give a full conference talk, but I gave a lightning talk, which if anybody listening is interested in getting the conference speaking, that's a great way to like test the water, you know, not a lot, not a lot of preparation required. New five minute slot. Everybody is so supportive, you know, it's just a nice fun time you get up there. It's daunting, like I was surprised anybody can hear what I was saying because my legs were shaking that much. I was sure that all you could hear is him tapping on the stage like I was thought that was gonna dry night, everything I said, but I came off the stage afterwards it was like, yeah, that was fun. It was terrifying. But but fun,
Will Vincent 5:09
I should have taken that advice. My first talk was like a 40 minute one at Django con. That's not true. I did it at Django Boston before that. So to your point about having getting guests every month, I'm not one of the organizers, but I've worked with them. And there was a while I was speaking a bunch, and even in Boston, which has a lot of developers it is it's so much work to be an organizer of these things. But it brings so much the community because otherwise we're all you know, in our offices on our computers.
Aaron Bassett 5:36
Yeah, we ended up switching it for
I was helping organize piping Glasgow for a while. And we end up switching it. So instead of having the trying to do monthly speakers, it was then they would have a cadence of doing okay, well, one month, we'll have talks in the next month, we'll do a dojo and in the next month, we'll just have a social meeting, just go to like a local bar. And next month talk stojo bars, and it's, it's a lot easier to find speakers kind of want every once every quarter, essentially, rather than than every month.
Will Vincent 6:05
Yeah. And you can ask them, when you're meeting with them socially, sort of sort of pull out topics that they may not have thought of, as opposed to, you know, an email blast to the community saying who wants to
Aaron Bassett 6:15
Yeah, pretty much wants to speak. I don't mean any, he got a bit more time to organize it as well. So if you've got somebody who, you know, he may not be in the local community, but you know, you really want to hear from then you know, it's it gives you more time to organize them to be like, get their travel sorted and get them free to the city and things like that, as well.
Carlton Gibson 6:35
I had a couple more questions on the sort of dev REL life before we moved on. One was like three years later, how are you still liking it? Because you're traveling all the time, and all the rest? And then the second part of that is How is 2020 being with COVID and all remote and the massive change?
Aaron Bassett 6:51
there so travels obviously, it's it's completely gone away. And I I went from I think at the peak I was doing, gosh, I heard the distance was no, but it was like equivalent to four and a half times around the world, like per year. So I've spent 56% of my working time on the road. Okay,
so yeah, a lot of travel,
Will Vincent 7:14
that sounds like heaven, for some people in hell for a lot of others.
Aaron Bassett 7:18
Well, it's be honest, I, I was really enjoying it. I know, like, I've no commitments at home or anything like that. So it was really the time to kind of do that, that part of my life. And I, at that stage, I was kind of while I was on the road so often that it didn't even make sense to have a lease or mortgage anywhere, you know, I was literally away from home more than I would have been there. So I ended up just the time I wasn't traveling for conferences, spending and like Airbnb s or visiting different cities and stuff in it, it was great. I don't think it's for everybody. You know, it's it's a very difficult kind of lifestyle to maintain for a while living out of a 35 liter backpack. But for that time of my life like it, you know, I wouldn't trade it for anything, you know, I really enjoyed it, I got to meet some amazing people, I got to give a lot of conference talks, you know, I got paid to do it, it was great. Whenever I moved from my previous position, 90 of MongoDB the amount of travel was due to be less a night, it's none. You know, it's with with COVID. While I've, I'm in Miami I and that's that looks like where I'm going to be staying for foreseeable future. But we're finally starting to see a lot of these conferences start to move online as well. So a lot of the conferences I've kind of been, I just came out of a period of very hecticness is a lot of the conferences I applied for in like, you know, December, January that were supposed to happen in May kind of time. Then they push themselves by it's like last kind of quarter last two quarters of the year. So so they had this a lot of conferences come in, in September, October. I think my my peak last week was five in one week. So to
Carlton Gibson 9:01
do what I do with the conference talk which like basically leave it till the week before when you start to panic and get it written all in panic mode or do do you more professional about it. get done? It depends.
Aaron Bassett 9:13
Yeah, so I, I have kind of some talks I've given a few times before. So they're, they're easier because they're obviously ones already presented in the talk. So they get to build normally just needs to be updated slightly for any changes that have happened libraries or in the community. For new talks, I tend to start working on them. Really, once they kind of get accepted, but more in a very abstract way. You know, I'll just start mulling it over and kind of thinking about it. But I won't start normally writing it until maybe like two weeks before. And then I have this horrible habit of like two nights before the night before going. I hate all my slides and like yeah, pulling an all nighter redoing every single slide, which I'm not able to do as much night because what I've started doing for the online talks is I actually To use a teleprompter. So okay. For people are not aware, it's like a piece of one way glass like a mirror fronted, which is, has my tablet reflected on it with the essentially the script of what I want to say. And then minded behind that is a camera. So I'm reading off this mirror, but looking directly into the camera, which I think makes a huge difference for for talks because I'm not like looking down at my laptop or, you know, it's really difficult to give a talk and look directly into the camera, because then I need to look down at my speaker notes, or I need to look at other things. Whereas this way, I'm looking directly into the camera the whole time. But it does mean I then have to have the entire script written for what I want to say, which I've never done before. Normally, I have my slides, and I have a few bullet points, my speaker notes and it'll be on that I just kind of wing it. So now what I end up having to do is do that record myself winging it, essentially, and then go back and write the script based on what it said. So there's a lot more prep required knife for toxin there was whenever I was just traveling, if I've seen a few photos on Twitter, you will seem to have these kind of professional recording studios now with like sounded sounded sides and green screens and you know, all the gear. Yeah, pretty much. That's the only the department I'm in in Miami at the moment, it's you know, very happy and modern. And it's you know, the unfinished concrete ceilings and very tall ceilings all rest, which means it echoes, which you'll probably hear and microphones, the minute I actually have to sign proofing panels, either side of me trying to cut some of it down and I'm using a lapel mic shrank at some of the time. But even with that, it's still very, very lucky. So I've got some lead stuff that obviously you're trying to work in your lighting, and then you've got the so like I use a DSLR for a comlinks for the actual recording. And, yeah, there's a lot of a lot of new equipment you need to think about which you didn't have to before. But you know, I kind of feel bad expensing all of this in the company, but I'm paying to fly me halfway around the world at the same time. So
Will Vincent 12:03
right, it's probably cheaper. Yeah. On the topic of Mongo, could you just quickly make the case relational versus non relational? And, you know, there are some cases where Mongo Django might make Yes. And then
Carlton Gibson 12:13
And then from there, like, how are we going to use it with Django? Because it does, you say it does. It's not the first thing that comes to mind. But you know, regularly, there'll be a message to the user group or the forum or the Django developers, you know, how do I use? Yeah, how do I use Django?
Aaron Bassett 12:29
Honestly, it's something that's that's come up quite lately. I've seen emails for it whenever on the DSF, and things as well. And it's something I'm pushing for internally at Mongo. Historically, we've probably had more developer evangelists then advocates, different sizes with an advocate, you're as well as being kind of the voice of the community, or sorry, the voice of the company in the community, you're also the voice of the community in the company. So I spent time advocating for, you know, increasing or providing some support to add support MongoDB to Django, obviously, the difficulty of a being is, it's not something we can just fund, you know, we can just give a bunch of money to the DSF. To pay for it. You know, there's there's restrictions there on because of the SF nonprofit status, that they can essentially do, like guided work like that, you know, we can pay and then our company can pay the DSF. And for a particular piece of work, you know, we can make a donation. But you that donation has to be just to DSF as a whole, you can then prescribe what they should use that donation for. And also they're not allowed to fund software development. Right. So the fellows role, it's interesting that we're the first fellows mercenary community managers not there to write we're not there to write software. Yeah. And even without that the the separation between the DSF board and a technical board is there for a reason, it means that we can influence the direction of Django development anyway. The DSS role is not there to steer the technical direction of Django, it's, it's more there to look after the actual foundation itself and protects the usage of the trademark and ensure that the fellows get paid and that we have funding and that whenever groups like Django girls or etc, apply for for grants that that we can meet those requirement, or sorry, we can meet those requests. You know, it's, it's not there to steer the actual technical direction of Django. So it's something that like, I declared whenever I was honestly joining DSF, I did work for MongoDB. I did work for a software company, but there's no conflict because I don't have any say in a technical direction anyway. Yeah, so it's it's an interesting position to be in because I'm obviously big fan of Django is a big part of my life and a big part of the community. But in the company I work for you can't currently use in Django in any meaningful way. There's a couple of different packages that have tried to add Django support. The Django is probably the most popular one, which I think actually unfortunately doesn't work with Django three needs to be updated for that. I am With the changes coming down the line with Django async, that it's going to be easier for me to make the case going forward, that we should be applying a lot of our own kind of time internally to help support Django rather than looking at something that we could fund in the community looking at it as something that we should be releasing ourselves and supporting ourselves like MongoDB has two different Python drivers under ready a. a, what do you call ODM? So is it also the ORM? But yeah, yeah, so an object document mapper, a revenue object relational mapper. So like, we already have our an ODM, that's in Python, we have motor, which is our racing driver. For Python, we have pi Mongo, which is probably the one that most people are more aware of. So we already have quite good Python support. But the way that they're looking at the moment, it's like, well, if Django once support for Mongo, then they can use the existing ODM and integrate that, and it's, where's that what I'm saying is like one, though, we should be trying to support ourselves, you know, that's if we want to if we want to have that first party support in Django, and that's something that we need to step up and provide, we can't just, you know, throw money at it, or r&d, or wait for the community to do it. I mean,
Carlton Gibson 16:18
from a user's point of view, I guess what you want, right, is you want your Django models to just kind of, I've already got my Django models already got my Django project, I want to just be able to save them to MongoDB. You know, so I kind of want a back end, but then there's going to be limitations in the mismatch between the relational model where you've got annotations and joins, and I don't know what, and then the document model
Aaron Bassett 16:41
is obviously different way of thinking about it as well between kind of the document model, the relational model, and honestly, the kind of the big ones people keep putting is the financial document model is that it's like schema lists, you know, so you wouldn't need something like migrations, you would just make your changes to your models? And, and that would be fine. Just work? Honestly, that's, well, yeah, it's an advantage and sometimes disadvantage. Really, for me, where I think MongoDB shines is in things like it's an aggregation pipeline. So the aggregation, so the aggregation pipeline allows you to apply basically data transformations in stages, you know, so you might have a, like a match stage, which is essentially like a select, you know, so find me all documents that match this query. But you might have a project stage, which allow you then to make model modifications, each document, you know, so you can, okay, well, I only want these four fields, or, actually, I want this field, but I don't want the value of it, I want the length of it, or I want to sum these two fields together. And this is not on to my document. And you can do incredible things about your pipelines. So I'm using it The minute I did this talk at Django con Europe, where I spider like 10 million domains, and then was trying to like just for the headers of what they returned. And it was in targeting that data set to try and find interesting things that were returned and be able to use aggregation pipelines, I could do things like I could. So I had a dictionary of all the headers, I could convert that dictionary into an array where each item in the array was a fixture in itself with a key with a k, v, or K being the dictionary key from the headers, dictionary and V being the original value. So I can start querying on that. And I could do things like, you know, work out what the average number of headers were that were being returned per site, or what the the the largest header returned was, or I could run regex is against the keys or the values of, you know, look for. Okay, so let's pull out what the oldest PHP version being used is, or let's look for lots of places had these like pirate by or expired by, you know, so let's try and group those together. And all of that you can do in a single query, using like an aggregation pipeline to is that dynamic is like that it's rate calculated in real time rather psycho, because the process you're describing sounds very much like a dupe mat MapReduce process, but you learn that batch offline was Mongo is doing it on demand. So just seeing on demand, you can also create views out of it. So essentially, it looks like a regular collection that you can query. But that's coming out of a pipeline. And again, that's, that's live as well. So it's really the degradation pipelines is is the bit where I think MongoDB really adds value. And so just swapping out like the Django or M for a MongoDB ODM, you're not going to get the matrix bondage. You know, just being able to have your data models there and query them as per normal. There's this that's not where you're going to see any big difference, okay? It's going to probably be a bit easier for you not to worry about migrations and I personally find it easier to think of things as objects. So I have a a You know, object oriented programming, I have my class and I buy different attributes on that class, etc. And I don't need to worry about transforming that into a relational structure to put it in my database, I just send that to my database. You know, that kind of maps better for me, it's honestly, it took a while for it to click, but then once it did, you know, that's, I don't need to worry about data structures anymore. It's just like it's an object. And it's not in my database, and it's an object in my Python code. And it's just an object, and I can just use it. Same everywhere. So those are key advantages. But you don't really get the full pyre until you also have support for the aggregation pipeline and how we would get that into Django or what the interface is that would look like. That's where I think needs a lot of careful consideration.
Will Vincent 20:41
Aaron Bassett 21:07
No, that's it's pretty accurate. Like the mean, stack is still huge. You know, so yeah, I
Will Vincent 21:11
mean, stack and then anything that's like unstructured, huge, you know, I don't know, I don't know if the NSA is using Mongo, but they're using non relational to make the haystack.
Aaron Bassett 21:21
Will Vincent 22:19
So like sequel light, but not
Aaron Bassett 22:20
Yeah, but it's, again, it's an object store. But it stores live objects. So you don't really need to worry about kind of reading or writing from the database, you just get your object and then you, you can use that in your code. And it manages the this the reading rights for you in the background. But it also does is manages sync. So you can set it up. So they'll automatically sync to our cloud service. And it will do things like automatic conflict resolution for you as well. So if you have multiple devices that are all connected to are all using the same round database, and one of them goes offline for a while, whenever it comes back online, then it'll automatically sync the data and resolve any conflicts that have happened since it's been offline. So that's, that's pretty nice. Yeah, it's, it's just been a lot of work and getting it kind of integrated with kind of our Atlas, which is our cloud server. And it's a team that I'm on it. So it's a lot of fun to work with, to be honest. We, for Oktoberfest, which is coming up, we're working with a group called White wildaid. And we built an app for them, which essentially, Wildean is like wildlife conservation. And one of the areas that they do is they do a lot of ship inspections, so they'll board ships to ensure that they are, you know, they're not breaching any fishing licenses, or any of that kind of stuff is not in any kind of breaches of wildlife regulations. So whenever they're on board the ships, they don't really have it Nic connections, as you can imagine, you know, they could be out in the middle of the ocean. So before, what they were doing was they had, you know, paper forms that they would fill out whenever they boarded the ship and a nice performance to come back to the main office, normally very wet and smudge everything else. And they would try their best way to correlate information into like a database. No, they have just a Android device, it take on the ship, they fill in the form, they can also pull down any of the information for the area before they go out. So if they are expecting to see particular vessels or vessels an area they can get the most recent information about it and any, any previous sporting reports and have that under local device, do the boarding take photographs, make their notes etc. And then as soon as they get a connection, then that's automatically synced up with the, the main database. So that's all open source. We see built it in conjunction with them as part of MongoDB world which happened a few months ago. It's nice kind of they're they're using it like in the wild as it were. There's more development needs done on it. See, there's additional features as there always are. So, so we're making it our Oktoberfest kind of projects and looking for contributors there. So,
Will Vincent 25:08
yeah, we'll have a link to that. That's that whole realm of online except occasionally off is so interesting when you when you think about it, like because my, my brother in law worked at a startup that was doing order delivery for restaurants where they have a device, they literally go in the cooler, which is just like, a steel box. Yeah. And they, like he had to, I think they're using flask for that they had to jump through all these hoops to deal with, yeah, just quitting out even if they have Wi Fi because they're going in this huge steel cage for orders. So just one example of many where, you know, yeah, it would solve a lot of problems to have a,
Aaron Bassett 25:43
it's a pretty common one that that stock correlation thing, because a lot of it said, it's like, if they're going into freezers, are they going into big metal warehouses is like there's basically walking into a giant Faraday cage.
Will Vincent 25:54
Yeah, exactly. Exactly.
Aaron Bassett 25:57
never wanted one company. I used to work for an ad tech company. We also were doing a demo video streaming company, you know, so they produce their own videos that would be streamed in classrooms and schools, and it was all Django based. And we've had a big booth at a really, yeah, still as well. It's it. It was, it's twig. tw ag so twig world, I think is the tech world equity coms URL. But they they do these short instructional videos for schools got like three minute long, you know, videos on science, biology, chemistry, physics, that kind of idea. So it's a video streaming and quality of stream and lack of buffering was a big thing for us to be able to to show at this conference. But as anybody's been to a big conference knows, you can never rely on conference internet. So that way, we got a Ryan's Yeah, during the kind of online offline, there was, we literally had a little server sitting on our booth at the conference, that was just serving up the media files. So any anything large, you know, so like all the video files, MB files, PDFs, all that kind of stuff. I know, we had a DNS level DNS that would resolve to that box for any requests. So all of our demo machines, they would be running the web application online, but all of the large media, which was served behind like a static type world or video, so it was, would be coming from the local network, but also met as well, we were then able to offer a, you know, an open access point that other people come into the booth could join. And then if they wanted to watch it on their phones, they got the exact same experience. They were still getting these videos essentially, like offline, at the conference.
Will Vincent 27:43
That's awesome. Yeah. Anyone who's had to I mean, I worked at an ad tech company and went to some demos, and it would have been nice to have had such a that's such a smart idea. I guess you do it enough times, you're like, we need a better solution here for
Aaron Bassett 27:58
Yeah, we did the year before we essentially rebuilt the entire stack on like local machines, and just brought that all down with us. So and this, this was kind of just container ization was really only just starting. So with some of the bits were starting to move across, our bits weren't. And it was just it was a bit of a nightmare, honestly, to try and get this deployed on Silikal machines and ensure that like, all of the URLs are getting written correctly and stuff. And yeah, we spent the entire time kind of being a little bit on age. So next year, we were like, okay, we do want to bring our entire stack dyne, we're pretty confident that the the, the composite net can handle at least fetching the HTML from the actual application code. We just don't want to stream videos. And that was our our solution was like, Okay, well, let's take videos offline. And keep everything else just running on the regular servers. And it worked pretty well, to be honest.
Carlton Gibson 28:51
can I go back to Mongo? If say I okay, I want to get I'm listening to the episode thing I want to get Mongo go, what's my best way of hosting it? Because Is it a cloud service? Like Mongo is hosting my own? Because let me let me give you back. I haven't used Mongo for quite a few years. But when we did it a few years ago, no, no doubts all changed with them. We had struggled with it was difficult to maintain and difficult to scale. And it was hard work. So what would you advise? I don't know. A is no doubt changed from then this was six years ago, seven years. But what would you say if I'm going to give it a go and I want to give you a plate? What should I spin up?
Aaron Bassett 29:31
So the first thing I'd say is don't do apt get install? Like do not install it via like apt get or any of the package managers they are all so far behind? I think some of them are still running like two two and we're not in for for you know, it's it's ridiculous how far some of them behind in that. And that's normally the issues that we come across as people are still running really, really old versions of MongoDB you know, and yeah, MongoDB like any technology had some teething problems at the start which are not all being sorted. You know, we still get people coming in. We don't have transactions, it's like, Yeah, we do. It's fully acid compliant. You know, yes, we didn't have transactions. Five years ago, they have the NIH. Or that MongoDB is insecure, it's like, no MongoDB until you set up your, like access controls until you set up your username, etc, your admin user, you can only access it from local host, your binds a local host, and you cannot access access from anywhere else. So you need to actually go in and configure it yourself to make it public. You know, it's the security, by the default security settings are a lot stricter than what they used to be. These are all things that if you're installing older versions of MongoDB, of course, you're still going to get the, the the old issues that come with it. So my first advice would be like, don't install it from apt get, you know, go and actually get the the release directly from us. And the other thing is watch Mark's talk. So Mark Smith, Judy touquet, most people knew us on Twitter. He's done a talk recently. I think it was a Europe hyphen, not 100%. Sure. On misconceptions about MongoDB. So he runs through a lot of this kind of stuff about, you know, where you should install it from misconception people can have. And yeah, it's it gives a good kind of like, for people even like ourselves, and we we join MongoDB, you know, we might not be completely up to date, and you have these similar conceptions, you have current about, like, what MongoDB is or was and that clears up a lot of them. So I'd probably watch that first just to get some information on it. If I'm setting up for myself, now I just use Atlas. So Atlas is MongoDB. S, clouds, kind of hosted managed service. It's it's got a free tier, like a kind of, you know, free forever tier. It's, you can deploy it to AWS as your somewhere else, I think, you know, so in China, keep your latency down by deploying as close to where the rest of your infrastructure as as possible. But it's, you know, it's so simple to setup. It's like button, click number, my number one advice for databases is get a managed database, right? Yeah, the best money you'll ever spend is like Don't, don't spend your time and energy doing that unless that's your professionally, you know, 100%, you know, and the free tier is 99% of the stuff that I do all uses it, the only thing that I've I've had to use any of the paid tiers for is the the project summary earlier with Django con Europe.
Will Vincent 32:34
So I was gonna say this 10 million data sets fit into free
Aaron Bassett 32:37
10 million doesn't quite just surely because of the size to be honest. So I had to upgrade the size, not one, I think it's costing like maybe like nine bucks a month or something like that.
Will Vincent 32:51
Aaron Bassett 34:28
Django. Django has got a heck of a lot better, though. I remember. Yeah. First setting eye on it. And you would do you are, you're kind of pip install in your Django admin start project. And then you would try and run server. And like, none of your CSS was load, you know, you go to admin page and just like just raw HTML, you know, you'd have to go sugar. First of all, it wouldn't serve any static files. You'd have to have like, cherry pie or something running to serve to serve static files for you. And there was no like, collect static at that stage either. And, yeah, it's it's come a long way. And become a lot easier. So the work has been done is phenomenal. But yes, it still deploying Django is still difficult as well, you know, it's I said, there's no kind of one click deployment Heroku used to have like their Django Heroku package. But even that's being deprecated. I.
Will Vincent 35:17
Yeah, I think yeah, I mean, kind of had set that up. And that's deprecated. I mean, Heroku. Still, that's the one I teach in my book, just because they have a free tier. And if I tell you exactly what to do, you can do it in five, six steps. But if you try and navigate their docks, I don't think there's a lot of older things out there and you get tripped up. I mean, one thing, and there's also environment variables, which is another thing which you need for Roku, in most platforms, most platforms as a service should use anyways, that's another one that really for beginners, though, there are a number of packages that make that a little bit easier. And that was a big thing. For me with 3.1 updates, I included my beginners book is showing how to use environment variables, which I was a little uneasy about, but it's, it makes settings files, you know, if you're gonna do any sort of actual deployment, that isn't wildly insecure, you have to use environment variables. 100%.
Aaron Bassett 36:12
And it's actually a talk I gave recently at pike on Australia was like, on high to
Will Vincent 36:18
secrets when we have a link to that. Yeah.
Aaron Bassett 36:21
And it's, yeah, it's, it's so easy just to hard code a secret, they even even experienced developers do it, you know, you're, it's just a proof of concept, or it's just a really quick hack, and you're not quite sure that you're going to keep this in here. Or, you know, you don't want to go freeze, adding it to your key management store, or whatever else, you just hard coded for a second, and you're definitely going to take it out before you push your code up, you know, it's and then whatever happens, you forget about it, or you go and make coffee, you come back your muscle memory kicks in, you do a git push, and suddenly your AWS keys, or whatever key is up on GitHub been publicly available, you know, or even even, I mean,
Will Vincent 37:03
I was gonna say GitHub now has they'll notify you they've, like, generally they'll they have that link, they acquired a company that will sort of tell you, hey, there's a secret key hanging out in your repo. And I remember, like, really GitHub, you could just search for like secret keys and stuff. And now you can't do like a broad search. So they, they sort of they help you a little bit but doesn't solve the problem. If someone has access to your GitHub repo, you know, there's 100 engineers. Yeah. Also right. For security. You don't? You don't want him floating around.
Aaron Bassett 37:31
Yeah, 100%, you know, especially even if you then remember and delete it while it's still in your Git history. You've got as soon as soon as that's pushed up, it's been compromised.
Will Vincent 37:42
Yeah, that was actually that was another thing in my my thresholds book, I sort of walked through updating the secret key in the 3.0 version, but then, yeah, it's still in the source code. So there's a couple there's a couple ways to do it to generate I mean, because it's any 50 plus character string. And you can use Python has a secrets module. There's at least one or two websites, which will generate a Django secret key. B, I totally, I'm guilty of it. And actually, for me, like I have repos of my stuff up there teaching where I have the secret key and and we swap it out. And I GitHub regularly pings me being like, you've got secret keys, which is nice that they do but a little annoying. Like, I guess I get unsubscribed. Yeah, everyone does. It is to your point on the talk. And I like that, that that was a great talk to
Aaron Bassett 38:25
Oh, it happens everybody eventually. That's you. You also have to kind of then plan for it to you need to know what what is recovery for this, you know, it is going to happen at some stage. So you need to have a rotate keys, you know, how do we revoke keys? What's the process for that? You know, how do we then go about reassuring them, it's like any other kind of disaster recovery, you need to you hope that doesn't happen, but you need to plan for it to happen.
Carlton Gibson 38:48
Nobody will as well. Because that you want to overthink this awesome point like you like even your database credentials, just because you kept them secret doesn't mean you don't want to change them every so often. Because, you know, just
Aaron Bassett 39:02
leave the company or whatever else, you know, you're gonna have to retain them eventually. It is actually something that's quite nice with some of the realm stuff as well, is it also gonna have like manager users for you. So you don't really have an admin user as such that can be exposed. And so users could register their own accounts. And then well, it's one way you can access it. You can set it's a registered user to register an account. And then you can set like, on databases or sorry, on collections are even down to like field level, what the access rights are that honor, on that are so you can go Okay, well, users can read all data that's in this collection, but they can only write or edit their own data in set out at the database level. So you need to worry about that. That kind of business logic and your code, instead of like going okay, I'm going to do a find and only give me back the documents that this person, the author ID is equal to their user ID. There we go. Okay, give me all documents. And I'm logged in as this user. And that will automatically go Okay, well, this user only has access to these documents and just returned knows, you know, so it takes like that, that kind of like business logic, you don't have to worry about it. It's all about the kind of service level, which is really nice.
Carlton Gibson 40:22
You still don't want to display an edit UI for, you know, if I haven't got edit permissions, I don't want the Edit UI presented. Right. So you still kind of need to deal with that. But yeah,
Aaron Bassett 40:31
well, yeah, you still deal with that kind of side of it as well. But it just means that then you don't have any Caf administration like admin credentials to expose, which means you can then move into the client side as well to do even need a server to run your queries.
Will Vincent 40:47
I was just checking there still is it was a Django login as which you can third package where. But I think it's more for users, as opposed to like admins or devs. But that's incredibly useful. If you're trying to you know, debug, someone says, I'm getting this issue, you can just log into your, your site, literally as them
Aaron Bassett 41:04
yeah, see it? That's one if you have if you're if you're a super user, you you do like your username as an unlike the your customers username, and then your password, and it authenticates you as the customer. Yeah, I use us all.
Will Vincent 41:18
Yeah, it's it's only got 230 stars. I think this is the one but it's an incredibly useful. This is
Carlton Gibson 41:25
similar, similar package called Django hijack as well, which does a
Will Vincent 41:28
look. Oh, that's awesome. Yeah. And they both keep it on
Aaron Bassett 41:31
does hijack keep like logs as well, if like, when people have logged in as other people, I
Carlton Gibson 41:37
believe in? Yes,
Aaron Bassett 41:39
no login as that does, or did. Because it was a big thing. You wanted to make sure that people weren't abusing it, like login is potentially user. So it had like, an access log of like, who it's logged in is, like, which user and when they did it,
Carlton Gibson 41:53
you need that sort of thing? We'll put
Will Vincent 41:54
links to both in the notes. And we should, we should check that out there both that functionality is incredibly useful.
Aaron Bassett 42:00
Yeah. Was space for debugging, like customer issues? It's it was indispensable to be honest.
Will Vincent 42:05
Yeah, I know. Cuz otherwise, you're just like, you know, trying to tell them how to take a screenshot video, and yada, yada, yada, and just, they can't do it. So I want to ask you is we're coming up on time, your I think, so I first saw you and came to know about you from your pip install talk. And it's like the left hat problem from 2016. Which fantastic talk. I wonder if you could talk about that. And I think you're you're planning an update to it, right? Because it was a couple years ago.
Aaron Bassett 42:31
Yeah, yeah, so I get that first time at like pike on UK. And it was just after they've been an issue in with NPM, where a maintainer had removed a package called left pad, which in itself was a very small package, and just allowed you to pad a string, but was a dependency of so many other packages that it took dine hundreds of thousands of ci processes around the world, as an attempt to install this package is no longer existed. So the talk really kind of was looking at it, you know, how you can really secure your installation process and your dependencies and things like the obvious stuff of around like pending dependencies, but and also how you would run your your own local tea shops, your own local package, index and a bunch of other stuff. And honestly, most of what I discuss in that talk is still relevant nine, you know, not an awful lot has changed. Some of the, we've kind of had since then there was a move towards, you know, pet bans and different packet like package managers kind of came and went during that time. But the the core of it, you know, pending your packages, checking package hashes to ensure that not been modified from the diversion finger installing hard to run, like your own local repository, all of that is still the same night as it was back then. Be I'd love to expand upon it, I think there's an awful lot of running through PayPal payment ecosystem that can be quite difficult for people coming into it to start off with, you know, for your, your very early users, they really don't need to know an awful lot, you know, people, okay, we need to know, virtual environments, you need to know about pi n, you need to know, you know, bytes, environment variables, and you need to know a bunch of stuff as well. And they'll really start off if you just need to have a Python executable and write some Python in a file and call the file. You know, that's your very basic hello world. Let's get people interested, they can immediately see, you know, I put this input and I guess I, you know, it's that instant gratification. Get them hooked on programming. But once you can move into the more kind of intermediate level, then where you're like, Okay, well, I want to keep up with several projects I'm working on I want to keep my dependencies separate. I might have Have a legacy project that's on a different version of Python than what I'm currently using for my own. More recent projects, or, you know, I want to run Jupiter labs, but I don't want to have a virtual environment for that. It's all things and you go, Okay, well, now we're going to need, like, virtual environments, that's fine as Python three is that we've got those already. But then you're looking at pi n, so you've got like multiple Python versions, then you probably want to have like, first environment wrapper to make it a little bit easier to work with, then you're looking at PIP x. So you can run like Jupiter lab. So if I happen to install it, and it's like, Okay, well, there's all this stuff. How do we make someone tells
Will Vincent 45:39
you about poetry? And
Aaron Bassett 45:40
yes, like, was a bunch of new stuff in there. I have an a, like a pay for local Python development environment I'm pretty happy with it's taken me a couple years to get there. But if I got like, everything set up, like I kind of like and I, because I do a lot of work with obviously different Python versions in different packages and things you know, life can, if needs to be I can spin up a version of 2.7. You know,
Will Vincent 46:03
what isn't that isn't that the problem, right there is that everyone has come to their own local thing that works. So when a newbie says, How do I just duplicate that? Yeah, a there's many different ways to do it, and hundred percent and D, it's, you're talking about path variables, and it's non trivial.
Aaron Bassett 46:20
Yeah. So like, any of these things, and I will make sure my information is out there as well. No, it's very, very much true. Like everybody does have their own way of doing it. And like, mine won't be won't work for everybody. I hope it works. For some people. It's honestly pretty simplified. I've really, it's, I went down the road of like, having poetry and having multiple different kind of editors and plugins, everything else. And now I really, I have my virtual environments, I have pi n, and I have PIP x. And that covers like 99% of my cases, you know, even the PI env is probably a little bit of overkill, to be honest. I think the only time recently I've had to install an older version of Python was actually to do a node installation where one of the packages was assuming you had Python two installed and said Python three, it was still using the old print statement. So the which was interesting that I needed to have a particular version of Python installed in order to do an npm install. Because obviously, web programming is not confusing enough for beginners.
Carlton Gibson 47:32
Well, I have setting up a Windows machine recently and had to install Node JS and I went, I went to the website, and they went, Oh, just use the LTS node. Okay, I'll download the LTS, and after installing, it's like, you need Python to do this, to me,
Aaron Bassett 47:47
it really was the easiest way it was like, Okay, I could I can try and take these dependencies I can, even if people were posting like fixes in that you could go and modify the, the module yourself in order to get to work with it, because it really was a very small change, they were just calling the print statement in the pipe into instead of like quantum print function, paper three. But it was like, well, I've pi n here, you know, I can just install 2.7. You know, make that the Python interpreter for this particular shell session, do insulation and then not have to use it again, Trump. So
Will Vincent 48:23
I think that, well, there's there's online hosted Python things you can use, like, if you're teaching, you can use replicate, you can use glitch. And I believe that VS code is working towards this if they don't, or to having this where, you know, in five years, people look at us and go, Well, you just log in. And it's sort of a virtualized, it's like Docker in the cloud. So you don't even have to deal with this nonsense. I think I'm not exactly sure where VS code is at with this. But in terms of beginners, like, I think they're pretty close in terms of having it all, you know, like your own Docker spin up. So you can just download, you know, use VS code, and then everything is in the cloud, you don't have to worry about versions, that sort of like game set match that solves a lot of these problems. I mean, it doesn't solve the fundamental ones in Python, per se, but if it's hosted, you know, sort of like Docker for newbies, and I think I'm pretty sure VS code is working on that if they don't already have,
Carlton Gibson 49:17
like GitHub, Scott, this code spaces thing, which is on GitHub, I managed to get but that's all part of the same deal. Right? And yeah, I guess, but but it's super, it's it really is it like it fires up, you know, a containerized environment, you just open up VS code, and you do this remote open this remote thing, and it opens your VS code, and it's just working. And yeah, you know, if you've got decent internet, it's, it's indistinguishable from local development.
Will Vincent 49:43
Aaron Bassett 50:16
It's a smart move for them. Because if you've got your like your containerized development environment, you're you've built your app, etc. And then you know, it's okay. Well click this button to deploy it is your Well, no.
Will Vincent 50:28
brainer. Exactly, exactly that exactly that. I mean, you can see all the pieces lining up well, so we're at 50, odd minutes, is there anything you want to mention that we haven't, and anything else you want to plug personally or professionally,
Aaron Bassett 50:42
I would say is, is obviously the combination of MongoDB. And Django is, is something I'm very passionate about myself, I would love to hear other people would like to see that as well, the more people I have, kind of asking for it. And the Better Business Case I can bring to my employers, that's always hope be helpful. So if you would love to use MongoDB, with Django, or if you're already using MongoDB, for something else, alongside Django and you'd like to see the integration between the two, or you have a particular use case that you think would be compelling, then please do reach out, you know, you can either contact me by the DSF, by email, or you can contact me on Twitter, my DMS are open, we'd love to hear what people's kind of what their wants are, what their use cases are, you know, any anything I can I can help to build this case to to bring MongoDB to Django would be really useful.
Will Vincent 51:44
Well, that's something I think we the DSF. Board, if when we do the survey, hopefully next year, we could have some sort of questions around what people want. I guess in a way separate from Django developers, I know there's, that's the main place where things are happening, but more of a generic area to ask these kind of questions. Does that make sense, Carlton? Or is that crossing? Why don't
Carlton Gibson 52:06
we does it does make sense. It's the sort of I whenever anyone mentions new features, I get this massive sort of ice back in my neck. This is ever going to happen? Yes. By no overtime, we see rolling out new features.
Aaron Bassett 52:24
Yeah, I wouldn't say it's something that would be actually in Django itself, you know, I would still see it as something that would be a package that installed like channels. You know, we we have the ability to do that now that the kind of database engines and stuff are easier to swap by? So yeah. Again, it's, it's not even something that that a company could try and do because that then the final decision about what would make it into Django is up to technical board, you know, so, absolutely, we need to be a very compelling reason for them to want to add it into the core. And I, I don't think that's going to be there. Not for a very long time. But I would love to see, it's important as a package that can be installed alongside Django.
Carlton Gibson 53:07
But all all features begin as third party packages, you know, yet what, unless there's an outside reason why can't it must, yes, our migrations was a third party package.
Aaron Bassett 53:21
I still have my T shirt with the from the Django version released with when Saif got merged in, with all the birds flying away. That's a nice shirt.
Carlton Gibson 53:31
Yeah, good, good. Good. I think for me, just on the map, the Mongo point, I think if like, the querying is obviously different from the RMS query. But if we could somehow take the model classes and then leave that map to a document model, somehow, yeah, then you know, then you would query the document model. But if you didn't have the duplicate, that's the trouble when you switch like, you know, view. The same with another view, you could put your models into Elastic Search, you have to create a an Elastic Search document, which then it's like, it's kind of really similar. It's like, Can I get, could I somehow automate this, get this from my Django model to the Mongo document model, so that I didn't have to type that out twice. That would be amazing. And didn't have to update it each time. You know, it's typing at once, it's fine. But what made noted here though, I need to make a match in there, that over there, that's a pay.
Aaron Bassett 54:18
Yeah, honestly, I kind of see is working very similar to like the cue objects, you know, so we've got your, your RM or in this case up like your ODM, and that's going to be how you interact your data like 99% of the time, yeah. But then if you want to do something, you know, more bespoke or more complex, then there'll be like an empty object, you know, which you can then use to create your aggregation pipeline or run on a very specific kind of MongoDB type queries. You know, it's, you want it as far as possible to be something that you can just swap into a project and if you're not doing anything, you know, weird or wonderful then it just works. As the record Django ORM would. But if you want to use some of the features of MongoDB, then you're you're then dropping into a different kind of interface to that. And you're very aware that this is not a MongoDB specific, you know, I will not be able to move this project easily from MongoDB, back to Postgres, or to SQL lite, or to wireless, you know, for some reason, like if you're writing raw SQL queries, and you may be using some of the features of Postgres is not supported by SQL lite, you know, so, you know, you can just easily use that in development and Postgres in production, but it has to be that for me, anyway, there has to be that kind of separation, you know, so that people are, are very aware of when you're doing something that is specific to that particular database.
Carlton Gibson 55:47
Yes. Yeah, absolutely. Absolutely.
Cool. Super green. Exciting.
Will Vincent 55:53
Well, Aaron will link to ways to contact you in the notes, but you're very accessible on Twitter and other platforms. Thank you for coming on.
Aaron Bassett 56:02
Thank you for having me. It's been a lot of fun are enjoying it.
Will Vincent 56:05
And everyone we are at chat Django on Twitter, Django chat.com. And we'll see you the next How would you say Carlton, the next fortnight for it. We'll see you in a fortnight in support of fortnight. Yeah, we'll see you in a fortnight. Bye.
Aaron Bassett 56:18