pre-release: North Bay Python meeting announcement

Please take a moment to review your details and reply with OK or edits.
Subject and below is what will go out and also will be used to title the videos.

Subject: 
ANN: North Bay Python at Mystic Theatre Sat November 3, 10p


North Bay Python
=========================
When: 10 AM Saturday November 3, 2018
Where: Mystic Theatre

https://2018.northbaypython.org

Topics
------
1. Conference Opening


(Needs description.) 
 recording release: yes license: CC BY  

2. Keynote - Mariatta Wijaya


(Needs description.) 
 recording release: yes license: CC BY  

3. Easier Classes: Python Classes Without All The Cruft
Trey Hunner

When bundling up data, sometimes tuples and dictionaries don't quite cut it. Python's classes are powerful tools for data storage and manipulation, but it can take quite a bit of boilerplate code to make a well-behaved Python class. In this talk we're going to discuss how a well-behaved class should work and take a look at a number of helper libraries for creating well-behaved classes.

We'll first see how to make classes with proper string representations, comparability, iterability, and immutability. Then we'll dive into helper tools built-in to the standard library and available in third-party libraries.

We'll look at namedtuple, NamedTuple (not a typo), attrs, and the new Python 3.7 dataclasses.

Most of the libraries discussed in this talk are only available in Python 3, so if you're not using Python 3, hopefully this talk will encourage you to upgrade.
 recording release: yes license: CC BY-SA  

4. Auditing Your Site for Accessibility: Now What?
Kat Passen

So you’ve heard about web accessibility - maybe you’ve only heard it in passing, or maybe you’ve read some docs or blog posts, or perhaps you’ve even attended a conference talk about it. But oftentimes this is where you’re left hanging, holding a toolbag with a gigantic “now what?”. Starting out can feel daunting, especially if you have a large application to deal with.

Here are the steps we’ll cover:

1. Identify - how do you find potential or actual problems
2. Verify - are these real problems, or potential false positives
3. Plan - finding the most efficient ways to handle the critical path
4. Due diligence - fixing, testing, future proofing

We’ll talk about all of these in the context of a familiar website that recently went through this same process.
 recording release: yes license: CC BY-SA  

5. Lunch


(Needs description.) 
 recording release: yes license: CC BY  

6. ¡Escuincla babosa!: Creating a telenovela script with a neural network
Lorena Mesa

.
 recording release: yes license: CC BY-SA  

7. Exploration-Oriented Programming
Moshe Zadka

# Jupyter Basics (7m)

Jupyter is an interactive development environment based on the read-edit-eval loop. We will examine a bit of its history, and show-case how it works for those new to Jupyter -- while also showing a few tricks even experienced Jupyterians will appreciate.

# Incremental Development (7m)

Next we will discuss best practices for incremental development. Incremental development is slightly different from writing code in Python modules. The global namespace matters a lot more, and must be managed carefully. Writing code with less side-effects allows using the same data structure multiple times, increasing iteration speed. Finally, it is often useful to write little snippets which will crawl intermediate results and verify them for correctness.

# Collaboration (7m)

There are things to keep in mind when collaborating with Jupyter notebooks. Since they are edited by an automatic tool, they can often accumulate "cruft" which confuses version control systems. Having utilities for cleaning notebooks pre-commit, as well as linting them in a continuous integration environment post-commit, allows managing such cruft, and getting usable, reviewable, diffs. It is useful, as well, to be able to "run" notebooks in continuous integration, verifying correctness.

# Production (7m)

If we develop our code in Jupyter, we need to somehow get it to run in production. Luckily, modern Python import machinery is flexible enough that we can write packages that look, to the users, like regular Python code. We will cover how to mark cells appropriately as "tests" or "code", and how to set up such machinery -- all the way to building PyPI-ready wheels.

# Summary (2m)

If we recognize that writing code is a process of successive approximation, we can stop having "IDE-envy" of static languages with all their facilities and develop *with* the Python grain: interactively, using the dynamicity to make the programming environment better, not worse.
 recording release: yes license: CC BY-SA  

8. All in the timing: How side channel attacks work
Philip "Phildini" James, Asheesh Laroia

In this talk, you’ll learn about a category of security issue known as side channel attacks. You’ll be amused to see how features like automatic data compression, short-circuit execution, and deterministic hashing can be abused to bypass security systems. No security background knowledge is required. The talk assumes at least intermediate Python experience.

We’ll take a tour of real side channel vulnerabilities in open source Python codebases, including the patches that fixed them. It also offers practical advice for avoiding these issues. My goal is to demystify this topic, even if you aren’t writing security-critical software.

This talk is for intermediate or higher Python developers who want a foundation for understanding side channel security vulnerabilities. We hope to allow software developers without a security background to understand the security mindset.
 recording release: yes license: CC BY-SA  

9. Welcome to Jurassic Park: Where Chaos and Engineering Ethics Collide
Hayley Denbraver

Jurassic Park in 3 Minutes

In this section I will do a quick and funny recap of Jurassic Park so we can all be on the same page and so I can talk about dinosaurs.

Software Engineering in Jurassic Park

This section will include further discussion of the points in the story that intersect with software development. Points of discussion could include:

-Vague requirements

-Unrealistic Timelines

-Scope Creep

-Insufficient Budgeting

-Insuffiecient Testing

Unethical Behavior as a Form of Chaos

This section will examine the choices of Nedry and how his unethical behavior was a catalyst for failures. The topic of Engineering Ethics will be introduced and explored. Ethical behavior prevents certain types of failures (imagine a contractor is using the wrong grade of steel for a building to cut cost). Additionally testing your work by ‘breaking things on purpose’ and ‘expecting failure’ is actually a very good application of engineering ethics.

A Resilient Jurassic Park

The final section will speculate about what could have been if the jurassic park software was subjected to some manufactured chaos instead of some dinosaurian chaos and also if Nedry had been more moral fiber.
 recording release: yes license: CC BY-SA  

10. Afternoon Tea


(Needs description.) 
 recording release: yes license: CC BY  

11. Better Web Scraping Through Reverse Engineering AJAX Calls
Diego Berrocal

Have you ever wished you could automate any task in a website? Be it ordering food from your favorite vendor with an online shopping cart, or find out the weekly items for sale in your local grocery store website. Due to the rise of libraries like React and the proliferation of client-side rendered webapps, chances are that you may be inclined to use dynamic scrapers like [Selenium](https://www.seleniumhq.org/) or [Puppeteer](https://developers.google.com/web/tools/puppeteer/). However, because these webapps need to initialize their components, they still make AJAX calls to services, exposing “internal” APIs we can use. This is not how its developers intended us to use the site, because it can change without notice, but that doesn’t mean it’s not useful!
After leaving this talk, you’ll be able to backwards-engineer these “internal” APIs and replicate any trivial flow as well as knowing how to use Puppeteer to directly interact with the page. You’ll also learn the criteria to choose when to use a dynamic scraper vs just using the “internal” API webapps use.
 recording release: yes license: CC BY-SA  

12. Packaging Django Apps for Distribution on PyPI
Laura Hampton

One of the strengths of Django is that it allows you to use apps created by other developers, so you don’t have to spend time rewriting something that someone else has already written. However, creating Python packages for distribution via the Python Package Index is a process that is unfamiliar to most developers. In this talk, you will learn about creating a reusable Django app. The talk will cover how a Django app differs from a package like requests, and how an app interacts with models and URLs in an existing project.  

While the talk will include a discussion of how to upload a Django app to PyPI, the parts that discuss how to make reusable Django apps will be useful to developers who are working at organizations where they may not be able to open-source their code.  

This talk is intended for Django developers who have some familiarity with how Django works, and an interest in code reuse and packaging. I am aiming this talk at people who have completed a basic Django tutorial such as the Django Girls tutorial or the tutorial in the Django documentation.
 recording release: yes license: CC BY-SA  

13. Recursion for Beginners: A Beginner's Guide to Recursion
Al Sweigart

Recursion has an intimidating reputation for being the advanced skill of coding sorcerers. But in this tutorial we look behind the curtain of this formidable technique to discover the simple ideas under it.

Through live coding demos in the interactive shell, we'll answer the following questions:

* What is recursion, and when is it a good idea and bad idea to use it?
* What's a stack, the call stack, and a stack overflow?
* What are all the confusing ways that recursion is commonly taught?
* Do some problems require recursion? Can recursion do anything a loop can't?
* What is memoization, and how does functools.lru_cache work?
* How do I draw that cool-looking recursive fractal artwork with Python's turtle module?

Beginners will be able to follow this talk. All that is required is a willingness to learn, and a willingness to have the willingness to learn, and a willingness to have the willingness to have the willingness to learn, and... so on.
 recording release: yes license: CC BY-SA  

14. What PHP learned from Python
Adam Harvey

In 2015, the PHP project released version 7.0 of the PHP language. Doing so was the culmination of several years of discussion and hard work to resolve what a new major version would look like, what would be included, and most importantly, what would be broken for existing users.

In the end, PHP 7 was released with almost no backward compatibility breaks for well written, modern PHP 5 code. As a result, uptake of PHP 7 after two and a half years has been — depending on which source you use and how you measure it — between 33% and 67%.

The PHP project had a significant advantage, though: other languages had been through the same thing before. In particular, an example that was repeatedly used and examined was the transition that was still taking place from Python 2 to 3.

In this talk, I'll discuss the insights that were gleaned from observing that process (mostly) from the outside looking in, and how that was reflected in the uptake curve of Python 3.
 recording release: yes license: CC BY-SA  

15. Housekeeping


(Needs description.) 
 recording release: yes license: CC BY  

16. Keynote - Robert M. "r0ml" Lefkowitz


(Needs description.) 
 recording release: yes license: CC BY  

17. Refactoring Code with the Standard Library
John Reese

Python includes a concrete syntax tree (CST) in the standard library, useful for mass refactoring code bases of all sizes.  I'll walk through the differences between abstract and concrete syntax trees (AST and CST), why a CST is useful for refactoring, and how you can build basic refactoring tools on top of a CST to modify your entire code base quickly and safely.  Lastly, I'll demonstrate what's possible with these tools, including upgrading code to new interfaces, or wholesale movement of code between modules.  This talk assumes a basic understanding of how Python works, but will otherwise provide enough context to be useful to those who haven't previously worked with syntax trees.
 recording release: yes license: CC BY-SA  

18. Disambiguation, In-Jokes, and Name Collisions: What You Need to Know When Naming a Python Project
Thursday Bram

This talk covers key issues Python programmers run into when naming new projects. We'll go over the following:

* Commonly used naming schemas in the Python community
* Current and past project names (including those that many newcomers to Python struggle with)
* Techniques to avoid similar confusion in the future (covering both name selection and documentation)

We'll even talk about Monty Python and its long-term impact on the Python programming language.
 recording release: yes license: CC BY-SA  

19. Lunch


(Needs description.) 
 recording release: yes license: CC BY  

20. Map it with Python! Intro to GIS and Python mapping modules.
Christy Heaton

Maps are cool and so is Python! It turns out they play well together too.

In this talk, we’ll learn about modern map making and the Geographic Information that powers it, as well as some of Python’s open source mapping libraries: geopandas, matplotlib, shapely, seaborn, and fiona. Then we’ll go through a fun mapping example together. No need for expensive mapping software, we’ll have everything we need in a Jupyter Notebook. 

You’ll leave this talk with a new-found love for maps and the power to make your own. Happy mapping!
 recording release: yes license: CC BY-SA  

21. Guide to Software Engineering for Visually Impaired
Abrar Sheikh

### Abstract

I am a backend Software Engineer at Yelp who uses Python extensively for building Yelps infrastructure and internal tools. I also suffer from a genetic disorder called Albinism which often results in limited visual acuity that can range from 20/120 to 20/200 in most common cases. With such a low vision it's extremely difficult to read the computer screen without the use of on-screen magnifiers. In this talk, we will see how a person with adverse visual acuity can thrive and be successful in the field of Software Engineering. We will address the importance and meaning of accessibility for Software Engineers with partial vision and recommend some best practices that are available today. We will also talk about the importance of an inclusive work culture that can help foster creativity and ease ramp up for a Software Engineer with a disability.

### Structure of this talk

1. Define low vision
2. Demographics of low vision
3. Educational challenges and strategies for overcoming
  - Classroom accessibility
  - Access to reading material
  - Access to technology: philosophy behind using an on-screen magnifier and demo
4. Professional challenges and strategies for overcoming
  - Getting Hired
  - Community and peer support
5. A live demo showcasing how someone with low vision codes

### Key takeaways

1. Strong practical understanding of what low vision means in real life.
2. Simple and pragmatic strategies to overcome fundamental limitations that a person with low vision faces in a typical career path in software engineering.
3. Ways in which the tech community can support individuals with low vision to be successful and efficient.
 recording release: yes license: CC BY-SA  

22. Memory Management in Python - The Basics
Nina Zakharenko

As a new Python developer, trying to understand how memory management works in python can feel like a daunting task.

The documentation immediately jumps into difficult to follow concepts, especially if you don't have a background in Computer Science.

I'll provide a simple, easy to follow overview of the concepts that a developer needs to be familiar with in order to scratch the surface of how memory management and garbage collection works in Python.
 recording release: yes license: CC BY-SA  

23. Hi! My name is...
James Bennett

This talk will take a tour through some of the ways usernames (and other identifiers) can be trickier than we expect, or even genuinely dangerous, and will discuss ways you can use Python and its web frameworks to mitigate these risks and protect your sites and your users.

Some of the issues include:

* The difficulty of choosing between different types of unique identifier for users; they all have issues, and get worse when they start being exposed to the world (like in a profile-page URL).
* Ensuring uniqueness is surprisingly difficult! Usernames can have issues with case sensitivity, Unicode normalization, and confusingly similar-looking characters. Email addresses also present uniqueness issues, due to both the complexity of the standards for addresses and the quirks of popular email providers.
* Usernames as attack vectors: like any user-supplied input, they can be vectors for SQL injection and cross-site scripting attacks, but carefully-chosen usernames can also interfere with important services, or enable social engineering attacks.
Real-world examples will be provided for many of these issues, along with tips on specific tools and techniques – including both standard and third-party Django and Python libraries – for protecting against them.

This talk is designed for developers of any level of experience; both novices and veterans will probably learn something new!
 recording release: yes license: CC BY-SA  

24. Afternoon Tea


(Needs description.) 
 recording release: yes license: CC BY  

25. Turbocharge your data science with Python AND R
Kelli-Jean Chun

Python is an incredibly powerful language capable of handling all aspects of the data science workflow:

- **ETLs**
- **Pre-learning:** Exploratory data analysis, data visualizations, feature engineering
- **Learning:** Building machine learning & statistical models for prediction or explainability
- **Post-learning:** Model evaluation and interpretability
- **Deployment**

So, why the heck would you introduce R into this framework? Because R is also an incredibly powerful language capable of handling the entire data science workflow. So, why not just use R? A better question is: why not use both? The two languages can be used together to streamline this process. In this talk, you will learn how Python and R can be used to complement each other and produce higher quality results faster.
 recording release: yes license: CC BY-SA  

26. 2FA, WTF
Kelley Robinson

In an age when a new data breach is revealed with frightening regularity, developers have a responsibility to secure our applications' user data more than ever. But fear not, YOU have the power to deter the hackers! You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the one that's right for your application. Together, we'll make the web a more secure place.
 recording release: yes license: CC BY-SA  

27. Let The Computer Write The Tests
Dan Crosta

The Hypothesis library by David McIver is a property testing library for Python. Property testing is related to fuzz testing, a technique commonly applied in fields where correctness is paramount. With a little guidance from you, the programmer, Hypothesis can generate a wide variety of valid -- and invalid -- inputs to your functions, and test scenarios you might never have considered. It can generate instances of your custom objects, and isn't limited just to simple functions. On top of all of this, when Hypothesis finds a failure, it will simplify the failing case, which aids tremendously in diagnosing what is actually wrong in your code.

We'll take a look at what Hypothesis has to offer, and how you can apply it to your codebase. We'll see how to generate custom test case strategies, and how to generate instances of your own objects. Finally, we'll glance under the hood to see how Hypothesis generates test cases, and how it can automatically simplify them, to gain confidence that it's helping us find real bugs and not just flukes.
 recording release: yes license: CC BY-SA  

28. Python on Windows is Okay, Actually
Steve Dower

Packages that won't install, encodings that don't work, installers that ask too many questions, and having to own a PC are all great reasons to just ignore Windows. Or they would be, if they were true.

Despite community perception, more than half of Python usage still happens on Windows, including web development, system administration, and data science, just like on Linux and Mac. And for the most part, Python works the same regardless of what operating system you happen to be using. Still, many library developers will unnecessarily exclude half of their potential audience by not even attempting to be compatible.

This session will walk through the things to be aware of when creating cross-platform libraries. From simple things like using `pathlib` rather than `bytes`, through to all the ways you can get builds and tests running on Windows for free, by the end of this session you will have a checklist of easy tasks for your project that will really enable the whole Python world to benefit from your work.
 recording release: yes license: CC BY-SA  

29. Conference Close


(Needs description.) 
 recording release: yes license: CC BY  



Location
--------
Mystic Theatre


About the group
---------------