Description:Learn about building small and large projects with Flask in ways you probably did not see yet.
Abstract: This talk explores how you can build applications and APIs with Flask step by step by being easy to test and scale to larger and more complex scenarios.
The talk will also go a bit into the history of some design decisions in Flask and what works well and in which areas you might want to mix it with other technologies for better results.
Bio: Armin Ronacher is a Python developer, creator of the Flask framework and many popular Python libraries like Jinja, Werkzeug, MarkupSafe and others. He loves to create and design large systems and APIs. He is currently an independent software developer who works on Lektor, computer game infrastructure and the Sentry project residing in Vienna, Austria together with his wife and little boy.
Description: Learn about the Django Channels project, how it makes WebSockets easy, how it's not just limited to Django, and the difficulty of building WebSocket and other stateful protocol handling at scale.
Abstract: Django Channels' headline feature is bringing WebSocket support to Django, but what it provides is far more useful than that. Underlying it is a robust, generic cross-process communication mechanism, built to support and scale with stateful protocols like WebSockets.
This talk will look at the design of this mechanism - codenamed ASGI - and the difficulties of building an entire system to support WebSockets and broadcast systems across a large number of servers, and how Django encapsulates this to provide you a simple but powerful interface with good performance characteristics.
We'll also take a brief look at how parts of Channels are useable outside of Django with other web frameworks or pure Python code, and how it lets us build better systems overall.
Bio: Andrew is a Python programmer, Django core developer and Senior Engineer at Eventbrite. He's behind Django's migration and channels systems, and in his spare time enjoys mountains, archery, and cheese.
Abstract: Jupyter is an open source, language agnostic, interactive computing platform used in scientific computing and data science that provides multiple tools tailored for different workflows, from traditional terminal-style control to the popular web-based Notebook. The Jupyter Notebook is a web application that allows users to create and share documents that contain live code, equations, visualizations and explanatory text. Jupyter is the evolution of the original ideas in the IPython interactive shell, as we generalized them into a language agnostic protocol that has now been implemented in over 50 separate languages.
One project within the Jupyter ecosystem, JupyterHub, is a multi-user environment for Jupyter Notebooks that runs off a central server and that can be used to serve Notebooks to classes of students, corporate workgroups, or scientific research groups. JupyterHub is the backbone for UC Berkeley’s new Undergraduate Data Science Education Program, an ambitious program that aims to provide every freshman with core knowledge and skills in data science.
In this talk we will discuss and demonstrate the many development activities underway at Project Jupyter, including IPython 5.0, JupyterHub, and JupyterLab, and how these tools are used in data science, industry, scientific research, and education.
Bio: Jamie Whitacre is the technical project manager for Project Jupyter, an open-source scientific computing and data science ecosystem used extensively in academia and industry. Project Jupyter operates out of the Berkeley Institute for Data Science (BIDS) at UC Berkeley. Matthias Bussonnier is a postdoctoral researcher at BIDS and a core developer for Jupyter and IPython.
Description: There's a lot of data on the web and in your desktop apps, but accessing it can involve a lot of tedious typing and clicking. This talk is an introduction to the Selenium and PyAutoGUI modules, with live demos straight from the interactive shell. Al Sweigart explains web scraping techniques and programmatically controlling the keyboard and mouse to automate these tasks for you.
Abstract: The internet and personal computer are central tools in many jobs, including professions outside of engineering. This makes web scraping and GUI automation are relevant to not just developers and QA testers, but academics, organizers, and office workers. This talk is an introduction to Selenium and PyAutoGUI modules. and programatically controlling your browser and desktop applications from Python.
Web scraping and GUI automation frameworks have an intimidating reputation for a steep learning curve. While they do have many sophisticated features, the basics that most folks will ever need can be covered in a single presentation.
This presentation has multiple live demos to showcase these modules straight from the interactive shell.
The content from this talk is derived from Automate the Boring Stuff with Python, a beginner's Python book freely available under a Creative Commons license at https://automatetheboringstuff.com
Bio: Al Sweigart is a software developer and the author of Automate the Boring Stuff with Python, Invent Your Own Computer Games with Python, Making Games with Python & Pygame, and Hacking Secret Ciphers with Python. These books are freely available under a Creative Commons license at https://inventwithpython.com. Al enjoys haunting coffee shops, writing educational materials, cat whispering, and making useful software. He lives in San Francisco.
Caravel - A data visualization, exploration and dashboarding platform
Dealing with Data, Intermediate
Description: Airbnb developed Caravel to provide all employees with interactive access to data while minimizing friction. Caravel's main goal is to make it easy to slice, dice and visualize data. It empowers each and everyone to perform analytics at the speed of thought.
Abstract: Topics include:
* Intuitively visualizing datasets while filtering, pivoting, and changing views
* Creating and sharing simple dashboards
* Caravel's rich set of visualizations
* Caravel's extensible, high-granularity security/permission model allowing intricate rules on who can access individual features and the dataset
* Caravel's enterprise-ready authentication with integration with major authentication providers (database, OpenID, LDAP, OAuth, and REMOTE_USER through Flask AppBuilder)
* Caravel's simple semantic layer, allowing users to control how data sources are displayed in the UI by defining which fields should show up in which drop-down and which aggregation and function metrics are made available to the user
* Caravel’s deep integration with Druid
* Caravel’s integration with most RDBMS through SQLAlchemy
Bio: Maxime Beauchemin works at Airbnb as part of the Data Tools team, developing open source products that reduce friction that help generating insight from data. He is the creator and a leading maintainer of Apache Airflow [incubating] (a workflow engine) and Caravel (a data visualization platform). Before Airbnb, Maxime worked at Facebook on computation frameworks around engagement and growth analytics, at Yahoo! on social properties analytics, and at Ubisoft as a data warehouse architect.
Interactive Data Visualization Applications for the Browser with Bokeh
Bryan Van de Ven
Abstract: With support from the DARPA XDATA Initiative, commercial engagements, and contributions from over 150 community members, the Bokeh visualization library (http://bokeh.pydata.org) has grown into a large, successful open source project with heavy interest and following on GitHub (https://github.com/bokeh/bokeh). The principal goals of Bokeh are to provide capability to developers and domain experts: easily create and share interactive, versatile, and powerful visualizations that extract insight from data sets that may be remote, large, or streaming. Bokeh provides a platform for anyone to create interactive data and visualization applications in the browser for themselves, their colleagues, or for a wider audience.
This talk will give a quick overview of recent developments, and demonstrate some of the newest capabilities of Bokeh including:
* Bokeh applications and the second generation Bokeh server (that is more performant, better documented, and much simpler to use and deploy)
* APIs for streaming data (both in the notebook and Bokeh applications)
* The ability to extend Bokeh with your own custom functionality (for example to create 3D plots or network graphs)
* Recent GIS features such as support for GeoJSON and tiled map data sources
* The new Datashader library that can be used together with Bokeh to visualize billions of data points.
Finally the talk will discuss near-term plans for the project, it's governance, and community development.
Bio: Bryan studied undergraduate CS and Math at UT Austin, and graduate Physics at UCLA. Currently he leads the technical effort for work done on the Bokeh project at Continuum Analytics. Previously, he has worked on feature detection and classification systems for submarine platforms, automated tools for financial risk modeling, and workflow optimization for fluid mixing simulations. He has also taught Basic, Advanced, and Scientific Python courses to more than 1500 students in the last four years.
Caffe + Jupyter + Pandas It’s not rocket science, well sorta.
Dealing with Data, Intermediate
Description:In this talk I will walk the users through the entire process of building a convolutional neural network for image classification. The process starts with a flask application to label your data, followed by characterizing, training, and evaluating the CNN using Pandas, Jupyter Notebooks, and Bokeh plots. Finally we show how the CNN can be deployed and used in real-world applications.
Abstract: Convolutional Neural Networks: they’re new, they’re big, they’re complex, they’re poorly documented and accordingly they are a little scary. At Planet we will image the entire earth every day, and to deliver that data to customers we need to analyze images without it ever being seen by human eyes. In this talk we’ll cover how to build, train, and characterize a neural net for image classification all from the comfort and safety of a Jupyter notebook. This talk will serve as a template for building and using your very own CNN.
Bio: Katherine Scott is a senior software engineer at Planet working on image classification. Prior to planet Ms. Scott was the co-founder and CTO of Tempo Automation and a co-founder at Sight Machine. Katherine is currently the Program Chair for the Open Source Hardware Association.
Description: Have you ever wonder how to write beautiful documentation with minimal effort? Did the tools get in your way in the process? This talk offers practical examples of leveraging simple text and docstrings to create stunning browsable documentation while making sure your code works as designed.
Abstract: Documentation is a fundamental organizational tool. Not only it help us to understand our programs, documentation can help us to develop and test our code iteratively.
Formats and tools like reStructuredText and Sphinx had made a positive lasting impact in our Python community as we can now easily write splendid documentation with little effort. In turn, the documentation can be auto-tested and taken straight from our source code avoiding redundancy.
This talk highlights the benefits of using simple text for writing programs and documentation, teaching the basics of reStructuredText, Sphinx, docstrings and doctests. We will be modeling the early stages of developing an application, following best practices, verifying program correctness and learning how to create beautiful documentation.
Bio: Daniel Mizyrycki has been programming in Python for over a decade in industry (GreenBusinessCA, Amazon, Docker) and educational (CCSF, RCSD) environments. Previously, he used assembly, C, perl, bash, founded the first Argentinean Linux User Group (1993) and consulted for early Argentinean ISPs. He loves Python's community being a PSF Contributing Member at SFPython, PyLadies, Baypiggies, PyCon and authoring sphinxserve and loadconfig. Today, he teaches Python to hundreds of Cisco engineers.
Description: This talk will be about walking through the steps to put a TensorFlow project into production on the web with Flask and Heroku. The goal is to introduce the project and show how TensorFlow can be used online for real data tasks, and discuss other considerations for deployment of a TensorFlow project.
Abstract: TensorFlow is a deep learning library with Python and C++ bindings that was released in 2015. The talk start with a brief intro to TensorFlow, and then dive into the specific steps to set up a simple project that can be served online.
Bio: Kendall is a lead software engineer at YesGraph, where he uses machine learning and Flask to power better invite flows for mobile and web apps. Previously he worked as an independent software consultant for four years, and before that he was a hardware designer at Qualcomm in San Diego for three years. Kendall was an an organizer of the San Diego Python Users Group, where he helped plan six one-day workshops on various Python topics.
Description: Is your Product Manager asking you to test out different text or button colors? Not sure where to start? This talk will contain methodology and two case studies from Yelp’s Transaction Platform on how to properly run an experiment and get the best result. Learn about how to run a simple button color experiment, avoid pitfalls, test, and analyze the results with confidence. Statistical confidence!
Abstract: A/B testing is a common practice for websites...but where do you begin? This data-driven approach allows you to launch experiments and features with confidence. So how do you prepare, launch, and analyze an A/B experiment? How do you know for how long to keep it running? What about which metrics to track?
This talk will present a procedure developed to run an A/B experiment, from planning the task and understanding the key metrics to analyzing the results. We will cover both simple and more complex case study, which help us understand the challenges involved in running experiments.
This talk will cover a topic that will enable developers to make more data-driven decisions but has not been covered at Pycon. By providing case studies as motivation and a procedure to implement A/B testing this talk will excite the audience. Yelp runs multiple experiments on different aspects and the Transaction Platform team has gotten unique experience of needing to create experiments with limited traffic which will be discussed in the talk.
Bio: Or Weizman is an engineer for Yelp's Transaction Platform team, which enables users to transact with Yelp's extensive set of businesses through many third party providers.
Safe-ish By Default: The Django Security Model and How to Make it Better
Description: Come join us by the fire as we have Security Story Time with our friends, Frog and Toad. With them, you'll learn about all the things Django does to protect users and developers out of the box. We'll look at simplified code samples from the Django codebase to see what's happening under the hood, and cover how to make the Django security model even stronger in your application
Abstract:Introduction. Philip James, how long I’ve worked with Python and Django, background at EB
Introduction to the story, and the characters. Safe-ish: Talk about Django’s Security Model and how it tries to provide sane defaults for developers
Run-through of the parts of the django security model:
* XSS (brief definition). How do you turn it off? Mark Safe, | n, safe * CSRF (brief definition). Django has middleware that checks POST requests for a token. Token is stored in cookie, also. Side-effect: harder to JS. Also, only an issue if you’re already owned, so maybe not an issue?. How to get around it? csrf_exempt
* SQLi (brief definition). Django’s ORM makes clean sql, (even when given bad data?). How? How to get around it: extra()/RawSQL()
* Clickjacking protection (brief definition). Django has middleware that sets headers browsers are supposed to respect. How to get around it: xframe_options_exempt, xframe_options_deny, xframe_options_sameorigin
* HTTPS. This one is less "out of the box" than the others, so won’t be talked about here.
* Host Header Validation (brief definition). Django verifies against allowed hosts in settings. How? get_host()
* Session security. What are django sessions?. Cookie-based by design. How can we make this better?
* Overall: Vigilance. Be aware of uses of this within your product
* HTTPS: Use it!. Set the correct settings. SECURE_SSL_REDIRECT: How does it work?
Bio: Philip is a Senior Software Engineer at Eventbrite. In his spare time, he writes novels, makes twitter bots, and gives technical talks. He used to run a webcomic, but there's just no money in it, you know? Philip is a refugee from the video games industry, and wishes anyone still there the best of luck. Philip has spoken at conferences about Python, Django, Node.js, and Linux. Philip believes in the web.
Description: Given recent increases in hostile attacks on internet services and large scale surveillance operations by certain unnamed government organizations, security in our software is becoming ever more important. We'll give you an idea of how modern crypto works in web services and clients, look at some of the common flaws in these crypto implementations, and discuss recent developments in TLS.
Abstract: In this talk I'll explain what happens behind the scenes when we try to establish a secure connection to a web site.
I'll cover the common security flaws in popular TLS implementations like OpenSSL, and show how these issues can be avoided if we have a well-designed TLS implementation in a high level language like Python.
Finally, I'll demonstrate and discuss how the API design of OpenSSL leads to application bugs, and a lack of abstract secure defaults leads to insecure applications.
Bio: Ashwini is a Software Engineer at Eventbrite, and an open source developer living in San Francisco. In the past, she has worked on a pure Python TLS implementation through the Stripe Open Source Retreat, an asynchronous event-driven networking framework - Twisted, and a PHP implementation in RPython called HippyVM. She also served as a Director of the Python Software Foundation last year.
Behind Closed Doors: Managing Passwords in a Dangerous World
Description: A modern application has a lot of passwords and keys floating around. Encryption keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline.
Bio: Noah Kantrowitz is a web developer turned infrastructure automation enthusiast, and all around engineering rabble-rouser. By day he builds tools and teaches, and by night he works with the Python Software Foundation infrastructure team. He is an active member of the Chef community, and enjoys merge commits, cat pictures, and beards.
Description: Building REST APIs over HTTP has been discussed time and again. But could we do the same with WebSockets? What is the performance benefit? What learnings can we carry over from HTTP to WS? This talk will describe how engineers can build a REST API over WebSockets using Django and Channels. It is largely based on my experiences trying to build a REST WebSocket API.
Abstract: Websockets have been around for a number of years but popular web frameworks have been slow to integrate because of their asynchronous nature. With Django Channels we’ve finally broken that frontier in a synchronous way. How will developers use this new territory? I will outline some of my explorations that I have serialized into a library I call channels-api. It takes familiar patterns from Django Rest Framework and applies them to websocket land. I will walk through a sample project to demonstrate the configuration and installation of the library. I will demonstrate using these patterns we can create a “REST like” API relatively quickly. We can also implement new features that HTTP doesn’t support like server side push.
Bio: Author of channels-api library. Former Lead engineer at a number of startups.
Building a Tic-Tac-Toe Two-Player Game using Tornado over Websockets
All things Web, Beginner
Description:Learn how to build a Two-player game using Python Tornado web framework. We will be using websockets to make the app realtime.
Abstract: We will live code and learn how to build a real-time game app using Tornado web framework and websockets. Through this app, we will learn how to write an web app using Tornado web framework (http://www.tornadoweb.org/), and how to communicate over websockets. We will be building a Tic-Tac-Toe two-player game to learn about these concepts. A player can start a new game or accept a challenge from another player.
When a player starts a new game, the app would create a new game channel, provide a handle to the channel that the player can send to his friend to join in and play. We will not be dealing with any authentication or logins to start a new game or to join an existing one. The goal is to show how easy it's to build an realtime app with Tornado.
Bio: Ramesh loves building data products that blend visualization and machine learning. He mostly uses Flask / Tornado to create web apps, Pandas / Scikit-learn for build machine learning models and D3 for visualizations.