Python Bytes: #228 Supreme Court decides API copyright battle

<p><strong>Watch the live stream:</strong></p> <a href='https://www.youtube.com/watch?v=IpHNmIe1g20' style='font-weight: bold;'>Watch on YouTube</a><br> <br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://pragprog.com/titles/bopytest/python-testing-with-pytest/"><strong>pytest book</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Special guest</strong> </p> <ul> <li><a href="https://twitter.com/guyroyse"><strong>Guy Royse</strong></a></li> </ul> <p><strong>Brian #1:</strong> <a href="https://antonz.org/python-packaging/"><strong>How to make an awesome Python package in 2021</strong></a></p> <ul> <li>Anton Zhiyanov, <a href="https://twitter.com/ohmypy">@ohmypy</a></li> <li>Also thanks John Mitchell, <a href="https://twitter.com/JohnTellsAll">@JohnTellsAll</a> for posting about it.</li> <li>Great writing taking you through everything in a sane order. <ul> <li>Stubbing a project</li> <li>with just <code>.gitignore</code> and a directory with a stub <code>__init__.py</code>.</li> <li>Test packaging and publishing</li> <li>use <code>flit init</code> to create initial pyproject.toml</li> <li>set up your <code>~/.pypirc</code> file</li> <li>publish to the test repo</li> <li>Make the real thing </li> <li>make an implementation</li> <li>publish</li> <li>Extras</li> <li>Adding <code>README.md</code> &amp; <code>CHANGELOG.md</code> and updating <code>pyproject.toml</code> to include <code>README.md</code> and a Python version selector.</li> <li>Adding linting and testing with pytest, tox, coverage, and others</li> <li>Building in the cloud with GH Actions, Codecov, Code Climate</li> <li>Adding badges</li> <li>Task automation with a Makefile</li> <li>Publishing to PyPI from a GH Action</li> </ul></li> <li>Missing (but possibly obvious): <ul> <li>GitHub project</li> <li>Checking your project name on PyPI early</li> </ul></li> <li>Super grateful for: <ul> <li>Do all of this early in the project</li> <li>Using <code>flit publish --repository pypitest</code> and spelling out how to set up a <code>~/.pypirc</code> file.</li> <li>Start to finish workflow</li> <li>Example project with all filled out project files</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://github.com/vchinnipilli/kubestriker"><strong>Kubestriker</strong></a> Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations</p> <ul> <li>Focuses on running in production and at scale.</li> <li><strong>kubestriker</strong> is Platform agnostic and works equally well across more than one platform such as self hosted <a href="https://kubernetes.io/">kubernetes</a>, <a href="https://aws.amazon.com/eks">Amazon EKS</a>, <a href="https://azure.microsoft.com/en-us/services/kubernetes-service/">Azure AKS</a>, <a href="https://cloud.google.com/kubernetes-engine">Google GKE</a> etc.</li> <li>Current Capabilities <ul> <li>Scans Self Managed and cloud provider managed kubernetes infra</li> <li>Reconnaissance phase checks for various services or open ports</li> <li>Performs automated scans incase of insecure, readwrite or readonly services are enabled</li> <li>Performs both authenticated scans and unauthenticated scans</li> <li>Scans for wide range of IAM Misconfigurations in the cluster</li> <li>Scans for wide range of Misconfigured containers</li> <li>Scans for wide range of Misconfigured Pod Security Policies</li> <li>Scans for wide range of Misconfigured Network policies</li> <li>Scans the privileges of a subject in the cluster</li> <li>Run commands on the containers and streams back the output</li> <li>Provides the endpoints of the misconfigured services</li> <li>Provides possible privilege escalation details</li> <li>Elaborative report with detailed explanation</li> </ul></li> </ul> <p><strong>Guy #3:</strong> <a href="https://wasmtime.dev/"><strong>wasmtime</strong></a></p> <ul> <li>WebAssembly runtime with support for: <ul> <li>Python, Rust, C, Go, .NET</li> <li>Documentation here: https://ift.tt/3cYdBob> </ul></li> <li>Supports <a href="https://wasi.dev/">WASI</a> (Web Assembly System Interface): <ul> <li>WASI supports IO operations—it does for WebAssembly what Node.js did for JavaScript</li> </ul></li> </ul> <p><strong>Brian #4:</strong> <a href="https://github.com/apps/depend-a-lot-bot"><strong>Depend-a-lot-bot</strong></a></p> <ul> <li>Anthony Shaw, <a href="https://twitter.com/anthonypjshaw">@anthonypjshaw</a></li> <li>A bot for GitHub that automatically approves + merges PRs from dependabot and PyUp.io when they meet certain criteria: <ul> <li>All the checks are passing</li> <li>The package is on a safe-list (see configuration)</li> </ul></li> <li>Example picture shows an auto approval and merge of a tox version update, showing “This PR looks good to merge automatically because tox is on the save-list for this repository”.</li> <li>Configuration in a .yml file. <em>I learned recently that most programming jobs that can be automated eventually devolve into configuring a yml file.</em></li> </ul> <p><strong>Michael #5:</strong> <a href="https://arstechnica.com/tech-policy/2021/04/supreme-court-sides-with-google-in-api-copyright-battle-with-oracle/"><strong>Supreme Court sides with Google in API copyright battle with Oracle</strong></a></p> <ul> <li>The Supreme Court has <a href="https://www.supremecourt.gov/opinions/20pdf/18-956_d18f.pdf">sided with Google</a> in its decade-long legal battle with Oracle over the copyright status of application programming interfaces. </li> <li>The ruling means that Google will not owe Oracle billions of dollars in damages. It also has big implications for the broader software industry</li> <li>The ruling heads off an expected wave of lawsuits over API copyrights.</li> <li>The case dates back to the creation of the Android platform in the mid-2000s.</li> <li>Google independently implemented the Java API methods, but to ensure compatibility, it copied Java's method names, argument types, and the class and package hierarchy.</li> <li>Over a decade of litigation, Google won twice at the trial court level, but each time, the <a href="https://law.justia.com/cases/federal/appellate-courts/cafc/13-1021/13-1021-2014-05-09.html">ruling</a> was <a href="https://arstechnica.com/tech-policy/2018/03/googles-use-of-the-java-api-packages-was-not-fair-appeals-court-rules/">overruled</a> by the Federal Circuit appeals court. The case finally <a href="https://arstechnica.com/tech-policy/2020/10/googles-supreme-court-faceoff-with-oracle-was-a-disaster-for-google/">reached the Supreme Court</a> last year.</li> <li>Writing for a six-justice majority, Justice Stephen Breyer held that Google's <strong>copying of the Java API calls was permissible under copyright's fair use doctrine</strong>.</li> </ul> <p><strong>Guy #6:</strong> <a href="https://oss.redislabs.com/redisai/"><strong>RedisAI</strong></a></p> <ul> <li>Module for Redis that add AI capabilities</li> <li>Turns Redis into a model server: <ul> <li>Supports TF, PyTorch, and <a href="https://onnx.ai/">ONNX</a> models</li> </ul></li> <li>Adds the TENSOR data type</li> <li>ONNX + Redis has positive architectural implications</li> </ul> <p><strong>Extras</strong></p> <p><strong>Michael</strong></p> <ul> <li><a href="https://gitforwindows.org/"><strong>git for Windows</strong></a></li> <li><a href="https://blog.jupyter.org/jupyterlab-3-0-is-out-4f58385e25bb"><strong>JupyterLab reaches v3</strong></a> (via via Allan Hansen)</li> <li><a href="https://gist.github.com/bskinn/cde59de17d00f8260197f6a866f6155d"><strong>Why not support Python letter by Brian Skinn</strong></a></li> <li><a href="https://www.djangoproject.com/weblog/2021/apr/06/django-32-released/"><strong>Django 3.2 is out &amp; is LTS</strong></a></li> <li><a href="https://blog.jetbrains.com/pycharm/2021/04/pycharm-2021-1/"><strong>PyCharm 2021.1</strong></a> just dropped with <a href="https://www.jetbrains.com/code-with-me/"><strong>Code With Me</strong></a></li> </ul> <p><strong>Brian</strong></p> <ul> <li><a href="https://pyfound.blogspot.com/2021/04/the-psf-is-hiring-developer-in.html">The PSF is hiring a Developer-in-Residence to support CPython!</a></li> </ul> <p><strong>Joke</strong> </p> <ul> <li><a href="https://twitter.com/anthonypjshaw/status/1377834823268458498"><strong>Vim Escape Rooms</strong></a></li> <li><a href="https://twitter.com/towernter/status/1379525329778262021?s=20"><strong>Happiness</strong></a> -</li> </ul>

from Planet Python
via read more