As a developer, you are the first line when it comes to security for any products you may be building. There is often a misconception that all software security vulnerabilities are due to misconfigurations, using unmaintained open source libraries, using "insecure" languages, or by making dumb mistakes like hard-coding passwords. In actuality, it can be very easy to make potentially extreme security mistakes even only using built-in functions and libraries bundled with the latest version of Python. This talk will cover a number of these potential security mistakes that can be all too easy to make.

Authorization is an unstructured problem. Writing code to decide who can do what in your app can cover a broad set of cases. The most structure that typically gets applied to this problem area is a set of if statements and roles, but in reality, there are a lot more patterns and structure that we can apply. oso is an open source system for building authorization into applications. It's a bit like SQLAlchemy in that it provides a structured approached to authorization, much like SQLAlchemy does for data modeling and access. In this talk, oso cofounder/CTO, Sam Scott, will provide a mental model for authorization and show how to apply it using oso, Python and SQLAlchemy.

Some useful links:

https://www.osohq.com/

https://twitter.com/osoHQ

https://www.osohq.com/post/introducing-builtin-roles

https://join-slack.osohq.com/

https://docs.osohq.com/

"DevOps" is the operations people’s crafty plan to make developers do other people's work, but we are smart enough to see right through this naive rebranding trick! Baruch suggests you think about it: we, the developers, have written all the code. It passes all the tests; it obviously works, and works well (Are we a little proud? We are!); so we are DONE. Now, out of the blue, a bunch of "thought leaders" (all with an operations background, mind you!) are trying to tell us that we have to learn YAML, Docker, Kubernetes, and Terraform to deploy our software because suddenly it is our concern?! In this talk, we'll discuss why developers do or don’t need DevOps. We'll consider arguments made by DevOps visionaries and see whether they hold water. Hopefully, by the end of the talk, we'll understand whether DevOps really helps developers to deploy better code to production more often, or if it is just another scam made up by marketing and evangelists.

Have you ever opened a file using the with keyword in Python? That little keyword is one of the many fascinating parts of the Python programming language, the Context Manager. The Python Context Manager is a tool that allows the programmer to reliably create and tear down temporary contexts within a program. This allows programmers to reduce duplicate code, improving the maintainability and reliability of the code. This talk will cover all things Context Manager, from what they are, how to build them, when to use them, and more.

The ChiPy Web Guild recently completed a one-week sprint to rehaul the ChiPy Homepage. In this talk we'll talk about what, why, and how the redesign took place.

Data science is too often discussed as a technical discipline, rather than a social and cultural one. But the role of data science is to both inform and automate decision-making processes, which require, in turn, humans to collaborate and communicate with each other and humans to collaborate with machines, both of which have key cultural and social dimensions. Why do so many executives feel that so little of the data work in their organizations actually delivers returns? How can we reduce friction in factoring the process of turning business questions into business answers through the intermediaries of data questions and data answers? What provisions need be in place to make sure that everybody is speaking enough of the same data languages to excel at their jobs? How do we promote data literacy throughout organizations while getting the job done? This talk is aimed at data professionals (and anybody else) who want to figure out how to establish healthy and productive data cultures in the workplace. I’ll conclude by interrogating the example of establishing the culture of modern distributed data science work in organizations and all the moving parts that need to be in place for it to function.

Ever been curious about the Rust programming language? This talk will describe the experience of going through the Advent of Code puzzles in Rust from the point of view of a Python user. Discover the alternatives to pip, functions and passing values, exception handling, and more.

Recalling my experience doing Advent of Code for the first time. How being part of a small community of others completing each challenge really motivated me to complete each challenge myself. It was also really amazing being able to look at the solutions from other, more experienced participants and discuss the solutions through Slack. I learned a lot of really useful tricks and insight to going about challenging coding problems and it really helped prepare me for future technical interviews. It was also really great getting to interact with others during the pandemic.

You've participated in our events, but who are we. With elections around and volunteering options in our virtual world, this will be an in depth look at ChiPy, its history, and its future. If you ever wanted to know more, hear about what we've been working on, or get involved....now is your chance!

This talk will discuss a python implementation of image processing firmware for the rPi and Jetson Nano boards. The software architecture covers a camera frame grab -> image processing -> output loop as well as some machine learning models for feature detection, a Flask-based front end, and an OpenAPI-based Swagger interface and API design using connexion.