Hi, my name is Rachel Calhoun. My talk is how my wife got me fired. Spoiler alert, we're still married, okay, so don't worry. So before I can kind of get, that's my wife. Her name is Dayoung, she's great. So before we can get started, my origin story.

I graduated with a degree in Spanish and French. I didn't know what to do with my life, so I went to Korea and I taught English there for nine years. While I was there, I met my wife, but I thought, wow, I have to find a career, like what am I going to do when I go back to the U.S. So I started, oh yeah, sorry,

oh man, okay, so I have four foreign languages, I speak French, Spanish, I studied Arabic and I speak Korean now in English. Two bachelor's degrees and a travel degree. So I went to Korea and this is me having fun with little kids, that's basically why I loved it. I loved teaching, it was really fun, but I thought, like what am I going to do with my life after this in the U.S. So then, there were two people,

they were starting a Python users group and so we met up every Saturday, we'd do some online courses through Coursera or edX, and for about a year, we studied all kinds of stuff with Python. And some of them were programmers, some of them were just students that wanted to learn something new.

And then I became an organizer, Janice Rose-Sole, it was huge, it blew up, and since I was in a leader position, I was like, wow, I should take this more seriously, I should know what I'm talking about. So I started, you know, studying a little bit harder. And then I went to, I got a scholarship to go to JLCon Europe, and there I saw a talk

about by Rebecca Connelly, who I now work with, about becoming a developer from dancer to developer and later in life transition, career transitions. So I was like, I can do this. And then Lacey, if you know her, anyway, she encouraged me to do a talk at, you know, JLCon US, so I did,

I applied a few talks, and I got one accepted, so I did talk there on get inversion control, and so I was like, you know, then I got married, I moved, you know, temporarily with my parents, and I had tons of application, job applications, a ton of interviews, and I had a job offer. I was like, yay, right, I made it.

So I got a lease, I moved there, and the first day of work, they gave me a code of ethics. They asked me to sign, and part of it said, I believe a marriage is only between a man and a woman. And obviously, I couldn't sign this because I don't believe that. So it was very hard for me to give this up because I worked so hard to get my first job in tech, but I did.

I told them I couldn't sign it, and the next day they fired me. And it was totally legal, and there's nothing I can do about it. And that's the same day we got the president we have now. So that day was really a rough day for me. Yeah, but luckily, this ended up to be a great pity story to some people here, and I told them about it, and they helped me out. They stepped up, and that's why, like,

this Django community is so important to me because they helped me. And a couple weeks later, I found another job remote, and now, and they found my second job remote, too. So people here are really important. So basically, it's an awesome community, so thank you, and you know who you are. But basically, keep creating inclusive and supportive spaces, and more importantly, vote.

Thank you. So this is a new project that we just put on GitHub a few months ago. We've been using it internally for a while. PIP install code at CMS if you happen

to have a fresh virtual ENV hanging out. But this is a Wagtail-based CMS for marketing websites. We really set out to build a viable WordPress alternative. We've been using it. Our clients have been loving it. So if you're not familiar with Wagtail, it's a great CMS framework. It's pretty popular right now. There's been a couple talks about it here.

So this is really all you need to do to get started. No coding required. Just PIP install, and then the usual Django TDM migrate, create super user, run server, et cetera. So I'm going to do that right now, and I've, to prevent the Wi-Fi from bombing out,

I've already installed it, so run server. Oh, that's weird. Let's see. Thank you, PowerPoint. Okay, there we go. Python managed PY run server.

This is after a fresh PIP install. And I'm going to go to my browser, go to localhost 8000. Nice empty website. This is, you know, familiar. When you install Wagtail, you get an empty page. So let's go to the admin. I created a super user, logged in.

But we can go right away and start editing. So let's do a little bit of styling. Settings, layout, and we can add a logo. Do DjangoCon. And maybe we want to change the nav bar

to a darker colored nav bar. This is all based on Bootstrap, Bootstrap 4. So feel free to use Bootstrap 4 classes anywhere. And let's check out, oop, there's our logo, a nice branded experience. And localhost 8000. Cool, we got our logo there. Let's start editing the homepage.

So out of the box, you know, we have custom page types. We have the stream field is loaded with blocks that you can start using. There's SEO attributes and all kinds of other stuff that, you know, is just there out of the box. But everything's based on the Bootstrap grid system. So we'll add a, actually let's add a hero unit

and do something a little bit flashier. Hero units, let's grab a background image. This is all meant to be very general purpose and designed for specifically marketing websites, something you would probably use WordPress for and not be very happy about it.

So let's just add some text. And let's make this a H2. Let's add a button below this.

We'll just do a learn more button. It's not gonna point to anything right now. And because it is Bootstrap, there's a lot of the Bootstrap stuff that you're familiar with already built in. So we'll do outline light and we'll do large. And let's preview what we have so far.

Cool. We got our website going. Let's add one more thing since we still have a few minutes. Let's add some cards. These are Bootstrap cards. We'll just, all the Bootstrap components are pretty much already built into this so you can feel free to go crazy with it.

Django, subtitle, orm ipsum, add a learn more button here as well. Let's add one more card.

We'll add another button. And we'll do one final card before Kojo hits me. No hitting. I mean approaches. Gently caresses, maybe.

Okay, so I added three cards, one without a button. Let's preview what we have so far. Woo hoo, we got some Bootstrap cards. So very quickly you can get up and running without having to write any models or any stream fields or any blocks. And you can just start using Wagtail in a way that you would normally use WordPress.

We got blog, we got forms, everything's in there. So check it out. Go Dead CMS. Thank you. My name is Sergei. It's my first time at DjangoCon.

I work at Rover and today I would like to talk about onboarding new engineers. If you've seen this movie, you probably know the first rule of Fight Club is you do not talk about Fight Club, so is the second rule. But what's the eighth rule of Fight Club? Anyone? That's right.

If it's your first night at Fight Club, you have to fight. So at Rover, if it's your first day as a software engineer, you will code and ship to production. Why? Some people might ask. I think it's cool and it's rewarding and it's exciting.

If you, like me, software engineer, you like to code, so that's why you got this job. Not to fill HR paperwork, not to configure your environment all day, but you code and you ship and you see results right away. And you also get familiar with the code and with the process.

And it's also not rewarding not only for you, but it's rewarding for the whole team. This is a screenshot from Slack. Someone did their first deploy, see the reaction from the whole team. Everybody happy? So what about initial environment setup? You still have to do it.

Configuration, credentials, installing dependencies, yes, you still have to do it. That's why you have documentation. You have to document the process. And if you documented it, chances are you can automate it. So you can script the whole thing. If somebody's really curious how, like what it's doing, they can always look. Of course you have your favorite idea,

but if it's your favorite idea, you know already how to set it up. So you can do it quickly. Get done with all this stuff and get to code. Is it risky? Of course it is risky. You have a person who doesn't know much about your system, shipping the code on the first day. But guess what? Somebody who's been with the company since beginning can also ship code that will break everything.

So we need to minimize this risk. We have to build our process around it so that there is less risk and how to do it. You start with a small ticket. Small, I mean, not just lines of code, but actually the scope. It could be like a text change. It could be like a link change.

It could be like you remove one unused function or you refactor a function. Use commit hooks. This will help you quickly find things, really small things like if your code doesn't comply with the coding standard. Use automated, continuous CICD.

So our CICD pipeline is about 15 minutes from the merge till your code shows up in production. But before you merge it, we gonna run the tests on your commit. So every commit triggers a build and we run all the tests and for that you have to have the tests. We have over 30,000 tests.

With an 89% coverage, so we're not 100%, but we're trying to get there. Do code reviews. If you don't do it, just do it. And you have to have monitoring in place. So after all these tests and all the code reviews,

bugs and defects can still make it into production and you have to have a system in place where something will trigger an alarm and something will tell you, okay, stuff is broken. And there are two kinds of monitoring. There is kinda like DevOps sort of monitoring where you know your endpoint is all of a sudden

became slow or there are too many queries running. And there are also business metrics kind of monitoring where all tests are passing, everything is fine. Your endpoints are much faster, but all of a sudden you have half as many bookings. So maybe that's why everything passed. And you have to have the ability

to quickly undo the change. And it's not just the revert, but it would be very nice, and we do have it, to roll back to the previous build. Like I mentioned before, the CI-CD pipeline takes about 15 minutes, but sometimes you just instant go back to the previous state of the world. So you fixed a small ticket on the first day.

Now what? Do you know everything? Of course you don't. That's why we have more onboarding things. We have formal onboarding program which lasts four days and spread over two weeks and it does not start on the first day. We have formal pair programming program where you matched with a experienced programmer, experienced in terms of tenure at Rover.

And once, one hour per week, you just spend working to get on the ticket. And we have team rotations. So in conclusion, I would like to say, if you want your engineers to be effective, productive, and get up to speed quickly, just put some effort into your onboarding program. And if you want to experience all this first hand,

Rover is hiring. Thank you. So hi everyone. Thank you for having me up here today. I'm Dan Taylor. I'm a program manager for our Python developer tools at Microsoft. And I saw some people struggling

with running Python on Windows yesterday at the conference. I was motivated to come up here and share with you some tips about running Python on Windows. And also, as a bonus, show you how to use Visual Studio code with Python on Windows because a lot of people are interested in doing that these days and it happens to work particularly well. So why do we care? So Kota just mentioned that he's surprised

by how many people use Python on Windows. So if you look at the Python Software Foundation survey, actually about half of Python developers are using Windows. Now not half of people in this room are using Windows, so it's a good reason for me to come up here and share with you a few tips. So how do you use Python on Windows? First you need to install it. So to install Python on Windows, go to python.org slash downloads.

And so there's a number of things you can click on this page. I like to click on the download link down here, and I'll show you why in a minute. The other thing you can do is you can go to python.org and you can click the latest download link there. And then after you click that link, you're given a list of options to choose from. Don't worry, there's about eight different options

for Windows, go for the executable installer. And in particular, I like to pick 64-bit because I've run into many situations where I'm doing data analysis on Windows and I run out of address space with the 32-bit version. So after you do that, what happens? Okay, we get this nice installation prompt which says install now. And if you click the customize installation,

just a pro tip, you can install the debugging symbols for the Python installer, which allows you to do cross-language C++ and Python debugging if you have Visual Studio. I'm not gonna show that today, but there's another talk you can watch on that. One thing you might be tempted to check that box that says add Python 3.7 to the path. No, don't do that.

Why, because you might have multiple versions of Python installed and then you're gonna be messing with your path to try and get them to work. So I'll show you some tips about how to deal with that in a minute. Now before we move on, a couple other helpful things you might wanna install, Git for Windows. So Git for Windows gives you everything you need to do source code control. And it also includes a Git Bash prompt which lets you do familiar things like RM and LS

and all sorts of things that you might be doing out of habit when working with Bash. And then after you go there, go to code.visualstudio.com and hit the bright green download button which gets you VS Code. And there's a number of different extensions for VS Code. The Python extension is the fastest growing extension and the most popular extension in the Visual Studio Code marketplace.

Visual Studio Code is extremely popular with Python developers. So for Python developers, you get all sorts of things like IntelliSense, Linting, Debugging, Refactoring, Unit Testing, Live Share, Source Control, Azure Integration and Docker Support. And then, that's said enough, I'm gonna go right into a demo. So you've got a command prompt on Windows. Let's go right into that.

Oh, my mouse is jumping all over the place. There we go. Okay, tiny little font. First thing we wanna do is increase that font size. Go to properties. There, font, 36. Wonderful. All right. So the first thing I would like to do, Python launcher, PY. That launches whatever version of Python you have installed

and it tries to pick the best one. If I type py-0, it shows me all the versions of Python I have installed. So if I wanna run Python 2, I type py-2. I get Python 2. Isn't that wonderful? If I wanna run Python 3.7, 32-bit, I do py-3.7-32. And now I'm running Python 3.7, 32-bit. Awesome. Now I wanna create a virtual environment.

Py-3-m venv, I'm gonna run the venv module and then create a virtual environment called myenv. So what's happening here? This is creating a virtual environment. It's creating a copy of the Python runtime with a copy of the site packages so that you can start with an environment that has the exact business of Python that you want,

as well as install just the packages that you want to get started. Once you have that myenv installed, I'll switch over to another command line here. You can say env scripts activate to then activate that virtual environment. And then I can type code dot to open Visual Studio Code. Kujo's gonna give me a hug any time now.

All right, now that we're in Visual Studio Code, I can open a Python file. I've already installed the Python extension. And there's a few different things that I get with that. My virtual environment shows up in the command line, or in the status bar. I can click that and I can switch between other virtual environments or other Python Anaconda or other installations I wanna use.

I can install Pylint, but I'm gonna forget that for now. Just wanna show you that IntelliSense works here, there. And if you wanna debug, we can click add configurations here. And we can debug this using Django in a minute. And I click the Django button, press play,

and we're off and running. So obviously I didn't get through all of that, but just so you know, there's also, you can run Python on Ubuntu on Windows. If you type Ubuntu into your start menu prompt, install Ubuntu, follow the instructions, and there you go. Thank you so much. There's my Twitter slides. Have a great day. And I'm here to talk about

what all of these words means a DevOps glossary. I'm Noah, I work for RideCell, moving on when I don't have much time. If you've been in one of my talks before, I talk a mile a minute, and I'm definitely gonna do that here. So what's a virtual machine? Close to the mic. Okay, what's a virtual machine?

Virtual machines are running on simulated hardware. These days it's not usually actually simulated, but close enough. What is a VM image? This is the disk that is going to be part of a virtual machine in the future. So it's all the files that will go into a future virtual machine. Vagrant, a bit old school now, but it's a tool for making local development virtual machines. Skipping slides.

Cloud is someone else's computer. It's usually located somewhere in Virginia. AWS is the most popular cloud vendor. EC2 is the Amazon product for virtual machines. S3 is their Amazon product for file storage, or one of them. CloudFormation is the Amazon product for managing other Amazon products. Terraform is like CloudFormation,

instead of just for Amazon, it's for lots of clouds, and it does a lot more stuff. Probably use Terraform. GCE is Google's cloud, and Azure is Microsoft's cloud. Yes, you can run Linux on Azure. It's quite nice. OpenStack is like a cloud, except you also have to run it yourself. A container is a cool way to run a process. All it is is a process with a bunch of security flags so that your process can't see

certain things on the system. That's it. That's all a container is, I promise. A container image is the larval form of a container. So it's a tarball containing all of the files that will go into a future container. It's like a VM image is all the files will go into a future VM. Docker Docker Docker is not the only way to make containers, but it is the most common. A Docker file are the steps to make a Docker image,

which you use Docker build to actually turn into a Docker image or other tools, but usually Docker builds. There was a great talk yesterday by Graham on Kubernetes. Check out the video if you didn't see it, because I'm not going to go over it in nearly that much detail, because I have three minutes left. Swarm was Docker's internal attempt at making a multi-server container thingy, but Kubernetes is a lot more popular, so probably don't use Docker swarm anymore.

Sorry to anyone that likes it. Compose is the much smaller case. So just if you have a couple of containers on one server and you want to manage just those, Docker Compose. Orchestration is a general term for all of those things like Kubernetes and Post for coordinating a whole bunch of containers into doing something useful. Resource scheduling is figuring out how to place a container on multiple servers,

so if you have constraints like I have this much RAM available on this much server and this much on the other server, where do I put my container? That's resource scheduling. Serverless or functions as a service or AWS Lambda, it's a way to write APIs with less boilerplate. That's basically it. Some of them expose things like if you write a single function, it'll expose it as a rest API. Some of them are just if you've got a Django app,

I'll expose that easily, but all under that general category of less boilerplate because who likes boilerplate? CI does not mean continuous integration anymore. I don't know anyone other than Microsoft that still actually continuously integrates. It means continuous testing, but we still call it CI for some reason. Pipelines are a way to organize complex test environments, test suites,

test stuff in general for your CI system. Jenkins is the most popular of the CI tools, although it's a bit cranky at this point. Travis is a newer one. You'll probably see it in a lot of open source projects because it's free for open source. Continuous delivery or continuous deployment just means if the tests pass, it goes out to production.

Exactly what that means can vary depending on the environment, but something like that. Big data, I use 10 terabytes as the threshold, but in general, it's trying to run a query on more data than fits in any one of your servers. Hadoop is a very popular set of tools for running big data queries, and Spark in particular, if you see that one, is a thing that is used a lot for running the queries themselves.

Hadoop also includes stuff for storing big data and all that kind of thing. ETL, extract transform load, is a name of a pattern used in big data for extracting data from usually a relational Postgres, MySQL, whatever database, transforming it in some way with MapReduce, and then loading it back into an analysis database. Come on.

Switching gears to security in my last 60 seconds. InfoSec is keeping your data safe. Black hats are the bad people, white hats are the good people. Red team are the people that are doing attacking and offensive things, but they have permission. They are good people that are doing it for the benefit of everyone. Blue team are the defenders, and purple team are people that do both.

And very quickly, a hash is a one-way function, so given the output, you cannot find the input, whereas encryption is reversible, but only if you have the right key. And thank you very much. If you have any questions, come find me out there.

I'm just really impressed by the organizers. I've organized non-technical events of several hundred people. I know how much work goes into this process, so just thank you very much for putting such a welcoming event together. So I'll introduce Lawrence Livermore very briefly. For those that aren't familiar, we are a multi-program national security laboratory. We work on national security needs for the United States.

We also work on fundamental science research, and so a lot of different areas coming together like Kojo mentioned. What is it that Livermore Labs does? I don't even know everything that we do. We have 7,000 employees and countless projects. It's a pretty fun place to work. We're hiring. And so I work in the computation division.

I work in a division called Application Simulations and Quality, which works on two very different areas, which is massively parallel high-performance computing simulations and web development. And so what the Environmental Restoration Department focuses on is environmental remediation,

so cleaning up historical contamination at the site that is developed through years of different uses that the lab has gone through. And so we have an application that we call at times. It's the Environmental Information Management System. It's a data management application support. We use it for sampling, monitoring, analysis, and reporting.

There's probably over 100 individual applications within this suite that we've developed over quite a long period of time. And so we began using Ungris with C and terminal access and then began moving to Perl, which we've been using for over 20 years now and has grown to quite a large development platform.

And so we also moved to Oracle in that same timeframe and we're anticipating environmental restoration at the lab is gonna be around at least until 2075, so I'll see you all at DjangoCon 2075. And we wanted to move to a more sustainable platform.

Perl is pretty much, yeah. And so we have about eight developers on our development team working on Django now. And so just a high-level approach to what we're moving towards is we have an existing Oracle 12c database. We have several hundred tables across multiple schemas. We're using Django 1.11 right now.

We've integrated it with Active Directory resources. Love the Django REST framework. It's an excellent tool. We love it a lot. One of the biggest improvements for us in our development history is we're moving to unit testing and we're moving to functional testing and continuous integration, which I've learned just recently

maybe not means what I think it is. And so the primary technologies that we're using right now are like Python, Django, Kendo UI, just a smattering. And so one of the goals of coming to DjangoCon for me was to just meet people. I really wanted to network and I really wanted to see how many different projects there were using Django.

And so I just wanted to give this opportunity to kind of share a little bit about what we've done as well and maybe prompt some conversations in the hall afterwards. And so I'll talk a little bit about why we decided to go this route. It's a little bit of a challenge finding Perl developers. It's gone pretty similarly to COBOL.

It's getting a little hard. And Python is very popular. It's easy to re-maintain. We love developing in it. The data science support is excellent. Although we have this application suite, we also have a wide variety of scientists developing their own data science scripts. And so it's very easy to integrate that together with what we have. We're developing applications much more quickly.

Love the ORM and moving away from some extremely complex sequels that I have spent days trying to understand what they did and the plugins and really the community. I love the community here. It's been excellent to learn from different people. And some of the biggest challenges we've faced,

and so I'm not sure if this is the same for everyone, is we had to bring our database with us. And so we have several hunting tables and so a lot of problems that we've run into are just supporting the legacy side of things. They're unmanaged and so we've had some permissions kind of come up there. But overall, Django's been excellent. So I just wanted to take this opportunity to share what we do.

And so thank you. Thank you. I was surprised to see how emoji-friendly this was. So I thought I would put up my favorite emoji while I was doing this. Because I also am 99% demo, 0% slides, 1% emoji.

So what I want to talk about is a little Django app that my team built a couple weeks ago on WOW Day, which is Work On Us Wednesday, when we try and make stuff that makes our lives easier. Our issue was that we were having a hard time

between front end and back end describing our requirements for data structures that needed to pass between them. So we would have some nice like UX mockups from Sketch or Balsamiq, but that didn't always translate 100% to what was possible in the back end, not to mention that sometimes

it wasn't really self-evident. We have a group of front end developers who have experience working with the Django templating language, so they really like designing in browser themselves, but they don't always have the models that they need access to when we're developing a new feature. So what would start to happen

is they would ask us for sort of a vague thing, and we would seed them a branch that had a piece of it, and then they would start designing in browser, and then they would be like, wait, I need this other thing, and then we were like, oh, we were working on something else, like we'll get back to you later. And anyways, there was just a lot of communication issues. So what we came up with was a bit of an easier way

for them to kind of just do that themselves. Basically, we developed this little Django app called Easy Django Mockups. That you can use to, basically if you put your HTML files, which can use whatever Django templating stuff in this folder mockups, or configure it yourself where you say it's gonna be

in your templates, wherever your template loader's gonna find it, then we will automatically go find where that is, and render it for you at this mockup slash whatever the name of your template is, and URI, and then you can see the thing that you made. So one other thing that we included is that you can add a JSON file

that's named after the same thing, so you can arbitrarily build out some data structure just in JSON that you can then access. In this case, I have the this here things key with this list of thing one, thing two named, but you can see that I'm just iterating over that here as if I had received this in the context,

and this way, the front-end developers can just totally do this themselves. They already know how to write valid JSON, so we don't have to do any of this back and forth, and then once they're done with that project, they can kind of show us this, and now we have something to take sort of to the back-end and build out all of the other stuff in terms of models,

and then we can just sort of plug that into that template that already exists. So a little bit about the thing itself, which we're in the process of pulling out of our monolithic Django code base for the purposes of open-sourcing it, and also as an experiment for ourselves to make Django apps separately, so we could also break up our real monolithic one

privately sometime, but yeah, it's pretty simple. We'll peel off whatever this URL has to say to try and go detect what these template files are named, and these JSON files are named in our view here. We have some stuff to sort of check where your mock-ups directory is,

or if you want to see JSON errors propagated to the front-end, we're using the Django messaging framework, so for example, if I go back up here and mess up my JSON a little bit, so messed up. Then over here, kind of surface some of that here for the front-end, and just trying to take advantage of some Django stuff

that already exists to make that totally in-browser experience as much as possible. But yeah, basically just detecting some stuff there in our views. We abstracted it away a little bit to this mock-up object, but basically can go use all that stuff that's figured out to render what this request is

with the template that should be named after whatever the URI is, and the, oh god, the, ah, woo! And the JSON file that's named the same. So yeah, just trying to make it a little magical. In conclusion, I learned that there's other

types of ghost emojis, and I decided that the Samsung one is my number two, but my Apple one is still a number one. That's it. Thank you very much. So my name is Elad Silbering, also first time here,

enjoying it very much. I would like to thank my company for bringing me here. I'm a developer at US News. It's a news company that does rankings in the DC area, and you guys for coming and hearing and seeing and talking and drinking and whatnot was fun.

All right, so what is a Chrome extension? So very shortly to put it, a Chrome extension is actually something that interacts with your browser activity that you wanna customize. So if you wanna do something different other than what your browser

would normally do on a page, and there's tons of them. The number one, I think, is the ad blocker. Yeah, I have no idea what the number two is, but I think everyone has an ad blocker. So what do you need to start? You need to know basic CSS, JavaScript, and HTML.

That's the next talk in five minutes. I'm kidding. Have an idea. Create a manifest file, which is kind of a settings file for Chrome browser. Create the UI and the JavaScript functionality.

Let's go down. What should I do? You need to do something fun. You need to do something that's usable, and if this is not like for learning purposes, you should do something that solves a problem, and keep in mind that lists is more,

and that's also a good thing to keep in mind when you're developing anything, whether it's Python, Django, JavaScript, HTML. These things should always be in your mind when developing, in my opinion. So this is a manifest file,

and we'll go shortly through it. The version is gonna be two. That's like the extension framework version. You're gonna give it a name, description. This is actually what would pop up when you open the extension page, and that's gonna be the description. It's kind of like a SEO for your site,

so this is all the tags and ad words and where you use your, where the image is coming from. Also, this is where you ask permissions from the users, so you can take control of the camera, the microphone, and whatever. The UI. This is basic HTML, CSS, all packed into one slide,

so you can just copy-paste it. By the way, this is all. You can copy-paste it, put in the manifest.json. This is exactly what I did. Copy-pasted this, put it in pop-up HTML. Then I copy-pasted this. This is the actual JavaScript.

I also added a JavaScript file that was just jQuery, and this is what's actually happening. So, in short, I'm taking a CSS style and adding it to each anchor tag that's between one and 10 words, letters, sorry.

The hard part, deploying. You have to drag extension into browser. Yeah, so this is the extension page. I don't have the correct. Permissions, so for some reason I can't do it,

but you can see, you can drop to install. Since mine doesn't work, I have to load it for whatever reason. And that's it, I have it. Now, we try it out. So this is a Wiki link. Apparently yes, there's a Wiki page about Buffalo, Buffalo, Buffalo, Buffalo, Buffalo, Buffalo.

And this is what it does. Makes your anchor tags jump. Very useful. So, sometimes authentication is like,

oh, you put this thing, this line, inside your code, and then magically you have authentication running. But there's an issue in there, because sometimes we don't test every single page that we had. If you are using normal authentication, just a token authentication for framework API,

and you start to create groups of users, and then you need to assure that certain group should only see some views. And then it starts to grow up as soon as your project is starting to grow up. Sometimes no one, or sometimes someone is reviewing

your PR or something, and it may be not that, like, well, how can I say this? Not that good to review your code, and sometimes some view can pass through the review and processing. The code will be deployed,

and will be a leak on your endpoint API, restroom or something. Sometime you need to QA this, and you need to assure that every view is okay, is having permissions and authentication and stuff. I had that to QA on any point, and then I was like, oh, view per view, and looking, oh, this permission is wrong. Okay, this permission is wrong, we need to fix it.

But if the project is bigger, it's not sustainable anymore, and you need to programmatically do that. Yeah, sometimes means usually almost every time, because we are humans. And what I did was this. I created a command for Django Manager,

and then you can pass an app. It's nice because you can use third-party apps like Hest-Off, and then you can see which holes they had in their code, because if you're using this group of users, they just do regular authentication. So it's kind of leaking, and you need to extend the view and fix it by yourself.

Okay, what's the outcome of that? You have the view, name, from your file, and which permissions we are using, which is nice. We can get some more main information from it, like authentication classes that we are using, parent classes that here it's from this, like some question permission.

It reads from other permission classes that should have holes in there too. So the code's like really ugly, because it's to make it work as a proof of concept. But we are using, in this call command, show a here, this is from third-party library, called Django Extensions, which is awesome.

And then we, I went to each endpoint for endpoint, and get the view, and from the view, I get the permission classes, and just print it. So it's really a 10-minute job, so it's awesome. Okay, you can install it, if you wanted to use it in your project, but in fact you can, because I didn't deploy it at PyPy.

So you can use it, use it, use it, really use it. But I have a bit.ly that you can grab the snippet that I wrote. And I think that it's really easy to use it, because it's just a one-command line, and probably should be a check, like for you to put

in your continuous integration stack, like, oh, run the Python manage.py, manage.py, check, and it will check for the permissions, oh, this view has no permission at all. So it really should be opened as it is, like a login, then the pointer or not. So that's what I did in the morning.

And in fact, I didn't this morning, because I lost this code that I wrote back then. And then I need to rewrote it, but it's okay. And thank you, obrigado, it's from Brazil, Portuguese. So my name is Juan Fonseca, you can follow me on almost everything, it's like Juan Fonsec with C, because someone took the Fonseca with S,

so I need to put in C, and now it's Fonseca. It's my first BiancoCon, in fact, too. Thank you.