Podcasts about xpath

This show has been flagged as Explicit by the host. More Command line fun: downloading a podcast In the show hpr4398 :: Command line fun: downloading a podcast Kevie walked us through a command to download a podcast. He used some techniques here that I hadn't used before, and it's always great to see how other people approach the problem. Let's have a look at the script and walk through what it does, then we'll have a look at some "traps for young players" as the EEVBlog is fond of saying. Analysis of the Script wget `curl https://tuxjam.otherside.network/feed/podcast/ | grep -o 'https*://[^"]*ogg' | head -1` It chains four different commands together to "Save the latest file from a feed". Let's break it down so we can have checkpoints between each step. I often do this when writing a complex one liner - first do it as steps, and then combine it. The curl command gets https://tuxjam.otherside.network/feed/podcast/ . To do this ourselves we will call curl https://tuxjam.otherside.network/feed/podcast/ --output tuxjam.xml , as the default file name is index.html. This gives us a xml file, and we can confirm it's valid xml with the xmllint command. $ xmllint --format tuxjam.xml >/dev/null $ echo $? 0 Here the output of the command is ignored by redirecting it to /dev/null Then we check the error code the last command had. As it's 0 it completed sucessfully. Kevie then passes the output to the grep search command with the option -o and then looks for any string starting with https followed by anything then followed by two forward slashes, then -o, --only-matching Print only the matched (non-empty) parts of a matching line, with each such part on a separate output line We can do the same with. I was not aware that grep defaulted to regex, as I tend to add the --perl-regexp to explicitly add it. grep --only-matching 'https*://[^"]*ogg' tuxjam.xml http matches the characters http literally (case sensitive) s* matches the character s literally (case sensitive) Quantifier: * Between zero and unlimited times, as many times as possible, giving back as needed [greedy] : matches the character : literally / matches the character / literally / matches the character / literally [^"]* match a single character not present in the list below Quantifier: * Between zero and unlimited times, as many times as possible, giving back as needed [greedy] " a single character in the list " literally (case sensitive) ogg matches the characters ogg literally (case sensitive) When we run this ourselves we get the following $ grep --only-matching 'https*://[^"]*ogg' tuxjam.xml https://archive.org/download/tuxjam-121/tuxjam_121.ogg https://archive.org/download/tuxjam-120/TuxJam_120.ogg https://archive.org/download/tux-jam-119/TuxJam_119.ogg https://archive.org/download/tuxjam_118/tuxjam_118.ogg https://archive.org/download/tux-jam-117-uncut/TuxJam_117.ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://archive.org/download/tuxjam_116/tuxjam_116.ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://ogg http://tuxjam.otherside.network/wp-content/uploads/sites/5/2024/10/tuxjam_115_OggCamp2024.ogg https://ogg https://archive.org/download/tuxjam_114/tuxjam_114.ogg https://archive.org/download/tuxjam_113/tuxjam_113.ogg https://archive.org/download/tuxjam_112/tuxjam_112.ogg The last command returns the first line, so therefore https://archive.org/download/tuxjam-121/tuxjam_121.ogg Finally that line is used as the input to the wget command. Problems with the approach Relying on grep with structured data like xml or json can lead to problems. When we looked at the output of the command in step 2, some of the results gave https://ogg . When run the same command without the --only-matching argument we see what was matched. $ grep 'https*://[^"]*ogg' tuxjam.xml This episode may not be live as in TuxJam 115 from Oggcamp but your friendly foursome of Al, Dave (thelovebug), Kevie and Andrew (mcnalu) are very much alive to treats of Free and Open Source Software and Creative Commons tunes. https://tuxjam.otherside.network/tuxjam-115-oggcamp-2024/ https://tuxjam.otherside.network/tuxjam-115-oggcamp-2024/#respond https://tuxjam.otherside.network/tuxjam-115-oggcamp-2024/feed/ With the group meeting up together for the first time in person, it was decided that a live recording would be an appropriate venture. With the quartet squashed around a table and a group of adoring fans crowded into a room at the Pendulum Hotel in Manchester, the discussion turns to TuxJam reviews that become regularly used applications, what we enjoyed about OggCamp 2024 and for the third section the gang put their reputation on the line and allow open questions from the sea of dedicated fans. OggCamp 2024 on Saturday 12 and Sunday 13 October 2024, Manchester UK. Two of the hits are not enclosures at all, they are references in the text to OggCamp what we enjoyed about OggCamp 2024 Normally running grep will only get one entry per line, and if the xml is minimised it can miss entries on a file that comes across as one big line. I did this myself using xmllint --noblanks tuxjam.xml > tuxjam-min.xml I then edited it and replaced the new lines with spaces. I have to say that the --only-matching argument is doing a great job at pulling out the matches. That said the results were not perfect either. $ grep --only-matching 'https*://[^"]*ogg' tuxjam-min.xml https://archive.org/download/tuxjam-121/tuxjam_121.ogg https://archive.org/download/tuxjam-120/TuxJam_120.ogg https://archive.org/download/tux-jam-119/TuxJam_119.ogg https://archive.org/download/tuxjam_118/tuxjam_118.ogg https://archive.org/download/tux-jam-117-uncut/TuxJam_117.ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://archive.org/download/tuxjam_116/tuxjam_116.ogg https://tuxjam.otherside.network/tuxjam-115-ogg https://tuxjam.otherside.network/?p=1029https://tuxjam.otherside.network/tuxjam-115-oggcamp-2024/#respondhttps://tuxjam.otherside.network/tuxjam-115-ogg https://ogg http://tuxjam.otherside.network/wp-content/uploads/sites/5/2024/10/tuxjam_115_OggCamp2024.ogg https://ogg https://archive.org/download/tuxjam_114/tuxjam_114.ogg https://archive.org/download/tuxjam_113/tuxjam_113.ogg https://archive.org/download/tuxjam_112/tuxjam_112.ogg You could fix it by modifying the grep arguments and add additional searches looking for enclosure . The problem with that approach is that you'll forever and a day be chasing issues when someone changes something. So the approach is officially "Grand", but it's a very likely to break if you're not babysitting it. Suggested Applications. I recommend never parsing structured documents , like xml or json with grep. You should use dedicated parsers that understands the document markup, and can intelligently address parts of it. I recommend: xml use xmlstarlet json use jq yaml use yq Of course anyone that looks at my code on the hpr gittea will know this is a case of "do what I say, not what I do." Never parse xml with grep, where the only possible exception is to see if a string is in a file in the first place. grep --max-count=1 --files-with-matches That's justified under the fact that grep is going to be faster than having to parse, and build a XML Document Object Model when you don't have to. Some Tips Always refer to examples and specification A specification is just a set of rules that tell you how the document is formatted. There is a danger in just looking at example files, and not reading the specifications. I had a situation once where a software developer raised a bug as the files didn't begin with ken-test- followed by a uuid . They were surprised when the supplied files did not follow this convention as per the examples. Suffice to say that was rejected. For us there are the rules from the RSS specification itself, but as it's a XML file there are XML Specifications . While the RSS spec is short, the XML is not, so people tend to use dedicated libraries to parse XML. Using a dedicated tool like xmlstarlet will allow us to mostly ignore the details of XML. RSS is a dialect of XML . All RSS files must conform to the XML 1.0 specification, as published on the World Wide Web Consortium (W3C) website. The first line of the tuxjam feed shows it's an XML file. The specification goes on to say "At the top level, a RSS document is a element, with a mandatory attribute called version, that specifies the version of RSS that the document conforms to. If it conforms to this specification, the version attribute must be 2.0." And sure enough then the second line show that it's a RSS file.

Peter Herman and Karina Hoyer discuss beginner-friendly methods for scraping geospatial data from web maps, including techniques using R and Google Sheets. Highlights

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great FirewallFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectResources:Insecurity through CensorshipRuby-SAML / GitLab Authentication Bypass0-Click exploit discovered in MediaTek Wi-Fi chipsetsNew Caido Plugin to Generate WordlistsBebik's 403 BypassorCSPBypassArb Read & Arb write on LLaMa.cpp by SideQuestXSS WAF Bypass One payload for allTimestamps(00:00:00) Introduction(00:02:08) Vulnerabilities Caused by The Great Firewall(00:07:25) Ruby SAML Bypass(00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets(00:24:36) New Caido Wordlist Plugin(00:31:00) CSPBypass.com(00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest(00:43:10) Helpful WAF Bypass

2024 年 7 月に公開された、GeoServer およびその関連ツールの脆弱性の悪用を試みるエクスプロイトコードが公開されています。

We are running an end of year survey for our listeners. Let us know any feedback you have for us, what episodes resonated with you the most, and guest requests for 2024! RAG has emerged as one of the key pieces of the AI Engineer stack. Jerry from LlamaIndex called it a “hack”, Bryan from Hex compared it to “a recommendation system from LLMs”, and even LangChain started with it. RAG is crucial in any AI coding workflow. We talked about context quality for code in our Phind episode. Today's guests, Beyang Liu and Steve Yegge from SourceGraph, have been focused on code indexing and retrieval for over 15 years. We locked them in our new studio to record a 1.5 hours masterclass on the history of code search, retrieval interfaces for code, and how they get SOTA 30% completion acceptance rate in their Cody product by being better at the “bin packing problem” of LLM context generation. Google Grok → SourceGraph → CodyWhile at Google in 2008, Steve built Grok, which lives on today as Google Kythe. It allowed engineers to do code parsing and searching across different codebases and programming languages. (You might remember this blog post from Steve's time at Google) Beyang was an intern at Google at the same time, and Grok became the inspiration to start SourceGraph in 2013. The two didn't know eachother personally until Beyang brought Steve out of retirement 9 years later to join him as VP Engineering. Fast forward 10 years, SourceGraph has become to best code search tool out there and raised $223M along the way. Nine months ago, they open sourced SourceGraph Cody, their AI coding assistant. All their code indexing and search infrastructure allows them to get SOTA results by having better RAG than competitors:* Code completions as you type that achieve an industry-best Completion Acceptance Rate (CAR) as high as 30% using a context-enhanced open-source LLM (StarCoder)* Context-aware chat that provides the option of using GPT-4 Turbo, Claude 2, GPT-3.5 Turbo, Mistral 7x8B, or Claude Instant, with more model integrations planned* Doc and unit test generation, along with AI quick fixes for common coding errors* AI-enhanced natural language code search, powered by a hybrid dense/sparse vector search engine There are a few pieces of infrastructure that helped Cody achieve these results:Dense-sparse vector retrieval system For many people, RAG = vector similarity search, but there's a lot more that you can do to get the best possible results. From their release:"Sparse vector search" is a fancy name for keyword search that potentially incorporates LLMs for things like ranking and term expansion (e.g., "k8s" expands to "Kubernetes container orchestration", possibly weighted as in SPLADE): * Dense vector retrieval makes use of embeddings, the internal representation that LLMs use to represent text. Dense vector retrieval provides recall over a broader set of results that may have no exact keyword matches but are still semantically similar. * Sparse vector retrieval is very fast, human-understandable, and yields high recall of results that closely match the user query. * We've found the approaches to be complementary.There's a very good blog post by Pinecone on SPLADE for sparse vector search if you're interested in diving in. If you're building RAG applications in areas that have a lot of industry-specific nomenclature, acronyms, etc, this is a good approach to getting better results.SCIPIn 2016, Microsoft announced the Language Server Protocol (LSP) and the Language Server Index Format (LSIF). This protocol makes it easy for IDEs to get all the context they need from a codebase to get things like file search, references, “go to definition”, etc. SourceGraph developed SCIP, “a better code indexing format than LSIF”:* Simpler and More Efficient Format: SCIP utilizes Protobuf instead of JSON, which is used by LSIF. Protobuf is more space-efficient, simpler, and more suitable for systems programming. * Better Performance and Smaller Index Sizes: SCIP indexers, such as scip-clang, show enhanced performance and reduced index file sizes compared to LSIF indexers (10%-20% smaller)* Easier to Develop and Debug: SCIP's design, centered around human-readable string IDs for symbols, makes it faster and more straightforward to develop new language indexers. Having more efficient indexing is key to more performant RAG on code. Show Notes* Sourcegraph* Cody* Copilot vs Cody* Steve's Stanford seminar on Grok* Steve's blog* Grab* Fireworks* Peter Norvig* Noam Chomsky* Code search* Kelly Norton* Zoekt* v0.devSee also our past episodes on Cursor, Phind, Codeium and Codium as well as the GitHub Copilot keynote at AI Engineer Summit.Timestamps* [00:00:00] Intros & Backgrounds* [00:05:20] How Steve's work on Grok inspired SourceGraph for Beyang* [00:08:10] What's Cody?* [00:11:22] Comparison of coding assistants and the capabilities of Cody* [00:16:00] The importance of context (RAG) in AI coding tools* [00:21:33] The debate between Chomsky and Norvig approaches in AI* [00:30:06] Normsky: the Norvig + Chomsky models collision* [00:36:00] The death of the DSL?* [00:40:00] LSP, Skip, Kythe, BFG, and all that fun stuff* [00:53:00] The SourceGraph internal stack* [00:58:46] Building on open source models* [01:02:00] SourceGraph for engineering managers?* [01:12:00] Lightning RoundTranscriptAlessio: Hey everyone, welcome to the Latent Space podcast. This is Alessio, partner and CTO-in-Residence at Decibel Partners, and I'm joined by my co-host Swyx, founder of Smol AI. [00:00:16]Swyx: Hey, and today we're christening our new podcast studio in the Newton, and we have Beyang and Steve from Sourcegraph. Welcome. [00:00:25]Beyang: Hey, thanks for having us. [00:00:26]Swyx: So this has been a long time coming. I'm very excited to have you. We also are just celebrating the one year anniversary of ChatGPT yesterday, but also we'll be talking about the GA of Cody later on today. We'll just do a quick intros of both of you. Obviously, people can research you and check the show notes for more. Beyang, you worked in computer vision at Stanford and then you worked at Palantir. I did, yeah. You also interned at Google. [00:00:48]Beyang: I did back in the day where I get to use Steve's system, DevTool. [00:00:53]Swyx: Right. What was it called? [00:00:55]Beyang: It was called Grok. Well, the end user thing was Google Code Search. That's what everyone called it, or just like CS. But the brains of it were really the kind of like Trigram index and then Grok, which provided the reference graph. [00:01:07]Steve: Today it's called Kythe, the open source Google one. It's sort of like Grok v3. [00:01:11]Swyx: On your podcast, which you've had me on, you've interviewed a bunch of other code search developers, including the current developer of Kythe, right? [00:01:19]Beyang: No, we didn't have any Kythe people on, although we would love to if they're up for it. We had Kelly Norton, who built a similar system at Etsy, it's an open source project called Hound. We also had Han-Wen Nienhuys, who created Zoekt, which is, I think, heavily inspired by the Trigram index that powered Google's original code search and that we also now use at Sourcegraph. Yeah. [00:01:45]Swyx: So you teamed up with Quinn over 10 years ago to start Sourcegraph and you were indexing all code on the internet. And now you're in a perfect spot to create a code intelligence startup. Yeah, yeah. [00:01:56]Beyang: I guess the backstory was, I used Google Code Search while I was an intern. And then after I left that internship and worked elsewhere, it was the single dev tool that I missed the most. I felt like my job was just a lot more tedious and much more of a hassle without it. And so when Quinn and I started working together at Palantir, he had also used various code search engines in open source over the years. And it was just a pain point that we both felt, both working on code at Palantir and also working within Palantir's clients, which were a lot of Fortune 500 companies, large financial institutions, folks like that. And if anything, the pains they felt in dealing with large complex code bases made our pain points feel small by comparison. So that was really the impetus for starting Sourcegraph. [00:02:42]Swyx: Yeah, excellent. Steve, you famously worked at Amazon. And you've told many, many stories. I want every single listener of Latent Space to check out Steve's YouTube because he effectively had a podcast that you didn't tell anyone about or something. You just hit record and just went on a few rants. I'm always here for your Stevie rants. And then you moved to Google, where you also had some interesting thoughts on just the overall Google culture versus Amazon. You joined Grab as head of eng for a couple of years. I'm from Singapore, so I have actually personally used a lot of Grab's features. And it was very interesting to see you talk so highly of Grab's engineering and sort of overall prospects. [00:03:21]Steve: Because as a customer, it sucked? [00:03:22]Swyx: Yeah, no, it's just like, being from a smaller country, you never see anyone from our home country being on a global stage or talked about as a startup that people admire or look up to, like on the league that you, with all your legendary experience, would consider equivalent. Yeah. [00:03:41]Steve: Yeah, no, absolutely. They actually, they didn't even know that they were as good as they were, in a sense. They started hiring a bunch of people from Silicon Valley to come in and sort of like fix it. And we came in and we were like, Oh, we could have been a little better operational excellence and stuff. But by and large, they're really sharp. The only thing about Grab is that they get criticized a lot for being too westernized. Oh, by who? By Singaporeans who don't want to work there. [00:04:06]Swyx: Okay. I guess I'm biased because I'm here, but I don't see that as a problem. If anything, they've had their success because they were more westernized than the Sanders Singaporean tech company. [00:04:15]Steve: I mean, they had their success because they are laser focused. They copy to Amazon. I mean, they're executing really, really, really well for a giant. I was on a slack with 2,500 engineers. It was like this giant waterfall that you could dip your toe into. You'd never catch up. Actually, the AI summarizers would have been really helpful there. But yeah, no, I think Grab is successful because they're just out there with their sleeves rolled up, just making it happen. [00:04:43]Swyx: And for those who don't know, it's not just like Uber of Southeast Asia, it's also a super app. PayPal Plus. [00:04:48]Steve: Yeah. [00:04:49]Swyx: In the way that super apps don't exist in the West. It's one of the enduring mysteries of B2C that super apps work in the East and don't work in the West. We just don't understand it. [00:04:57]Beyang: Yeah. [00:04:58]Steve: It's just kind of curious. They didn't work in India either. And it was primarily because of bandwidth reasons and smaller phones. [00:05:03]Swyx: That should change now. It should. [00:05:05]Steve: And maybe we'll see a super app here. [00:05:08]Swyx: You retired-ish? I did. You retired-ish on your own video game? Mm-hmm. Any fun stories about that? And that's also where you discovered some need for code search, right? Mm-hmm. [00:05:16]Steve: Sure. A need for a lot of stuff. Better programming languages, better databases. Better everything. I mean, I started in like 95, right? Where there was kind of nothing. Yeah. Yeah. [00:05:24]Beyang: I just want to say, I remember when you first went to Grab because you wrote that blog post talking about why you were excited about it, about like the expanding Asian market. And our reaction was like, oh, man, how did we miss stealing it with you? [00:05:36]Swyx: Hiring you. [00:05:37]Beyang: Yeah. [00:05:38]Steve: I was like, miss that. [00:05:39]Swyx: Tell that story. So how did this happen? Right? So you were inspired by Grok. [00:05:44]Beyang: I guess the backstory from my point of view is I had used code search and Grok while at Google, but I didn't actually know that it was connected to you, Steve. I knew you from your blog posts, which were always excellent, kind of like inside, very thoughtful takes from an engineer's perspective on some of the challenges facing tech companies and tech culture and that sort of thing. But my first introduction to you within the context of code intelligence, code understanding was I watched a talk that you gave, I think at Stanford, about Grok when you're first building it. And that was very eye opening. I was like, oh, like that guy, like the guy who, you know, writes the extremely thoughtful ranty like blog posts also built that system. And so that's how I knew, you know, you were involved in that. And then, you know, we always wanted to hire you, but never knew quite how to approach you or, you know, get that conversation started. [00:06:34]Steve: Well, we got introduced by Max, right? Yeah. It was temporal. Yeah. Yeah. I mean, it was a no brainer. They called me up and I had noticed when Sourcegraph had come out. Of course, when they first came out, I had this dagger of jealousy stabbed through me piercingly, which I remember because I am not a jealous person by any means, ever. But boy, I was like, but I was kind of busy, right? And just one thing led to another. I got sucked back into the ads vortex and whatever. So thank God Sourcegraph actually kind of rescued me. [00:07:05]Swyx: Here's a chance to build DevTools. Yeah. [00:07:08]Steve: That's the best. DevTools are the best. [00:07:10]Swyx: Cool. Well, so that's the overall intro. I guess we can get into Cody. Is there anything else that like people should know about you before we get started? [00:07:18]Steve: I mean, everybody knows I'm a musician. I can juggle five balls. [00:07:24]Swyx: Five is good. Five is good. I've only ever managed three. [00:07:27]Steve: Five is hard. Yeah. And six, a little bit. [00:07:30]Swyx: Wow. [00:07:31]Beyang: That's impressive. [00:07:32]Alessio: So yeah, to jump into Sourcegraph, this has been a company 10 years in the making. And as Sean said, now you're at the right place. Phase two. Now, exactly. You spent 10 years collecting all this code, indexing, making it easy to surface it. Yeah. [00:07:47]Swyx: And also learning how to work with enterprises and having them trust you with their code bases. Yeah. [00:07:52]Alessio: Because initially you were only doing on-prem, right? Like a lot of like VPC deployments. [00:07:55]Beyang: So in the very early days, we're cloud only. But the first major customers we landed were all on-prem, self-hosted. And that was, I think, related to the nature of the problem that we're solving, which becomes just like a critical, unignorable pain point once you're above like 100 devs or so. [00:08:11]Alessio: Yeah. And now Cody is going to be GA by the time this releases. So congrats to your future self for launching this in two weeks. Can you give a quick overview of just what Cody is? I think everybody understands that it's a AI coding agent, but a lot of companies say they have a AI coding agent. So yeah, what does Cody do? How do people interface with it? [00:08:32]Beyang: Yeah. So how is it different from the like several dozen other AI coding agents that exist in the market now? When we thought about building a coding assistant that would do things like code generation and question answering about your code base, I think we came at it from the perspective of, you know, we've spent the past decade building the world's best code understanding engine for human developers, right? So like it's kind of your guide as a human dev if you want to go and dive into a large complex code base. And so our intuition was that a lot of the context that we're providing to human developers would also be useful context for AI developers to consume. And so in terms of the feature set, Cody is very similar to a lot of other assistants. It does inline autocompletion. It does code base aware chat. It does specific commands that automate, you know, tasks that you might rather not want to do like generating unit tests or adding detailed documentation. But we think the core differentiator is really the quality of the context, which is hard to kind of describe succinctly. It's a bit like saying, you know, what's the difference between Google and Alta Vista? There's not like a quick checkbox list of features that you can rattle off, but it really just comes down to all the attention and detail that we've paid to making that context work well and be high quality and fast for human devs. We're now kind of plugging into the AI coding assistant as well. Yeah. [00:09:53]Steve: I mean, just to add my own perspective on to what Beyang just described, RAG is kind of like a consultant that the LLM has available, right, that knows about your code. RAG provides basically a bridge to a lookup system for the LLM, right? Whereas fine tuning would be more like on the job training for somebody. If the LLM is a person, you know, and you send them to a new job and you do on the job training, that's what fine tuning is like, right? So tuned to our specific task. You're always going to need that expert, even if you get the on the job training, because the expert knows your particular code base, your task, right? That expert has to know your code. And there's a chicken and egg problem because, right, you know, we're like, well, I'm going to ask the LLM about my code, but first I have to explain it, right? It's this chicken and egg problem. That's where RAG comes in. And we have the best consultants, right? The best assistant who knows your code. And so when you sit down with Cody, right, what Beyang said earlier about going to Google and using code search and then starting to feel like without it, his job was super tedious. Once you start using these, do you guys use coding assistants? [00:10:53]Swyx: Yeah, right. [00:10:54]Steve: I mean, like we're getting to the point very quickly, right? Where you feel like almost like you're programming without the internet, right? Or something, you know, it's like you're programming back in the nineties without the coding assistant. Yeah. Hopefully that helps for people who have like no idea about coding systems, what they are. [00:11:09]Swyx: Yeah. [00:11:10]Alessio: I mean, going back to using them, we had a lot of them on the podcast already. We had Cursor, we have Codium and Codium, very similar names. [00:11:18]Swyx: Yeah. Find, and then of course there's Copilot. [00:11:22]Alessio: You had a Copilot versus Cody blog post, and I think it really shows the context improvement. So you had two examples that stuck with me. One was, what does this application do? And the Copilot answer was like, oh, it uses JavaScript and NPM and this. And it's like, but that's not what it does. You know, that's what it's built with. Versus Cody was like, oh, these are like the major functions. And like, these are the functionalities and things like that. And then the other one was, how do I start this up? And Copilot just said NPM start, even though there was like no start command in the package JSON, but you know, most collapse, right? Most projects use NPM start. So maybe this does too. How do you think about open source models? Because Copilot has their own private thing. And I think you guys use Starcoder, if I remember right. Yeah, that's correct. [00:12:09]Beyang: I think Copilot uses some variant of Codex. They're kind of cagey about it. I don't think they've like officially announced what model they use. [00:12:16]Swyx: And I think they use a range of models based on what you're doing. Yeah. [00:12:19]Beyang: So everyone uses a range of model. Like no one uses the same model for like inline completion versus like chat because the latency requirements for. Oh, okay. Well, there's fill in the middle. There's also like what the model's trained on. So like we actually had completions powered by Claude Instant for a while. And but you had to kind of like prompt hack your way to get it to output just the code and not like, hey, you know, here's the code you asked for, like that sort of text. So like everyone uses a range of models. We've kind of designed Cody to be like especially model, not agnostic, but like pluggable. So one of our kind of design considerations was like as the ecosystem evolves, we want to be able to integrate the best in class models, whether they're proprietary or open source into Cody because the pace of innovation in the space is just so quick. And I think that's been to our advantage. Like today, Cody uses Starcoder for inline completions. And with the benefit of the context that we provide, we actually show comparable completion acceptance rate metrics. It's kind of like the standard metric that folks use to evaluate inline completion quality. It's like if I show you a completion, what's the chance that you actually accept the completion versus you reject it? And so we're at par with Copilot, which is at the head of that industry right now. And we've been able to do that with the Starcoder model, which is open source and the benefit of the context fetching stuff that we provide. And of course, a lot of like prompt engineering and other stuff along the way. [00:13:40]Alessio: And Steve, you wrote a post called cheating is all you need about what you're building. And one of the points you made is that everybody's fighting on the same axis, which is better UI and the IDE, maybe like a better chat response. But data modes are kind of the most important thing. And you guys have like a 10 year old mode with all the data you've been collecting. How do you kind of think about what other companies are doing wrong, right? Like, why is nobody doing this in terms of like really focusing on RAG? I feel like you see so many people. Oh, we just got a new model. It's like a bit human eval. And it's like, well, but maybe like that's not what we should really be doing, you know? Like, do you think most people underestimate the importance of like the actual RAG in code? [00:14:21]Steve: I think that people weren't doing it much. It wasn't. It's kind of at the edges of AI. It's not in the center. I know that when ChatGPT launched, so within the last year, I've heard a lot of rumblings from inside of Google, right? Because they're undergoing a huge transformation to try to, you know, of course, get into the new world. And I heard that they told, you know, a bunch of teams to go and train their own models or fine tune their own models, right? [00:14:43]Swyx: Both. [00:14:43]Steve: And, you know, it was a s**t show. Nobody knew how to do it. They launched two coding assistants. One was called Code D with an EY. And then there was, I don't know what happened in that one. And then there's Duet, right? Google loves to compete with themselves, right? They do this all the time. And they had a paper on Duet like from a year ago. And they were doing exactly what Copilot was doing, which was just pulling in the local context, right? But fundamentally, I thought of this because we were talking about the splitting of the [00:15:10]Swyx: models. [00:15:10]Steve: In the early days, it was the LLM did everything. And then we realized that for certain use cases, like completions, that a different, smaller, faster model would be better. And that fragmentation of models, actually, we expected to continue and proliferate, right? Because we are fundamentally, we're a recommender engine right now. Yeah, we're recommending code to the LLM. We're saying, may I interest you in this code right here so that you can answer my question? [00:15:34]Swyx: Yeah? [00:15:34]Steve: And being good at recommender engine, I mean, who are the best recommenders, right? There's YouTube and Spotify and, you know, Amazon or whatever, right? Yeah. [00:15:41]Swyx: Yeah. [00:15:41]Steve: And they all have many, many, many, many, many models, right? For all fine-tuned for very specific, you know. And that's where we're heading in code, too. Absolutely. [00:15:50]Swyx: Yeah. [00:15:50]Alessio: We just did an episode we released on Wednesday, which we said RAG is like Rexis or like LLMs. You're basically just suggesting good content. [00:15:58]Swyx: It's like what? Recommendations. [00:15:59]Beyang: Recommendations. [00:16:00]Alessio: Oh, got it. [00:16:01]Steve: Yeah, yeah, yeah. [00:16:02]Swyx: So like the naive implementation of RAG is you embed everything, throw it in a vector database, you embed your query, and then you find the nearest neighbors, and that's your RAG. But actually, you need to rank it. And actually, you need to make sure there's sample diversity and that kind of stuff. And then you're like slowly gradient dissenting yourself towards rediscovering proper Rexis, which has been traditional ML for a long time. But like approaching it from an LLM perspective. Yeah. [00:16:24]Beyang: I almost think of it as like a generalized search problem because it's a lot of the same things. Like you want your layer one to have high recall and get all the potential things that could be relevant. And then there's typically like a layer two re-ranking mechanism that bumps up the precision and tries to get the relevant stuff to the top of the results list. [00:16:43]Swyx: Have you discovered that ranking matters a lot? Oh, yeah. So the context is that I think a lot of research shows that like one, context utilization matters based on model. Like GPT uses the top of the context window, and then apparently Claude uses the bottom better. And it's lossy in the middle. Yeah. So ranking matters. No, it really does. [00:17:01]Beyang: The skill with which models are able to take advantage of context is always going to be dependent on how that factors into the impact on the training loss. [00:17:10]Swyx: Right? [00:17:10]Beyang: So like if you want long context window models to work well, then you have to have a ton of data where it's like, here's like a billion lines of text. And I'm going to ask a question about like something that's like, you know, embedded deeply into it and like, give me the right answer. And unless you have that training set, then of course, you're going to have variability in terms of like where it attends to. And in most kind of like naturally occurring data, the thing that you're talking about right now, the thing I'm asking you about is going to be something that we talked about recently. [00:17:36]Swyx: Yeah. [00:17:36]Steve: Did you really just say gradient dissenting yourself? Actually, I love that it's entered the casual lexicon. Yeah, yeah, yeah. [00:17:44]Swyx: My favorite version of that is, you know, how we have to p-hack papers. So, you know, when you throw humans at the problem, that's called graduate student dissent. That's great. It's really awesome. [00:17:54]Alessio: I think the other interesting thing that you have is this inline assist UX that I wouldn't say async, but like it works while you can also do work. So you can ask Cody to make changes on a code block and you can still edit the same file at the same time. [00:18:07]Swyx: Yeah. [00:18:07]Alessio: How do you see that in the future? Like, do you see a lot of Cody's running together at the same time? Like, how do you validate also that they're not messing each other up as they make changes in the code? And maybe what are the limitations today? And what do you think about where the attack is going? [00:18:21]Steve: I want to start with a little history and then I'm going to turn it over to Bian, all right? So we actually had this feature in the very first launch back in June. Dominic wrote it. It was called nonstop Cody. And you could have multiple, basically, LLM requests in parallel modifying your source [00:18:37]Swyx: file. [00:18:37]Steve: And he wrote a bunch of code to handle all of the diffing logic. And you could see the regions of code that the LLM was going to change, right? And he was showing me demos of it. And it just felt like it was just a little before its time, you know? But a bunch of that stuff, that scaffolding was able to be reused for where we're inline [00:18:56]Swyx: sitting today. [00:18:56]Steve: How would you characterize it today? [00:18:58]Beyang: Yeah, so that interface has really evolved from a, like, hey, general purpose, like, request anything inline in the code and have the code update to really, like, targeted features, like, you know, fix the bug that exists at this line or request a very specific [00:19:13]Swyx: change. [00:19:13]Beyang: And the reason for that is, I think, the challenge that we ran into with inline fixes, and we do want to get to the point where you could just fire and forget and have, you know, half a dozen of these running in parallel. But I think we ran into the challenge early on that a lot of people are running into now when they're trying to construct agents, which is the reliability of, you know, working code generation is just not quite there yet in today's language models. And so that kind of constrains you to an interaction where the human is always, like, in the inner loop, like, checking the output of each response. And if you want that to work in a way where you can be asynchronous, you kind of have to constrain it to a domain where today's language models can generate reliable code well enough. So, you know, generating unit tests, that's, like, a well-constrained problem. Or fixing a bug that shows up as, like, a compiler error or a test error, that's a well-constrained problem. But the more general, like, hey, write me this class that does X, Y, and Z using the libraries that I have, that is not quite there yet, even with the benefit of really good context. Like, it definitely moves the needle a lot, but we're not quite there yet to the point where you can just fire and forget. And I actually think that this is something that people don't broadly appreciate yet, because I think that, like, everyone's chasing this dream of agentic execution. And if we're to really define that down, I think it implies a couple things. You have, like, a multi-step process where each step is fully automated. We don't have to have a human in the loop every time. And there's also kind of like an LM call at each stage or nearly every stage in that [00:20:45]Swyx: chain. [00:20:45]Beyang: Based on all the work that we've done, you know, with the inline interactions, with kind of like general Codyfeatures for implementing longer chains of thought, we're actually a little bit more bearish than the average, you know, AI hypefluencer out there on the feasibility of agents with purely kind of like transformer-based models. To your original question, like, the inline interactions with CODI, we actually constrained it to be more targeted, like, you know, fix the current error or make this quick fix. I think that that does differentiate us from a lot of the other tools on the market, because a lot of people are going after this, like, shnazzy, like, inline edit interaction, whereas I think where we've moved, and this is based on the user feedback that we've gotten, it's like that sort of thing, it demos well, but when you're actually coding day to day, you don't want to have, like, a long chat conversation inline with the code base. That's a waste of time. You'd rather just have it write the right thing and then move on with your life or not have to think about it. And that's what we're trying to work towards. [00:21:37]Steve: I mean, yeah, we're not going in the agent direction, right? I mean, I'll believe in agents when somebody shows me one that works. Yeah. Instead, we're working on, you know, sort of solidifying our strength, which is bringing the right context in. So new context sources, ways for you to plug in your own context, ways for you to control or influence the context, you know, the mixing that happens before the request goes out, etc. And there's just so much low-hanging fruit left in that space that, you know, agents seems like a little bit of a boondoggle. [00:22:03]Beyang: Just to dive into that a little bit further, like, I think, you know, at a very high level, what do people mean when they say agents? They really mean, like, greater automation, fully automated, like, the dream is, like, here's an issue, go implement that. And I don't have to think about it as a human. And I think we are working towards that. Like, that is the eventual goal. I think it's specifically the approach of, like, hey, can we have a transformer-based LM alone be the kind of, like, backbone or the orchestrator of these agentic flows? Where we're a little bit more bearish today. [00:22:31]Swyx: You want the human in the loop. [00:22:32]Beyang: I mean, you kind of have to. It's just a reality of the behavior of language models that are purely, like, transformer-based. And I think that's just like a reflection of reality. And I don't think people realize that yet. Because if you look at the way that a lot of other AI tools have implemented context fetching, for instance, like, you see this in the Copilot approach, where if you use, like, the at-workspace thing that supposedly provides, like, code-based level context, it has, like, an agentic approach where you kind of look at how it's behaving. And it feels like they're making multiple requests to the LM being like, what would you do in this case? Would you search for stuff? What sort of files would you gather? Go and read those files. And it's like a multi-hop step, so it takes a long while. It's also non-deterministic. Because any sort of, like, LM invocation, it's like a dice roll. And then at the end of the day, the context it fetches is not that good. Whereas our approach is just like, OK, let's do some code searches that make sense. And then maybe, like, crawl through the reference graph a little bit. That is fast. That doesn't require any sort of LM invocation at all. And we can pull in much better context, you know, very quickly. So it's faster. [00:23:37]Swyx: It's more reliable. [00:23:37]Beyang: It's deterministic. And it yields better context quality. And so that's what we think. We just don't think you should cargo cult or naively go like, you know, agents are the [00:23:46]Swyx: future. [00:23:46]Beyang: Let's just try to, like, implement agents on top of the LM that exists today. I think there are a couple of other technologies or approaches that need to be refined first before we can get into these kind of, like, multi-stage, fully automated workflows. [00:24:00]Swyx: It makes sense. You know, we're very much focused on developer inner loop right now. But you do see things eventually moving towards developer outer loop. Yeah. So would you basically say that they're tackling the agent's problem that you don't want to tackle? [00:24:11]Beyang: No, I would say at a high level, we are after maybe, like, the same high level problem, which is like, hey, I want some code written. I want to develop some software and can automate a system. Go build that software for me. I think the approaches might be different. So I think the analogy in my mind is, I think about, like, the AI chess players. Coding, in some senses, I mean, it's similar and dissimilar to chess. I think one question I ask is, like, do you think producing code is more difficult than playing chess or less difficult than playing chess? More. [00:24:41]Swyx: I think more. [00:24:41]Beyang: Right. And if you look at the best AI chess players, like, yes, you can use an LLM to play chess. Like, people have showed demos where it's like, oh, like, yeah, GPT-4 is actually a pretty decent, like, chess move suggester. Right. But you would never build, like, a best in class chess player off of GPT-4 alone. [00:24:57]Swyx: Right. [00:24:57]Beyang: Like, the way that people design chess players is that you have kind of like a search space and then you have a way to explore that search space efficiently. There's a bunch of search algorithms, essentially. We were doing tree search in various ways. And you can have heuristic functions, which might be powered by an LLM. [00:25:12]Swyx: Right. [00:25:12]Beyang: Like, you might use an LLM to generate proposals in that space that you can efficiently explore. But the backbone is still this kind of more formalized tree search based approach rather than the LLM itself. And so I think my high level intuition is that, like, the way that we get to more reliable multi-step workflows that do things beyond, you know, generate unit test, it's really going to be like a search based approach where you use an LLM as kind of like an advisor or a proposal function, sort of your heuristic function, like the ASTAR search algorithm. But it's probably not going to be the thing that is the backbone, because I guess it's not the right tool for that. Yeah. [00:25:50]Swyx: I can see yourself kind of thinking through this, but not saying the words, the sort of philosophical Peter Norvig type discussion. Maybe you want to sort of introduce that in software. Yeah, definitely. [00:25:59]Beyang: So your listeners are savvy. They're probably familiar with the classic like Chomsky versus Norvig debate. [00:26:04]Swyx: No, actually, I wanted, I was prompting you to introduce that. Oh, got it. [00:26:08]Beyang: So, I mean, if you look at the history of artificial intelligence, right, you know, it goes way back to, I don't know, it's probably as old as modern computers, like 50s, 60s, 70s. People are debating on like, what is the path to producing a sort of like general human level of intelligence? And kind of two schools of thought that emerged. One is the Norvig school of thought, which roughly speaking includes large language models, you know, regression, SVN, basically any model that you kind of like learn from data. And it's like data driven. Most of machine learning would fall under this umbrella. And that school of thought says like, you know, just learn from the data. That's the approach to reaching intelligence. And then the Chomsky approach is more things like compilers and parsers and formal systems. So basically like, let's think very carefully about how to construct a formal, precise system. And that will be the approach to how we build a truly intelligent system. I think Lisp was invented so that you could create like rules-based systems that you would call AI. As a language. Yeah. And for a long time, there was like this debate, like there's certain like AI research labs that were more like, you know, in the Chomsky camp and others that were more in the Norvig camp. It's a debate that rages on today. And I feel like the consensus right now is that, you know, Norvig definitely has the upper hand right now with the advent of LMs and diffusion models and all the other recent progress in machine learning. But the Chomsky-based stuff is still really useful in my view. I mean, it's like parsers, compilers, basically a lot of the stuff that provides really good context. It provides kind of like the knowledge graph backbone that you want to explore with your AI dev tool. Like that will come from kind of like Chomsky-based tools like compilers and parsers. It's a lot of what we've invested in in the past decade at Sourcegraph and what you build with Grok. Basically like these formal systems that construct these very precise knowledge graphs that are great context providers and great kind of guard rails enforcers and kind of like safety checkers for the output of a more kind of like data-driven, fuzzier system that uses like the Norvig-based models. [00:28:03]Steve: Jang was talking about this stuff like it happened in the middle ages. Like, okay, so when I was in college, I was in college learning Lisp and prologue and planning and all the deterministic Chomsky approaches to AI. And I was there when Norvig basically declared it dead. I was there 3,000 years ago when Norvig and Chomsky fought on the volcano. When did he declare it dead? [00:28:26]Swyx: What do you mean he declared it dead? [00:28:27]Steve: It was like late 90s. [00:28:29]Swyx: Yeah. [00:28:29]Steve: When I went to Google, Peter Norvig was already there. He had basically like, I forget exactly where. It was some, he's got so many famous short posts, you know, amazing. [00:28:38]Swyx: He had a famous talk, the unreasonable effectiveness of data. Yeah. [00:28:41]Steve: Maybe that was it. But at some point, basically, he basically convinced everybody that deterministic approaches had failed and that heuristic-based, you know, data-driven statistical approaches, stochastic were better. [00:28:52]Swyx: Yeah. [00:28:52]Steve: The primary reason I can tell you this, because I was there, was that, was that, well, the steam-powered engine, no. The reason was that the deterministic stuff didn't scale. [00:29:06]Swyx: Yeah. Right. [00:29:06]Steve: They're using prologue, man, constraint systems and stuff like that. Well, that was a long time ago, right? Today, actually, these Chomsky-style systems do scale. And that's, in fact, exactly what Sourcegraph has built. Yeah. And so we have a very unique, I love the framing that Bjong's made, that the marriage of the Chomsky and the Norvig, you know, sort of models, you know, conceptual models, because we, you know, we have both of them and they're both really important. And in fact, there, there's this really interesting, like, kind of overlap between them, right? Where like the AI or our graph or our search engine could potentially provide the right context for any given query, which is, of course, why ranking is important. But what we've really signed ourselves up for is an extraordinary amount of testing. [00:29:45]Swyx: Yeah. [00:29:45]Steve: Because in SWIGs, you were saying that, you know, GPT-4 tends to the front of the context window and maybe other LLMs to the back and maybe, maybe the LLM in the middle. [00:29:53]Swyx: Yeah. [00:29:53]Steve: And so that means that, you know, if we're actually like, you know, verifying whether we, you know, some change we've made has improved things, we're going to have to test putting it at the beginning of the window and at the end of the window, you know, and maybe make the right decision based on the LLM that you've chosen. Which some of our competitors, that's a problem that they don't have, but we meet you, you know, where you are. Yeah. And we're, just to finish, we're writing tens of thousands. We're generating tests, you know, fill in the middle type tests and things. And then using our graph to basically sort of fine tune Cody's behavior there. [00:30:20]Swyx: Yeah. [00:30:21]Beyang: I also want to add, like, I have like an internal pet name for this, like kind of hybrid architecture that I'm trying to make catch on. Maybe I'll just say it here. Just saying it publicly kind of makes it more real. But like, I call the architecture that we've developed the Normsky architecture. [00:30:36]Swyx: Yeah. [00:30:36]Beyang: I mean, it's obviously a portmanteau of Norvig and Chomsky, but the acronym, it stands for non-agentic, rapid, multi-source code intelligence. So non-agentic because... Rolls right off the tongue. And Normsky. But it's non-agentic in the sense that like, we're not trying to like pitch you on kind of like agent hype, right? Like it's the things it does are really just developer tools developers have been using for decades now, like parsers and really good search indexes and things like that. Rapid because we place an emphasis on speed. We don't want to sit there waiting for kind of like multiple LLM requests to return to complete a simple user request. Multi-source because we're thinking broadly about what pieces of information and knowledge are useful context. So obviously starting with things that you can search in your code base, and then you add in the reference graph, which kind of like allows you to crawl outward from those initial results. But then even beyond that, you know, sources of information, like there's a lot of knowledge that's embedded in docs, in PRDs or product specs, in your production logging system, in your chat, in your Slack channel, right? Like there's so much context is embedded there. And when you're a human developer, and you're trying to like be productive in your code base, you're going to go to all these different systems to collect the context that you need to figure out what code you need to write. And I don't think the AI developer will be any different. It will need to pull context from all these different sources. So we're thinking broadly about how to integrate these into Codi. We hope through kind of like an open protocol that like others can extend and implement. And this is something else that should be accessible by December 14th in kind of like a preview stage. But that's really about like broadening this notion of the code graph beyond your Git repository to all the other sources where technical knowledge and valuable context can live. [00:32:21]Steve: Yeah, it becomes an artifact graph, right? It can link into your logs and your wikis and any data source, right? [00:32:27]Alessio: How do you guys think about the importance of, it's almost like data pre-processing in a way, which is bring it all together, tie it together, make it ready. Any thoughts on how to actually make that good? Some of the innovation you guys have made. [00:32:40]Steve: We talk a lot about the context fetching, right? I mean, there's a lot of ways you could answer this question. But, you know, we've spent a lot of time just in this podcast here talking about context fetching. But stuffing the context into the window is, you know, the bin packing problem, right? Because the window is not big enough, and you've got more context than you can fit. You've got a ranker maybe. But what is that context? Is it a function that was returned by an embedding or a graph call or something? Do you need the whole function? Or do you just need, you know, the top part of the function, this expression here, right? You know, so that art, the golf game of trying to, you know, get each piece of context down into its smallest state, possibly even summarized by another model, right, before it even goes to the LLM, becomes this is the game that we're in, yeah? And so, you know, recursive summarization and all the other techniques that you got to use to like stuff stuff into that context window become, you know, critically important. And you have to test them across every configuration of models that you could possibly need. [00:33:32]Beyang: I think data preprocessing is probably the like unsexy, way underappreciated secret to a lot of the cool stuff that people are shipping today. Whether you're doing like RAG or fine tuning or pre-training, like the preprocessing step matters so much because it's basically garbage in, garbage out, right? Like if you're feeding in garbage to the model, then it's going to output garbage. Concretely, you know, for code RAG, if you're not doing some sort of like preprocessing that takes advantage of a parser and is able to like extract the key components of a particular file of code, you know, separate the function signature from the body, from the doc string, what are you even doing? Like that's like table stakes. It opens up so much more possibilities with which you can kind of like tune your system to take advantage of the signals that come from those different parts of the code. Like we've had a tool, you know, since computers were invented that understands the structure of source code to a hundred percent precision. The compiler knows everything there is to know about the code in terms of like structure. Like why would you not want to use that in a system that's trying to generate code, answer questions about code? You shouldn't throw that out the window just because now we have really good, you know, data-driven models that can do other things. [00:34:44]Steve: Yeah. When I called it a data moat, you know, in my cheating post, a lot of people were confused, you know, because data moat sort of sounds like data lake because there's data and water and stuff. I don't know. And so they thought that we were sitting on this giant mountain of data that we had collected, but that's not what our data moat is. It's really a data pre-processing engine that can very quickly and scalably, like basically dissect your entire code base in a very small, fine-grained, you know, semantic unit and then serve it up. Yeah. And so it's really, it's not a data moat. It's a data pre-processing moat, I guess. [00:35:15]Beyang: Yeah. If anything, we're like hypersensitive to customer data privacy requirements. So it's not like we've taken a bunch of private data and like, you know, trained a generally available model. In fact, exactly the opposite. A lot of our customers are choosing Cody over Copilot and other competitors because we have an explicit guarantee that we don't do any of that. And that we've done that from day one. Yeah. I think that's a very real concern in today's day and age, because like if your proprietary IP finds its way into the training set of any model, it's very easy both to like extract that knowledge from the model and also use it to, you know, build systems that kind of work on top of the institutional knowledge that you've built up. [00:35:52]Alessio: About a year ago, I wrote a post on LLMs for developers. And one of the points I had was maybe the depth of like the DSL. I spent most of my career writing Ruby and I love Ruby. It's so nice to use, but you know, it's not as performant, but it's really easy to read, right? And then you look at other languages, maybe they're faster, but like they're more verbose, you know? And when you think about efficiency of the context window, that actually matters. [00:36:15]Swyx: Yeah. [00:36:15]Alessio: But I haven't really seen a DSL for models, you know? I haven't seen like code being optimized to like be easier to put in a model context. And it seems like your pre-processing is kind of doing that. Do you see in the future, like the way we think about the DSL and APIs and kind of like service interfaces be more focused on being context friendly, where it's like maybe it's harder to read for the human, but like the human is never going to write it anyway. We were talking on the Hacks podcast. There are like some data science things like spin up the spandex, like humans are never going to write again because the models can just do very easily. Yeah, curious to hear your thoughts. [00:36:51]Steve: Well, so DSLs, they involve, you know, writing a grammar and a parser and they're like little languages, right? We do them that way because, you know, we need them to compile and humans need to be able to read them and so on. The LLMs don't need that level of structure. You can throw any pile of crap at them, you know, more or less unstructured and they'll deal with it. So I think that's why a DSL hasn't emerged for sort of like communicating with the LLM or packaging up the context or anything. Maybe it will at some point, right? We've got, you know, tagging of context and things like that that are sort of peeking into DSL territory, right? But your point on do users, you know, do people have to learn DSLs like regular expressions or, you know, pick your favorite, right? XPath. I think you're absolutely right that the LLMs are really, really good at that. And I think you're going to see a lot less of people having to slave away learning these things. They just have to know the broad capabilities and the LLM will take care of the rest. [00:37:42]Swyx: Yeah, I'd agree with that. [00:37:43]Beyang: I think basically like the value profit of DSL is that it makes it easier to work with a lower level language, but at the expense of introducing an abstraction layer. And in many cases today, you know, without the benefit of AI cogeneration, like that totally worth it, right? With the benefit of AI cogeneration, I mean, I don't think all DSLs will go away. I think there's still, you know, places where that trade-off is going to be worthwhile. But it's kind of like how much of source code do you think is going to be generated through natural language prompting in the future? Because in a way, like any programming language is just a DSL on top of assembly, right? And so if people can do that, then yeah, like maybe for a large portion of the code [00:38:21]Swyx: that's written, [00:38:21]Beyang: people don't actually have to understand the DSL that is Ruby or Python or basically any other programming language that exists. [00:38:28]Steve: I mean, seriously, do you guys ever write SQL queries now without using a model of some sort? At least a draft. [00:38:34]Swyx: Yeah, right. [00:38:36]Steve: And so we have kind of like, you know, past that bridge, right? [00:38:39]Alessio: Yeah, I think like to me, the long-term thing is like, is there ever going to be, you don't actually see the code, you know? It's like, hey, the basic thing is like, hey, I need a function to some two numbers and that's it. I don't need you to generate the code. [00:38:53]Steve: And the following question, do you need the engineer or the paycheck? [00:38:56]Swyx: I mean, right? [00:38:58]Alessio: That's kind of the agent's discussion in a way where like you cannot automate the agents, but like slowly you're getting more of the atomic units of the work kind of like done. I kind of think of it as like, you know, [00:39:09]Beyang: do you need a punch card operator to answer that for you? And so like, I think we're still going to have people in the role of a software engineer, but the portion of time they spend on these kinds of like low-level, tedious tasks versus the higher level, more creative tasks is going to shift. [00:39:23]Steve: No, I haven't used punch cards. [00:39:25]Swyx: Yeah, I've been talking about like, so we kind of made this podcast about the sort of rise of the AI engineer. And like the first step is the AI enhanced engineer. That is that software developer that is no longer doing these routine, boilerplate-y type tasks, because they're just enhanced by tools like yours. So you mentioned OpenCodeGraph. I mean, that is a kind of DSL maybe, and because we're releasing this as you go GA, you hope for other people to take advantage of that? [00:39:52]Beyang: Oh yeah, I would say so OpenCodeGraph is not a DSL. It's more of a protocol. It's basically like, hey, if you want to make your system, whether it's, you know, chat or logging or whatever accessible to an AI developer tool like Cody, here's kind of like the schema by which you can provide that context and offer hints. So I would, you know, comparisons like LSP obviously did this for kind of like standard code intelligence. It's kind of like a lingua franca for providing fine references and codefinition. There's kind of like analogs to that. There might be also analogs to kind of the original OpenAI, kind of like plugins, API. There's all this like context out there that might be useful for an LM-based system to consume. And so at a high level, what we're trying to do is define a common language for context providers to provide context to other tools in the software development lifecycle. Yeah. Do you have any critiques of LSP, by the way, [00:40:42]Swyx: since like this is very much, very close to home? [00:40:45]Steve: One of the authors wrote a really good critique recently. Yeah. I don't think I saw that. Yeah, yeah. LSP could have been better. It just came out a couple of weeks ago. It was a good article. [00:40:54]Beyang: Yeah. I think LSP is great. Like for what it did for the developer ecosystem, it was absolutely fantastic. Like nowadays, like it's much easier now to get code navigation up and running in a bunch of editors by speaking this protocol. I think maybe the interesting question is like looking at the different design decisions comparing LSP basically with Kythe. Because Kythe has more of a... How would you describe it? [00:41:18]Steve: A storage format. [00:41:20]Beyang: I think the critique of LSP from a Kythe point of view would be like with LSP, you don't actually have an actual symbolic model of the code. It's not like LSP models like, hey, this function calls this other function. LSP is all like range-based. Like, hey, your cursor's at line 32, column 1. [00:41:35]Swyx: Yeah. [00:41:35]Beyang: And that's the thing you feed into the language server. And then it's like, okay, here's the range that you should jump to if you click on that range. So it kind of is intentionally ignorant of the fact that there's a thing called a reference underneath your cursor, and that's linked to a symbol definition. [00:41:49]Steve: Well, actually, that's the worst example you could have used. You're right. But that's the one thing that it actually did bake in is following references. [00:41:56]Swyx: Sure. [00:41:56]Steve: But it's sort of hardwired. [00:41:58]Swyx: Yeah. [00:41:58]Steve: Whereas Kythe attempts to model [00:42:00]Beyang: like all these things explicitly. [00:42:02]Swyx: And so... [00:42:02]Steve: Well, so LSP is a protocol, right? And so Google's internal protocol is gRPC-based. And it's a different approach than LSP. It's basically you make a heavy query to the back end, and you get a lot of data back, and then you render the whole page, you know? So we've looked at LSP, and we think that it's a little long in the tooth, right? I mean, it's a great protocol, lots and lots of support for it. But we need to push into the domain of exposing the intelligence through the protocol. Yeah. [00:42:29]Beyang: And so I would say we've developed a protocol of our own called Skip, which is at a very high level trying to take some of the good ideas from LSP and from Kythe and merge that into a system that in the near term is useful for Sourcegraph, but I think in the long term, we hope will be useful for the ecosystem. Okay, so here's what LSP did well. LSP, by virtue of being like intentionally dumb, dumb in air quotes, because I'm not like ragging on it, allowed language servers developers to kind of like bypass the hard problem of like modeling language semantics precisely. So like if all you want to do is jump to definition, you don't have to come up with like a universally unique naming scheme for each symbol, which is actually quite challenging because you have to think about like, okay, what's the top scope of this name? Is it the source code repository? Is it the package? Does it depend on like what package server you're fetching this from? Like whether it's the public one or the one inside your... Anyways, like naming is hard, right? And by just going from kind of like a location to location based approach, you basically just like throw that out the window. All I care about is jumping definition, just make that work. And you can make that work without having to deal with like all the complex global naming things. The limitation of that approach is that it's harder to build on top of that to build like a true knowledge graph. Like if you actually want a system that says like, okay, here's the web of functions and here's how they reference each other. And I want to incorporate that like semantic model of how the code operates or how the code relates to each other at like a static level. You can't do that with LSP because you have to deal with line ranges. And like concretely the pain point that we found in using LSP for source graph is like in order to do like a find references [00:44:04]Swyx: and then jump definitions, [00:44:04]Beyang: it's like a multi-hop process because like you have to jump to the range and then you have to find the symbol at that range. And it just adds a lot of latency and complexity of these operations where as a human, you're like, well, this thing clearly references this other thing. Why can't you just jump me to that? And I think that's the thing that Kaith does well. But then I think the issue that Kaith has had with adoption is because it is more sophisticated schema, I think. And so there's basically more things that you have to implement to get like a Kaith implementation up and running. I hope I'm not like, correct me if I'm wrong about any of this. [00:44:35]Steve: 100%, 100%. Kaith also has a problem, all these systems have the problem, even skip, or at least the way that we implemented the indexers, that they have to integrate with your build system in order to build that knowledge graph, right? Because you have to basically compile the code in a special mode to generate artifacts instead of binaries. And I would say, by the way, earlier I was saying that XREFs were in LSP, but it's actually, I was thinking of LSP plus LSIF. [00:44:58]Swyx: Yeah. That's another. [00:45:01]Steve: Which is actually bad. We can say that it's bad, right? [00:45:04]Steve: It's like skip or Kaith, it's supposed to be sort of a model serialization, you know, for the code graph, but it basically just does what LSP needs, the bare minimum. LSIF is basically if you took LSP [00:45:16]Beyang: and turned that into a serialization format. So like you build an index for language servers to kind of like quickly bootstrap from cold start. But it's a graph model [00:45:23]Steve: with all of the inconvenience of the API without an actual graph. And so, yeah. [00:45:29]Beyang: So like one of the things that we try to do with skip is try to capture the best of both worlds. So like make it easy to write an indexer, make the schema simple, but also model some of the more symbolic characteristics of the code that would allow us to essentially construct this knowledge graph that we can then make useful for both the human developer through SourceGraph and through the AI developer through Cody. [00:45:49]Steve: So anyway, just to finish off the graph comment, we've got a new graph, yeah, that's skip based. We call it BFG internally, right? It's a beautiful something graph. A big friendly graph. [00:46:00]Swyx: A big friendly graph. [00:46:01]Beyang: It's a blazing fast. [00:46:02]Steve: Blazing fast. [00:46:03]Swyx: Blazing fast graph. [00:46:04]Steve: And it is blazing fast, actually. It's really, really interesting. I should probably have to do a blog post about it to walk you through exactly how they're doing it. Oh, please. But it's a very AI-like iterative, you know, experimentation sort of approach. We're building a code graph based on all of our 10 years of knowledge about building code graphs, yeah? But we're building it quickly with zero configuration, and it doesn't have to integrate with your build. And through some magic tricks that we have. And so what just happens when you install the plugin, that it'll be there and indexing your code and providing that knowledge graph in the background without all that build system integration. This is a bit of secret sauce that we haven't really like advertised it very much lately. But I am super excited about it because what they do is they say, all right, you know, let's tackle function parameters today. Cody's not doing a very good job of completing function call arguments or function parameters in the definition, right? Yeah, we generate those thousands of tests, and then we can actually reuse those tests for the AI context as well. So fortunately, things are kind of converging on, we have, you know, half a dozen really, really good context sources, and we mix them all together. So anyway, BFG, you're going to hear more about it probably in the holidays? [00:47:12]Beyang: I think it'll be online for December 14th. We'll probably mention it. BFG is probably not the public name we're going to go with. I think we might call it like Graph Context or something like that. [00:47:20]Steve: We're officially calling it BFG. [00:47:22]Swyx: You heard it here first. [00:47:24]Beyang: BFG is just kind of like the working name. And so the impetus for BFG was like, if you look at like current AI inline code completion tools and the errors that they make, a lot of the errors that they make, even in kind of like the easy, like single line case, are essentially like type errors, right? Like you're trying to complete a function call and it suggests a variable that you defined earlier, but that variable is the wrong type. [00:47:47]Swyx: And that's the sort of thing [00:47:47]Beyang: where it's like a first year, like freshman CS student would not make that error, right? So like, why does the AI make that error? And the reason is, I mean, the AI is just suggesting things that are plausible without the context of the types or any other like broader files in the code. And so the kind of intuition here is like, why don't we just do the basic thing that like any baseline intelligent human developer would do, which is like click jump to definition, click some fine references and pull in that like Graph Context into the context window and then have it generate the completion. So like that's sort of like the MVP of what BFG was. And turns out that works really well. Like you can eliminate a lot of type errors that AI coding tools make just by pulling in that context. Yeah, but the graph is definitely [00:48:32]Steve: our Chomsky side. [00:48:33]Swyx: Yeah, exactly. [00:48:34]Beyang: So like this like Chomsky-Norvig thing, I think pops up in a bunch of differ

Topics covered in this episode: Make Each Line Count, Keeping Things Simple in Python Parsel A Comprehensive Guide to Python Logging with Structlog Stamina Extras Joke Watch on YouTube About the show Sponsored by Sentry: pythonbytes.fm/sentry Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: Make Each Line Count, Keeping Things Simple in Python Bob Belderbos Some great tips to help you simplify your Python code to make it more understandable and maintainable. Michael #2: Parsel Parsel is a BSD-licensed Python library to extract data from HTML, JSON, and XML documents. Parsel lets you extract data from XML/HTML documents using XPath or CSS selectors. It supports: CSS and XPath expressions for HTML and XML documents JMESPath expressions for JSON documents Regular expressions # Want a RSS feed detail from a website standard HTML? selector = parsel.Selector(text=html_text) for link in selector.css('head > link'): rel = link.xpath('.//@rel').get() rel_type = link.xpath('.//@type').get() href = link.xpath('.//@href').get() Brian #3: A Comprehensive Guide to Python Logging with Structlog Stanley Ulili structlog is an awesome logging tool, and already has great documentation. However, this article is a great starting point, highlighting: how easy it is to get started using structlog configuring the default log level changing the formatting customizing the time stamp adding custom fields adding contextual data filtering async … Michael #4: Stamina via Matthias Bach, by Hynek Production-grade Retries Made Easy stamina is an opinionated wrapper around the great-but-unopinionated Tenacity package. Its goal is to be as ergonomic as possible, while doing the right thing by default, while minimizing potential for misuse. General additions on top of Tenacity Retry only on certain exceptions. Exponential backoff with jitter between retries. Limit the number of retries and total time. Automatic async support. Preserve type hints of the decorated callable. Count (Prometheus) and log (structlog) retries with basic metadata, if they're installed. Easy global deactivation for testing. Extras Brian: The “pytest fixtures” chapter of the pytest course is available now. Also, the PYTHONBYTES 20% discount still active for bundle through the end of August. Michael: Python 3.12.0 release candidate 1 released PyCon UK: The conference takes place from the 22nd to the 25th of September in Cardiff, Wales. The schedule is available at 2023.pyconuk.org/schedule/ and tickets are available at 2023.pyconuk.org/tickets/. PyData Eindhoven 2023, Nov 30 CFP open PyData Seattle Language Creators Charity Fundraiser: Adele Goldberg - Smalltalk, Guido Van Rossum, Anders Hejlsberg, C#, and James Gosling - Java. September 19, 2023: 12:00 - 4:00 PM, in person only. Joke: Librarian chatgpt-failures

Watch on YouTube About the show Sponsored by Microsoft for Startups Founders Hub. Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/stream/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Michael #1: Secure maintainer workflow by Ned Batchelder We are the magicians, but also the gatekeepers for our users Terminal sessions with implicit access to credentials first is unlikely: a bad guy gets onto my computer and uses the credentials to cause havoc second way is a more serious concern: I could unknowingly run evil or buggy code that uses my credentials in bad ways. Mitigations 1Password: where possible, I store credentials in 1Password, and use tooling to get them into environment variables. Side bar: Do not use lastpass, see end segment I can have the credentials in the environment for just long enough to use them. This works well for things like PyPI credentials, which are used rarely and could cause significant damage. Docker: To really isolate unknown code, I use a Docker container. Brian #2: Tools for parsing HTML and JSON Learned these from A Year of Writing about Web Scraping in Review Parsel - extract and remove data from HTML using XPath and CSS selectors jmespath - “James Path” - declaratively specify how to extract elements from a JSON document Michael #3: git-sizer Compute various size metrics for a Git repository, flagging those that might cause problems. Tip, partial clone: git clone --filter=blob:none URL # Stats for training.talkpython.fm # Full: git clone repo Receiving objects: 100% (118820/118820), 514.31 MiB | 28.83 MiB/s, done. Resolving deltas: 100% (71763/71763), done. Updating files: 100% (10792/10792), done. 1.01 GB on disk # Partial: git clone --filter=blob:none repo Receiving objects: 100% (10120/10120), 220.25 MiB | 24.92 MiB/s, done. Resolving deltas: 100% (1454/1454), done. Updating files: 100% (10792/10792), done. 694.4 MB on disk Partial clone is a performance optimization that “allows Git to function without having a complete copy of the repository. The goal of this work is to allow Git better handle extremely large repositories.” When changing branches, Git may download more missing files. Not the same as shallow clones or sparse checkouts Consider shallow clones for CI/CD/deployment Sparse checkouts for a slice of a monorepo Brian #4: Dataclasses without type annotations Probably file this under “don't try this at home”. Or maybe “try this at home, but not at work”. Or just “that Brian fella is a bad influence”. What! It's not me. It's Adrian, the dude that wrote the article. Unless you're using a type checker, for dataclasses, “… use any type you want. If you're not using a static type checker, no one is going to care what type you use.” @dataclass class Literally: anything: ("can go", "in here") as_long_as: lambda: "it can be evaluated" # Now, I've noticed a tendency for this program to get rather silly. hell: with_("from __future__ import annotations") it_s: not even.evaluated it: just.has(to=be) * syntactically[valid] # Right! Stop that! It's SILLY! Extras Michael: LastPass story just keeps getting worse We will see problems in supply chains because of this too A whole 2 hour discussion diving into what I touched on: twit.tv/shows/security-now Got your new mac mini yet? Or MacBook Pro? Joke: Developer/maker, what's my purpose?

Jonathon Wright is joined by Sanjay Kumar, creator of Selectorshub, and James Walker from Curiosity. Listen to learn more about how open source tools help simplify xPath writing and integration in automation engineering.

SAP Community Blog Review for 2021 April Best Picks 1 - Integration Advisor XSLT functions Integration Advisor – List of supported XSLT elements and XPath functions https://blogs.sap.com/2021/04/06/integration-advisor-list-of-support-xslt-elements-and-xpath-functions/ Integration Advisor – Mapping element functions, the use of xsl:copy, xsl:copy-of, xsl:sequence, or xsl:value-of https://blogs.sap.com/2021/04/06/integration-advisor-mapping-element-functions-the-use-of-xslcopy-xslcopy-of-xslsequence-or-xslvalue-of/ Integration Advisor – Mapping element functions for comparing nodes and values https://blogs.sap.com/2021/04/08/integration-advisor-mapping-element-functions-for-comparing-nodes-and-values/ 2 - Value Mapping migration from SAP PO to CPI How to import SAP PO value mappings into SAP CPI (Cloud Integration) https://blogs.sap.com/2021/04/13/how-to-import-sap-po-value-mappings-into-sap-cpi-cloud-integration/ 3 - An example with good storytelling and clear explanation SAP Integration Suite – Scrape and visualize data as you please https://blogs.sap.com/2021/04/23/sap-btp-integration-suite-scrape-and-visualize-data-as-you-please/ 4 - Which component name to use while opening tickets for standard packages Identifying the Correct Standard Cloud Integration Package Support Component https://blogs.sap.com/2021/04/30/identifying-the-correct-standard-sci-integration-package-support-component/ 5 - Custom Mapping Functions in CPI Understanding Groovy Scripting for SAP Integration Suite – Part 1 https://blogs.sap.com/2021/04/08/understanding-groovy-scripting-for-sap-integration-suite-part-1/ Understanding Groovy Scripting for SAP Integration Suite – Part 2 https://blogs.sap.com/2021/04/08/understanding-groovy-scripting-for-sap-integration-suite-part-2/ UDFNodePool Functions for SAP CPI with Groovy Scripting https://blogs.sap.com/2021/04/25/udfnodepool-functions-for-sap-cpi-with-groovy-scripting/ 6 - SAP API Management – Error handling options SAP API Management – Error handling with FaultRules, the DefaultFaultRule and the RaiseFault Policy (Part 1 of 2) https://blogs.sap.com/2021/04/21/sap-api-management-error-handling-with-faultrules-the-defaultfaultrule-and-the-raisefault-policy-part-1-of-2/ SAP API Management – Error handling with FaultRules, the DefaultFaultRule and the RaiseFault Policy (Part 2 of 2) https://blogs.sap.com/2021/04/28/sap-api-management-error-handling-with-faultrules-the-defaultfaultrule-and-the-raisefault-policy-part-2-of-2/ New Features Malware scanner in SAP Cloud Integration https://blogs.sap.com/2021/04/06/malware-scanner-in-sap-cloud-integration/ How-to Articles SAP Cloud Integration with Workflow and Business Rule https://blogs.sap.com/2021/04/13/cloud-integration-with-workflow-and-business-rule-in-sap-btp-cloud-foundry/ CPQCPI1-SAP CPI – Calling CPQ REST API in CPI and fetch the data from CPQ. https://blogs.sap.com/2021/04/05/sap-cpi-calling-cpq-rest-api-in-cpi-and-fetch-the-data-from-cpq./ CPQCPI2-SAP CPQ REST API Authentication via JWT token in CPI https://blogs.sap.com/2021/04/05/sap-cpq-rest-api-authentication-via-jwt-token-in-cpi/ Fixed Length File Generation Scenario Through SAP Cloud Platform Integration https://blogs.sap.com/2021/04/08/fixed-length-file-generation-scenario-through-sap-cloud-platform-integration/ How To Setup a Test SFTP connection for Testing your CPI Iflows end to end https://blogs.sap.com/2021/04/09/how-to-setup-a-test-sftp-connection-for-testing-your-cpi-iflows-end-to-end/ Configure SFTP on your local machine and connect to CPI https://blogs.sap.com/2021/04/21/configure-sftp-on-your-local-machine-and-connect-to-cpi/ SCPI Sender – Certificate-to-User Mapping with SAP Passport https://blogs.sap.com/2021/04/13/scpi-sender-certificate-to-user-mapping-with-sap-passport/ Setup of Api management/Cloud Foundry services with sap cloud connector on Kubernetes/Gardener https://blogs.sap.com/2021/04/13/setup-of-api-management-cloud-foundry-services-with-cloud-connector-on-kubernetes-gardener/ Use SAP BTP Integration Suite to Integrate S4/HANA Cloud with Third-Party System https://blogs.sap.com/2021/04/19/use-sap-btp-integration-suite-to-integrate-s4hana-cloud-with-third-party-system/ How to configure a simple synchronous SOAP consumer in R3 system with CPI SOAP Adapter https://blogs.sap.com/2021/04/10/how-to-configure-a-simple-synchronous-soap-consumer-in-r3-system-with-cpi-soap-adapter/ SharePoint Integration using SAP CPI (Without SAP Open Connector) https://blogs.sap.com/2021/04/15/sharepoint-integration-using-sap-cpi-without-sap-open-connector/ Community Tooling Updates How to create vector graphics from IFlows https://blogs.sap.com/2021/04/09/how-to-create-vector-graphics-from-iflows/ From CPI IFlow to diagram with iflow-plotter https://blogs.sap.com/2021/04/23/from-cpi-iflow-to-diagram-with-iflow-plotter/ High-Resolution Flow Images for Documentation https://blogs.sap.com/2021/04/25/high-resolution-flow-images-for-documentation/ Bulk MPL Attachment Download with CPI Explorer for SAP Cloud Integration https://blogs.sap.com/2021/04/13/bulk-mpl-attachment-download-with-cpi-explorer-for-sap-cloud-integration/ Blog Series SAP CPI setup in a multi-stage system landscape using Figaf DevOps https://blogs.sap.com/2021/04/20/blog-series-sap-cpi-setup-in-a-multi-stage-system-landscape-using-figaf-devops/ Extra Cloud Integration, SAP HCI, SAP CPI Interview Questions. https://blogs.sap.com/2021/04/06/cloud-integration-sap-hci-sap-cpi-interview-questions./

See the layout of an XML document $ xmlstarlet elements planets.xml xml xml/sol xml/sol/planet xml/sol/planet/name xml/sol/planet/albedo xml/sol/planet xml/sol/planet/name xml/sol/planet/albedo xml/sol/planet xml/sol/planet/name xml/sol/planet/albedo See content of the planet node $ xmlstarlet select -t --value-of '/xml/sol/planet' planets.xml Mercury 0.11 Venus 0.7 Terra 0.39 Get the third instance of the planet node $ xmlstarlet select -t --value-of '/xml/sol/planet[3]' planets.xml Terra 0.39 Get only the planets with an albedo greater than 0.25 $ xmlstarlet select -t --value-of '/xml/sol/planet[albedo > 0.25]' planets.xml Venus 0.7 Terra 0.39 Get only the planets closer to Sol than the third planet $ xmlstarlet select -t --value-of '/xml/sol/planet[position() < 3]' planets.xml Mercury 0.11 Venus 0.7 Learn more XPath functions at Mozilla Developer Network. Download xmlstarlet from xmlstarlet.sourceforge.net.

¿Se pueden usar diferentes versiones de una misma librería en un proyecto? (resumen: ¡No vayas por ahí!). MultiVersion Concurrent Control https://podcast.jcea.es/python/19 Participantes: Jesús Cea, email: jcea@jcea.es, twitter: @jcea, https://blog.jcea.es/, https://www.jcea.es/. Conectando desde Madrid. Víctor Ramírez, twitter: @virako, programador python y amante de vim, conectando desde Huelva. Javier, conectando desde Madrid. Miguel Sánchez, email: msanchez@uninet.edu, conectando desde Canarias. Audio editado por Pablo Gómez, twitter: @julebek. La música de la entrada y la salida es "Lightning Bugs", de Jason Shaw. Publicada en https://audionautix.com/ con licencia - Creative Commons Attribution 4.0 International License. [00:52] Prólogo: FOSDEM https://fosdem.org/. Escuchar audios previos para ver errores y comentar "erratas". [03:07] ¡Tenemos un voluntario para editar el podcast! Detalles de cómo grabamos las tertulias. Todo se graba en una sola pista :-(. RNNoise: https://people.xiph.org/~jm/demo/rnnoise/. Ideas para automatizar el proceso. [09:17] Aviso legal de que se está grabando el sonido y que se va a publicar online. El audio publicado tendrá un índice en texto, para poder hacer búsquedas y poder moverse con facilidad entre temas. [11:22] Errata de la tertulia anterior: No, pipenv https://pypi.org/project/pipenv/ no puede instalar dos versiones diferentes de la misma librería. [13:07] Tormenta de ideas https://es.wikipedia.org/wiki/Lluvia_de_ideas sobre cómo usar diferentes versiones de la misma librería en el mismo proyecto. Conclusión: ¡No vayas por ahí! Las bibliotecas solo se cargan una vez en el programa, aunque se hagan muchos import en el código. sys.modules https://docs.python.org/3/library/sys.html#sys.modules. Dependencias transitivas. Subintérpretes Python. PEP 554: https://www.python.org/dev/peps/pep-0554/. Módulos en C: PEP 489 -- Multi-phase extension module initialization https://www.python.org/dev/peps/pep-0489/. [22:17] Python 3.10a5. PEP 636 -- Structural Pattern Matching: Tutorial https://www.python.org/dev/peps/pep-0636/. ¡Más sintaxis nueva! PEP 617 -- New PEG parser for CPython https://www.python.org/dev/peps/pep-0617/. [23:57] Nuitka https://nuitka.net/. Puede generar un binario que no depende de tener nada instalado. [26:02] Volvemos a "Structural Pattern Matching" https://www.python.org/dev/peps/pep-0636/. "Switch" con esteroides. [27:32] Lo importante que fue la modernización de los tutoriales y ejemplos para ayudar a la migración de Python 2 a Python 3. PEP 414 -- Explicit Unicode Literal for Python 3.3 https://www.python.org/dev/peps/pep-0414/. Jesús Cea opina que la migración de Python 2 a Python 3 se hizo mal y ha sido muy traumática. [30:22] PEP 8 https://www.python.org/dev/peps/pep-0008/. ¿Ajustarse estrictamente a 80 columnas? Flake8: https://pypi.org/project/flake8/. [33:22] Mucho cuidado con "python-ideas" https://mail.python.org/mailman3/lists/python-ideas.python.org/. Tabulación de código. La anotación de tipos puede gustar o no, pero de momento es opcional. Tema recurrente: ¿Qué es ser pythonico? [35:12] Ventajas de anotar tipos. Origen de MYPY: http://mypy-lang.org/. Aportar información al IDE https://en.wikipedia.org/wiki/Integrated_development_environment. Valor a la hora de documentar los tipos en los API https://en.wikipedia.org/wiki/API. [39:52] Cryptography https://cryptography.io/en/latest/ y polémica al integrar módulos en Rust https://en.wikipedia.org/wiki/Rust_(programming_language) Comunidad tóxica. [41:27] Digresión sobre systemd https://en.wikipedia.org/wiki/Systemd y otras cosas de sistemas. ¿El cambio por el cambio? [45:07] El peso de la web está moviéndose otra vez al backend. ¿Qué opciones tiene Python en este area? El cliente web solo envía eventos al servidor y recibe cambios al DOM https://es.wikipedia.org/wiki/Document_Object_Model enviadas por el servidor. Abre la posibilidad olvidarnos de JavaScript: https://es.wikipedia.org/wiki/JavaScript. ItsNat: https://en.wikipedia.org/wiki/ItsNat. [51:02] splash https://pypi.org/project/splash/. Servicio de dibujado de javascript en Python. AJAX: https://es.wikipedia.org/wiki/AJAX. [56:07] Integrar Python en otros programas y demonios. LUA: https://es.wikipedia.org/wiki/Lua. [57:07] PyOxidizer https://pyoxidizer.readthedocs.io/en/stable/ y PyO3 https://pyo3.rs/. Interactuar con otros lenguajes. Python en Java, interactuando sin dolor: Jython https://www.jython.org/. [59:52] ¿Cómo empezamos en Python? Valor de Python como lenguaje fácil de entender y pseudocódigo. SpamBayes: http://spambayes.sourceforge.net/. Tutorial de Python: https://docs.python.org/es/3/tutorial/index.html. bc -l https://linux.die.net/man/1/bc. [01:05:07] Modificación atómica de ficheros. En Unix se suele hacer: write + flush + rename. rename: https://www.man7.org/linux/man-pages/man2/rename.2.html. MS Windows eso no funciona. Python 3.3 añadió os.replace() https://docs.python.org/3.8/library/os.html#os.replace. En MS Windows es atómico... casi siempre: Issue8828: Atomic function to rename a file https://bugs.python.org/issue8828. [01:10:02] Combinar fork e hilos en Python es una receta para el desastre. fork: https://www.man7.org/linux/man-pages/man2/fork.2.html. multiprocessing: https://docs.python.org/3/library/multiprocessing.html. [01:11:37] Decorador @overload https://docs.python.org/3/library/typing.html#typing.overload. @functools.singledispatch https://docs.python.org/3/library/functools.html. ¿Qué se ve cuando salta una excepción? Especializaciones. Cython https://cython.org/. [01:17:00] AnyIO https://anyio.readthedocs.io/en/stable/basics.html. Unificación de reactores asíncronos. [01:18:12] "lxml soporta xpath". Hilo en la lista de correo: "[Python-es] Biblioteca XPATH" https://mail.python.org/pipermail/python-es/2021-February/037931.html. lxml: https://lxml.de/. beautifulsoup4: https://pypi.org/project/beautifulsoup4/. XPath: https://es.wikipedia.org/wiki/XPath. Scrapy: https://scrapy.org/. El buscador de PyPI https://pypi.org/ funciona fatal a la hora de ordenar por relevancia. [01:20:02] El valor de estudiar el código fuente ajeno no solo para aprender de él sino también para descubrir qué bibliotecas útiles utilizan para añadirlas a tu cajón de herramientas. Es la documentación última. Los tests son muy útiles para saber cómo se usa el producto. [01:22:02] ¿Cómo gestionáis la paginación cuando los datos del backend cambian? ¿Cómo evitáis repetir resultados o saltaros datos? Brainstorming de diversas estrategias. Berkeley DB: https://pypi.org/project/berkeleydb/. lmdb: https://pypi.org/project/lmdb/. Multiversion concurrency control: https://es.wikipedia.org/wiki/Multiversion_concurrency_control. Copy on Write: https://es.wikipedia.org/wiki/Copy_on_write. Snapshot: https://es.wikipedia.org/wiki/Copia_instant%C3%A1nea_de_volumen. BTree: https://es.wikipedia.org/wiki/%C3%81rbol-B. PostgreSQL: https://www.postgresql.org/. ZFS: https://es.wikipedia.org/wiki/ZFS_(sistema_de_archivos). Normalización y formas normales: https://es.wikipedia.org/wiki/Forma_normal_(base_de_datos). [01:48:42] FOSDEM https://fosdem.org/: Virako recomienda las siguientes: Some SQL Tricks of an Application DBA - Non-trivial tips for database development https://fosdem.org/2021/schedule/event/postgresql_some_sql_tricks_of_an_application_dba/. Database Disasters and How to Find Them https://fosdem.org/2021/schedule/event/postgresql_database_disasters_and_how_to_find_them/. Practical advice for using Mypy - Hidden gems in the typing system! https://fosdem.org/2021/schedule/event/python_mypy/. Escaping the Cargo Cult - How to structure your project without losing your mind. https://fosdem.org/2021/schedule/event/python_escaping_cargo_cult/. [01:52:02] Charla Python Madrid https://www.python-madrid.es/. TDD - ¿panacea del desarrollo o pérdida de tiempo? https://www.python-madrid.es/meetings/reunion-febrero-2021-python-madrid/. [01:54:27] Comentado en la tertulia de la semana pasada: Bugs sobre "pickle" https://docs.python.org/3/library/pickle.html en el módulo __main__. Se trata de un problema conocido. Ejemplo de código: https://pastebin.com/vGM1sh8r. Issue24676: Error in pickle using cProfile https://bugs.python.org/issue24676. Issue9914: trace/profile conflict with the use of sys.modules[__name__] https://bugs.python.org/issue9914. Issue9325: Add an option to pdb/trace/profile to run library module as a script https://bugs.python.org/issue9325. [02:00:42] Que te cuenten lo que no funciona es mucho más interesante. Postmortem. [02:02:52] Whoosh: https://whoosh.readthedocs.io/en/latest/intro.html. ¿Cómo normalizar las palabras para español? La palabra "real" Whoosh: https://www.wordreference.com/es/translation.asp?tranword=whoosh. Dificultades para buscar el proyecto Python Whoosh https://whoosh.readthedocs.io/en/latest/intro.html en internet. [02:05:48] Final.

Overview: Testing isn’t something that many people enjoy doing, but Jessica Sachs is an exception. Jessica is the tech lead on the component testing team (which spans across four time zones and is fluent in 8 languages) at Cypress, and she is so excited about the developments that have been taking place in this space. In today’s episode Jessica explains the four main steps involved in component testing, the first thing she does when making something testable and why your answer should always be a hard yes if you are asked whether you do TDD. Jessica is also writing a course for Vue Mastery, and she shares with us what the course entails and how it will help alleviate a problem that people in her position regularly encounter. You’ll also hear Jessica and the panels’ thoughts on XPath, E to E tests, and Internet Explorer, and we end off with a wide range of unusual picks for the week! Key Points From This Episode: - How Jessica and the panel feel about test writing. - Jessica’s current role at Cypress.io, and the most euphoric moment of her career. - The four steps involved in component testing. - Real World Testing; an explanation of the course Jessica is writing for Vue Mastery. - A common problem that testers encounter. - Why Jessica doesn’t mock the Vuex, router or any plugin. - The first thing Jessica does when making something testable. - Making code more testable; what Jessica looks for. - Approaches to writing E to E tests. - Why XPath was invented and why it’s such a mess. - Jessica’s first code language (an obscure one that she is proud of!). - One of the toughest interview questions Jessica has been asked. - What your answer should always be when someone asks, “Do you do TDD?” - Where the strength of Cypress component testing lies. - Diversity in Jessica’s team. - Why Cypress isn’t going to support Internet Explorer. - This week’s picks; including drunk darts, anti-static hair brushes, and a show about creating animals. Tweetables: - “Getting the component first mounted is the biggest hurdle. I can't stress that enough.” — @jessicasachs [0:05:13] - “The situation you find yourself in is that of many developers, where you inherit an application where the person wasn't thinking about testability. And that's not an uncommon scenario. That's pretty normal.” — @jessicasachs [0:11:32] - “I don't mock the Vuex router, the Vuex or router, or any plugin. I just treat it like it's real. I find that mocking both removes you from what will actually happen in production, as well as makes your test really coupled to the source code.” — @jessicasachs [0:13:15] - “The first thing with making things testable; anything that's a side effect that executes immediately when you import it needs to be a function.” — @jessicasachs [0:15:28] Resources mentioned - Cypress (https://www.cypress.io/) - Vueconf US (http://vueconf.us/) - New Creation Soda (https://newcreationsoda.com) - Brush with Bamboo (https://zerowastestore.com/products/bamboo-hair-brush) (ZeroWasteStore) - Gravity Maze: Falling Marble Logic Maze Game (https://www.thinkfun.com/products/gravity-maze), ThinkFun - Clubhouse Games (Nintendo Switch) (https://www.nintendo.com/games/detail/clubhouse-games-51-worldwide-classics-switch/) - Vue Mastery (https://www.vuemastery.com/) - Vue Styleguidist (https://vue-styleguidist.github.io/) - Vue i18n (https://vue-i18n.intlify.dev/) - What Query Selector Should I Use?, Kent C. Dodds (Testing Library) (https://kentcdodds.com/blog) - Vite (https://vitejs.dev/) - Enjoy the Vue on Twitter (https://twitter.com/enjoythevuecast?lang=en) - Enjoy the Vue (https://enjoythevue.io/) Special Guest: Jessica Sachs.

Join my discussion with Elena Antoneac, CEO and founder of xpath.global, all the way from Romania!! Elena started her career in HR and global mobility, and then in 2013 founded Nestlers, a boutique law firm focused on immigration, global mobility and employment based in Romania & Moldova. She slowly started to realize that there wasn’t an easy way for companies around the world to connect with all the great local mobility service providers in every country, there was no… marketplace for it. And so xpath.global was born. She raised 1M EUR from the EU, invested her own money, and got to work! So here’s what we’ll be chatting about: Elena’s early days in Romania and all her academic achievements around the world How Elena landed her first job in global mobility and those first years were like What led Elena to launch Nestlers Elena’s experience growing Nestlers and how the idea for xpath.global came about What xpath.global does today and plans for the future Elena’s take on the global immigration tech space looking ahead And more! For More Information On xpath.global: https://www.xpath.global/home

Eleventy, XPath, a custom GitHub Action, and new Apple Silicon Macs for Ryan and Brandon!

Zeo Agency’de SEO Team Lead olarak görev yapan Tevfik Mert Azizoğlu “xPath, Google Sheets ve Zapier İle SEO Otomasyonu” sunumuyla bizimleydi. Sunum dosyasına buradan ulaşabilirsiniz: https://bit.ly/mert-azizoglu-sunum (https://www.youtube.com/redirect?redir_token=QUFFLUhqbVFHM2dqN2lpMzJQeVNJUXllOWprelhjS0NtZ3xBQ3Jtc0tudlVFMTJlRnFoSGV2Njh0OXNkOVJ0M1lkSXZ6OXpPNzloRWQ1QVZuU3VUbmZtMXp6S2NfSVdmODdjbEpaTHhQUW1ybVdPWDNQQk1waExMM1cxR180dkgwX1pPc1MtdzJtOXV2dFc0LXR0X3kxRmtsNA%3D%3D&q=https%3A%2F%2Fbit.ly%2Fmert-azizoglu-sunum&event=video_description&v=anQF5_6oPMU)

Today is April 15, 2020, and for this Wednesday Wisdom episode we're covering: Free GitHub Team Accounts New Firefox 75 Developer Features Shopify's App Challenge Let's dive in! ---- Yesterday GitHub announced they were making core features free for team accounts. Previously team accounts could not have private repositories without having a paid account. Essentially, the team accounts will function like regular accounts, but with more options to collaborate. Paid team plans are still available with additional features but the price has dropped from $9 to $4 per user. ---- Firefox 75 was released on April 7th and it brought several new features for developers. The developer tools received some updates, such as resizing the measurement tool, locating elements with XPath expressions, and filtering WebSocket messages using regular expressions. Additional support and implementations were added to the HTML, CSS, Accessibility, JavaScript, and API sections. ---- Today Shopify announced a new initiative called the Shopify App Challenge: Commerce and COVID-19. As the name suggests, this challenge is for Shopify app developers to build apps that help merchants during the current pandemic. Winning apps can win up to $20,000, $1,000 in Shopify ad credits, a featured spot in the app store, and mentorship from the Shopify product and engineering team. ---- Want to know more? Head to fewdaily.com for more of today's topics and other front-end web content! If you liked what you heard be sure to rate, review, and subscribe on your platform of choice. That's all for today, tune in tomorrow! --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

stdout.fm 41번째 로그에서는 Slack 장애, GitHub 스타 어뷰징, Bose NCH 700 등에 대해서 이야기를 나눴습니다. 참가자: @seapy, @nacyo_t, @raccoonyy 개발자 팟캐스트 stdout.fm stdout.fm are creating 클라우드, 소프트웨어 개발, 전자 제품에 대해 이야기하는 프로그래머들의 팟캐스트 | Patreon When a rewrite isn’t: rebuilding Slack on the desktop 소프트웨어 환멸감 Slack vs. Productivity: Here’s what happened when Slack went down 오픈소스를 금지당한 사람들의 몸부림 - ChangJoo Park - Medium GNU Ethical Repository Criteria - GNU Project - Free Software Foundation github-do-not-ban-us/README-KO.md at master · 1995parham/github-do-not-ban-us Qiita metatron-app/metatron-discovery: Powerful & Easy way for big data discovery Stop abuse GitHub Star · Issue #2405 · metatron-app/metatron-discovery Drinks-for-stars promo on open-source GitHub project scrapped after disgusted devs shame it into oblivion • The Register kelseyhightower/nocode: The best way to write secure and reliable applications. Write nothing; deploy nowhere. sparklemotion/nokogiri: Nokogiri (鋸) is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. 공지사항(내용보기) < 정보광장 < 고객지원 < 기업 T world metatron-discovery security review speed run – 임준오의 블로그 Metabase Smart Noise Cancelling Headphones 700 | Bose QuietControl 30 (QC30) Wireless Noise Cancelling Earbuds | Bose QuietComfort 35 II Wireless Smart Headphones | Bose 무선 노이즈 캔슬링 헤드폰| WH-1000XM3 | Sony KR Amazon.com: Anova Culinary Sous Vide Precision Cooker | WI-FI + Bluetooth | 900W | Anova App Included: Gateway 어웨어 세컨드 에디션 - Awair Still prefer the QC35 II’s 대한항공 비즈니스 클래스 노이즈 캔슬링 해드폰 지급 : 네이버 블로그 Bose noise-masking sleepbuds™ Keychron K2 - A Sleek, Compact Wireless Mechanical Keyboard by Keychron — Kickstarter Keychron | Wireless Mechanical Keyboards for Mac, Windows and Android

This week on the podcast, Kyle and Dan discuss challenges on moving to the cloud, how to limit search data in non-production environments, and using XPath to modify XML files. Show Notes Logesh on Cloud Challenges @ 1:30 HR Security View Performance @ 9:00 Limiting Search Data @ 12:00 DPK Archive Follow-up @ 17:30 XPath @ 24:00

Don Chamberlin holds a B.S. degree from Harvey Mudd College and a Ph.D. from Stanford University. For many years, he worked at Almaden Research Center, researching database languages and systems. He was a member of the System R research team that developed much of today’s relational database technology and, together with Ray Boyce, he designed the original SQL database language. More recently, he was a member of the W3C Working Group on XML Query Languages and an editor of the XPath 2.0 and XQuery language specifications, which became W3C Recommendations in 2007. With Jonathan Robie and Dana Florescu, he designed the Quilt language, which became the basis for the design of XQuery. He likes to teach and recently taught a Java programming class at University of California, Santa Cruz. For the last several years he has been a judge and problem contributor to the ACM International Collegiate Programming Contest.

Fredrik chats with Craig Muth, creator of the more than slightly mind-bending Xiki about the past, present and future of this weird and wonderful evolution of the command line. Seeing Xiki in action is probably the best way to begin to grasp it, and Craig has created several great videos and screencasts. We go all the way from Xiki’s beginnings as a framework inside of Emacs to its current state as a standalone companion to your normal command line, and its just launched Kickstarter to take the next step and become social by making it super simple to share and find commands. We also look further into the future, entering completely free-form speculation about where things could go both for command lines and user-extendable interfaces. (Yes, Hyper card and Opendoc both come up.) Don’t assume things you want will happen - back things you want to succeed! Cheer up the autumn: on October 3rd Suse is sponsoring a live pod and after work in Stockholm! We’ll occupy Hobo at Brunkebergstorg 4. Doors open at 17, the pod commences somewhere around 18, and then we talk code, life, the universe, and everything and have some nice drinks for as long as we like. We hope to see you there, and that you bring along a friend or two! The number of seats are limited, so send an email as soon as possible to livepodd@gmail.com with your name, company and if you’re bringing anyone along. Thank you Cloudnet for sponsoring our VPS! Comments, questions or tips? We are @kodsnack, @tobiashieta, @oferlund and @bjoreman on Twitter, have a page on Facebook and can be emailed at info@kodsnack.se if you want to write longer. We read everything we receive. If you enjoy Kodsnack we would love a review in iTunes! Links Craig on Github Xiki The 2014 Xiki Kickstarter The current (2017) Kickstarter - includes the videos we talk about The older screencasts Quicksilver Xikihub Riverdance The talks are also on the screencasts page Emacs Elisp - Emacs Lisp Bash Z shell The Medium post - Xiki: one developer's quest to turbocharge the command line interface Made to stick React native EJB CORBA JSON CSON YAML AWS - Amazon web services Xpath Fish shell Oh my zsh Hyper D3 Ward Cunningham Smallest federated wiki The Xiki tutorial Roads and bridges: the unseen labor behind our digital infrastructure - the paper Fredrik read Hypercard Mac LC computers Opendoc Steve Jobs explaining why he’s shutting down Opendoc Titles The command line is awesome when you know exactly what to type All right, now I get it Lost, but in a really exciting way Make the command line work like a search engine A missing piece in the command line Making all the search results myself It doesn’t take that many people Riverdance with the horse and the banana Now I get the one thing, but I don’t care An idea whose time has come Hey, that’s like a command line Way back in Ohio The power you get when you do remember the commands The germ of Xiki I’ve never been able to stop working on it Users are so key I could add something here! Hey, this doesn’t exist yet! In Ohio working at boring banks This better work! My friend Keith thinks I should move to San Francisco Feeling comfortable in my skin for the first time Escape gets you into more trouble! People will fill in the gaps Do for commands what Github did for code Utterly freeform This neat open thing

Panel Ben Scheirman (twitter github blog NSSreencast) Rod Schmidt (twitter github infiniteNIL) Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up) Discussion 01:09 - Backend Experience 01:49 - Connecting to APIs & Synchronization Windows Azure Mobile Services iCloud Wasabi Sync TICoreDataSync Buoy Explorer 07:10 - Third-party APIs OAuth Instragram Stripe 11:57 - Parsing NSXMLParser NSXMLDocument Cocoa with Love: Using libxml2 for XML parsing and XPath queries in Cocoa libxml 18:18 - JSON RestKit 22:38 - Libraries AFNetworking 31:02 - Building Backends for iOS Applications DeliRadio 35:05 - Security SSL Pinning Charles API Keys Secrets 41:28 - Support Caching NSURLCache 45:34 - Charles Picks objc.io (Rod) Mackie | Onyx Blackjack 2x2 USB Interface (Ben) Runscope (Ben) Daring Fireball: Markdown Syntax Documentation (Chuck) Next Week Debugging Transcript [This show is sponsored by The Pragmatic Studio. The Pragmatic Studio has been teaching iOS development since November of 2008. They have a 4-day hands-on course where you'll learn all the tools, APIs, and techniques to build iOS Apps with confidence and understand how all the pieces work together. They have two courses coming up: the first one is in July, from the 22nd - 25th, in Western Virginia, and you can get early registration up through June 21st; you can also sign up for their August course, and that's August 26th - 29th in Denver, Colorado, and you can get early registration through July 26th. If you want a private course for teams of 5 developers or more, you can also sign up on their website at pragmaticstudio.com.] CHUCK: Hey everybody and welcome to Episode 13 of the iPhreaks Show! This week on our panel, we have Ben Scheirman. BEN: Hello from Houston! CHUCK: We also have Rod Schmidt. ROD: Hello from Salt Lake! CHUCK: I'm Charles Max Wood from DevChat.tv. This week, we're going to be talking about "Connecting to Backend APIs and just Backend Systems" in general. I'm curious, how much of this kind of thing have you guys done in the past? BEN: That's pretty much the central part of any app that we develop. Most apps aren't really self-contained; it's a functionality. A lot of them required data that's accessible somewhere else. Or, even if you generate the data on the device, usually, people want to access that data elsewhere as well. So sometimes, you can consider things like iCloud, but that's more of an Apple-centric solution if you're billing it out for the web or for multiple platforms, and maybe you would consider building your own API and synchronizing with that. CHUCK: When you're talking about building your own API, I know that there are these syncing services out there that you send data to it and it does something with it, do you know under what circumstances that would be a good idea versus building your own API that does specific things with the data on the backend? BEN: It really depends on where, how much focus you have, how much time do you have to build something and where your skill set lies. For folks who aren't server-side developers, building an API is actually a tall order, and there are plenty of solutions out there that will do that for you at the cost of, sometimes flexibility, sometimes data portability, and you're sort of at the whim of the interface that they provide for you. But there's systems like Windows Add/Removal services, which allow you to just focus on your part - the mobile client portion of it. But they have support for saving data and sending push notifications, that sort of thing. There's also parse and there's just a bunch of others out there that can synchronize data. Some of them are focused purely on synchronizing Core Data models. So there's iCloud Core Data, which receives some sort of a lot of negative press,

Panel Ben Scheirman (twitter github blog NSSreencast) Rod Schmidt (twitter github infiniteNIL) Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up) Discussion 01:09 - Backend Experience 01:49 - Connecting to APIs & Synchronization Windows Azure Mobile Services iCloud Wasabi Sync TICoreDataSync Buoy Explorer 07:10 - Third-party APIs OAuth Instragram Stripe 11:57 - Parsing NSXMLParser NSXMLDocument Cocoa with Love: Using libxml2 for XML parsing and XPath queries in Cocoa libxml 18:18 - JSON RestKit 22:38 - Libraries AFNetworking 31:02 - Building Backends for iOS Applications DeliRadio 35:05 - Security SSL Pinning Charles API Keys Secrets 41:28 - Support Caching NSURLCache 45:34 - Charles Picks objc.io (Rod) Mackie | Onyx Blackjack 2x2 USB Interface (Ben) Runscope (Ben) Daring Fireball: Markdown Syntax Documentation (Chuck) Next Week Debugging Transcript [This show is sponsored by The Pragmatic Studio. The Pragmatic Studio has been teaching iOS development since November of 2008. They have a 4-day hands-on course where you'll learn all the tools, APIs, and techniques to build iOS Apps with confidence and understand how all the pieces work together. They have two courses coming up: the first one is in July, from the 22nd - 25th, in Western Virginia, and you can get early registration up through June 21st; you can also sign up for their August course, and that's August 26th - 29th in Denver, Colorado, and you can get early registration through July 26th. If you want a private course for teams of 5 developers or more, you can also sign up on their website at pragmaticstudio.com.] CHUCK: Hey everybody and welcome to Episode 13 of the iPhreaks Show! This week on our panel, we have Ben Scheirman. BEN: Hello from Houston! CHUCK: We also have Rod Schmidt. ROD: Hello from Salt Lake! CHUCK: I'm Charles Max Wood from DevChat.tv. This week, we're going to be talking about "Connecting to Backend APIs and just Backend Systems" in general. I'm curious, how much of this kind of thing have you guys done in the past? BEN: That's pretty much the central part of any app that we develop. Most apps aren't really self-contained; it's a functionality. A lot of them required data that's accessible somewhere else. Or, even if you generate the data on the device, usually, people want to access that data elsewhere as well. So sometimes, you can consider things like iCloud, but that's more of an Apple-centric solution if you're billing it out for the web or for multiple platforms, and maybe you would consider building your own API and synchronizing with that. CHUCK: When you're talking about building your own API, I know that there are these syncing services out there that you send data to it and it does something with it, do you know under what circumstances that would be a good idea versus building your own API that does specific things with the data on the backend? BEN: It really depends on where, how much focus you have, how much time do you have to build something and where your skill set lies. For folks who aren't server-side developers, building an API is actually a tall order, and there are plenty of solutions out there that will do that for you at the cost of, sometimes flexibility, sometimes data portability, and you're sort of at the whim of the interface that they provide for you. But there's systems like Windows Add/Removal services, which allow you to just focus on your part - the mobile client portion of it. But they have support for saving data and sending push notifications, that sort of thing. There's also parse and there's just a bunch of others out there that can synchronize data. Some of them are focused purely on synchronizing Core Data models. So there's iCloud Core Data, which receives some sort of a lot of negative press,

This Week on developerWorks is dedicated entirely to quick summaries of new content highlights for the week and new site features. developerWorks newsletters editor, John Swanson, joins podcast host Scott Laningham.

Seismic databases and processing tools currently available are mainly limited to classic three-component seismic recordings and cannot handle collocated multi-component, multi-disciplinary datasets easily. Further, these seismological databases depend on event-related data and are not able to manage state of the art continuous waveform data input as well. None of them allows for automated request of data available at seismic data centers or to share specific data to users outside one institute. Some seismic databases even depend on licensed database engines, which contradicts the open source character of most software packages used in seismology. This study intends to provide a suitable answer to the deficiencies of existing seismic databases. SeisHub is a novel web-based database approach created for archiving, processing, and sharing geophysical data and meta data (data describing data), particularly adapted for seismic data. The implemented database prototype offers the full functionality of a native XML database combined with the versatility of a RESTful Web service. The XML database itself uses a standard relational database as back-end, which is currently tested with PostgreSQL (http://www.postgres.org) and SQLite (http://www.sqlite.org). This sophisticated structure allows for the usage of both worlds: on the one hand the power of the SQL for querying and manipulating data, and one the other hand the freedom to use any standard connected to XML, e.g. document conversion via XSLT (Extensible Stylesheet Language Transformations) or resource validation via XSD (XML Schema). The actual resources and any additional services are available via fixed Uniform Resource Identifiers (URIs), where as the database back-end stores the original XML documents and all related indexed values. Indexes are generated using the XPath language and may be added at any time during runtime. This flexibility of the XML/SQL mixture introduced above enables the user to include parameters or results as well as meta data from additional or yet unknown monitoring techniques at any time. SeisHub also comprises features of a “classical seismic database” providing direct access to continuous seismic waveform data and associated meta data. Additionally, SeisHub offers various access protocols (HTTP/HTTPS, SFTP, SSH), an extensible plug-in system, user management, and a sophisticated web-based administration front-end. The SeisHub database is an open source project and the latest development release can be downloaded via the project home page http://www.seishub.org. The SeisHub database has already been deployed as central database component within two scientific projects: Exupéry (http://www.exupery-vfrs.de), a mobile Volcano Fast Response System (VFRS), and BayernNetz, the seismological network of the Bavarian Seismological Service (Erdbebendienst Bayern; http://www.erdbeben-in-bayern.de).

Visions of the next generation Web such as the "Semantic Web" or the "Web 2.0" have triggered the emergence of a multitude of data formats. These formats have different characteristics as far as the shape of data is concerned (for example tree- vs. graph-shaped). They are accompanied by a puzzlingly large number of query languages each limited to one data format. Thus, a key feature of the Web, namely to make it possible to access anything published by anyone, is compromised. This thesis is devoted to versatile query languages capable of accessing data in a variety of Web formats. The issue is addressed from three angles: language design, common, yet uniform semantics, and common, yet uniform evaluation. % Thus it is divided in three parts: First, we consider the query language Xcerpt as an example of the advocated class of versatile Web query languages. Using this concrete exemplar allows us to clarify and discuss the vision of versatility in detail. Second, a number of query languages, XPath, XQuery, SPARQL, and Xcerpt, are translated into a common intermediary language, CIQLog. This language has a purely logical semantics, which makes it easily amenable to optimizations. As a side effect, this provides the, to the best of our knowledge, first logical semantics for XQuery and SPARQL. It is a very useful tool for understanding the commonalities and differences of the considered languages. Third, the intermediate logical language is translated into a query algebra, CIQCAG. The core feature of CIQCAG is that it scales from tree- to graph-shaped data and queries without efficiency losses when tree-data and -queries are considered: it is shown that, in these cases, optimal complexities are achieved. CIQCAG is also shown to evaluate each of the aforementioned query languages with a complexity at least as good as the best known evaluation methods so far. For example, navigational XPath is evaluated with space complexity O(q d) and time complexity O(q n) where q is the query size, n the data size, and d the depth of the (tree-shaped) data. CIQCAG is further shown to provide linear time and space evaluation of tree-shaped queries for a larger class of graph-shaped data than any method previously proposed. This larger class of graph-shaped data, called continuous-image graphs, short CIGs, is introduced for the first time in this thesis. A (directed) graph is a CIG if its nodes can be totally ordered in such a manner that, for this order, the children of any node form a continuous interval. CIQCAG achieves these properties by employing a novel data structure, called sequence map, that allows an efficient evaluation of tree-shaped queries, or of tree-shaped cores of graph-shaped queries on any graph-shaped data. While being ideally suited to trees and CIGs, the data structure gracefully degrades to unrestricted graphs. It yields a remarkably efficient evaluation on graph-shaped data that only a few edges prevent from being trees or CIGs.

PDF format

MP3 format

PDF format

PDF format

QuickTime format

MP3 format

PDF format

QuickTime format

XML is nowadays the de facto standard for electronic data interchange on the Web. Available XML data ranges from small Web pages to ever-growing repositories of, e.g., biological and astronomical data, and even to rapidly changing and possibly unbounded streams, as used in Web data integration and publish-subscribe systems. Animated by the ubiquity of XML data, the basic task of XML querying is becoming of great theoretical and practical importance. The last years witnessed efforts as well from practitioners, as also from theoreticians towards defining an appropriate XML query language. At the core of this common effort has been identified a navigational approach for information localization in XML data, comprised in a practical and simple query language called XPath. This work brings together the two aforementioned ``worlds'', i.e., the XPath query evaluation and the XML data streams, and shows as well theoretical as also practical relevance of this fusion. Its relevance can not be subsumed by traditional database management systems, because the latter are not designed for rapid and continuous loading of individual data items, and do not directly support the continuous queries that are typical for stream applications. The first central contribution of this work consists in the definition and the theoretical investigation of three term rewriting systems to rewrite queries with reverse predicates, like parent or ancestor, into equivalent forward queries, i.e., queries without reverse predicates. Our rewriting approach is vital to the evaluation of queries with reverse predicates against unbounded XML streams, because neither the storage of past fragments of the stream, nor several stream traversals, as required by the evaluation of reverse predicates, are affordable. Beyond their declared main purpose of providing equivalences between queries with reverse predicates and forward queries, the applications of our rewriting systems shed light on other query language properties, like the expressivity of some of its fragments, the query minimization, or even the complexity of query evaluation. For example, using these systems, one can rewrite any graph query into an equivalent forward forest query. The second main contribution consists in a streamed and progressive evaluation strategy of forward queries against XML streams. The evaluation is specified using compositions of so-called stream processing functions, and is implemented using networks of deterministic pushdown transducers. The complexity of this evaluation strategy is polynomial in both the query and the data sizes for forward forest queries and even for a large fragment of graph queries. The third central contribution consists in two real monitoring applications that use directly the results of this work: the monitoring of processes running on UNIX computers, and a system for providing graphically real-time traffic and travel information, as broadcasted within ubiquitous radio signals.