Forem: Abhijith Ganesh

Is the open-source community ready for protestware ?

Abhijith Ganesh — Sun, 24 Apr 2022 19:18:00 +0000

Why should you ask this question and why does it matter?

I am sure, all of you know what open source, if not you can read it up on the link I’ve mentioned, but let’s cut to chase, Is Open source ready for protestware ? In essence (TL DR😉; No) it is not stable and strong enough, let me explain why

Disclaimer

Open-source org has a similar article but it reflects on a certainly different perspective, this article considers the issue at its face value. It is more than a reflection of the current situation. Though the ongoing situation is one of the essential reasons for this topic but it is not the only factor. It is a case study for the past, present and future.

Why does it matter?

All developers use dependencies that are open-sourced in some level, even if you are a developer who doesn't use open-source too, this matters to you as today's open-source patterns are tomorrow's industry standard. The open-source community drives your software in ways which you don't recognize, and when the problems of protestware hits mainstream, you'll be able to understand its security implications. Examples would be faker.js which I've briefly covered.

Why am I eligible to present my specific view-point ?

Well before we dive in, you may ask on what capacity am I writing this? What is my experience with open-source and security ? So let me explain that part quickly.

Experience

I am a seasoned open-source developer, who's worked on various projects , famous ones include Pyrsia, OpenCiviWiki and the Data on Kubernetes communities. My experience/contribution towards Pyrsia which is an open source security foundation project is a good reference for you to read up, it explains how it plans to secure open-source supply chain.

Now jumping into the topic

Why is the current system not ready for protestware ?

Protestware are software which open-source developers, maintainers use as a symbol of protest during some change of event. (For this article , let us approach from this perspective)

When developers choose to abruptly change their package, tool, software as a form of protest, it initially will be a good reflection of their opinion and perspective, but honestly, taking a larger perspective, it is not friendly for the community as the community tends to become way more polarized than its previous past. The ideals of open-source was to promote good software, free software (not completely) and a trust-worthy safety net for other developers to use your work (under appropriate licenses⚖️). Organizations like the Linux Foundation, Apache have been major proponents of these principles.

All of you must have used one of the big three JS libraries(React, Angular and Vue) for your front-end development and I am sure you wouldn't be able to remember all of the dependencies, barely a developer remembers the nested dependencies. Developers trust the ecosystem for the packages coming from the corresponding registries(NPM, PyPI, NuGet, Cargo) and if a package console logs/ print they support XYZ, it is still not acceptable for your product to have the owner's opinion.

Apart from the unsolicited opinion being forced into your product/project/error-logs/console, we must realize how polarizing the community can get, the trust chain is broken, we have a possibility of another case where a counter-opinionated package can wreck harm. (opinions are always on a spectrum and expecting all developers to conform to one opinion is inconsiderate) Apart from this, all outrage has collateral damage but the scales of open-source is just humongous. The scale of impact is way too high. It scales exponentially quickly and to make amends would not certainly not be an easy task.

As open-source developers, all of us have a common goal of making the world a better place, some may say protestware is a manifestation of the same but I beg to differ, the open-source community strives to be non-polarized, once the balance of its neutrality is disturbed, the entire trust-chain and links are jeopardized. If you no longer trust the packages that comes from various sources, your developer life-cycle is complicated by 100x . Developers will have to put considerably more time understanding their dependencies and there will be larger investment into planning dependencies ahead of time.

Neutrality of FOSS

The neutrality of FOSS is the first thing that often strikes our minds when we mention FOSS. Developers, Contributors across the world without seeing their nationality, political biases and their political opinion. The article from open-source organization justifying the fact it is acceptable to opine through FOSS is detrimental to the larger ecosystem in general.

Software is software and not soft-power

Often than not, developers use/will use/have used protestware to carry their point of view ahead to a set of their target audience, well is that what FOSS promised ? The article from open source organization deems promotion of interests through open source software as effective, I beg to differ again. It is affecting the neutrality of open-source by setting a precedent where developers can choose to put their opinions and views in a place that wasn't meant to host opinions, we and the open source organization can always say it'll be neutral and non-hateful but this lays the foundation for hate-speech and violent content to be promoted. Readers may wonder how? Open source despite being open to all developers, is very much centralized. The authority of the maintainer/admin is central and ultimate . It is technically "their project", they can choose to block it off.

Examples of open-source maintainers taking control of their project:

Actix and Nikolay Kim
They over took the project and made it private when there was a huge fiasco, you can read this article.
Faker JS
The repository was changed single-handedly by the maintainer, Github went on to suspend the account of the maintainer .
node-ipc
The owner is allegedly racist and their changes have affected the supply chain. Various news outlets have reported their actions, it has been proven that their actions have made the project into malware

Why open-source organization shouldn't have taken that stand ?

It is extremely unpleasant for open-source org to condone usage of open-source software for spreading "information". Open source being used to express opinion is an event that triggers of damage to the supply chain which might be irrecoverable. IF THE OPEN SOURCE SUPPLY CHAIN GOES DOWN, ALL SOFTWARE GOES DOWN.

What can you do as a developer/end-user ?

These are some steps:

Avoid supporting packages that act as protestware
Try to maintain neutrality when you're making/maintaining a package/tool/etc
Ensure audit practices and sustainable security practices with packages and dependencies.
Visit your registry's sources(if possible) and understand the maintainer's code maintenance policies and practices.

Conclusion

This is a brief opinion of mine, I understand many of you may or may not concur with this article, you can continue the conversation in the comments and read about it.

My Links

Website: Click to view
LinkedIn: Click to view

How to use the K8ssandra operator

Abhijith Ganesh — Thu, 03 Feb 2022 11:15:51 +0000

What is K8ssandra?

It is the kubernetes cluster version of the Database Apache-Cassandra along with Stargate, Prometheus operators, it is a simple and quick method to setup a near-full stack of the database instance

Requisites:

4 CPU cores
8128 MB

Software Requirements:

Minikube
Helm (v3)

Installation

Install the Rancher Local path provisoner by running the command
kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
Add the lightweight K8ssandra chart running the following command
helm repo add dokc https://dokc.github.io/Helm-Charts/
Check whether the repo was installed

helm repo list

It must show something like this:

NAME                    URL
cassandra               https://helm.k8ssandra.io/stable
traefik                 https://helm.traefik.io/traefik
minio                   https://helm.min.io
dok                     https://dokc.github.io/Helm-Charts/

The chart now has been configured for installation, to install the K8ssandra Chart

You can run the k8ssandra configuration yaml with the chart

 cassandra:
  version: < Cassandra Version Number, preferred version = 4.0.1 >  
  cassandraLibDirVolume:
    storageClass: local-path
    size: 5Gi
  allowMultipleNodesPerWorker: true
  heap:
   size: 1G
   newGenSize: 1G
  resources:
    requests:
      cpu: 1000m
      memory: 2Gi
    limits:
      cpu: 1000m
      memory: 2Gi
  datacenters:
  - name: < Data Center Name >
    size: < Size >
    racks:
    - name: < Rack Name >

kube-prometheus-stack:
  grafana:
    adminUser: < Grafana Admin User >
    adminPassword: < Grafana Password >


stargate:
  enabled: < Boolean >
  replicas: 1
  heapMB: 256
  cpuReqMillicores: 200
  cpuLimMillicores: 1000

To run this:
helm install <cluster_name> dok/k8s-lightweight -f <filename>.yaml

This will run your Kubernetes cluster, To check the pods that are running, you can run the kubectl get pods and it must be like this

NAME                                                   READY   STATUS    RESTARTS   AGE
prometheus-test-dep-kube-prometheus-s-prometheus-0     2/2     Running   0          2m43s
test-dep-cass-operator-6c75d6d684-vh2ts                1/1     Running   0          2m45s
test-dep-datacenter1-default-sts-0                     2/2     Running   0          2m28s
test-dep-datacenter1-stargate-699f64f646-w85kw         1/1     Running   0          2m45s
test-dep-grafana-57fd996d9-c58tf                       2/2     Running   0          2m45s
test-dep-kube-prometheus-s-operator-767fc8984c-9rlmj   1/1     Running   0          2m45s

** The pods may take up to 4 minutes to setup, please be patient **

Once the pods are setup, you can run kubectl get services

NAME                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                 AGE
kubernetes                                 ClusterIP   10.96.0.1        <none>        443/TCP                                                 144m
prometheus-operated                        ClusterIP   None             <none>        9090/TCP                                                33s
test-dep-dc-test-additional-seed-service   ClusterIP   None             <none>        <none>                                                  32s
test-dep-dc-test-all-pods-service          ClusterIP   None             <none>        9042/TCP,8080/TCP,9103/TCP                              32s
test-dep-dc-test-service                   ClusterIP   None             <none>        9042/TCP,9142/TCP,8080/TCP,9103/TCP,9160/TCP            33s
test-dep-dc-test-stargate-service          ClusterIP   10.96.125.32     <none>        8080/TCP,8081/TCP,8082/TCP,8084/TCP,8085/TCP,9042/TCP   35s
test-dep-grafana                           ClusterIP   10.106.69.131    <none>        80/TCP                                                  35s
test-dep-kube-prometheus-s-operator        ClusterIP   10.100.170.208   <none>        443/TCP                                                 35s
test-dep-kube-prometheus-s-prometheus      ClusterIP   10.109.19.63     <none>        9090/TCP                                                35s
test-dep-seed-service                      ClusterIP   None             <none>        <none>                                                  32s

You can port-forward these services as per your requirement

Example: kubectl port-foward svc/test-dep-grafana 80

You can use the kube-forwarder tool to port-forward the services in your local machines

The impact of security in FOSS projects and the future

Abhijith Ganesh — Sat, 29 Jan 2022 14:40:30 +0000

All of us have either heard of the Faker.js debacle or have used the package in your repositories/projects. Faker JS has been very useful and convenient that one of the Amazon SDKs used them in some level. Unfortunately, due to the rogue actions of the maintainer(who actually had control over their repository and were legally entitled to do so) the package got impacted. This incident has become a turning point in the history of FOSS and security

Stop forking Open-Source software disgracefully

It is of high importance that we address the concern of Big Tech companies using FOSS software without any contribution. Maintainers are really tired of maintaining large repositories when there are big tech companies who swoop in and take the projects for free. Elastic (the company behind the infamous Elastic Logstash and Kibana stack) had recently amended their license to prevent one of the major cloud provider(s) from using their open-source projects and it clearly reflects on the mentality of the maintainers who are tired of seeing this happen. It is clear that the Open source repository maintainers are expecting major tech companies to back them instead of forking without any contribution.

The mentality of maintainers have evolved into :

Contribute to FOSS in any and all possible forms, Forking without contribution is disgraceful

Open Source is not equal to Secure

The idea of open-source applications being s3cure because of it being transparent has been disproved by this debacle and it can clearly be understood that, more time, attention, effort and money needs to go towards the security of Open Source applications. GitHub (which pioneers Open Source work) has rolled out useful features like dependabot but let us address the reality, is dependabot enough to maintain repositories? Certainly not. All of us can agree that dependabot is amazing for small repositories but for the scales of applications like Firefox, VLC Media player or even Kubernetes, it is certainly not enough.

This part of the story has a better ending than the previous part, Various tech giants have come together and committed 10 Million US dollars to fund the OpenSSF organization which works and strives to ensure the security of Open source projects. As developers, I think we should also start contributing to the projects and initiatives of OpenSSF to have a more harmonious tech-world.

Post-Script: What the maintainer of faker.js did was totally unacceptable and unfair though they were legally entitled to do so. It must be duly noted that they are not the only part of the community but their actions reflect the mindset of the community which runs the world. With that being said, there are FOSS projects which bring bread and butter to plates of the contributors and maintainers, it'd be really unfair for me(as the author) to not mention that perspective as well. Open Source community works on good-faith and acts of bad faith is detrimental to every stake holder of the community, including but not limited to itself.

How to deploy any Python Web Application?

Abhijith Ganesh — Sun, 14 Nov 2021 18:17:01 +0000

Hey everyone👨‍💻
In this blog post I will explain how you can deploy any ASGI/WSGI compliant Python Web App.

DISCLAIMER:

Only ASGI Compliant Frameworks can be deployed using this method, other frameworks can't be deployed.

List of Tools I will be using:

NGINX
Hypercorn
FastAPI

Now here, there are alternatives to Hypercorn and FastAPI

Alternatives to Hypercorn:

Gunicorn
Uvicorn
Daphne

Other Frameworks that can be deployed:

Flask
Django
Starlette
Any ASGI/WSGI compliant framework

Step One:

Setup your framework using the docs mentioned.

Since I'll be using FastAPI, my main.py looks like this

from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def hello_world():
   return f"Hello World"

🚀 We now have a FastAPI app ready, we now have to deploy it using NGINX. ⚙️

Step Two:

Depending upon your framework and choice of ASGI/WSGI Server, this process will be slightly different.

For Django Devs:

Your wsgi/asgi application would be called as <application_name>.<a/w>sgi:application
Choose ASGI or WSGI clearly and stay with that option throughout

For Flask Devs:

If your app is in main.py, it would be called as main:app

In this step we'll be binding the web-server to UNIX socket. Learn more about UNIX Sockets. here

I am attaching the docs of Daphne, Uvicorn and Gunicorn down which use different flags to bind the application to a port.

Run this command to bind it to the socket

hypercorn -b 'unix:/var/tmp/hypercorn.sock' -w 4 main:app

In this -w defines the number of workers.
Change hypercorn.sock to the server which you choose to use.

Change the socket name according to your web server

🎇 Now we have our app listening on the hypercorn.sock.

Step Three:

We've to proxy this socket to NGINX and route NGINX to listen to the hypercorn socket.

worker_processes 1;
events {
  worker_connections 512;
}
http {
  server {
    listen 8080;
    server_name "localhost";
    access_log /var/log/nginx/access.log;
    error_log /var/log/error.log ;
    location / {
      proxy_pass http://unix:/var/tmp/hypercorn.sock;
    }
   }
}

I'll briefly explain this config file:

Worker_processes => 1 worker process has been assigned for this specific task/process
Worker connections => Number of connections that can be handled by 1 process
Listen => Listens at the mentioned port
Server Name => Listens at this domain
Access_log => The file location at which access log is stored, access log stores requests made
Error_log => The file location at which error log is stored.
Proxy Pass => The socket/port which needs to be proxied.

This file should change based on your socket but the other configuration can be the same.

🚅 Save this file as nginx.conf

Feel free to read about NGINX here

Once this file is made, save it at /etc/nginx/

Either you can use docker to run a Linux server or shell into an instance.

If you want to copy it to docker.

COPY nginx.conf /etc/nginx/

💣 You are ready to launch except one last step

Step four

You have now wonderfully setup your web-server and the NGINX proxy 🙌
You are just one-step away from accessing the port, and perhaps this is the ✅ or ❌ step

Currently, NGINX can't read or write from the socket, so we need to change access mode

To do this, run the following command:

chmod 777 /var/tmp/<socket> 
sudo service nginx restart

🌟Now you can listen from the port 8080, http://localhost:8080

If you are using systemctl, please use this command instead:

sudo systemctl restart nginx

Play around with NGINX config as you wish based on your application's requirements.

Thanks for reading🧑‍🚀

Docs:

How to configure your WSL resources?

Abhijith Ganesh — Tue, 02 Nov 2021 14:59:54 +0000

In this simple tutorial, I will be explaining how to configure your windows subsystem for Linux efficiently and optimize your WSL performance when you're running applications through them.

Why WSL firstly?

Everyone has widespread access to windows but they may or maynot be savvy enough to run their favorite flavour of linux due to various constraints
WSL2 really makes life easy for those devs who can't access linux through a cloud provider or locally run it on their devices.
WSL has support for various distros like Debian, Arch and Ubuntu.

Now coming to the interesting part, windows has all access to the CPU and memory resources in your device and it is built in a way which will optimize the resource utilization but how do you limit your linux subsystem, let us say you'd like to manipulate the configuration to suit your needs the best, then you should follow these steps.

Step one:

Shut your current running instance of WSL using this command

wsl --shutdown

Run this command through powershell as administrator

Step Two:

Create a configuration file for WSL on your user profile directory

notepad "$env:USERPROFILE\.wslconfig"

Step Three:

This is the most important step in this project, so please follow carefully

The following parameters define their corresponding resources:

CPU = > cores dedicated to WSL
Memory = > RAM allocated to WSL
AutoMount = > Mount your default NTFS drive to your subsystem
Boot => defines your booting options for services
Kernel = > Custom kernel for linux
LocalhostForwarding = > for port-forwarding your applications running on localhost

My configuration for CPU and memory:

[wsl2]
memory=9GB  
processors=4

This is how you can configure your resources for WSL 😀. Feel free to leave some comments down below⬇️.

You can read this document for the reference

How to run Cassandra Container locally?

Abhijith Ganesh — Tue, 19 Oct 2021 16:45:32 +0000

Most of us have heard about Apache Cassandra, it is an open sourced distributed NoSQL Database which is used by large corporations like Facebook, Uber, etc

I will be explaining how to create a container with cassandra and connect into it to execute the Cassandra Query Language(CQL) statements.

Cassandra offers various advantages like:

Scalability
Maximum Fault Tolerance across NoSQL databases
Multi Data-Center support and Hybrid Cloud support

In this tutorial, I will be explaining how to create an instance on Docker and execute basic cqlsh commands

Basically, all docker containers can be established with a yaml, the compose file for this is

version: '3.9'

services:
  db:
    container_name: cassandra-dev
    image: cassandra
    ports:
      - 9042:9042
    environment:
      CASSANDRA_USE_ASTRA: "false" 
      CASSANDRA_USER: "cassandra" 
      CASSANDRA_PASSWORD: "cassandra" 
      CASSANDRA_LOCAL_DC: "datacenter1" 
      CASSANDRA_CONTACT_POINTS: "db:9042"
      CASSANDRA_KEYSPACE_CQL: "CREATE KEYSPACE test_keyspace WITH REPLICATION = {'class':'SimpleStrategy','replication_factor':1};" 
      MONITORING_PROMETHEUS: "false"
      MONITORING_GRAFANA: "false"
      DISTRIBUTED_TRACING_ENABLED: "false"

Once you've created this yaml, open your CLI and run the following command, I have explained what it does down below

docker-compose up -d

In a nutshell, this yaml tells docker to spin up a container with the following details

Pull up the Cassandra Image
Spin it up on the container named “Cassandra-local”
Expose it on ports 9042
Create a Cassandra user with the following parameters
username: Cassandra, password: Cassandra
Create a keyspace (similar to database if you’re from a SQL background) , called test_keyspace To access the database/keyspace you can access the shell by using the following command

>docker exec -it cassandra-dev /bin/bash
>cqlsh

To create a keyspace use the following commands:

    CREATE KEYSPACE test_keyspace_2;
    USE test_keyspace_2;
    CREATE TABLE IF NOT EXISTS test_table(
      id         uuid,
      first_name text,
      last_name  text,
      address    text,
      city       text,
      telephone  text,
      PRIMARY KEY ((id))
    );

You can consider using the DDL and DML commands from the docs here

The connection to docker has been successful and now you can connect it to learn CQL.

How to deploy Django to Heroku

Abhijith Ganesh — Wed, 15 Sep 2021 09:50:37 +0000

Introduction:

Most of you would’ve already seen n number of blogs on how to deploy Django projects to Heroku but in this article, I shall explain in simple words in a sequential manner without much confusion.

We shall consider a simple project without any additional boiler plate code. I shall call the project as mysite and app as appOne.

I shall start from scratch and attach this repository at the end of this tutorial.

For Linux Users:

python3 -m venv Environ
source Environ/bin/activate
python -m pip install django

For Windows Users:

python -m venv Environ
cd Environ/Scripts/
activate
cd ../../

Configuring Django

Continuing this:

django-admin startproject mysite
cd mysite
django-admin startapp appOne

This is how your tree will look after running those commands successfully :

mysite
    │   manage.py
    │
    ├───appOne
    │   │   admin.py
    │   │   apps.py
    │   │   models.py
    │   │   tests.py
    │   │   views.py
    │   │   __init__.py
    │   │
    │   └───migrations
    │           __init__.py
    │
    └───mysite
            asgi.py
            settings.py
            urls.py
            wsgi.py
            __init__.py

Steps to launch and deploy the project to Heroku:

Step One:

from pathlib import Path
import os

BASE_DIR = Path(__file__).resolve().parent.parent
SECRET_KEY = os.environ.get('SECRET_KEY')
DEBUG = os.environ.get('DEBUG')
ALLOWED_HOSTS = []

Once you've created the Django project, please add the security key to your Environment secrets and Config Vars.

Step Two:

We don’t have any static files for this project, but if needed you can use whitenoise.

Heroku's guide on whitenoise

MIDDLEWARE  = [
   'whitenoise.middleware.WhiteNoiseMiddleware',
]

STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'

In config vars set DEBUG_COLLECTSTATIC = 1.

Step Three:

After configuring the project, we'll now be freezing the requirements and Procfile

pip freeze>requirements.txt

Procfile:

web: manage.py makemigrations && manage.py migrate
web: gunicorn mysite.wsgi:app

Step Four:

Commit all these files to your git repository and push it to your source .
I’ll be using GitHub for this tutorial

git init . 
git add . 
git commit -m  “Initial Commit🚀”
git remote add origin <link>
git push -u origin master

Step Five:

Go to dashboard and deploy

It should be working fine! Feel free to reach out if there are any issues.

View the deployment here at: https://testing-repos.herokuapp.com/
Repository at: https://github.com/AbhijithGanesh/Tutorial-for-Heroku

End of Discord.Py

Abhijith Ganesh — Fri, 03 Sep 2021 07:14:10 +0000

Beginning of a New Era?

Well, to start it all off, R Danny(View) the sole maintainer of discord.py has decided to archive the repository which supported all the python developers to make discord bots across the world.Since Python was the first-language to many young people across the world, they've readily capitalized this library. They’ve decided to step down from the role of maintainer and it marks a sad end to the entire community. The API allowed us, the python-developers to quickly create bots with modern features like Asynchronous Python. Why did this Happen?

A Little Backstory:

As mentioned in their gist github( Read the full article) Danny developed this years ago to after switching to Discord from IRC and Skype. They weren’t satisfied with the features of JavaScript to build a bot, subsequently they reverse engineered using the resources that were provided by Discord. That single idea which was implemented became a big boon to all the aspiring developers across the world who’ve used this library to rapidly develop bots to fulfill their needs. To all the experienced developers reading this, the maintainer initiated the idea of a python library for discord and implemented it in a time where Discord did not use OAuth-2 to authorize Bots. This library was implemented in a time-frame where using bots in server used to be complicated. It was way ahead of its time.

The project is relatively old,stable and it was one of the projects which the community utilized to a great extent. The maintainer had previously interacted with other bot-developers, discord-developers and contributors through the “dinfra”(discord infrastructure) server. The Maintainer in his gist has reported how there has been a major expectation mismatch. It has also been mentioned that there has been a “bureaucratic disaster” and how there was a terrible mix-up when Discord had announced about giving “Verified Bot Developers” badges.

What Triggered this Event?

Around July-August 2020, discord employees gave a heads up about the slash commands and it was a viral topic back then. When the maintainer tried to implement this in their library, issues were reported which were pertinent to permissions. The Slash Commands by-passed permissions and was heavily criticized by the community. Post the turn of events(bureaucratic issues, slash-command Controversy) there was an internal meeting according to the maintainer (It is legally bound by a NDA therefore I would suggest you to go by their words directly)

Quoting from their article:

The meeting was bound by an NDA, which made us reluctant to sign it, but since we believed and were told that this would be our
final chance to get a seat at the table for this change, we all agreed with the sole purpose of convincing the developers that this direction was a bad idea.

Unfortunately, due to being legally bound by this NDA, I cannot share too many details. However, I will mention that the morale from all the library developers fell quite fast.

The fall was imminent post this point because the maintainer couldn’t keep up with the changes. It must be duly noted that the maintainer couldn't keep up because of repeated and persistent issues which took a hit on their morale. The maintainer reported that the discord team is “sloppy and hasty” with changes. Since these promises and changes can’t be taken care of, they’ve stepped down. They’ve also suggested their opinion that the gateway API would be deprecated in the future and a HTTP based API would take over.

What Next?

According to the maintainer, Discord has told that the bots will continue to work fine even after April 2022. As the author of this post, I don’t know how things will turn out for the Python community. There are alternatives to the retired library like Nextcord(View). Also Danny R(View their profile) has also mentioned that libraries for .NET, ruby and PHP have either partially implemented or not implemented the changes for slash commands. We might expect bigger havoc with the bots in the near future if discord decides to enforce the feature. I am unsure about how things will turn out and this might be a big blow to the users who used Python or intend to use Python for building bots. On an optimistic note, the project may be restored in the future because the maintainer is unsure about fully retiring this.

What does it take to build an unconventional REST API in Python?

Abhijith Ganesh — Tue, 31 Aug 2021 15:48:13 +0000

What is this about?

This is my first article/post on https://dev.to. So I would appreciate all suggestions and tips relevant to my article . Now diving into the topic.

Let us say, you are assigned for a project and now you need to make an API along with a Django backend. It needs to be RESTful in nature and your goal is speed. What would an ideal solution be?(Graphene and related integration pertinent to GraphQL can be done, I might do it in the future and when I do, I shall update the community with another post) Most likely, everyone from your seniors to google would suggest Django-REST-Framework because it is more convenient and more widely used.
But then why should you consider this option?

Reasons why you must give it a chance:

Speed:

I know Python and Django are usually criticized for their speeds but FastAPI promises us something different. As such it is flexible, fast and intuitive. It is easier to make an API if you know how to make REST-API methods in python. It is quite similar to writing methods in Flask. It might be a little bit of a stretch when you are starting out with the models because you might need to translate a few parameters using Pydantic. After this is set up, all API endpoints and all HTTP methods can be converted into functions in python seamlessly.

It is a promising avenue where both rapid development and speed can be simultaneously achieved.

Power of a Strong and Solid Back-end:

With this project , One can quickly utilize the features provided by the Django Framework without any additional worries. Sessions, User-Authentication, ORM and all other salient features can be seamlessly integrated with the power of FastAPI resulting in the best of the two worlds. Apart from this, you get the Django-Admin Panel which grants access to essential/data of higher relevance and importance

With little effort, One gets the best of the two worlds and a project which is truly reliable

Documentation:

One can access the Documentation for the App they've developed through by going to project-url/redoc and see an Open API documentation for the methods they've defined. Clearly an additional perk which will be helpful to all the stakeholders on the longer run.

Conclusion

This project was an amazing journey in my opinion and I believe it might be used in some future projects and I believe this exploration has satisfied my quest. Nevertheless one must keep experimenting like this and try bringing something new to the world.

To learn about the technical aspects of the project visit
Click Here

And to view the deployment (The UI is not optimized for Mobile Devices)
Click Here

Forem: Abhijith Ganesh

Is the open-source community ready for protestware ?

Why should you ask this question and why does it matter?

Disclaimer

Why does it matter?

Why am I eligible to present my specific view-point ?

Experience

Why is the current system not ready for protestware ?

Neutrality of FOSS

Software is software and not soft-power

Actix and Nikolay Kim

Faker JS

node-ipc

Why open-source organization shouldn't have taken that stand ?

What can you do as a developer/end-user ?

Conclusion

My Links

How to use the K8ssandra operator

What is K8ssandra?

Requisites:

Software Requirements:

Installation

The impact of security in FOSS projects and the future

Stop forking Open-Source software disgracefully

Contribute to FOSS in any and all possible forms, Forking without contribution is disgraceful

Open Source is not equal to Secure

How to deploy any Python Web Application?

DISCLAIMER:

List of Tools I will be using:

Now here, there are alternatives to Hypercorn and FastAPI

Alternatives to Hypercorn:

Other Frameworks that can be deployed:

Step One:

Step Two:

Step Three:

Step four

Docs:

How to configure your WSL resources?

Why WSL firstly?

Step one:

Step Two:

Step Three:

How to run Cassandra Container locally?

How to deploy Django to Heroku

Introduction:

For Linux Users:

For Windows Users:

Configuring Django

Steps to launch and deploy the project to Heroku:

Step One:

Step Two:

Step Three:

Procfile:

Step Four:

Step Five:

End of Discord.Py

Beginning of a New Era?

A Little Backstory:

What Triggered this Event?

Quoting from their article:

What Next?

What does it take to build an unconventional REST API in Python?

What is this about?

Reasons why you must give it a chance:

Conclusion