[MASQUE](https://tools.ietf.org/id/draft-schinazi-masque-01.html) (Multiplexed Application Substrate over QUIC Encryption) is a draft of a new protocol that allows running proxy or VPN services indistinguishable from HTTPS servers. Akamai built a managed proxy service based on the MASQUE protocol [to provide egress proxy](https://www.akamai.com/blog/cloud/powering-and-protecting-online-privacy-icloud-private-relay) for iCloud Private Relay.
 
While working on the proxy at Akamai, I wrote a Python client for testing the proxy service. The MASQUE protocol can tunnel traffic through HTTP/3 or HTTP/2, but common Python libraries only support HTTP/1.1. The tunneled traffic can use any protocol on top of TCP or UDP, including all HTTP versions, so MASQUE can be proxied through MASQUE for onion routing.

In this talk, I will show that the MASQUE proxy design is simple and yet client implementations are complex. To put everything into context, I will recap how HTTP proxies operate and how HTTP versions differ. I will highlight lessons learned from designing a low-level HTTP client using Python asyncio.

HTTP proxies are not dead! MASQUE protects your privacy by onion routing through HTTP/3 proxies. Can Python HTTP clients support that?

Miloslav Pojman

How I wrote a Python client for HTTP/3 proxies

Data science experiments have a lot of moving parts. Datasets, models, hyperparameters all have multiple knobs and dials. This means that keeping track of the exact parameter values can be tedious or error prone.

Thankfully you're not the only ones facing this problem and solutions are becoming available. One of them is Hydra from Meta AI Research. Hydra is an open-source application framework, which helps you handle complex configurations in an easy and elegant way. Experiments written with Hydra are traceable and reproducible with minimal boilerplate code.

In my talk I will go over the main features of Hydra and the OmegaConf configuration system it is based on. I will show examples of elegant code written with Hydra and talk about ways to integrate it with other open-source tools such as MLFlow.

In my talk I will go over the main features of Hydra, an open-source application framework, which helps you handle complex configurations in an easy and elegant way

Michal Karzynski

Managing complex data science experiment configurations with Hydra

Memory Problems are the worst nightmare of every developer whose code is serving large files in a production environment. If you ever faced issues of memory leaking in application or if frequent unexpected Out of Memory Exception is raising your anxiety levels, then this talk is for you. This talk aims to summarize the common Memory issues in Python. It is overwhelming to see them even when logic in code is properly optimized. However it is more scary that some of these errors are hard to find and harder to fix.

This talk aims to summarize the common Memory issues in Python. It is overwhelming to see them even when logic in code is properly optimized. However it is more scary that some of these errors are hard to find and harder to fix.

In recent years, we have seen many improvements in Python Garbage Collection but there are some instances when it doesn’t work as expected. This results in memory crunch for the application leading it to crash. Although there are multiple ways to overcome the memory challenges, sometimes it is difficult to find what we can improve in our code and infrastructure that can make them memory efficient. In such cases, it helps to have an understanding of what is going on behind the curtains at a low level where memory is being managed.

This presentation aims to give a quick overview of

1. How CPython manages the Memory allocation
2. Common memory errors we see in day to day production code and how we can improve them

We will share what we have learned so far and encourage you to try it with your own projects. We'll walk through a simple example, with screenshots and code wherever required.

Pratibha Jagnere

Memory Problems, Did Collector Forgot to Clean the Garbage?

In this session, we will have a look at common mistakes in Python, that can cause serious code vulnerabilities, specifically for Kubernetes deployments of the code. We will subsequently have a look at what those vulnerabilities actually can result in and how your containerized application can get “hacked” as a result. We will also discuss how developer and security teams struggle to talk in a common language to prevent and mitigate these vulnerabilities. Lastly, we will see how you can prevent and mitigate these vulnerabilities in real-life.

Want to avoid serious code vulnerabilities when using Python in Kubernetes? This talk has you covered.

In this session, we will have a look at common mistakes in Python, that can cause serious code vulnerabilities, specifically for Kubernetes deployments of the code. We will subsequently have a look at what those vulnerabilities actually can result in and how your containerized application can get "compromised" as a result. We will also discuss how developer and security teams struggle to talk in a common language to prevent and mitigate these vulnerabilities. Lastly, we will see how you can prevent and mitigate these vulnerabilities in real-life using tools like Falco, TUF, Open Policy Agent and Bandit. We will also see how a CI/CD pipeline should look like, to build, test and deploy something in real-life. During this session you will learn a ton, see cool demos and all of the samples will be available to the attendees afterwards.

My session will benefit the ecosystem by pointing out common mistakes that can be made when writing Python code and deploying this via Kubernetes. This can cause serious breaches when exploited by attackers. The goal of the session is to both educate attendees on these vulnerabilities, as well as on how to fix them.
I will be talking about multiple open source projects that can secure code and deployment. I will not cover any commercial products.
Falco
TUF
Open Policy Agent
Bandit (not CNCF)
GitLab (not CNCF)

Flo Pachinger

Common Python Mistakes with Kubernetes, How They Can Cause Vulnerabilities and How to Solve Them!

Recently the interest in asynchronous programming has grown dramatically.
 Unfortunately, asynchronous programs do not always have reproducible behavior. Even when they are run with the same inputs, their results can be radically different.
	In this talk I'll show you different approaches on how to debug asynchronous programs in Python.

In this talk I'll show you different approaches on how to debug asynchronous programs in Python.

Luckily, when it comes to debugging asynchronous applications in python, we have a couple of options to consider. The writers of the asyncio module have very kindly provided a debug mode, which is quite powerful and can really aid us in our debugging adventures without the overhead of modifying the system's code base too dramatically. In particular I'll show you what asyncio debug mode means for developers, and how to source tracebacks for unhandled exceptions in futures. Also how to detect accidental blocking for I/O. We discuss how to monitor the asyncio event loop and collect metrics in statsD.
Finally we discuss monitor and cli capabilities for asyncio applications based on aiomonitor and aioconsole. Also we discuss how asynchronous python works in REPL via autoawait based on ipython and how to do it in vanilla python REPL.

Andrii Soldatenko

Debugging asynchronous programs in Python

As the most popular programming language nowadays, it has been pointed out that Python static code analysis has not yet received enough attention from the research and OSS community.  For instance, to the best of our knowledge, there is no general static analysis framework proposed to facilitate the implementation of dedicated Python static analyzers (e.g., compared to the Java Soot/WALA framework). 

Easy to use and fast to prototyping, what makes Python stand out is bringing challenges to static analysis tasks. To fill this gap, we design and implement [Scalpel](https://github.com/SMAT-Lab/Scalpel) (A Python Static Analysis Framework) and make it publicly available as an open-source project. The Scalpel framework has already integrated a number of fundamental static analysis functions (e.g., call graph constructions, control-flow graph constructions, alias analysis, etc.) that are ready to be reused by developers to implement client applications focusing on statically resolving dedicated Python problems such as detecting bugs or fixing vulnerabilities. In addition, documentation and the user guide are provided for users. 

The objective of the Scalpel framework is to (1) improve Python software quality and (2) support addressing  research challenges (e.g. API studies) in software engineering research;

As the star of programming languages, let’s use “Scapel” to make it healthier.

Scalpel is a Python Static Analysis Framework. It provides essential program analysis functions for facilitating the implementation of client applications focusing on statically resolving dedicated problems.

We aim to provide Scalpel as a generic Python static analysis framework that includes as many functions as possible (e.g., to easily build inter-function control-flow graph, to interpret the import relationship of different Python modules, etc.) towards facilitating developers to implement their dedicated problem-focused static analyzers. 

Scalpel’s Github page has received around 100 stars from researchers and practitioners around the world in only three-month after being made public.

Jiawei Wang

Li Li

Scalpel: The Python Static Analysis Framework

Python web frameworks, like FastAPI, Flask, Quartz, Tornado, and Twisted, are important for writing high-performance web applications and for their contributions to the web ecosystem. However, even they posit some bottlenecks either due to their synchronous nature or due to the usage of python runtime. Most of them don’t have the ability to speed themselves due to their dependence on *SGIs. This is where Robyn comes in. Robyn tries to achieve near-native Rust throughput along with the benefit of writing code in Python. In this talk, we will learn more about Robyn. From what is Robyn to the development in Robyn.

Robyn: A Python Web Framework with a runtime written in Rust

With the effort put in at every Python version to increase the runtime performance, we know that throughput efficiency is one of the top priority items in the Python ecosystem.

Inspired by the extensibility and ease of use of the Python Web ecosystem and the increased focus on performance, Robyn was born. 

Robyn is one of the fastest, if not the fastest Python web framework in the current Python web ecosystem. With a runtime written in Rust, Robyn tries to achieve near-native rust performance while still having the ease of writing Python code. 

This talk will demonstrate the reasons why Robyn was created, the technical decisions behind Robyn, the increased performance by using the rust runtime, how to use Robyn to develop web apps, and most importantly, how the community is helping Robyn grow!
Finally, I will be sharing the future plans of Robyn and would love to get feedback from the developers to see what they would like to see in it.

Sanskar Jethi

Robyn: An async Python web framework with a Rust runtime

Jupyter notebooks are great to quickly try new ideas and experiments, but the downside is that using code to change inputs and see the results can be inefficient and error-prone. ipywidget is a Python library that solves this problem by providing a user-friendly interface with iterative widgets. It's all in Python so we don't have to worry with any CSS or Javascript. In this talk we'll learn how ipywidgets can help us build tools in the context of Data Science.

ipywidget is a library that provides a user-friendly interface with iterative input widgets. It's all in Python so we don't have to worry with any CSS or Javascript. In this talk we'll learn how ipywidgets can help us build tools in the context of Data Science

A useful Jupyter notebook that takes input from the user to generate results is a great candidate to become a web application, but usually data scientists don't have the front-end skills required to build one and deploy them. Using notebooks with ipywidgets can be a great solution to build teams' internal tools because we get the user-friendly widgets and don't need to worry about the deployment since it's all in Jupyter.

Deborah Mesquita

Creating great user interfaces on Jupyter Notebooks with ipywidgets

The use of transfer learning has begun a golden era in applications of Machine Learning but the development of these models “democratically” is still in the dark ages compared to best practices in Software Engineering. I describe how methods of open-source software development can allow models to be built by a distributed community of researchers.

The use of transfer learning has begun a golden era in applications of Machine Learning but the development of these models “democratically” is still in the dark ages compared to best practices in Software Engineering. I describe how methods of open-source sof

Here, I elaborate on why we should develop tools that will allow us to build pre-trained models in the same way that we build open-source software. Specifically, models should be developed by a large community of stakeholders who continually update and improve them. Realizing this goal will require porting many ideas from open-source software development to building and training models, which motivates many threads of interesting research and opens up machine learning research for much larger participation.

Steven Kolawole

Open Science: Building Models LIke We Build Open-Source Software

Code that’s uniform is easier to read, write, and debug, but writing down your standards and conventions in a README that no one reads isn’t enough. The explosion of CI and linter tools allow you to no only document your standards and conventions, but make sure people actually adhere to them.

The explosion of CI and linter tools allow you to no only document your standards and conventions, but make sure people actually adhere to them using linters!

Many teams document the conventions for their projects. However, documentation gets out of date, forgotten, or sometimes ignored. Simple documentation requires team members to constantly remember all the ‘rules’ for your project. You can better enforce those rules and free up your team members to think about harder problems using linting tools like flake8, import linter, and pre-commit.

These tools provide tons of useful stuff out of the box, but you can push them so much further with customization. This allows your project to formally document conventions, but also enforce them automatically on every commit, merge, and build. This can make code reviews faster and more focused on the problems your code is meant to solve.

This talk will introduce tools like flake8, import linter, and pre-commit along with some of their built-in functionality. Then, we’ll briefly explore some ways to customize them to fit your projects’ specific needs. Some examples of custom linter rules we’ll tour are:

- Code formatted automatically and uniformly
- Code doesn’t import across architecture layers violating separation of concerns
- Common conventions are used
- Common anti-patterns are avoided
- Specific layers are fully tested
- Proper git commit message formatting
- Merge commits don’t exist in topic/feature branches

Finally, we’ll discuss ways to use those custom linter rules on every commit, merge, and build with continuous integration or git hooks.

By the end of the talk, you’ll see several real-world linter rules used on Kraken, which is a large Django-based project used to supply green energy to millions of users across the world. In addition, expect no shortage of ideas for your own projects along the way!

How I wrote a Python client for HTTP/3 proxies

Abstract

The speaker