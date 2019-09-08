When you check out a repository on github, sometimes theres a little bit of flare at the top of the project that catches your eye. This bit of flare is called a badge and can be used to indicate build status, test coverage, documentation generation status, version support, software compatibilty statements or even community links to gitter or discord where you can find more help with the project. I used to think that badges were fancy fluff people added to their projects to make them seem more professional. But after working with them in my own projects and experiencing their usefulness, my opinion has changed slightly. I now think of them as fancy fluff that adds useful info and functionality. They can work with any software project, be it a small webapp, to even a collection of multi-stage microservices.

There seems to be no data science in Python without numpy and pandas. (This is also one of the reason why Python has become so popular in Data Science). However, dumping the libraries on the data is rarely going to guarantee the peformance. So what’s wrong?

In this tutorial on working with APIs using Python, we’ll learn how to retrieve data for data science projects. There are millions of APIs online which provide access to data. Websites like Reddit, Twitter, and Facebook all offer certain data through their APIs. To use an API, you make a request to a remote web server, and retrieve the data you need.

Security Leftovers Critical Exim Flaw Opens Millions of Servers to Takeover [Ed: This repeats the FUD headline from ZDNet's Bleeping Computer hire; no server is known to have been compromised by this yet. They dramatise this.] A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.

Google Fortifies Kubernetes Nodes Against Boot Attacks Google released a beta version of its Shielded GKE Nodes that prevents an attacker from exploiting vulnerable Kubernetes nodes.

Spoofing commits to repositories on GitHub The situation that worries me relates to distribution packaging. Debian has a policy that deltas to packages in the stable repository should be as small as possible, targetting fixes by backporting patches from newer releases. If you get a bug report on your Debian package with a link to a commit on GitHub, you had better double check that this commit really did come from the upstream author and hasn’t been spoofed in this way. Even if it shows it was authored by the upstream’s GitHub account or email address, this still isn’t proof because this is easily spoofed in git too. The best defence against being caught out by this is probably signed commits, but if the upstream is not doing that, you can clone the repository from GitHub and check to see that the commit is on a branch that exists in the upstream repository. If the commit is in another fork, the upstream repo won’t have a ref for a branch that contains that commit.

For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020 [Ed: When Microsoft Tim says "according to Redmonk" he means mostly according to Microsoft (because Redmonk relies on proprietary GitHub for data)] Python 2 will sunset on January 1st 2020 – however, many applications have not yet upgraded to version 3, causing the coding lingo's team to mount a communications campaign to persuade devs to port their code. Python is the third most popular programming language after JavaScript and Java, according to Redmonk. Its use has been boosted by the strong interest in machine learning, for which Python is well suited, thanks in part to its various AI-related libraries and frameworks. Python 2.0 was released in 2000, and Python 3.0, which is not fully backwards compatible, in 2008. The last version of Python 2.x, 2.7, was released in July 2014.