Vultaire's Blog

Professional Basketball Player Syndrome

When you were a kid, what did you want to be when you grew up?

This is a question that many of us have heard, and some of us even think about as adults, albeit phrased differently: what do you want to do with your life?

I’m a software engineer by profession – which is a pretty good gig. But basically everyone’s heard of the kids in school who wanted to grow up to become a professional basketball player. There might be many motivations: the fame, the money, and maybe even simply love of the game, among others. But everyone also knows that the road to becoming a professional basketball player is very narrow, and very few can make the cut. Where does that leave everyone else?


Switched to… Google Cloud Compute?!

Every 3 years or so, I have to migrate to a new host.

The reason should be obvious for anyone who hosts a low-traffic, personal web site: hosting companies often give great discounts for initial sign-ups, but then the rates go up (sometimes drastically) on renewal.

My current plan was a particularly good deal from HostGator: I got their $6.95/mo plan for 65% off by doing a 3 year plan – in other words, roughly $2.43/mo. A great deal, really. And I still technically have around a year and a half left of that plan.

However, I wanted to get this site on HTTPS. I was tired of having my admin password sent across the network in plain text whenever I wanted to write a blob post. But, to get an SSL certificate installed would cost me around $40 from HostGator, or if I got/created the cert elsewhere, it would still cost $10 for them to install a “3rd party” cert. But, then there’s the gotcha: I’m on their “Hatchling” plan, which is inelegible – I have to upgrade to a more expensive plan (no discount) in order to take advantage of either of these options. That gets expensive really quick – I checked the price and quickly said to myself, “Nope.”

Anyway, being a knowledgeable guy and interested in having a dedicated server for a long time, I decided to look into prices for cloud hosting, which does have a reputation for being pretty expensive itself. However, given the low bandwidth of this site, and the “free tier” options that several of the providers offer, this actually didn’t look so bad after all.


Where to spend my spare time?

As my kids get a little older, and I start to have a few hours to myself most evenings again, I’m now trying to figure out where I should spend my spare time.

I used to be a heavy gamer, but games don’t have the allure they used to. Sometimes I’ll induldge, but most of the time they seem like a waste of time. (Although from an existential perspective, you could say that about anything if you really want to – so is it really so bad to “waste” time with games?)

I also sometimes watch Netflix, but generally try to avoid so because of how much time that can tend to sink.

So, what to do?


CherryPy missing documentation: Enabling client certificate verification

CherryPy is a convenient pure-Python web server that provides a good host for WSGI applications. It’s seemingly one of the few Python WSGI web servers which allows for SSL without depending on a separate web server, which is quite attractive for cross-platform apps. (I think Tornado is another notable example which does this, but Tornado is not the best platform for WSGI, despite technically supporting it.)

Getting basic SSL up and running is not particularly hard; it is easy enough to google the CherryPy docs and find this. However, deeper configuration is not exactly clear. One such option is client certificate verification. Indeed, I thought that due to the presence of this bug that it was not presently possible to enable this out of the box in CherryPy.

Thankfully I was wrong; indeed it is possible, it just does not appear to be documented. So, here’s the missing documentation.

This post assumes CherryPy 12.0.0 and cheroot 5.9.1.


Embedded Python: How to use it effectively


I wanted to write a little about this, as I feel that the embedded Python distribution available since Python 3.5 is perhaps underappreciated by many in the community.

As an experienced Python dev, I understand the benefits of using a properly installed Python, or using virtualenvs. And I agree that those should be the main ways that developers, especially more inexperienced ones, should work with Python.

However, the embedded Python distribution has obvious benefits for certain cases. For example, if you want to distribute software in Python but don’t want to compile it to an EXE using py2exe or similar, using the embedded environment is an excellent way to enable end users to use your software without needing to know that the software is necessarily written in Python, or at least to not need to install a Python environment prior to using it, or to simply have a clean and isolated Python distribution which won’t interfere with others in the system.

For those who understand this, I think it’s perfectly fine to leverage this environment.

However, there’s a few issues with the embedded environment which can be cumbersome and annoying.

Here’s a few of them: