Planet London Python

April 22, 2018

Ian Ozsvald

AHL Python Data Hackathon

Yesterday I got to attend Man AHL’s first London Python Data hackathon (21-22 April). I went with the goal of publishing my ipython_memory_usage tool from GitHub to PyPI (success!), updating the docs (success!) and starting to work on the YellowBrick project (partial-success).

This is AHL’s first crack at running a public Python hackathon – from my perspective it went flawlessly. They use Python internally and they’ve been hosting my PyDataLondon meetup for a couple of years (and, all going well, for years to come), they support the Python ecosystem with public open source contributions and this hackathon was another method for them to contribute back. This is lovely (since so many companies aren’t so good at contributing and only consume from open source) and should be encouraged.

Here’s Bernd of AHL introducing the hackathon. We had 85 or so folk (10% women) in the room:

Bernd introducing Python Data hackathon at AHL

I (and 10 or so others) then introduced our projects. I was very happy to have 6 new contributors volunteer to my project. I introduced the goals, got everyone up to speed and then we split the work to fix the docs and to publish to the test PyPI server and then finally to the official PyPI public server.

This took around 3 hours, most of the team had some knowledge of a git workflow but none had seen my project before. With luck one of my colleagues will post a conda-forge recipe soon too. Here’s my team in action (photo taken by AHL’s own CTO Gary Collier):

Team at AHL hackathon

Many thanks to Hetal, Takuma, Robin, Lucija, Preyesh and Pav.

Robin had recently published his own project to PyPI so he had some handy links. Specifically we used twine and these notes. In addition the Pandas Sprint guide was useful for things like pulling the upstream master between our collaborative efforts (along with Robin’s notes).

This took about 3 hours. Next we had a crack at the sklearn-visualiser YellowBrick – first to get it running and tested and then to fix the docs on a recent code contribution I’d made (making a sklearn-compatible wrapper for statsmodels’ GLM) with some success. It turns out that we might need to work on the “get the tests” running process, they didn’t work well for a couple of us – this alone will make for a nice contribution once we’ve fixed it.

Overall this effort helped 6 people contribute to two new projects, where 5 of the collaborators had only some prior experience (as best I remember!) with making an open source contribution. I’m very happy with our output – thanks everyone!

Ian applies Data Science as an AI/Data Scientist for companies in ModelInsight, sign-up for Data Science tutorials in London. Historically Ian ran Mor Consulting. He also founded the image and text annotation API, co-authored SocialTies, programs Python, authored The Screencasting Handbook, lives in London and is a consumer of fine coffees.

The post AHL Python Data Hackathon appeared first on Entrepreneurial Geekiness.

by Ian at April 22, 2018 07:20 PM

April 17, 2018

Python Anywhere

Terms and conditions and privacy policy update (yes, it's another GDPR thing)

Like a lot of companies, we're updating our terms and conditions and privacy and cookies policy in order to comply with the GDPR. The GDPR is a large regulatory change from the European Union, and is mostly about people's personal data and how it is shared.

The new T&Cs and PP will come into effect on 10 May 2018 and if you carry on using PythonAnywhere after that date, you'll be agreeing to them, so we figured it would be a good idea to post an explanation about the highlights of the changes.

If you just want to see what the new documents contain, here they are:

If you want to know a a bit more about what changed, and why, read on for a (non-exhaustive) overview. It's worth saying that this is just the changes that we think are important -- if you want to know exactly what the new terms and privacy policy say, you should read them.

The specifically GDPR-related stuff

There are two ways the GDPR impacts PythonAnywhere: data that we collect about you so that you can have an account on our site, and data that you collect about other people and use PythonAnywhere to process (eg. if you collect email addresses or the like on a website you run on PythonAnywhere).

Data that we collect about you

Like all websites that collect information about people from the EU, we now need to explain exactly what we do with any personal data we collect from you, and why we collect it. That's what our own privacy and cookies policy is about, though there are a few things in the terms and conditions too.

This is a pretty simple one for us. Because we don't make money from advertising, we don't collect any more data about you than we need to run the site -- your email address and so on, some payment-related stuff if you're a paying customer, etc., and standard website analytics. To be perfectly honest, the less we know, the happier we are -- it makes us a much less attractive target for data thieves :-)

Of course, you can provide us with more information -- maybe your name is Jane Smith and you chose the name "JaneSmith" as your username, or you posted something in the forums saying "My name is Jane Smith and this is my code", or you run a website that mentions your name, address, telephone number, and favourite colour.

Our new privacy and cookies policy covers all of this, along with mentions of the fact that we keep website access logs (that's 4.3, if you want to know how access logs are described in legal terms) and lots of stuff about cookies. So much stuff about cookies.

Data that you "control" and we "process"

"Data controller" and "data processor" are terms used by the GDPR. They can mean different things in different circumstances, but relating to PythonAnywhere, if you're storing personal data about yourself or other people on our systems, you are a data controller and we are a data processor acting for you. Let's imagine that you're hosting a website with us, and on your website you collect personal information about people -- maybe email addresses or names. In the GDPR's terminology, this makes you a "data controller" because you control the data that you've collected. But because we're providing you with the computers that the data is being stored and manipulated on, we're a "data processor".

The GDPR requires data controllers and data processors to have a contract in place that essentially says "this is what we each do" -- a data processing agreement (DPA). It doesn't need to be super-specific, but it does need to meet certain legal criteria.

We've noticed that some companies are sending out separate DPA contracts to cover this in addition to their normal terms and conditions. But in our lawyers' opinion, that's not necessary. When you agree to our terms and conditions and we accept you as a user of our site, that is a contract being formed between you and us. And if that contract includes all the appropriate stuff for the contract between a data processor and a data controller, then all is well.

So, Appendix 1 in the new terms and conditions covers all of that; if you're working towards GDPR compliance yourself, and you need a copy of the DPA, just use that. It mentions the essential stuff -- what we will do and not do, who processes data as a subcontractor (Amazon AWS, who own the servers PythonAnywhere runs on), and whether or not data goes out of the EU (it does, but that's OK because AWS is covered under the EU-US Privacy Shield Framework).

There are also some other GDPR-related changes dotted around the terms and conditions -- basically, making it clear that you can't use PythonAnywhere to breach the GDPR (so no spamming, please) and so on.

That's about it for the GDPR changes!

Other stuff

While we were modifying the T&Cs to be GDPR compliant, our legal advisors took the time to put in a few other updates to make sure that we're doing everything properly. Most of these are pretty minor (things like moving the details of the company from the top of the document to the bottom, or replacing the legalese "natural person" with the more, um, natural word "individual"), but a few are worth noting:

  • The T&Cs are now explicit about the fact that you agreeing to the terms and conditions (and us letting you use the site) form a contract. This was already the case, but it's good to be clear about these things.
  • If you're a consumer (that is, not a business) and you don't like any future changes to the terms and conditions, then under the new terms you'll have the legal right to cancel your account and -- if you have a paid account -- get a refund for any unused time left from your last payment. Of course, technically this only applies when we update our terms and conditions the next time, as this wording wasn't in the old T&Cs... but we won't be difficult if you decide that you don't like these new ones specifically and want to cancel your account.
  • "Cooling off" (section 7). We offer a 30-day no-questions-asked money-back guarantee. But not all businesses do, so there is EU-wide legislation that creates something similar (but not as good) for EU consumers. When you sign up for a service, you get 14 days to change your mind. The company in question is not obliged to provide you with anything during those 14 days, but you can request that they do. If you don't ask them to provide you with the service during those 14 days, then you can get any money you paid them back by cancelling any time over those 14 days; if you do ask them to provide you with the service, then you can at least get back a pro-rated refund. If you've signed up for a new electricity contract or something similar in the EU recently, you'll probably remember that they asked you if you were willing for them to start supplying you immediately -- this is why. Anyway, given that our own guarantee has a longer timeline (30 days instead of 14), is more generous (we'll refund everything without pro-rating), and covers more people (everyone in the world rather than just consumers in the EU), then you can probably regard section 7 (and the associated "model cancellation form") as boilerplate. If you want to cancel a paid subscription within the first 30 days and get a refund, just cancel it on the "Account" page and drop us an email.
  • Finally, and perhaps most importantly, we no longer accept faxes as a way to send and receive information about PythonAnywhere accounts. Which is probably a good thing, because we've never had a fax machine...

That's it!

That's all we though it was important to highlight in the new terms; if you have any questions then please leave a comment below. Thanks for reading!

by giles at April 17, 2018 06:32 PM