Django community: RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Apple OpenSSL Verification Surprises
Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software. Abstract If OpenSSL’s certificate verification fails while connecting to a server, Apple’s code will intercept that error and attempt to verify the certificate chain itself with system trust settings from the keyring, potentially throwing away your verification results. Therefore: You can’t limit your trust to certain CAs using SSL_CTX_load_verify_locations. This apparently isn’t news but doesn’t appear to be widely known. Contrary to documentation, returning 0 from SSL_CTX_set_verify’s callback does not make the TLS handshake fail. That makes the callback unsuitable for extra verification purposes (such as hostname verification). MITRE has assigned CVE-2014-2234 for this issue. Apple was not interested in my bug report because they deprecated their OpenSSL years ago. Hence this summary together with work-arounds. The Verify Callback OpenSSL’s SSL_CTX_set_verify allows setting a callback function that is called for each certificate in the chain. It is invoked with the result of OpenSSL’s own verification of each certificate (1 for success, 0 for failure) … -
Apple OpenSSL Verification Surprises
Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software. Abstract If OpenSSL’s certificate verification fails while connecting to a server, Apple’s code will intercept that error and attempt to verify the certificate chain itself with system trust settings from the keyring, potentially throwing away your verification results. Therefore: You can’t limit your trust to certain CAs using SSL_CTX_load_verify_locations. This apparently isn’t news but doesn’t appear to be widely known. Contrary to documentation, returning 0 from SSL_CTX_set_verify’s callback does not make the TLS handshake fail. That makes the callback unsuitable for extra verification purposes (such as hostname verification). MITRE has assigned CVE-2014-2234 for this issue. Apple was not interested in my bug report because they deprecated their OpenSSL years ago. Hence this summary together with work-arounds. The Verify Callback OpenSSL’s SSL_CTX_set_verify allows setting a callback function that is called for each certificate in the chain. It is invoked with the result of OpenSSL’s own verification of each certificate (1 for success, 0 for failure) … -
Changes in django-ckeditor repositories
I'm maintaining my django-ckeditor fork known on PyPi as django-ckeditor-updated. It works with latest Django versions, uses Django file storage, has some new features and fixes. Recently few people including me got write access to the original repository - shaunsephton/django-ckeditor and my commits were merged (not that the PyPi package is still old). When/if the original package will get new and constant releases I'll close my fork, but until then django-ckeditor-update is alive. If you have any issues or pull requests made on the original django-ckeditor please check if they are still valid for current codebase. -
GoDjango Blog and Release Schedule Modification
The addition of this blog should help people learn more about Django, more often. For a while now there hs been set of things I have wanted to be on GoDjango, but didn't necessarily think they were enough for a full video, or too specific. Goals of the Blog The ultimate goal is to make GoDjango one of the top three places on the internet to come to in order to learn django. To accomplish that here are some of the goals I see for the blog. I hope to provide tutorials about django in a new way Provide more transparency about what is going on with the site instead of a one way stream of communication Provide another avenue of learning django so there are many more topics. About the Blog Engine Itself This is a custom built blog engine I am creating for this site. However, I am creating it in an open way, but making it an installable app. I have named it dj-blog. The idea behind the installable app is to provide a basic blogging engine which is a bolt on, instead of something that almost takes over the entire code base. I plan to keep … -
Compile and Compress Assets with django-pipeline
Using things like CoffeeScript, Stylus, Less, SASS/SCSS, etc... Is becoming a more and more core part of development, but the problem usually is compiling these assets for use on our site. With django-pipeline this process is now much easier in both development and production. Learn the few easy steps it takes to get started with it.Watch Now... -
Einladung zur Django-UserGroup Hamburg am 12. März
Das nächste Treffen der Django-UserGroup Hamburg findet am Mittwoch, den 12.03.2014 um 19:30 statt. Dieses Mal treffen wir uns wieder in den Räumen der intosite GmbH im Poßmoorweg 1 (3.OG) in 22301 Hamburg. Die Organisation der Django-UserGroup Hamburg findet ab jetzt über Meetup statt. Um automatisch über zukünftige Treffen informiert zu werden, werdet bitte Mitglied in unserer Meetup-Gruppe: http://www.meetup.com/django-hh Für dieses Treffen ist ein Vortrag über Anpassungen im Django Admin geplant. Es werden Anpassungen gezeigt und erklärt, die über die dokumentierten Optionen hinausgehen. Bei Interesse kann ich außerdem ein wenig über erste Erfahrungen mit der Django 1.7 Alpha-Version und Mozilla-Circus als Prozessmanager berichten. Eingeladen ist wie immer jeder der Interesse hat sich mit anderen Djangonauten auszutauschen. Eine Anmeldung ist nicht erforderlich, hilft aber bei der Planung. Weitere Informationen über die UserGroup gibt es auf unserer Webseite www.dughh.de. -
Whew.
I work on a test automation framework at my day job. It's Django-powered, and there's a lot of neat stuff going on with it. I love building it! Anyway, yesterday during a meeting, I got an email from a co-worker who seemed to be in a bit of a panic. He wrote that he accidentally deleted the wrong thing, and, being Django on the backend, a nice cascading delete went with it (why he ignored the confirmation page is beyond me). He asked if we had any database backups that we could restore, also curious as to how long it would take. Well, lucky for him (and me!), I decided very early on while working on the project that I would implement a custom database driver that never actually deletes stuff (mostly for auditing purposes). Instead, it simply marks any record the user asks to delete as inactive, thus hiding it from the UI. Along with this, nightly database backups were put in place. I'll be quite honest--I had a moment of fear as I considered how long it had been since I really checked that either of these two things were still working as designed. I implemented the database … -
Django Debugging Bookmarklet Trick
Django Debugging Bookmarklet Trick -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Newsletter #1
February 17th, 2013 We Met Four Years Ago Today! We met at PyCon 2010 in Atlanta on February 17, 2010. Our life together has been wonderful ever since. On Daniel's blog is a recap of how we met and the days that followed. Two Scoops of Django 1.6 is a #1 Python Best Seller! On her blog, Audrey Roy covers the success of Two Scoops of Django 1.6 on Amazon. A week since launch, some hours we're #1 and other hours Mark Lutz's famous Learning Python is in the lead. Our 1.6 edition will be the last ever update to Two Scoops of Django (see our FAQ). It's greatly expanded and full of good stuff. Jason Meridth Wins the Gelato Contest! For the launch we ran a contest, with instructions slightly hidden in the long change list. Readers had to identify the location of our gelato referenceand report it on GitHub. Jason Meridth rose to the occasion and won the prize. When we asked Jason for his snail mail address so we could send him a book, he responded asking that we donate the book to a developer in need instead. Needless to say, we're impressed by his sense of … -
Improving PostgreSQL support in Django with the help of Kickstarter crowd-funding
Some may already know about this - on Kickstarter there is a fund raising for implementing improved PostgreSQL support in Django. Marc Tamlyn is in the lead and at this very moment there are 25 days to go and the project is already reaching extended goals. It looks like we will see another crowd-funding project successful, making Django better. First one - the Django migrations is on its way for a release with Django 1.7. -
Django blog tutorial - the next generation - part 4
Hello again! As promised, in this instalment we’ll implement categories and tags, as well as an RSS feed. As usual, we need to switch into our virtualenv: $ source venv/bin/activate Categories It’s worth taking a little time at this point to set out what we mean by categories and tags in this case, as the two can be very similar. In this case, we’ll use the following criteria: A post can have only one category, or none, but a category can be applied to any number of posts A post can have any number of tags, and a tag can be applied to any number of posts If you’re not too familiar with relational database theory, the significance of this may not be apparent, so here’s a quick explanation. Because the categories are limited to one per post, the relationship between a post and a category is known as one-to-many. In other words, one post can only have one category, but one category can have many posts. You can therefore define the categories in one table in your database, and refer to them by their ID (the reference to the category in the post table is referred to as a … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
The Appendix That Didn't Survive
One of the suggestions we received for new material for Two Scoops of Django: Best Practices for Django 1.6 was a list of links from the book. Thinking this was a good idea and worth a few pages, we decided the list could go into a new portion: 'Appendix G: Links'. Near the end of the project I wrote a script that generated the new appendix. I generated the list and discovered even without any sort of organization besides alphabetization, the content added 12 pages. Think about that for a second... 12 pages of links. I don't know about you, but if I bought a book with 12 pages of links I would scream 'filler'! The decision then was to cut Appendix G from the book. It didn't survive. Or did it? For the sake of posterity, I've included a version of the code used to get the links out of Two Scoops. Instead of generating LaTeX, this generates an HTML list of links from Two Scoops of Django 1.6. Enjoy! Below is the result of that code. Start scrolling! 12factor.net/config 12factor.net 2scoops.co/1.5-transaction-recipe 2scoops.co/1.6-additional-security-topics 2scoops.co/1.6-admindocs 2scoops.co/1.6-allowed-hosts 2scoops.co/1.6-cached_property 2scoops.co/1.6-cbv-generic-display 2scoops.co/1.6-cbv-generic-editing 2scoops.co/1.6-cbv-mixins 2scoops.co/1.6-change-list 2scoops.co/1.6-code 2scoops.co/1.6-coding-style 2scoops.co/1.6-cookie-based-sessions 2scoops.co/1.6-custom-user-model-example 2scoops.co/1.6-db-optimization 2scoops.co/1.6-docs-on-html-scraping 2scoops.co/1.6-errata/ 2scoops.co/1.6-errata 2scoops.co/1.6-format_html … -
API First
Recently, we were faced with the task of writing an API-first web application in order to support future mobile platform development. Here’s a summary of the project from the point of view of one of the developers. Agile API For the first couple of iterations, we had problems demonstrating the project progress to the customer at the end of iteration meetings. The customer on this project was extremely understanding and reasonably tech-savvy but despite that, he remained uninterested in the progress of the API and became quite concerned by the lack of UI progress. Although we were busy writing and testing the API code sitting just beneath the surface, letting the customer watch our test suite run would have achieved nothing. It was frustrating to find that, when there was nothing for the customer to click around on, we couldn’t get the level of engagement and collaboration we would typically achieve. In the end, we had to rely on the wireframes from the design process which the customer had signed off on to inform our technical decisions and, to allay the customer’s fears, we ended up throwing together some user interfaces which lacked any functionality purely to give the illusion … -
Django and Invalid HTTP_HOST headers with nginx
Django has had a setting for allowed hostnames for a while [1], but starting with the 1.5 release it was required [2] to set it. I'm not sure why I only started getting Invalid HTTP_HOST header emails after my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing why anybody would try to access one of my sites with a fake hostname, but fixing this is easy enough. The example below uses nginx' catch-all server name feature [3]. Raw server { listen 80 default_server; server_name _; rewrite ^/(.*) http://example.com/$1 permanent; } -
Django and Invalid HTTP_HOST headers with nginx
Django has had a setting for allowed hostnames for a while [1], but starting with the 1.5 release it was required [2] to set it. I'm not sure why I only started getting Invalid HTTP_HOST header emails after my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing why anybody would try to access one of my sites with a fake hostname, but fixing this is easy enough. The example below uses nginx' catch-all server name feature [3]. Raw server { listen 80 default_server; server_name _; rewrite ^/(.*) http://example.com/$1 permanent; } -
Create a blog in minutes on App Engine with Django and Cloud Sql
Intro Django was actively supported at an early stage of the Python runtime in App Engine SDK through the notable django-nonrel framework, a fork of the original project that adds support for NoSql databases. But starting from the App Engine SDK 1.6.2, released more than two years ago, you can instead deploy Django’s official releases and take advantages from the whole stack using Google Cloud Sql. Case study We’re going to setup a minimal project using Zinnia, a blog engine built on top of Django and a fairly complex web application that leverages several components of the framework, a good benchmark for showing how easy can be deploying on App Engine. Prerequisites Setting up the Google Cloud services goes beyond the scope of this article and is well documented, as well as having a working Python environment, so the following it’s assumed: you already started a Google Cloud project a Google Cloud Sql instance is up and running and you created a database for this project you created a bucket on Google Cloud Storage to store media files you have a working installation of Python 2.7 and pip on your local machine you installed and configured the Python App Engine … -
使用Django Extensions开源库扩展你的Django APP
Django Extensions 开源库是Django框架的扩展功能集合,包括management命令扩展, […] -
Moving from Google Code to GitHub
A few weeks back, the Evennia project made the leap from Google Code to GitHub (here). Things have been calming down so it's time to give a summary of how the process went.Firstly I want to say that I liked Google Code. It did everything expected of it with little hassle. It had a very good Issue system (better than GitHub in my opinion) and it allowed us to use Mercurial instead of Git for version control (I just happen to like Mercurial better than Git, so sue me). Now, GitHub is getting to be something of a standard these days. But whereas our users have occationaly inquired about us making the move, I've been reluctant to do so. The problem I did have with Google Code was that I got the increasing feeling that Google didn't care all that much about it. It worked decently, but it was not really going anywhere either. What finally made me change my mind though was an event just after summer last year. There was a bug in Google Code that made the links to online clones disappear. It was worse than that - creating new online clones of the main repo didn't … -
Announcing Two Scoops of Django 1.6
It's our pleasure to announce that after months of research, writing, and review, Two Scoops of Django: Best Practices for Django 1.6 is in available. The result isn't just an update to the previous edition, it's a complete revision: Here is a short list of the changes: Updated for Django 1.6 and designed for both Python 2.7 and 3.3. Over 130 pages of new material, bringing the book to 446 pages. Expanded sections on database transactions, binary fields, security, custom admin skins, creating and maintaining third-party packages, utilities, serialization, built-in exceptions, deployment, and more. 5 new chapters with material on function-based views, consuming REST APIs in templates, deployment, identical environments, and continuous integration. 3 new appendixes on internationalization, settings alternatives, and working with Python 3. More tables! Improved explanations! Corrected spellings! Code examples available for download. Want to know the rest? Read the change list. We're offering the book in printed softcover format on it's product page. Any questions? Read the FAQ. -
Announcing Two Scoops of Django 1.6
It's our pleasure to announce that after months of research, writing, and review, Two Scoops of Django: Best Practices for Django 1.6 is in available. The result isn't just an update to the previous edition, it's a complete revision: Here is a short list of the changes: Updated for Django 1.6 and designed for both Python 2.7 and 3.3. Over 130 pages of new material, bringing the book to 446 pages. Expanded sections on database transactions, binary fields, security, custom admin skins, creating and maintaining third-party packages, utilities, serialization, built-in exceptions, deployment, and more. 5 new chapters with material on function-based views, consuming REST APIs in templates, deployment, identical environments, and continuous integration. 3 new appendixes on internationalization, settings alternatives, and working with Python 3. More tables! Improved explanations! Corrected spellings! Code examples available for download. Want to know the rest? Read the change list. We're offering the book in printed softcover format on it's product page. Any questions? Read the FAQ. -
Announcing Two Scoops of Django 1.6
It's our pleasure to announce that after months of research, writing, and review, Two Scoops of Django: Best Practices for Django 1.6 is in available. The result isn't just an update to the previous edition, it's a complete revision: Here is a short list of the changes: Updated for Django 1.6 and designed for both Python 2.7 and 3.3. Over 130 pages of new material, bringing the book to 446 pages. Expanded sections on database transactions, binary fields, security, custom admin skins, creating and maintaining third-party packages, utilities, serialization, built-in exceptions, deployment, and more. 5 new chapters with material on function-based views, consuming REST APIs in templates, deployment, identical environments, and continuous integration. 3 new appendixes on internationalization, settings alternatives, and working with Python 3. More tables! Improved explanations! Corrected spellings! Code examples available for download. Want to know the rest? Read the change list. We're offering the book in printed softcover format on it's product page. Any questions? Read the FAQ.
