Django community: Community blog posts RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Django News - Django Developers Survey 2021 Results - Jan 7th 2022
News Django Developers Survey 2021 Results Results are now live for the official Django Developers Survey. Over 7,000 Django users responded from almost 140 countries. jetbrains.com Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 Three new security updates. Time to upgrade! djangoproject.com Pillow 9.0.0 Release Notes This release is dedicated to the memory of Fredrik Lundh, aka Effbot, who died in November 2021. Fredrik created PIL in 1995 and he was instrumental in the early success of Python. Fredrik's Effbot website was how many of us first learned about Python. Effbot created PIL and Pillow 9.0.0 is dedicated in his memory. readthedocs.io Events PyTexas 2022: Health and Safety Guidelines PyTexas posted its health and safety guidelines. Their Call For Proposals (CFP) closes on January 12th, 2022, 23:59 CST. pytexas.org Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles Feature flags and waffles · Matt Layman Feature flags are a way to soft launch and then toggle on or off new features, especially in conjunction with the third-party django-waffle package. mattlayman.com My (free) Django monitoring stack for 2022 An overview of several free and … -
Year in Review: 2021
A round up of my writing in 2021: what were my goals? How’d I do? And some statistics. -
Orai: Project Planning with Neo4j
A student project was developed though Florida Atlantic University’s Senior Design Program by student team Logic13.BackgroundSprint cycles are an extremely common way for development teams to plan and execute the development of projects. This agile method can be used by a variety of different development teams. Working in sprint cycles allows teams to get fast feedback, improve their product’s quality, reduce risk, and it makes it easier to stay on schedule.The ProblemProject Managers must work carefully to make sure the sprint cycles can flow as best as possible with minimal stagnation. To do so, Project Managers set aside time for sprint planning where they can create a road map of what tasks need to be done in what order so that the project can progress and be completed. This can be especially difficult to accomplish since some tasks can be more important or more complicated than others or rely on the completion of other tasks before they may be worked on.The SolutionThe Orai application is a recommendation engine built around project management data. It combines the querying power of the Neo4j graph database with the flexibility of the Django web framework using the django-neomodel plugin.GitHub - Group13-FAU/OraiThe Orai system monitors … -
Work Sample Tests: Wrap Up and Q&A
This is the final post in my series on work sample tests. It’s a wrap-up post: I’ll address a few random points I couldn’t quite fit in elsewhere, and answer some questions from readers. -
PDF Bundle Report - Building SaaS with Python and Django #123
In this episode, we started work on a new feature for the homeschool application. This feature is a report bundle that will add PDFs of all school year activities to a zip archive for a customer’s record keeping purposes. -
My Third Appearance on Django Chat
I’ve again had the pleasure of joining Carlton and Will on the Django Chat podcast, in Episode #105. They moved fast with this one - we spoke yesterday, and the podcast is live today! We talked about several topics: My soon-to-be-released book! (Not that much actually, considering it’s the episode title.) Yesterday’s security release The Malcolm Tredinnick memorial prize The Django technical board Contributors to Django django-upgrade, my tool for upgrading Django code django-browser-reload, my recent package for automatically reloading the browsers Some recent contributions to Django, big and small Django Chat is a fantastic podcast, which I always enjoy listening to. It was great to be back on. Listen on the episode page or your favourite podcast consumption channel. Enjoy! —Adam -
Pagination in Django
This article looks at how to add pagination to a Django project. -
Boost Your Django DX - Adam Johnon
LINKSPersonal websiteBoost Your Django DX - Preorder the New BookMalcolm Tredinnick Memorial PrizeDjango Technical Board Election ResultsFinding the new (and old) contributors to Django 4.0django-upgradedjango-browser-reloadToday’s Django Security Release Deconstructed (4.0.1, 3.2.11, and 2.2.26)SQLite function optimization and PRSignal Receiver Functions tidy up and PROne Line Django Docs Change and PRSupport the ShowThis podcast does not have any ads or sponsors. To support the show, please consider purchasing a book, signing up for Button, or reading the Django News newsletter. -
Copy Shared Values Before Mutating Them
Here’s a small problem I’ve seen when copying values from another module. It came up in the context of a Django project with multiple settings files, but it could happen in any Python context. Imagine you have two submodules defining API_CONFIG as a “constant” dict. The development submodule should copy the value in base, but use a different value for the "rate_limit" key. Your example/base.py might look like: API_CONFIG = { # ... "rate_limit": "10/m", # ... } Then in example/development.py you could have: from example.base import API_CONFIG API_CONFIG["rate_limit"] = "100/m" By importing from base, the development module doesn’t need to completely redefine API_CONFIG. Great - the redundant repetition is reduced. But can you see the flaw in this approach? The problem is that API_CONFIG is the same dict in both modules. The change in development “leaks” back to base: In [1]: from example import base, development In [2]: development.API_CONFIG["rate_limit"] '100/m' In [3]: base.API_CONFIG["rate_limit"] '100/m' Eek! Okay, this might not always manifest as a problem. In the context of Django, it’s only possible to activate one settings file per process, so if you activated “development” the values in “base” won’t be needed. But it could be a problem if you … -
Today’s Django Security Release Deconstructed (4.0.1, 3.2.11, and 2.2.26)
Happy new year, and happy new upgrade! Django has issued a new security release today. This is the first set of security fixes that I’ve been involved in, so I thought I’d take the opportunity to explain the issues in a bit more depth. I’d also like to surface and praise those working tirelessly behind the scenes to find and fix these problems! They truly help keep Django on top of its security game. 1. CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator The UserAttributeSimilarityValidator password validator ensures that a provided password isn’t too similar to the user’s other attributes, such as their email address. It’s not a good idea to allow user@example.com to have password user@example.com, even with a few characters changed! The validator is active by default in the AUTH_PASSWORD_VALIDATORS setting from Django’s startproject template. If a user posted a large password (100k+ chars) to a registration form, it could lead to several seconds of runtime in UserAttributeSimilarityValidator. This makes it a DoS vector, where an attacker making many registration requests could make your site unresponsive. The fix avoids the comparison when the password is significantly longer than an attribute, as the similarity is guaranteed to be low. Thanks to Chris … -
My (free) Django monitoring stack for 2022
You've built and deployed a website using Django. Congrats! After that initial high of successfully launching your site comes the grubby work of fixing bugs. There are so many things that can will go wrong. Pages may crash with 500 errors in prod, but not locally. Some offline tasks never … -
Django News - Authenticating Users with GraphQL and Django - Dec 30th 2021
Events Python Web Conf 2022 - Early Bird Tickets Available This in-depth Python conference for web developers is on March 21-25, 2022. Early bird tickets are now available. pythonwebconf.com Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles Authenticating users in Graphql with Django session authentication Notes on working with GraphQL and Django session auth. valentinog.com Buying products for your job: estimating value, convincing your boss A thoughtful look at justifying educational and software products for programmers. pythonspeed.com Fixing Memory Leaks In Popular Python Libraries This is not strictly a Django article but it's a very cool, concise look at memory issues in popular Python libraries like Celery. paulsprogrammingnotes.com Set up a Gunicorn Configuration File, and Test It Adam Johnson walks us through configuring Gunicorn and how to test your configuration. adamj.eu You can now use 'pip' to install Tailwind CSS. Node.js is no longer required! Tim Kamanin recently released pytailwindcss, which lets us install and use Tailwind CSS without installing Node.js. timonweb.com Tutorials Celery Groups and Chords A tutorial on using Clery groups and chords to optimize the performance of an app … -
Work Sample Tests: What doesn't work (and why)
I’ve written about a bunch of effective work sample tests and the “rules of the road” that make them effective. One thing I haven’t talked about is counter-examples: types of work sample tests that don’t work. I tend not to do this sort of thing: I find it’s usually more useful to talk about what does work than to pick apart what doesn’t. But here, I think it’s illustrative: looking at why certain kinds of work sample tests fail can help illustrate the principles of effective tests. Let’s look at a few kinds of work sample tests that (usually) fail, and why. -
Set up a Gunicorn Configuration File, and Test It
If you use Gunicorn, it’s likely you have a configuration file. This is a Python module that contains settings as module-level variables. Here’s an example with some essential settings: # Gunicorn configuration file # https://docs.gunicorn.org/en/stable/configure.html#configuration-file # https://docs.gunicorn.org/en/stable/settings.html import multiprocessing max_requests = 1000 max_requests_jitter = 50 log_file = "-" workers = multiprocessing.cpu_count() * 2 + 1 These settings do the following things: max_requests and max_requests_jitter restart workers after so many requests, with some variability. This is a key tool for defending against memory leaks, as I previously discussed. log_file = "-" sets logging to use stdout. This makes gunicorn follow the 12 factor log recommendation. workers = ... configures Gunicorn to run 2N+1 workers, where N is the number of CPU cores on the current machine. This is the recommendation in the docs. Annoyingly, it’s not the default, which is instead only a single process! (I wonder just how many Django apps out there feel “slow” because of this…) There are many more settings available. When you’ve set up a config file you can test it with gunicorn --check-config: $ gunicorn --check-config --config python:example.gunicorn example.wsgi Here: --config defines the config file to check. Using the python: prefix allows us to use … -
import attrs
An attempt at catharsis. -
You can now use 'pip' to install Tailwind CSS. Node.js is no longer required!
I recently released pytailwindcss, a Python package that lets you install the Tailwind CSS executable via pip with just one command: pip install pytailwindcss After the installation is complete, use the terminal to run the tailwindcss command: tailwindcss Behind the scenes, it runs a recently released Tailwind CSS standalone … Read now -
Work Sample Tests: Labs & Simulation Environments
The work sample tests I’ve covered in this series so far all involve software development. But what about roles that don’t involve day-to-day coding: roles like security analysis, penetration testing, technical support, bug bounty triage, project or program management, systems administration, technical operations, and so on? For those roles, I turn to simulated, “lab”-style environments. Here are some examples of that kind of test. -
Django News - Malcolm Tredinnick Memorial Prize Awarded - Dec 23rd 2021
News 2021 Malcolm Tredinnick Memorial Prize awarded to Adam Johnson Congratulations to Adam Johnson, the well-deserved winner of this year's Malcolm Tredinnick Memorial Prize. djangoproject.com Wagtail statement on Log4j vulnerability Wagtail itself isn’t vulnerable, but we encourage users of Elasticsearch to consider updating to the latest version of Elasticsearch. wagtail.io Preorder My New Book: Boost Your Django DX Adam Johnson has a new book coming out next month that is currently available for pre-order at a discount. adamj.eu Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles ‘Reverse’ Code Review Part of a series from Jacob Kaplan-Moss on work sample tests. jacobian.org Introducing django-browser-reload: Automatically Reload Your Browser in Development adamj.eu Optimizing Performance with a Read-Replica Database Adding a read-replica database to a Postgres database on AWS Aurora cluster. kogan.com Tutorials Build an NFT rarity tool with Django Learn how to build an NFT rarity tool with Django, celery for asynchronous tasks, and web3.py to interact with the Ethereum blockchain. justdjango.com Sponsored Jobs Sr. Python Developers — APPLY NOW Want to make an IMPACT? Join our global team of experts, and improve our … -
Customer UX Feature - Building SaaS with Python and Django #122
In this episode, I added some user experience (UX) polish to my Django app to fill in a gap where users couldn’t quickly jump to their proper school year when their homeschool is between school years. We cleaned up the view, modified a template, and wrote the test to prove that the change works. -
Volunteer Responsibility Amnesty Day
Tomorrow is Volunteer Responsibility Amnesty Day, a day to reflect on your responsibilities as a volunteer and, if any of them are too burdensome, set them down. I’m observing it this year; here’s how and why. -
Authenticating users in Graphql with Django session authentication
We know that in JavaScript, cookies can travel over AJAX requests as long as the request comes from the same origin, and goes to the same origin. In other words, an AJAX request from https://www.pluto.com/ to https://www.pluto.com/api/ carries any cookie currently set in the browser, by sending them in a Cookie header. What this means in a Django project for example is that if a user is authenticated, and a template happens to make an AJAX request to the same backend, authentication credentials are transmitted by default. In Django, the authentication cookie stored in the browser is called sessionid by default. In fact, by examining the headers of a WSGIRequest or ASGIRequest for an authenticated user in Django, we should be able to see something along these lines: { 'Cookie': 'sessionid=g9eflhxbeih1lgmslnybt5dn21zgk28t'; csrftoken=D3DtmfPKxriKMoy70eYikf8pUEVMTy3bDTczk8Ni0BNFVArAWg9oGat5V8PfKQW1 } Such a request means that the user issuing the request is indeed authenticated. Here's the crazy idea: if you use GraphQL under Django session auth umbrella, you can use validate the sessionid cookie in the resolver itself. Here's how. Validating sessionid in a GraphQL resolver Consider the following Ariadne GraphQL resolver: @mutation.field("replyUpdate") def reply_update(_obj: Any, info: GraphQLResolveInfo, reply): """Resolver for reply update.""" request: ASGIRequest = info.context["request"] # … -
My site's now NextJS - And I (almost) regret it already
My personal blog was a regular Django website with jQuery (later switched to Cash) for dynamic bits. In December 2021 I rewrote it in NextJS. It was a fun journey and NextJS is great but it's really not without some regrets. Some flashpoints for note and comparison: React SSR is awesome The way infinitely nested comments are rendered is isomorphic now. Before I had to code it once as a Jinja2 template thing and once as a Cash (a fork of jQuery) thing. That's the nice and the promise of JavaScript React and server-side rendering. JS bloat The total JS payload is now ~111KB in 16 files. It used to be ~36KB in 7 files. :( Before After Data still comes from Django Like any website, the web pages are made up from A) getting the raw data from a database, B) rendering that data in HTML. I didn't want to rewrite all the database queries in Node (inside getServerSideProps). What I did was I moved all the data gathering Django code and put them under a /api/v1/ prefix publishing simple JSON blobs. Then this is exposed on 127.0.0.1:3000 which the Node server fetches. And I wired up that that … -
My site's now NextJS - And I (almost) regret it already
My personal blog was a regular Django website with jQuery (later switched to Cash) for dynamic bits. In December 2021 I rewrote it in NextJS. It was a fun journey and NextJS is great but it's really not without some regrets. Some flashpoints for note and comparison: React SSR is awesome The way infinitely nested comments are rendered is isomorphic now. Before I had to code it once as a Jinja2 template thing and once as a Cash (a fork of jQuery) thing. That's the nice and the promise of JavaScript React and server-side rendering. JS bloat The total JS payload is now ~111KB in 16 files. It used to be ~36KB in 7 files. :( Before After Data still comes from Django Like any website, the web pages are made up from A) getting the raw data from a database, B) rendering that data in HTML. I didn't want to rewrite all the database queries in Node (inside getServerSideProps). What I did was I moved all the data gathering Django code and put them under a /api/v1/ prefix publishing simple JSON blobs. Then this is exposed on 127.0.0.1:3000 which the Node server fetches. And I wired up that that … -
Django News - Django REST Framework 3.13 released! - Dec 17th 2021
News Django REST Framework 3.13 released The newest major release of Django REST Framework is out! It includes Django 4.0 compatibility and a host of new features. django-rest-framework.org Python Software Foundation News: PyPI User Feedback Summary The PSF conducted a series of three surveys to identify key user requirements that have not been addressed so far. This post summarizes the feedback received and decisions made as a result. blogspot.com Standalone CLI: Use Tailwind CSS without Node.js Tailwind CSS CLI gives you the full power of Tailwind ÇSS in a self-contained executable without no Node.js or npm required. tailwindcss.com Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles Anti-Patterns When Building Container Images A list of recurring Docker anti-patterns and suggestions to avoid them or refactor them into something better. github.io The definitive guide to modeling polymorphism in Django Polymorphism allows you to use one type of object to work with multiple kinds of data. There are multiple ways to model polymorphism in Django as demonstrated in this article. confuzeus.com Why you should check-in your node dependencies by Jack Franklin From a member of … -
Introducing django-browser-reload: Automatically Reload Your Browser in Development
Hitting “refresh” to see your changes is an instinct many web developers develop. But it’s a small waste of time that adds up to many hours per year spent waiting. It’s a sub-optimal development experience (DX). Django’s development server reloads itself when you change code, but it does not tell the browser to reload. And it does not do anything when a template or static asset changes. Framework-Agnostic Tools There various framework-agnostic tools out there to address these shortcomings, but I’ve often found they have shortcomings. For a start, they’re an extra thing to install, normally in a different language, requiring e.g. Node.js to be set up. And they normally wrap the server, so you have to run both the tool and Django’s runserver. Perhaps the biggest potential drawback of such reloaders is that they watch project files a second time, whilst Django is already watching them. This can take a lot of CPU if done without OS-specific API’s (Django can do that with Watchman, which you should definitely set up). django-browser-reload Whilst I’m working on my upcoming Django DX book, I have thought about this problem on-and-off. I came up with an idea for a browser reloader that could …