Django community: RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Django at UC Berkeley - Mohammed Shamma and Matthew Newton
Mohammed on TwitterMatthew on TwitterBerkeley’s Nobel laureatesGive @BerkeleyhtmxSupport the ShowThis podcast does not have any ads or sponsors. To support the show, please consider purchasing a book, signing up for Button, or reading the Django News newsletter. -
On Receiving the Malcolm Tredinnick Award
In December I was awarded the Malcolm Tredinnick Award. This is an annual award, selected by nominations from anyone in the Django community. I’m incredibly honoured to have been selected, joining a fine list of past recipients. I’ve been inspired by every one of them. Malcolm’s Legacy Malcolm Tredinnick was an active member of the Django community from its early days. He joined as a core developer from the early days of the project, especially focusing on the ORM. He contributed until his sudden death in 2013. The Django Software Foundation founded the prize in his honour later that year. I don’t believe I ever interacted with Malcolm. I was less than a year into my Django journey when he passed away, before I engaged with the community. But I have encountered his traces on the web, especially in Django’s ticket tracker and the django-developers mailing list. Malcolm gave many talks about Python, Django, and other programming adventures. I’ve watched a few on YouTube. I particularly enjoyed his DjangoCon 2012 talk “The Dungeon Master's guide to Django's ORM”, which explains the history of the ORM code, relevant to this day. A Personal Note I’m very grateful for receiving the prize … -
Go Fast With Django
In the last Understand Django article, we learned about commands. Commands are the way to execute scripts that interact with your Django app. With this article, we’re going to dig into performance. How do you make your Django site faster? Keep reading to find out. From Browser To DjangoURLs Lead The WayViews On ViewsTemplates For User InterfacesUser Interaction With FormsStore Data With ModelsAdminister All The ThingsAnatomy Of An ApplicationUser AuthenticationMiddleware Do You Go? -
Book Review: Powerful (Patty McCord)
Patty McCord was Netflix’s first head of HR and a member of its executive team for 14 years. She (along with Reed Hastings, Netflix’s founder and CEO). She’s probably best known as the co-author (with Hastings) of Netflix’s famous Culture Deck, a 125-slide deck that lays out Netflix’s unusual culture. Powerful is a deep examination of that culture and its ramifications. It’s one of the better dissections of what “culture” really is and how it works. I recommend it to anyone in a position to influence company culture. You may or may not want to mimic Netflix, but thinking through which parts of Netflix’s culture you do and don’t want to mimic is an excellent exercise – it certainly was for me. -
How to Add a Favicon to Your Django Site
Your site’s favicon appears in the browser tab, and is a key way to brand your site. Setting up a favicon is a simple task, but once you start considering vendor-specific icons, it becomes more complicated. In this post we’ll cover: what the HTML specification says about favicons browser support two simple ways to serve a favicon from Django the vast world of vendor-specific icons generating and serving a bunch of vendor-specific icons with RealFaviconGenerator Alright, let’s get into it. To Specify an Icon, or Not The HTML specification defines two ways to specify a site’s icon (source). First, you can add one or more <link>s with rel=icon to your page’s <head>. The browser will then pick between these and use the most appropriate (that works): <link rel=icon href=favicon-16.png sizes=16x16 type=image/png> <link rel=icon href=favicon-32.png sizes=32x32 type=image/png> The browser may pick based on size or advertised file type. Second, if you don’t list any such <link>s, the browser will automatically request /favicon.ico and use that, if it’s a supported image. .ico is the file suffix for Microsoft Windows icons, but you don’t need to use this file type. Browsers always obey the Content-Type header, so you can serve other image types. … -
Security 101: Securing file downloads
One of the most common way to handle user uploaded content is persisting the data to disk, or uploading it to an object store like AWS S3. Serving the content back to the user (or others) often is handled by returning the URL to the file. What is oftentimes missing is proper authentication and authorization, as engineers seem to believe no one will leak URLs, run enumeration attacks or simply try random strings. This is not just a data breach waiting to happen, it is one happening way too often. In this post we will look at three options how this can be solved. The examples which you can find in the demo repository are written in Python, using Django. All three should work just fine in basically any modern language and framework used for web development, and with most web servers and reverse proxies such as Nginx. I am using Caddy, as the configuration is concise and simple to follow. For all examples you can upload a file via Django Admin and browse and download the files by visiting /. All examples only check if the user is authenticated. In a real system you will most likely want to … -
Security 101: Securing file downloads
Security 101: Securing file downloads One of the most common way to handle user uploaded content is persisting the data to disk, or uploading it to an object store like AWS S3. Serving the content back to the user (or others) often is handled by returning the URL to the file. What is oftentimes missing is proper authentication and authorization, as engineers seem to believe no one will leak URLs, run enumeration attacks or simply try random strings. This is not just a data breach waiting to happen, it is one happening way too often. In this post we will look at three options how this can be solved. The examples which you can find in the demo repository are written in Python, using Django. All three should work just fine in basically any modern language and framework used for web development, and with most web servers and reverse proxies such as Nginx. I am using Caddy, as the configuration is concise and simple to follow. For all examples you can upload a file via Django Admin and browse and download the files by visiting /. All examples only check if the user is authenticated. In a real system you … -
Set up EditorConfig for Your Django Project
This post is an adapted extract from my book Boost Your Django DX, available now. The “tabs versus spaces” war is scheduled to rage on until the heat death of the universe. And whilst the Python ecosystem is firmly in the “spaces” camp, there remain numerous other text formatting options. Inconsistent text formatting between team members can lead to unnecessary editing and even bugs. So it’s best to normalize text formatting in your projects. EditorConfig is a standard for text editor configuration. It’s built-in to many text editors, such as PyCharm and GitHub’s web editor. For other text editors, you need to install a small plugin, available for nearly every text editor under the sun. To set up EditorConfig for your project, create a file called .editorconfig the root of your repository. Note the . prefix, which makes the file hidden on Unix systems. The .editorconfig file uses INI file syntax, as parsed by Python’s configparser module. Here is a .editorconfig file suitable for most Django projects: # http://editorconfig.org root = true [*] charset = utf-8 end_of_line = lf indent_style = space indent_size = 2 trim_trailing_whitespace = true insert_final_newline = true [*.py] indent_size = 4 Here’s what this configuration does: … -
Meet the New Owners of Caktus
Nearly every week, I receive an email or two from a third party expressing interest in buying Caktus. As a matter of habit, I don't open them, let alone respond. Most are scattershot, venture capital firms looking for Software-as-a-Service companies (which Caktus is not). But when an employee approached me in 2018 expressing an interest in making Caktus employee-owned, I listened. Since 2018, we've been working to identify what employee ownership might look like at Caktus. The employee who originally brought up the idea has since moved on, but the idea took hold. We formed an eight member steering committee made up of interested (and skeptical) people from a cross section of the wider team. The steering committee was charged with crafting a proposal to present to the entire company. The effort also involved the assistance of an outside non-profit organization that assists with employee ownership transitions, as well as our existing legal and accounting advisors. In the summer of 2020, the steering committee presented the proposal to the rest of the company, and determined that we had the buy-in necessary to move forward. Since that time, we've been working with our advisors to finalize the legal and accounting aspects … -
Django News - Python is #1 Programming Language - Jan 14th 2022
News Python Programming Language of the Year 2021 Python is #1!!! tiobe.com Sphinx and Markdown around the world in 2021 Read the Docs is adding more Markdown features. readthedocs.com Django Discord Server Django now has an approved Discord Server to hang out on for anyone who likes Discord. discord.com Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles Five Tips For a Healthier Postgres Database in the New Year A year-end wrap-up of 5 things you can do for a healthier Postgres database next year. crunchydata.com Removing Python 3.6 Support from My Packages by Adam Johnson Python 3.6 reached its end of life on the 23rd December and Adam describes how he removed it from all his third-party packages using the myrepos tool. adamj.eu How I build a feature While not directly Django-related, Simon Willison steps us through his development and workflow for creating new software features from creating an issue, writing release notes, and then telling the world about it. simonwillison.net Design Articles Grid for layout, Flexbox for components While not a new post, this article helped me wrap my head around … -
How to setup Django with Pytest on GitHub Actions
Someone recently asked me When is a good time to get automated testing setup on a new Django project? The answer is "now". There are other good times, but now is best. In this post I'll briefly make my case for why, and show you an example of a minimal … -
Book-Driven Development from “Boost Your Django DX”
On Monday I released my new book “Boost Your Django DX”. It covers many tools and practices that are useful for developing Django projects. Whilst writing I often try to describe something and find it hard to explain, or suboptimal in some way. Since I want to make things as easy as possible for readers, this process leads me to make open source improvements, or new packages. I have taken to calling this process Book-Driven Development. Here’s a list of the more interesting packages and contributions I made whilst writing this book. New package: django-browser-reload Chapter 5 of the book covers ways to enhance Django’s development server, runserver. Whilst writing it, I took some time to research tools for automatically reloading the web browser files change. I knew of some tools out there, I had just never seen any that were easy to set up. Most relied on running an extra Node.js process and proxy server, which felt like way too much for my tastes. After a little bit of digging, I decided to try my hand at writing my own browser reloader. My proof-of-concept worked so well that I spent the next day turning it into a package. And … -
Introduction to Django Channels
This tutorial shows how to use Django Channels to create a real-time application. -
“Boost Your Django DX” Released
My new book, Boost Your Django DX is out now. I’m so glad it has shipped and I can relax, a bit 😅 If you didn’t see it yet, here’s the short blurb: During my years working with Django, I’ve picked up many tools and techniques to boost my Developer Experience, or DX. This book covers as many of these as possible, so you can learn them too! Many thanks to the 188 people who preordered: you should all receive an email from Gumroad. If you didn’t preorder, you can buy now at full price. It’s $39 for an individual license, with higher tiers for team licenses. It comes as a watermarked PDF, an ePub, an AZW3 (Kindle), and a zip file of resources. Full Table of Contents Here is the full table of contents in this first version: Origin This Book, and Not This Book Read in Any Order On the Included Examples "resources.zip" Versions Commands Snipping Source Control Django Projects Acknowledgements Changelog Documentation DevDocs: The Free Rapid Documentation Tool Get Started and Set Up Django’s Docs Perform a Basic Search Search a Single Documentation Source Reset the Search Box Visit the Original Documentation Site Download Documentation Sources for … -
Django News - Django Developers Survey 2021 Results - Jan 7th 2022
News Django Developers Survey 2021 Results Results are now live for the official Django Developers Survey. Over 7,000 Django users responded from almost 140 countries. jetbrains.com Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 Three new security updates. Time to upgrade! djangoproject.com Pillow 9.0.0 Release Notes This release is dedicated to the memory of Fredrik Lundh, aka Effbot, who died in November 2021. Fredrik created PIL in 1995 and he was instrumental in the early success of Python. Fredrik's Effbot website was how many of us first learned about Python. Effbot created PIL and Pillow 9.0.0 is dedicated in his memory. readthedocs.io Events PyTexas 2022: Health and Safety Guidelines PyTexas posted its health and safety guidelines. Their Call For Proposals (CFP) closes on January 12th, 2022, 23:59 CST. pytexas.org Sponsored Link Error monitoring for Django Developers. Track and debug exceptions in record time so you can get back to doing what you love. honeybadger.io Articles Feature flags and waffles · Matt Layman Feature flags are a way to soft launch and then toggle on or off new features, especially in conjunction with the third-party django-waffle package. mattlayman.com My (free) Django monitoring stack for 2022 An overview of several free and … -
Year in Review: 2021
A round up of my writing in 2021: what were my goals? How’d I do? And some statistics. -
Orai: Project Planning with Neo4j
A student project was developed though Florida Atlantic University’s Senior Design Program by student team Logic13.BackgroundSprint cycles are an extremely common way for development teams to plan and execute the development of projects. This agile method can be used by a variety of different development teams. Working in sprint cycles allows teams to get fast feedback, improve their product’s quality, reduce risk, and it makes it easier to stay on schedule.The ProblemProject Managers must work carefully to make sure the sprint cycles can flow as best as possible with minimal stagnation. To do so, Project Managers set aside time for sprint planning where they can create a road map of what tasks need to be done in what order so that the project can progress and be completed. This can be especially difficult to accomplish since some tasks can be more important or more complicated than others or rely on the completion of other tasks before they may be worked on.The SolutionThe Orai application is a recommendation engine built around project management data. It combines the querying power of the Neo4j graph database with the flexibility of the Django web framework using the django-neomodel plugin.GitHub - Group13-FAU/OraiThe Orai system monitors … -
Work Sample Tests: Wrap Up and Q&A
This is the final post in my series on work sample tests. It’s a wrap-up post: I’ll address a few random points I couldn’t quite fit in elsewhere, and answer some questions from readers. -
PDF Bundle Report - Building SaaS with Python and Django #123
In this episode, we started work on a new feature for the homeschool application. This feature is a report bundle that will add PDFs of all school year activities to a zip archive for a customer’s record keeping purposes. -
PDF Bundle Report - Building SaaS #123
In this episode, we started work on a new feature for the homeschool application. This feature is a report bundle that will add PDFs of all school year activities to a zip archive for a customer’s record keeping purposes. -
My Third Appearance on Django Chat
I’ve again had the pleasure of joining Carlton and Will on the Django Chat podcast, in Episode #105. They moved fast with this one - we spoke yesterday, and the podcast is live today! We talked about several topics: My soon-to-be-released book! (Not that much actually, considering it’s the episode title.) Yesterday’s security release The Malcolm Tredinnick memorial prize The Django technical board Contributors to Django django-upgrade, my tool for upgrading Django code django-browser-reload, my recent package for automatically reloading the browsers Some recent contributions to Django, big and small Django Chat is a fantastic podcast, which I always enjoy listening to. It was great to be back on. Listen on the episode page or your favourite podcast consumption channel. Enjoy! —Adam -
Pagination in Django
This article looks at how to add pagination to a Django project. -
Boost Your Django DX - Adam Johnon
LINKSPersonal websiteBoost Your Django DX - Preorder the New BookMalcolm Tredinnick Memorial PrizeDjango Technical Board Election ResultsFinding the new (and old) contributors to Django 4.0django-upgradedjango-browser-reloadToday’s Django Security Release Deconstructed (4.0.1, 3.2.11, and 2.2.26)SQLite function optimization and PRSignal Receiver Functions tidy up and PROne Line Django Docs Change and PRSupport the ShowThis podcast does not have any ads or sponsors. To support the show, please consider purchasing a book, signing up for Button, or reading the Django News newsletter. -
Copy Shared Values Before Mutating Them
Here’s a small problem I’ve seen when copying values from another module. It came up in the context of a Django project with multiple settings files, but it could happen in any Python context. Imagine you have two submodules defining API_CONFIG as a “constant” dict. The development submodule should copy the value in base, but use a different value for the "rate_limit" key. Your example/base.py might look like: API_CONFIG = { # ... "rate_limit": "10/m", # ... } Then in example/development.py you could have: from example.base import API_CONFIG API_CONFIG["rate_limit"] = "100/m" By importing from base, the development module doesn’t need to completely redefine API_CONFIG. Great - the redundant repetition is reduced. But can you see the flaw in this approach? The problem is that API_CONFIG is the same dict in both modules. The change in development “leaks” back to base: In [1]: from example import base, development In [2]: development.API_CONFIG["rate_limit"] '100/m' In [3]: base.API_CONFIG["rate_limit"] '100/m' Eek! Okay, this might not always manifest as a problem. In the context of Django, it’s only possible to activate one settings file per process, so if you activated “development” the values in “base” won’t be needed. But it could be a problem if you … -
Today’s Django Security Release Deconstructed (4.0.1, 3.2.11, and 2.2.26)
Happy new year, and happy new upgrade! Django has issued a new security release today. This is the first set of security fixes that I’ve been involved in, so I thought I’d take the opportunity to explain the issues in a bit more depth. I’d also like to surface and praise those working tirelessly behind the scenes to find and fix these problems! They truly help keep Django on top of its security game. 1. CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator The UserAttributeSimilarityValidator password validator ensures that a provided password isn’t too similar to the user’s other attributes, such as their email address. It’s not a good idea to allow user@example.com to have password user@example.com, even with a few characters changed! The validator is active by default in the AUTH_PASSWORD_VALIDATORS setting from Django’s startproject template. If a user posted a large password (100k+ chars) to a registration form, it could lead to several seconds of runtime in UserAttributeSimilarityValidator. This makes it a DoS vector, where an attacker making many registration requests could make your site unresponsive. The fix avoids the comparison when the password is significantly longer than an attribute, as the similarity is guaranteed to be low. Thanks to Chris …
