Django community: RSS
This page, updated regularly, aggregates Community blog posts from the Django community.
-
Restricting django to one user concurrent session only
Here's the tiny code that helps you avoid multiple users logged using the same account. # -*- coding: utf-8 -* from django.conf import settings from django.core.cache import cache, get_cache from django.utils.importlib import import_module class UserRestrictMiddleware(object): def process_request(self, request): """ Checks if different session exists for user and deletes -
Committers Needed For Tastypie & Haystack
Committers Needed For Tastypie & Haystack -
Hardening Your Web Server’s SSL Ciphers
There are many wordy articles on configuring your web server’s TLS ciphers. This is not one of them. Instead I will share a configuration which is both compatible enough for today’s needs and scores a straight “A” on Qualys’s SSL Server Test. Disclaimer: I’m updating this post continually in order to represent what I consider the best practice in the moment – there are way too many dangerously outdated articles about TLS-deployment out there already. Therefore it may be a good idea to check back from time to time because the crypto landscape is changing pretty quickly at the moment. You can follow me on Twitter to get notified about noteworthy changes. If you find any factual problems, please reach out to me immediately and I will fix it ASAP. Rationale If you configure a web server’s TLS configuration, you have primarily to take care of three things: disable SSL 2.0, and – if you can afford it – SSL 3.0 (Internet Explorer 6 is the last remaining reason to keep it around; you can’t have elliptic curve crypto with SSL 3.0 and downgrade attacks exist), disable TLS 1.0 compression (CRIME), disable weak ciphers (DES, RC4), prefer modern ciphers (AES), … -
Team Django update
Bug JuiceTomorrow Team Django is responsible for presenting a set of contributions we plan on making towards the open source project, Django. With the help of Django's ticket tracker the team was able to break down the possible contributions into four general types: documentation creation or fixing, unit test creation, bug fixing, or feature request. After perusing the ticket tracker over the course of the past few weeks, we have narrowed down the list of potential contributions to the set of planned contributions found here. In order to arrive at the final list, each team member was required to select at least one outstanding ticket, and detail how they planned to resolve the ticket's issue. If things go smoothly we plan to address more tickets, but initially we thought it was wise to keep the list small and manageable.I have chosen to tackle ticket #9532 which is a new feature request. Currently Django users can specify the maximum number of forms of a particular type to be displayed. However the user can not designate the minimum number of forms to be displayed. The user requesting the feature offered the following use case: "I want an address formset that displays all addresses that have … -
Testejar app Django
Una de les coses que me fan més peresa quan he de crear una nova aplicació Django és tenir que configurar una aplicació per poder-ne fer els tests quan sols estàs fent un mòdul que serà reutilitzable per a altres aplicacions. Una vegada s'ha fet l'aplicació el que voldria és poder-ho testejar sense tenir que configurar tot un projecte i no acabava de trobar-ho del tot fins que vaig veure la manera en que ho feia Brutasse a django-password-reset. L'aproximació de Brutasse és tenir una projecte Django dins la mateixa applicació que s'està creant, de manera que aquesta es pot testejar sense tenir que crear el projecte sencer i controlant a la mateixa vegada els settings que estam fent servir. És a dir, just el que estava cercant. Aquests darrers dies he estat treballant un poc en una branca de django-mailer2 i l'he refactoritzat per seguir la seva idea a l'hora de fer els unit tests. Una vegada creat el [paquet python] (http://guide.python-distribute.org/index.html) el que es fa es crear un arxiu que serà l'executable que iniciarà els tests. runtests.py per no ser massa originals Creant l'executable Aquí el que fem és configurar l'aplicació com se fos una execució desatesa de … -
Attending FOSDEM 2013
For the 6th consecutive year, I am attending FOSDEM! That’s right, this time I am boarding from Lisbon and I will arrive in Brussels in time for the traditional and epic beer event. I am not giving any talks this year so I will have plenty of time to enjoy the event and all the nice things the city has to offer. Of course, I love a good chat about Free Software over a beer so if you want to know more about some of my projects, let me know. See in Brussels! -
Redis PubSub wrapper for Python
Recently I've found that there's no reasonable simple and useful Redis pub sub examples around. So, here is my dead simple wrapper how to implement it without any unnecessary overhead. -
Taking up the gauntlet: defense of Django
I'm taking up the gauntlet. A gauntlet that has been thrown down with considerable force and eloquence by my colleague Gijs on his new weblog in a post called Django is just an API. The title comes from a similar article about Rails being just an API. Transitioning to modern times We have a big stack of Django apps (called Lizard, 50+ apps) and some 40 sites. I have a quite good description of how it all fits together in a previous post where I told about a pyramid experiment. Summary: we use all of Django (models, templates, views, staticfiles, etc). Reusable apps. Two big core apps that everything inherits from for basic user interface and basic map handling. To quote Gijs: ... we are currently transitioning to API-based de-coupling of back-end and front-end. In other words: a client-side user interface which talks to an API for data. This web app should just be one of the api-consuming clients, not privileged in any way compared to an iPhone or Android native client. So: Django is relegated to the dustbin of history and is mercifully allowed to serve up an API (probably until it is replaced in due course with some … -
Churning behind the scenes
At the moment there are several Evennia projects churning along behind the scenes, none of which I've yet gotten to the point of pushing into a finished state. Apart from bug fixes and other minor things happening, these are the main updates in the pipeline at the moment.Multiple Characters per Player/SessionEvennia has for a long time enforced a clean separation between the Player and the Character. It's a much appreciated feature among our users. The Player is "you", the human playing the game. It knows your password, eventual user profile etc. The Character is your avatar in-game. This setup makes it easy for a Player to have many characters, and to "puppet" characters - all you need to do is "disconnect" the Player object from the Character object, then connect to another Character object (assuming you are allowed to puppet that object, obviously). So far so good. What Evennia currently doesn't support is being logged in with different client sessions to the same Player/account while puppeting multiple characters at the same time. Currently multiple client sessions may log into the same Player account, but they will then all just act as separate views of the same action (all will see the same output, you can … -
Virtualenvwrapper for your production server
Virtualenvwrapper is a popular tool for the Django developer who works on several different projects at the same time. I have not seen much on the web about how this tool can also simplify your production setup, in particular Fabric and crontab. So here's a quick writeup... -
Taking up the gauntlet: defense of Django
I'm taking up the gauntlet. A gauntlet that has been thrown down with considerable force and eloquence by my colleague Gijs on his new weblog in a post called Django is just an API. The title comes from a similar article about Rails being just an API. Transitioning to modern times We have a big stack of Django apps (called Lizard, 50+ apps) and some 40 sites. I have a quite good description of how it all fits together in a previous post where I told about a pyramid experiment. Summary: we use all of Django (models, templates, views, staticfiles, etc). Reusable apps. Two big core apps that everything inherits from for basic user interface and basic map handling. To quote Gijs: ... we are currently transitioning to API-based de-coupling of back-end and front-end. In other words: a client-side user interface which talks to an API for data. This web app should just be one of the api-consuming clients, not privileged in any way compared to an iPhone or Android native client. So: Django is relegated to the dustbin of history and is mercifully allowed to serve up an API (probably until it is replaced in due course with some … -
Virtualenvwrapper for your production server
Virtualenvwrapper is a popular tool for the Django developer who works on several different projects at the same time. I have not seen much on the web about how this tool can also simplify your production setup, in particular Fabric and crontab. So here's a quick writeup... -
Version Control and the Django Tutorial
Subversion Under ControlSimilar to last semester teams are required to use version control, Subversion (SVN) in particular, to manage their project's source code. Last semester's project was my first experience with SVN, which was quite a learning process.Shortly into the creation of the repository the need for standard protocols was realized. In particular the team needed to write succinct commit messages which convey why the commit was made. The message must include what problem was fixed, or if a new feature was added a use case for said feature. Messages which could be found on whatthecommit.com or other similar sites should be avoided at all costs. Eventually the contributing members of the group adopted a standard messaging format which helped greatly with project development. In spite of various issues, gaining firsthand knowledge at how SVN handles conflicts and merges was very educational. After a few frustrating experiences I promptly learned to check for and pull down new versions before starting work on a new task.Despite my previous experiences with SVN I decided to follow along with the exercises in Chapter 4 of The Teaching Open Source (TOS) textbook (link on the sidebar). Unfortunately, I was unable to checkout the tutorial repo as it … -
Hurray for tests: preparing a buildout pull request
Last week, I prepared a pull request for zc.buildout 2.0 to include buildout-versions' functionality in buildout itself. I had looked at the inner workings of buildout before and even prepared a pull request before, but that was a small one. buildout-versions monkeypatches internals of buildout so that it can print a list of picked versions at the end of your buildout run. Quite essential if you want to make your buildouts repeatable. You don't want too many surprises by new versions. So: I integrated a buildout extension that did some buildout-monkeypatching into buildout itself. More specifically into a historically quite involved piece of buildout. Picking the right versions is at the core of buildout, so making a mistake there is a big no-no :-) Where did I get the confidence for making such a pull request? From the tests. There are a lot of tests in buildout's code. They're mostly doctests. Doctests have their drawbacks (and advantages). But they're tests anyhow. And I could find a couple of good spots to add my documentation and tests to test the functionality I was copying over from buildout-versions. And I could be certain that if I broke something, the existing tests would … -
Testing and Django settings
Django uses a from django.conf import settings configuration mechanism, which makes it hard to test. The settings object is global. You have to do set a setting and revert the change at the end of a test; quite messy. You can do a bit better, in such a situation, by using the excellent mock library. But even mock is defeated sometimes by Django's settings. I tried a couple of variants like the following and failed to change the settings: import mock class XYZTest(TestCase) @mock.patch('django.conf.settings.DEBUG', False) def test_xyz(self): # ... # Well, I'm importing settings in my views module... @mock.patch('my_app.views.settings.DEBUG', False) def test_xyz2(self): # ... After some googling I discovered something I totally missed. Django 1.4 has something real useful. The @override_settings decorator. Does exactly what I want it to do: from django.test.utils import override_settings ... class XYZTest(TestCase) @override_settings(DEBUG=False) def test_xyz(self): # ... Hurray! -
Django Extensions 1.0.3
A new version of Django-Extensions just hit PyPi :) We call it: 1.0.3 ChangeLog: FEATURE: notes command now shows BUG tags FEATURE: support SSL in runserver_plus DOCS: Better documentation for runserver plus DOCS: Better documentation for runscript command FIX: truncation on admin widgets FIX: allow AutoSlugField to work with inherited models. FIX: show_templatetags command FIX: RSA public key check for keyzcar encrypted fields FIX: graph_models command for Django 1.5 -
Content types and Django CMS
The new ENB website One of our latest projects to go live is a new website for the English National Ballet. Part of a major rebrand, we completely replaced their old PHP site with a new content-managed site powered by Django CMS. Django CMS is very flexible, largely due to its minimalistic approach. It provides no page templates out of the box, so you can construct your HTML from the ground up. This is great if you want to make a CMS with a really strong design, because there is very little interference from the framework. However, its minimalistic approach also means that you sometimes have to write extra code to tie all the content together. A good example of this is content types. In Django CMS, there is only one content type: Page. It has certain fields associated with it e.g. title, slug, published. Any other information that appears on a page comes courtesy of plugins. The default Django CMS plugins give you everything you need to add arbitrary text, images and video to a page. But what if you want more fields for your page? Let’s say, for example, you are representing a ballet production and you want … -
Djangorecipe updated for the upcoming buildout 2.0
zc.buildout 2.0 is almost finished (the 2.0 beta 1 came out last week). It is mostly a simplified 1.4.4 zc.buildout that is better maintainable. Simplifications include only supporting distribute instead of also setuptools. And not supporting multiple python versions within one buildout: the one you run buildout with is the one that gets used. And it loses the 1.5/1.6/1.7 complexity of selective isolation from system packages. It also gains some stuff like better defaults. And my patch :-), so it supports distutils-style scripts, too. Handy for installing pyflakes and docutils. And, as I discovered a week ago, you can also let it install all scripts of all required packages with the dependent-scripts = true setting. Anyhow, time to update djangorecipe, as there was a small change in the way buildout 2.0 calls a recipe. Not many recipes will be bitten by it: you don't get passed the python executable anymore. This is only useful when you want to use a different python from the one you run your buildout with. So... I could simplify the code, too, by throwing out support for different python versions :-) Good python 3 news! The upcoming django 1.5 (at release candidate status now) works … -
Translating sentences with substitutions
The problem Many programs build up sentences using bits - often a template into which different things might be substituted. However, the things you substitute into a sentence can change the sentence, and vice-versa, in ways that are not anticipated by the programmer. For example, plurals. In English, you might try code like this: if n == 1: return "I have 1 pig" else: return "I have %s pigs" % n Localising these strings gives problems, because the rules for how to create plural forms is different in every language. This specific problem is generally considered 'solved' by the use of gettext, but many more exist. For example, we have another problem as soon as we start substituting nouns: "Delete selected %s?" % object_name Various attributes about the noun could affect the sentence. In French, the adjective "selected" needs to agree in gender with the noun being substituted in. So you cannot lookup the translations for "Delete selected %s" and for object_name separately. (This is a real example picked from Django source code). Further, depending on how the sentence uses the noun, the form of the noun might need to change. For example, the noun might appear in the accusative … -
Beginner's Guide to PyCon 2013 Part II
This is Part II in a series of blog posts about PyCon US 2013. The goal is to provide a handy reference guide for first time attendees of the world's largest Python conference. Part I was mostly about tutorials, this post will be about registration and the first day of talks. Registration If you haven't done so yet, please register now. Last year PyCon sold out way in advance, and hundreds missed the event. Which is a shame, because the conference is awesome! Keep in mind that the money you spend on registration will go towards a very good thing. You see, after the costs for running PyCon are subtracted, the rest will go to the non-profit Python Software Foundation (PSF). In addition to supporting the Python language itself, the PSF provides financial aid and grants for aspiring developers around the world. Which means the money you spend registering for PyCon will literally change people's lives. This isn't an idle exaggeration, this outreach has made a difference for you, me, and arguably the world. I would love to say more, but that's an article for another day... Alright, on to the talks! Talk Attendance Guidelines At PyCon, talks are either … -
Beginner's Guide to PyCon 2013 Part II
This is Part II in a series of blog posts about PyCon US 2013. The goal is to provide a handy reference guide for first time attendees of the world's largest Python conference. Part I was mostly about tutorials, this post will be about registration and the first day of talks. Registration If you haven't done so yet, please register now. Last year PyCon sold out way in advance, and hundreds missed the event. Which is a shame, because the conference is awesome! Keep in mind that the money you spend on registration will go towards a very good thing. You see, after the costs for running PyCon are subtracted, the rest will go to the non-profit Python Software Foundation (PSF). In addition to supporting the Python language itself, the PSF provides financial aid and grants for aspiring developers around the world. Which means the money you spend registering for PyCon will literally change people's lives. This isn't an idle exaggeration, this outreach has made a difference for you, me, and arguably the world. I would love to say more, but that's an article for another day... Alright, on to the talks! Talk Attendance Guidelines At PyCon, talks are either … -
Crafting your Conference Talk Proposal
With the voting period over for DjangoCon Europe talk proposals I wanted to take a couple of minutes and go over what I think makes a good conference talk proposal and a couple of things that you shouldn’t do. Keep it Informative A lot of people try to be funny in their proposals but miss out on the key points. Your proposal should include a brief description of what you’ll be talking about, the audience that it’s intended for and anything else that you think would be useful for the audience. Keep it Short Conferences get a lot of talk proposals. PyCon US got 450 submissions for 114 slots. DjangoCon Europe got 74 submissions for 20 slots. With such competition the reviewers have to go over a lot of content. It’s important to keep your proposal short and sweet so you don’t bore the reviewers and risk them skipping over your talk. I haven’t done any statistical analysis but a brief look over the proposals for DjangoCon EU makes it look like the sweet spot for proposal length is 4-7 sentences. Shorter and the reviewers can’t get enough relevant information, longer they get bored and go on to the next … -
Pjax vs JSON
At DjangoCon US 2012 I asked a question about performance after the BDFL keynote on Pjax. Asking about performance is never a good idea since it is never the most important thing. I was attempting to evaluate Pjax versus the plethora of Javascript based rendering that was being discussed. A common idea was to use the same template language in Django as you use in Javascript. The Meteor keynote explained that just sharing a template language doesn't solve the hard problems of passing the data and the logic about pre-rendering the data to the client. The Django template language is very simple, but it still lets you indirectly run arbitrarily complex code. All of that logic either has to be reimplemented on the client or the results magically exposed there. Pjax keeps rendering of templates on the server side and uses push state and ajax to optimize the user experience by avoiding page refreshes. Blocks of HTML are send from the server and installed on the existing page. I was looking for a comparison of the performance of Pjax vs Javascript rendering, which in the end isn't a simple question to answer. Even so I think it is worth having … -
Pjax vs JSON
At DjangoCon US 2012 I asked a question about performance after the BDFL keynote on Pjax. Asking about performance is never a good idea since it is never the most important thing. I was attempting to evaluate Pjax versus the plethora of Javascript based rendering that was being discussed. A common idea was to use the same template language in Django as you use in Javascript. The Meteor keynote explained that just sharing a template language doesn't solve the hard problems of passing the data and the logic about pre-rendering the data to the client. The Django template language is very simple, but it still lets you indirectly run arbitrarily complex code. All of that logic either has to be reimplemented on the client or the results magically exposed there. Pjax keeps rendering of templates on the server side and uses push state and ajax to optimize the user experience by avoiding page refreshes. Blocks of HTML are send from the server and installed on the existing page. I was looking for a comparison of the performance of Pjax vs Javascript rendering, which in the end isn't a simple question to answer. Even so I think it is worth having … -
Getting to know the Django Community
Joining the ProjectIn order to ascertain a better sense of the community surrounding Django, I followed the advice listed on the project's Contributing to Django page. Initially I began by joining their Internet Relay Chat (IRC) channels on freenode.net. Not wanting the hassle of determining which IRC client to use, I opted for the webchat service on freenode. Although it has been well over a decade since my last ventures into IRC, it appeared not much had changed on the surface, but I am positive as I continue to use IRC I will begin to find the changes.The django project currently operates two IRC channels, #django for django users, and #django-dev for django development. Unsurprisingly, there was stark difference between the two rooms. #django was lively with several users asking questions of various complexities. While not all of the questions were answered (at least in the main chat), the answers provided were in a polite and helpful fashion. In contrast #django-dev was completely silent. Additionally while I can peruse the #django logs at http://django-irc-logs.com/ I am currently unable to find a similar logging site for the developers channel.FunkyBob once again solving a user's issue.The next step in the process of acclimating …
