September 2008
Sept. 13, 2008
Django snippets: Orderable inlines using drag and drop with jQuery UI. Code example from my PyCon tutorial on customising the Django admin interface.
I love Zeppelins, and you should too (via) Slides from my PyCon UK lightning talk on Zeppelins. I’ve annotated them using SlideShare comments.
Sept. 14, 2008
Goon City. Every internet meme ever, rendered in pixel art. See if you can find the Zeppelin.
Using Python and Stompserver to Get Started With Message Queues. An eminently practical guide to this year’s Hot New Thing (for web developers at least) from Gareth Rushgrove.
Sept. 15, 2008
Google wants your Hotmail, Yahoo and AOL contacts. And they’re using the password anti-pattern to get them! Despite both Yahoo! and Hotmail (and Google themselves; not sure about AOL) offering a safe, OAuth-style API for retrieving contacts without asking for a password. This HAS to be a communications failure somewhere within Google. Big internet companies stand to lose the most from widespread abuse of the anti-pattern, because they’re the ones most likely to be targetted by phishers. Shameful.
django-batchadmin (via) Seriously classy reusable Django app that adds batch editing (multiple delete by default, with hooks to add your own custom batch actions) to the Django admin changelist screen, using best practice techniques of sub-classing ModelAdmin and hence requiring no patches to Django core itself.
Kevin Teague explains the Python packaging ecosystem. The distinction between setuptools, PyPI, distutils, eggs, easy_install, pkg_resources and zc.buildout used to make my head spin. Kevin Teague’s outstanding explanation made it all make sense.
Gearshift. Whoa, a full migrations library written in JavaScript for Gears (which uses SQLite for its data store).
DjangoCon and PyCon UK
September is a big month for conferences. DjangoCon was a weekend ago in Mountain View (forcing me to miss both d.Construct and BarCamp Brighton), PyCon UK was this weekend in Birmingham, I’m writing this from @media Ajax and BarCamp London 5 is coming up over another weekend at the end of this month. As always, I’ve been posting details of upcoming talks and notes and materials from previous ones on my talks page.
[... 446 words]dConstruct 2008 notes. I missed this year’s d.Construct due to DjangoCon, but from Alastair Campbell’s notes it looks like it was the best one yet.
Documents Reveal Django Pony, Caught In Tail Of Lies. whytheluckystiff. Enough said.
Sept. 16, 2008
YouTube: djangocon tag. Google have started posting videos of presentations at DjangoCon on YouTube.
YouTube Playlist: DjangoCon 2008 Sessions. YouTube’s tag and search indexes appear to lag behind the main site by quite a while; this appears to be the definitive index page for videos of talks at DjangoCon.
Sept. 17, 2008
When Ajax Attacks! Web application security fundamentals. Slides and (other people’s) notes from my presentation at @media Ajax on Tuesday.
Frame-Busting Gadgets. I’ve always been slightly suspicious of the Google Gadgets / OpenSocial idea of sandboxing untrusted third party content in an iframe. Sure enough, it turns out iframe busting scripts work in Gadgets, meaning a seemingly harmless gadget could potentially launch a phishing attack.
DjangoCon and learning from Zope 2. Mark Ramm presented probably the most thought-provoking talk at DjangoCon. He’s started writing it up as a series of posts.
Sept. 18, 2008
We’re Never Content. Amazon will be releasing a proper edge caching CDN on top of S3 “before the end of the year”.
The Palin hack didn't require any real skill. Instead, the hacker simply reset Palin's password using her birthdate, ZIP code and information about where she met her spouse - the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.
Sept. 20, 2008
Tell-a-Friend: Leverage Word of Mouth Marketing. I’d love to know how they intend to stop this free widget from becoming the world’s most popular spam proxy. And of course, they abuse the password anti-pattern despite the existence of safe API alternatives to address book scraping.
How Companies Pay Artists to Include Brands in Lyrics. “We just feel that if it’s a product that’s admired by the artist and fits his/her image, we now have the capability of leveling out the playing field and making things financially beneficial for all parties involved.” Charming.
When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday.
Beware the time-eater: Cambridge University’s monstrous new clock. Beware the Chronophage, my son.
OAuth Playground (via) Neat OAuth API explorer from the Google Data APIs team.
Django’s release process. Django is moving to time-based releases, with minor releases (new features but no backwards incompatible changes) approximately every six months.
Django version 1.1 roadmap. Django 1.1 is due out in March, but the deadline for feature proposals is November the 7th.
Sept. 21, 2008
Introducing the Django Debug Toolbar. Another project inspired by DjangoCon: a component based debugging toolbar for Django. I like the architecture so far.
backup_to_s3.py. I wrote Yet Another S3 backup script today. It’s a thin wrapper about boto that doesn’t do anything particularly impressive, but it fits my brain.
RestView—a class for creating a view that dispatches based on request.method (via) I finally got around to writing up a simple approach I’ve been using for REST-style view functions in Django that dispatch based on request.method.
Sept. 22, 2008
Accessibility Experiment. Joe Walker asks what would happen if we threw away the idea of serving the same accessible site to every user and instead tried building specific versions aimed at different disabilities.
Yahoo could also have followed Gmail's lead, and disabled the security-question mechanism unless no logged-in user had accessed the account for five days. This clever trick prevents password "recovery" when there is evidence that somebody who knows the password is actively using the account.