Blogmarks
Filters: Sorted by date
Is your Rails application safe? (via) update_attributes(params[:foo]) in ActiveRecord is an anti-pattern.
Accessibility Experiment. Joe Walker asks what would happen if we threw away the idea of serving the same accessible site to every user and instead tried building specific versions aimed at different disabilities.
RestView—a class for creating a view that dispatches based on request.method (via) I finally got around to writing up a simple approach I’ve been using for REST-style view functions in Django that dispatch based on request.method.
backup_to_s3.py. I wrote Yet Another S3 backup script today. It’s a thin wrapper about boto that doesn’t do anything particularly impressive, but it fits my brain.
Introducing the Django Debug Toolbar. Another project inspired by DjangoCon: a component based debugging toolbar for Django. I like the architecture so far.
Django version 1.1 roadmap. Django 1.1 is due out in March, but the deadline for feature proposals is November the 7th.
Django’s release process. Django is moving to time-based releases, with minor releases (new features but no backwards incompatible changes) approximately every six months.
OAuth Playground (via) Neat OAuth API explorer from the Google Data APIs team.
Beware the time-eater: Cambridge University’s monstrous new clock. Beware the Chronophage, my son.
When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday.
How Companies Pay Artists to Include Brands in Lyrics. “We just feel that if it’s a product that’s admired by the artist and fits his/her image, we now have the capability of leveling out the playing field and making things financially beneficial for all parties involved.” Charming.
Tell-a-Friend: Leverage Word of Mouth Marketing. I’d love to know how they intend to stop this free widget from becoming the world’s most popular spam proxy. And of course, they abuse the password anti-pattern despite the existence of safe API alternatives to address book scraping.
We’re Never Content. Amazon will be releasing a proper edge caching CDN on top of S3 “before the end of the year”.
DjangoCon and learning from Zope 2. Mark Ramm presented probably the most thought-provoking talk at DjangoCon. He’s started writing it up as a series of posts.
Frame-Busting Gadgets. I’ve always been slightly suspicious of the Google Gadgets / OpenSocial idea of sandboxing untrusted third party content in an iframe. Sure enough, it turns out iframe busting scripts work in Gadgets, meaning a seemingly harmless gadget could potentially launch a phishing attack.
When Ajax Attacks! Web application security fundamentals. Slides and (other people’s) notes from my presentation at @media Ajax on Tuesday.
YouTube Playlist: DjangoCon 2008 Sessions. YouTube’s tag and search indexes appear to lag behind the main site by quite a while; this appears to be the definitive index page for videos of talks at DjangoCon.
YouTube: djangocon tag. Google have started posting videos of presentations at DjangoCon on YouTube.
Documents Reveal Django Pony, Caught In Tail Of Lies. whytheluckystiff. Enough said.
dConstruct 2008 notes. I missed this year’s d.Construct due to DjangoCon, but from Alastair Campbell’s notes it looks like it was the best one yet.
Gearshift. Whoa, a full migrations library written in JavaScript for Gears (which uses SQLite for its data store).
Kevin Teague explains the Python packaging ecosystem. The distinction between setuptools, PyPI, distutils, eggs, easy_install, pkg_resources and zc.buildout used to make my head spin. Kevin Teague’s outstanding explanation made it all make sense.
django-batchadmin (via) Seriously classy reusable Django app that adds batch editing (multiple delete by default, with hooks to add your own custom batch actions) to the Django admin changelist screen, using best practice techniques of sub-classing ModelAdmin and hence requiring no patches to Django core itself.
Google wants your Hotmail, Yahoo and AOL contacts. And they’re using the password anti-pattern to get them! Despite both Yahoo! and Hotmail (and Google themselves; not sure about AOL) offering a safe, OAuth-style API for retrieving contacts without asking for a password. This HAS to be a communications failure somewhere within Google. Big internet companies stand to lose the most from widespread abuse of the anti-pattern, because they’re the ones most likely to be targetted by phishers. Shameful.
Using Python and Stompserver to Get Started With Message Queues. An eminently practical guide to this year’s Hot New Thing (for web developers at least) from Gareth Rushgrove.
Goon City. Every internet meme ever, rendered in pixel art. See if you can find the Zeppelin.
I love Zeppelins, and you should too (via) Slides from my PyCon UK lightning talk on Zeppelins. I’ve annotated them using SlideShare comments.
Django snippets: Orderable inlines using drag and drop with jQuery UI. Code example from my PyCon tutorial on customising the Django admin interface.
djangopony.com (via) “Magic that can’t be removed”
OAuth on the iPhone. Mike from Pownce explains their superbly implemented OAuth flow for the Pownce iPhone app, and how much push-back they got on it from regular users. One interesting point is that an iPhone application could “fake” a transition to mobile safari using core animation as part of a sophisticated phishing attack. This is a flaw in the iPhone OS itself—it does not offer a phishing-proof chrome as part of the OS.