Simon Willison’s Weblog

Django 1.2 release notes (via) Released today, this is a terrific upgrade. Multiple database connections, model validation, improved CSRF protection, a messages framework, the new smart if template tag and lots, lots more. I’ve been using the 1.2 betas for a major new project over the past few months and it’s been smooth sailing all the way.

# 17th May 2010, 9:11 pm / csrf, django, multidb, open-source, python, releases, recovered

Installing GeoDjango Dependencies with Homebrew. brew update && brew install postgis && brew install gdal

# 7th May 2010, 2:40 pm / django, geodjango, homebrew, postgis, postgresql, recovered, macos

Introduction to Surlex. A neat drop-in alternative for Django’s regular expression based URL parsing, providing simpler syntax for common path patterns.

# 11th April 2010, 7:23 pm / surlex, django, python, urls, regex, codysoyland

The Onion Uses Django, And Why It Matters To Us. The Onion ported their main site from PHP and Drupal to Django in three months with a team of four developers, including a full migration of their archived content. Their developers answer questions about the switch in this thread on the Django sub-reddit.

# 25th March 2010, 6:43 pm / reddit, django, python, the-onion, php, drupal

Using Django as a Pass Through Image Proxy (via) Neat idea for running development environments against data copied from a live production site—a static file serving handler which uses a local cache but copies in user-uploaded files from the production site the first time they are requested.

# 22nd March 2010, 7:18 am / django, proxies

Cache Machine: Automatic caching for your Django models. This is the third new ORM caching layer for Django I’ve seen in the past month! Cache Machine was developed for zamboni, the port of addons.mozilla.org to Django. Caching is enabled using a model mixin class (to hook up some post_delete hooks) and a custom caching manager. Invalidation works by maintaining a “flush list” of dependent cache entries for each object—this is currently stored in memcached and hence has potential race conditions, but a comment in the source code suggests that this could be solved by moving to redis.

# 11th March 2010, 7:35 pm / cachemachine, caching, django, orm, ormcaching, mozilla, redis, memcached, python

Announcing django-cachebot. The ORM caching space around Django is heating up. django-cachebot is used in production at mingle.com and takes a more low level approach to cache invalidation than Johnny Cache, enabling you to specifically mark the querysets you wish to cache and providing some advanced options for cache invalidation. Unfortunately it currently relies on a patch to Django core to enable its own manager.

# 6th March 2010, 12:48 pm / orm, ormcaching, mingle, django, caching, cachebot

Is johnny-cache for you? “Using Johnny is really adopting a particular caching strategy. This strategy isn’t always a win; it can impact performance negatively”—but for a high percentage of Django sites there’s a very good chance it will be a net bonus.

# 2nd March 2010, 11:44 am / johnnycache, django, python, caching, performance

jmoiron.net: Johnny Cache. The blog entry announcing Johnny Cache (“a drop-in caching library/framework for Django that will cache all of your querysets forever in a consistent and safe manner”) to the world.

# 1st March 2010, 11:48 am / johnnycache, django, python, caching, querysets

Johnny Cache. Clever twist on ORM-level caching for Django. Johnny Cache (great name) monkey-patches Django’s QuerySet classes and caches the result of every single SELECT query in memcached with an infinite expiry time. The cache key includes a “generation” ID for each dependent database table, and the generation is changed every single time a table is updated. For apps with infrequent writes, this strategy should work really well—but if a popular table is being updated constantly the cache will be all but useless. Impressively, the system is transaction-aware—cache entries created during a transaction are held in local memory and only pushed to memcached should the transaction complete successfully.

# 28th February 2010, 10:55 pm / memcached, django, databases, caching, orm, performance, python, ormcaching

Django Advent: Scaling Django. Mike Malone’s advice on scaling Django applications, including taking advantage of new features in 1.2.

# 26th February 2010, 7:22 pm / django, mike-malone, scaling

jacobian’s django-deployment-workshop. Notes and resources from Jacob’s 3 hour Django deployment workshop at PyCon, including example configuration files for Apache2 + mod_wsgi, nginx, PostgreSQL and pgpool.

# 19th February 2010, 2:28 pm / django, python, deployment, pycon, jacob-kaplan-moss, sysadmin, apache, modwsgi, nginx, postgresql, pgpool

Django Advent. I can’t believe I haven’t linked to this already—Django Advent is “a series of articles about upcoming releases of the Django web framework”. Seven have been posted so far, covering topics from 1.2 including multi-db, messages, object permissions and natural keys.

# 16th February 2010, 4:06 pm / django, djangoadvent

Why toppcloud will not be agnostic. Ian Bicking’s toppcloud aims to offer deployment with the ease of use of AppEngine against a standard, open source Ubuntu + Python 2.6 + mod_wsgi + Varnish stack. Here he explains why he’s not going to vary the required components: keeping everything completely standardised means everyone gets the same bugs (and the same fixes).

# 12th February 2010, 9:21 am / ian-bicking, deployment, django, python, modwsgi, wsgi, ubuntu, varnish, toppcloud, google-app-engine

Presenting django-devserver, a better runserver. I really like this—it’s a Django management command (./manage.py rundevserver) which adds SQL logging and cache access summaries to the console output of Django’s local development server. It solves a similar set of problems to the debug toolbar, but requires slightly less setup and doesn’t inject additional HTML in to your pages. You can add your own custom modules to it as well.

# 10th February 2010, 11:33 am / david-cramer, django, python, runserver, devserver, debugging

Integrate Tornado in Django. A handy ./manage.py runtornado management command for firing up a Tornado server that serves your Django application.

# 8th February 2010, 11:12 am / django, tornado, python

World Government Data. Launched last week, this is the Guardian’s meta-search engine for searching and browsing through data from four different government data sites (with more sites planned). Under the hood it’s Django, Solr, Haystack and the Scrapy crawling library. The application was built by Ben Firshman during an internship over Christmas.

# 27th January 2010, 12:27 pm / django, solr, haystack, scrapy, ben-firshman, guardian, projects, python, data, datagovuk

For the Love of Ponies. Bryan Veloso, the discoverer of the Django Pony, makes contact with the artist who released the original drawing on iStockPhoto.

# 14th January 2010, 12:05 pm / django, python, bryanveloso, djangopony, istockphoto

What’s new in Django 1.2 alpha 1 (via) Multiple database support, improved CSRF prevention, a messages framework (similar to the Rails “flash” feature), model validation, custom e-mail backends, template caching for much faster handling of the include and extends tags, read only fields in the admin, a better if tag and more. Very exciting release.

# 7th January 2010, 7:31 pm / django, python, releases, alpha, csrf, django-admin

Timing attack in Google Keyczar library. An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why I want an audited signing module in Django rather than leaving developers to figure it out on their own.

# 4th January 2010, 3:23 pm / django, signing, cryptography, keyczar, security, timing-attack, python

Design and code review requested for Django string signing / signed cookies. Do you know your way around web app security and cryptography (in particular signing things using hmac and sha1)? We’d appreciate your help reviewing the usage of these concepts in Django’s proposed string signing and signed cookie implementations.

# 4th January 2010, 1:24 pm / django, python, security, hashing, sha1, hmac, cryptography, code-review

Videos from DjangoCon 2009. The videos from September's DjangoCon are now available, including my "Cowboy development with Django" talk (also on the Internet Archive).

I talked about building Wildlife Near You on a /dev/fort trip to Alderney and the MP's expenses project at the Guardian.

# 3rd January 2010, 11:02 am / django, python, conferences, djangocon, wildlifenearyou, the-guardian

Django | Multiple Databases. Russell just checked in the final patch developed from Alex Gaynor’s Summer of Code project to add multiple database support to Django. I’d link to the 21,000 line changeset but it crashed our Trac, so here’s the documentation instead.

# 22nd December 2009, 5:22 pm / django, multidb, russell-keith-magee, alex-gaynor, python, databases, scaling

Round-robin Django setup with nginx. An nginx trick I didn’t know: a low proxy_connect_timeout value (e.g. 2 seconds) combined with the proxy_next_upstream setting means that if one of your backends breaks a user won’t even see an error, they’ll just have a short delay before getting a response from a working server.

# 21st December 2009, 3:43 pm / django, load-balancing, nginx, ops, sysadmin

Django-Jython 1.1.0 released. Django on Jython matches its minor version numbers to Django, so this new release is compatible with Django 1.1.

# 16th December 2009, 10:42 pm / django, python, jython, leosoto

Guardian iPhone app. Released today, ad-free, £2.39 for the application, has an excellent offline mode. I helped build the backend web service, which is a Django app running on EC2.

# 14th December 2009, 1:29 pm / guardian, ec2, django, iphone, python

Fixing Django Management Commands. Zachary Voase proposes dramatically improving Django’s management command API for Django 1.3. I’m in favour—management commands are one of the only APIs in Django that I have to look up every single time I use. My optfunc library was written partially with management commands in mind—Zachary favours the argparse library.

# 9th December 2009, 8:41 am / django, managementcommands, zachary-voase, argparse, optfunc, python

What’s coming in Django 1.2 (presentation notes). I wrote up some background notes for the talk on Django 1.2 I gave at DJUGL last week.

# 5th December 2009, 5:10 pm / django, python, djugl, speaking, my-talks