Is Django's URL routing tightly coupled?

Posted by Sjoerd Job on Sept. 20, 2016, 10:15 p.m.

In a recent message to the Django mailing list, a remark was placed that the URL routing of Django was tightly coupled to the Django core. From what I understood of the requirements placed on the routing, I found it a weird statement. I decided to investigate.

Read more »

Applying household ideas to software development

Posted by Sjoerd Job on July 11, 2016, 6:29 p.m.

A not-so-favourite part of my life consists of doing household chores. (I must still learn to enjoy it).

However, even though I might not like it, I still think that there are lessons that can be applied to software development.

None of these are new, but I still think they are worth while to document them again, in my own words.

Read more »

Dynamically expecting failure in unit tests.

Posted by Sjoerd Job on June 15, 2016, 7:37 p.m.

Yesterday I composed my first pull request for the VOC project. The project is aimed at writing a Python bytecode to JVM bytecode transpiler.

While adding some extra test cases, I noticed that the system was not abiding by me telling it to expect failure using the @expectedFailure decorator. I decided to investigate.

Read more »

Cleaning up long if/elif/else chains

Posted by Sjoerd Job on June 6, 2016, 3:54 p.m.

Nearly all projects have it. A method that contains a long chain of checks. They come in various variations.

A few weeks ago I was lucky enough to be around on Code Review Stack Exchange when an excellent example was presented, ready for review.

Read more »

Confusion between FILE *s and file descriptors

Posted by Sjoerd Job on June 2, 2016, 11:18 p.m.

A while ago I had a very interesting problem. I wanted to pass a file descriptor to a child process for reading, and every now and then find out how far along it was with reading.

It turns out that it is both complex, yet trivial. You just need to know all the semantics, and all the tiny little trivialities.

Read more »

Reusing Django include urls for index

Posted by Sjoerd Job on May 19, 2016, 3:02 p.m.

Often enough, you want to map the / URL to the root of a specific app. The trick I used to apply started giving warnings during ./ check.

This is how I worked around it.

Read more »

Why 2 years of learning Python outweighs 8 years of learning PHP.

Posted by Sjoerd Job on April 25, 2016, 4:31 p.m.

During an interview for a temporary position, I got asked the following question: "Your resume states that you have 8 years of PHP experience, and only 2 years of Python experience. Yet you claim to be more knowledgeable in Python. What gives?".

At that time, I was not really prepared to answer that, as I had only entered the experience level based on a gut feeling. I consider myself reasonably ok when using PHP, but above average when using Python.

This question, however, has haunted me a bit, as I felt uncomfortable with the answer I gave during the interview. After much deliberation, here is my revisited answer, the extended version.

Read more »

Thoughts on provisioning and deployment

Posted by Sjoerd Job on April 19, 2016, 7:04 a.m.

For a long time I have held beliefs about 'proper' ways for deployment, but did not have that much experience.

Due to recent activities, I have had an opportunity to think a bit more about provisioning and deployment, and put my beliefs to the test of experience.

Read more »

Changing workfactor enables username enumeration

Posted by Sjoerd Job on March 10, 2016, 8:05 a.m.

A while ago, I had contact with the Django security team about a minor security issue. By increasing the password hashing workfactor, they opened up the old accounts to username enumeration.

Now, changing the workfactor has never (as far as I know) been considered a security risk. In fact, it is recommended to change the workfactor over time, as computers get more and more powerful.

Now one might wonder: why is something that is recommended by security advisers actually adding an attack vector?

Read more »

Speeding up singleton-descriptors

Posted by Sjoerd Job on Jan. 22, 2016, 3:05 p.m.

Here I will cover an optimisation technique I occasionally use. It's a result of weighing several different concerns, leading to a final implementation. As such, it should be treated with care and not be applied willy-nilly.

Read more »

The how and when of validation and escaping

Posted by Sjoerd Job on Sept. 25, 2015, 4:44 a.m.

Most programs nowadays deal with unknown users. Users which we don't/can't always trust 100% to do 'the right thing'. Some users want to defy the logic your software is based on.

Every programmer eventually grows his own style for how and when to deal with user input. Not all of the methods are necessarily correct, and there might even be more than 1 method that is.

In this post I set out how I myself like to deal with (user) input in my own paranoid way.

Read more »

On writing your own blogging software.

Posted by Sjoerd Job on Aug. 14, 2014, 7:52 p.m.

Some people believe that writing your own blogging site is the modern day equivalent of writing 'Hello world!'.

As I am currently writing my own blogging app in Python, it makes sense to revisit this statement to give my own thought about it.

If a developer wants to run a blog, he has two choices: roll his own, or use another ones software. Do what you want to do.

Read more »