sjoerdjob.com

In a recent message to the Django mailing list, a remark was placed that the URL routing of Django was tightly coupled to the Django core. From what I understood of the requirements placed on the routing, I found it a weird statement. I decided to investigate.

A not-so-favourite part of my life consists of doing household chores. (I must still learn to enjoy it).

However, even though I might not like it, I still think that there are lessons that can be applied to software development.

None of these are new, but I still think they are worth while to document them again, in my own words.

Yesterday I composed my first pull request for the VOC project. The project is aimed at writing a Python bytecode to JVM bytecode transpiler.

While adding some extra test cases, I noticed that the system was not abiding by me telling it to expect failure using the @expectedFailure decorator. I decided to investigate.

Nearly all projects have it. A method that contains a long chain of checks. They come in various variations.

A few weeks ago I was lucky enough to be around on Code Review Stack Exchange when an excellent example was presented, ready for review.

A while ago I had a very interesting problem. I wanted to pass a file descriptor to a child process for reading, and every now and then find out how far along it was with reading.

It turns out that it is both complex, yet trivial. You just need to know all the semantics, and all the tiny little trivialities.

Often enough, you want to map the / URL to the root of a specific app. The trick I used to apply started giving warnings during ./manage.py check.

This is how I worked around it.

During an interview for a temporary position, I got asked the following question: "Your resume states that you have 8 years of PHP experience, and only 2 years of Python experience. Yet you claim to be more knowledgeable in Python. What gives?".

At that time, I was not really prepared to answer that, as I had only entered the experience level based on a gut feeling. I consider myself reasonably ok when using PHP, but above average when using Python.

This question, however, has haunted me a bit, as I felt uncomfortable with the answer I gave during the interview. After much deliberation, here is my revisited answer, the extended version.

For a long time I have held beliefs about 'proper' ways for deployment, but did not have that much experience.

Due to recent activities, I have had an opportunity to think a bit more about provisioning and deployment, and put my beliefs to the test of experience.

A while ago, I had contact with the Django security team about a minor security issue. By increasing the password hashing workfactor, they opened up the old accounts to username enumeration.

Now, changing the workfactor has never (as far as I know) been considered a security risk. In fact, it is recommended to change the workfactor over time, as computers get more and more powerful.

Now one might wonder: why is something that is recommended by security advisers actually adding an attack vector?

Here I will cover an optimisation technique I occasionally use. It's a result of weighing several different concerns, leading to a final implementation. As such, it should be treated with care and not be applied willy-nilly.

Most programs nowadays deal with unknown users. Users which we don't/can't always trust 100% to do 'the right thing'. Some users want to defy the logic your software is based on.

Every programmer eventually grows his own style for how and when to deal with user input. Not all of the methods are necessarily correct, and there might even be more than 1 method that is.

In this post I set out how I myself like to deal with (user) input in my own paranoid way.

Some people believe that writing your own blogging site is the modern day equivalent of writing 'Hello world!'.

As I am currently writing my own blogging app in Python, it makes sense to revisit this statement to give my own thought about it.

If a developer wants to run a blog, he has two choices: roll his own, or use another ones software. Do what you want to do.