Wednesday, 3rd September 2008
Django: Security fix released. The Django admin used to save partially-submitted forms if your session expired, and continue the submission when you logged in. It turns out that’s actually an unblockable CSRF exploit and is hence broken as designed, so it’s now been removed. Thanks Ed Eliot and other GCap colleagues for helping me flesh out the potential attack.
The greatest coup Microsoft pulled with Internet Explorer was putting the word "Internet" in its name. It sits there, on the desktop of every new Windows computer, and it says "Internet". So you click it. [...] What better way to beat a browser with the word "Internet" in its name - a browser that seemingly can't be beat no matter how hard we try - than the Internet Company itself making a browser?
We haven’t changed the name of the conference to “Over Quota”. Aral is having intermittent App Engine quota problems, which are proving impossible to debug. I had a similar problem with an App Engine app a while ago—the quota / debugging story really needs fixing.
Announcing dmigrations
The team at Global Radio (formerly GCap Media) is the largest group of Django developers I’ve personally worked with, consisting of 14 developers split into two scrum teams, all contributing to the same overall codebase.
[... 625 words]dmigrations thread on Django Nashville. The Django Nashville Google Group is currently hosting the most interesting discussion of dmigrations.
Low level hooks for multi-database support in Django. As discussed in this sub-thread on reddit: The internal Django Query class has a ’connection’ attribute which can be set by the constructor. This low level hook is the secret to talking to more than one database at once, but higher level APIs have not yet been defined. Jacob Kaplan-Moss: “As a matter of fact, at least a couple high-traffic Django sites are using the new hooks.”