E-Scribe : a programmer’s blog

About Me

PBX I'm Paul Bissex. I build web applications using open source software, especially Django. Started my career doing graphic design for newspapers and magazines in the '90s. Then wrote tech commentary and reviews for Wired, Salon, Chicago Tribune, and others you never heard of. Then I built operations software at a photography school. Then I helped big media serve 40 million pages a day. Then I worked on a translation services API doing millions of dollars of business. Now I'm building the core platform of a global startup accelerator. Feel free to email me.

Book

I co-wrote "Python Web Development with Django". It was the first book to cover the long-awaited Django 1.0. Published by Addison-Wesley and still in print!

Colophon

Built using Django, served with gunicorn and nginx. The database is SQLite. Hosted on a FreeBSD VPS at Johncompanies.com. Comment-spam protection by Akismet.

Pile o'Tags

Stuff I Use

bitbucket, Django, Emacs, FreeBSD, Git, jQuery, LaunchBar, Markdown, Mercurial, OS X, Python, Review Board, S3, SQLite, Sublime Text, Ubuntu Linux

Spam Report

At least 236325 pieces of comment spam killed since 2008, mostly via Akismet.

Rails security hole hullabaloo

Oops So, a serious security hole in Rails was announced this week. There's a lot of bashing going on about "security through obscurity." I've always understood STO as sustained secrecy about known (or possible) vulnerabilities, which seems different from the Rails team's provisional waiting period between the initial announcement and the full disclosure. (And the patches themselves told the story, for those familiar with the source.)

Not that there weren't legitimate problems with their patch release process. They definitely made mistakes they can learn from.

In response to all this, the Django team reiterated their own security patch procedures and created an announcement list as well. There are no perfect solutions, but being clear up front is likely to cut down on whining later. Though maybe I'm just extra-sensitive to whining.

Thursday, August 10th, 2006
+ + +

Comments are closed for this post. But I welcome questions/comments via email or Twitter.