E-Scribe News : a programmer’s blog

About Me

PBX I'm Paul Bissex, and e-scribe.com is my consulting business. I build web applications using open source software, especially Django. I teach photographers web design and professional skills. In the '90s I did graphic design for newspapers and magazines. Then I wrote technology commentary and reviews for Wired, Salon.com, Chicago Tribune, and lots of little places you've never heard of. Feel free to email me.

Book

Python Web Development with Django I'm co-author of "Python Web Development with Django", an excellent guide to my favorite web framework. Its strong points include an introduction to Python, and better coverage of Django 1.0 than nearly anybody else. Published by Addison-Wesley, it is available from Amazon and your favorite technical bookstore as well.

Colophon

Built using Django, served by Apache and mod_wsgi. The database is SQLite. The operating system is FreeBSD, on a VPS hosted at Johncompanies.com. Comment-spam protection by Akismet. Vintage topo imagery from the Maptech archive. The markup engine is Markdown.

Pile o'Tags

Stuff I Use

Akismet, del.icio.us, Django, dpaste.com, Emacs, FreeBSD, Freenode, jQuery, LaunchBar, MacPorts, Markdown, Mercurial, OS X, Postfix, Python, SQLite, Subversion, TextMate, Trac, Ubuntu Linux, wmii

Spam Report

At least 67556 pieces of comment spam killed since January 2008, mostly via Akismet.

Rails security hole hullabaloo

Oops So, a serious security hole in Rails was announced this week. There's a lot of bashing going on about "security through obscurity." I've always understood STO as sustained secrecy about known (or possible) vulnerabilities, which seems different from the Rails team's provisional waiting period between the initial announcement and the full disclosure. (And the patches themselves told the story, for those familiar with the source.)

Not that there weren't legitimate problems with their patch release process. They definitely made mistakes they can learn from.

In response to all this, the Django team reiterated their own security patch procedures and created an announcement list as well. There are no perfect solutions, but being clear up front is likely to cut down on whining later. Though maybe I'm just extra-sensitive to whining.

Thursday, August 10th, 2006
+ + +

Post a comment

Thanks for reading! Please note: Your comment will not appear until approved, which may take a few hours or more. Spammers will be torpedoed.


(Will not be shared)

(Optional)