Spam is everywhere. If you have an email account, a mailbox, a website with comments, a cellphone, a social media account, a public form, etc. We all know it, it is a plague. Over the years, there have been multiple attempts to fight spam, with various degrees of success, some more effective than others, some […]
In practice this already happened a couple of years ago, now we are just making it official. For those who don’t know, Hawkpost is a side project that I started while at Whitesmith back in 2016 (8+ years ago). I’ve written about it here in the blog on several occasions. To sum it up, it […]
Ironically, according to my experience, the .well-known directory doesn’t do justice to its name. Even in use cases that would fit nicely in its original purpose. But I’m getting a bit ahead of myself. Let’s first start with what it is, then move to discuss where it’s used. But we’ll do this rapidly, otherwise this […]
PyCon US happened in May, this month, the 154 videos gradually started being published on YouTube. Between now and then many other interesting conferences took place. That’s a lot of talks, presentations, and content to be digested. The truth is, I and most people, won’t watch it all since our time is limited. One option, […]
This week, I’m back at my tremendously irregular Django tips series, where I share small pieces of code and approaches to common themes that developers face when working on their web applications. The topic of today’s post is how to implement a counter that isn’t vulnerable to race conditions. Counting is everywhere, when handling money, […]
Earlier this year, I decided to explore Redis functionality a bit more deeply than my typical use-cases would require. Mostly due to curiosity, but also to have better knowledge of this tool in my “tool belt”. Curiously, a few months later, the whole ecosystem started boiling. Now we have Redis, Valkey, Redict, Garnet, and perhaps […]
The last couple of years have been dominated by the advancements in the Artificial Intelligence (AI) field. Many of us witnessed and are currently experiencing some sort of renaissance of AI. It started with generated images from prompts, then it was all types of written content, and in the last few weeks we’ve seen astonishing […]
A few years ago, I covered here in the blog the “security.txt spec”. A standard place with the security related contacts, designed to help researchers, and other people, find the right contacts to report vulnerabilities and other problems. At the time, I added it to my personal domain, as an example. When I wrote the […]
Bitcoin Atlantis is just around the corner. This conference, happening here in Madeira, is something unusual for us locals. The common pattern is that we have to fly to attend such conferences. I plan to attend the event, and I will be there with an open mindset, since there are always new things to learn. […]
To be sincere, I have a strong preference for written content. There is something with audio and video (podcasts and streams) that doesn’t fit very well with me or how I consume content when I’m at the computer. Nevertheless, there is a lot a great content that is only available through podcasts. So sometimes I […]
Reporting application errors to a (small) list of admins is a feature that already comes built in and ready to use in Django. You just need to configure the ADMINS setting and have the application ready to send emails. All application errors (status 500 and above) will trigger a new message containing all the details, […]
Today, let’s go back to the topic of the first post in this series of Django tips. At the time, I focused on the python manage.py check --deploy command. In this article, I will explore the feature on which it is built and how it can be quite handy for many other scenarios. So, the […]
If you are a frequent reader of this blog, you might already know that I created a small tool to generate a simple webpage plus an RSS feed, from the content of multiple other RSS sources, called worker-planet. This type of tool is often known as a “planet”: In online media a planet is a […]
We reached the end of another year, and generally, this is a good time to look back, to evaluate what was done, what wasn’t done and eventually plan ahead. While dedicating some time to the first task, it occurred to me that I should share some of this stuff. I doubt it will be useful […]
Occasionally, “modern” baby monitors hit the news, but not for the best reasons. Sometimes for the lack of security, other times for exploitative practices, etc. This also applies to many other categories of products that we can include in the so-called “Internet of Things”. After reading a recent article about the topic, some comments with […]
The possibilities of the ActivityPub protocol, and what it can bring to the table regarding interoperability in the social media landscape, are immense. It is specially welcome after a decade (and half?) plagued by the dominance of centralized walled gardens that almost eradicated the diverse ecosystem that previously existed. It is used by many...
No matter how much you try to delay and how many reasons you find to postpone, eventually the time comes. You need to update and upgrade your software, your system components, your apps, your dependencies, etc. This happens to all computer users. On some systems, this is an enjoyable experience, on other systems as painful […]
Ten years ago, after it became clear to almost everyone that all our online activity was being tracked and stored, I wrote a blog post about simple steps a person could take to improve their privacy online. Essentially, it contains a few recommendations that everyone could follow to reduce their fingerprint without much effort. It […]
Two years ago, I made a small tool on top of Cloudflare’s Workers to generate a single feed by taking input from multiple RSS sources, a kind of aggregator or planet software as it was usually known a few years ago. You can read more about it here and here. This is a basic tool […]
I’ve always been astonished about how well mapping apps work. Sure, when Google Maps was first released the sense of wonder was much greater than it is nowadays, nevertheless it is still impressive. The number of situations when/where this kind of software becomes handy is huge, from the well-known GPS guides to even games (remember […]
At the start of last week, we received great news regarding new improvements to a very popular security app, “Google Authenticator”. A feature it was lacking for a long time was finally implemented, “cloud backups”. However, after a few days, the security community realized the new feature wasn’t as good as everybody was assuming. It […]
Last year, I built a small tool to detect inline styles and scripts in a given webpage/document and then calculate their hashes. It can be useful for someone trying to write a strict “Content-Security-Policy” (CSP) for pre-built websites. I described the reasoning at the time in this blog post. Today, I’m writing to announce that […]
Last year we saw the rise of the Fediverse. Mostly because of a series of external events, that ended up pushing many people to try other alternatives to their centralized platform of choice. Mastodon was clearly the software component that got most attention and has been under the spotlight in the last few months. It […]
Last week, an article was published with some interesting numbers about the security of PostgreSQL servers publicly exposed to the internet (You can find it here). But more than the numbers, what really caught my attention was the fact that most clients and libraries used to access and interact with the databases have insecure defaults: […]
It already starts tomorrow… the next edition of “Hacktoberfest”. For those who don’t know, it basically is an initiative that incentivizes participants to contribute to open-source software. During the month of October, those who do 4 contributions or more, can either receive a t-shirt or opt for a tree to be planted in their name. […]
A few years ago I built a small application to test Django’s websocket support through django-channels. It basically displayed on a web page in real time all the requests made to a given endpoint (you could generate multiple of them) without storing anything. It was fun and it was very useful to quickly debug stuff […]
In a previous blog post published earlier this year I explored some security considerations of the well known “clipboard” functionality that most operating systems provide. Long story short, in my opinion there is a lot more that could be done to protect the users (and their sensitive data) from many attacks that use of clipboard […]
Django management commands can be very helpful while developing your application or website, we are very used to runserver, makemigrations, migrate, shell and others. Third party packages often provide extra commands and you can easily add new commands to your own apps. Today lets take a look at some less known and yet very useful […]
Content-Security-Policy (CSP) is an important mechanism in today’s web security arsenal. Is a way of defending against Cross-Site Scripting and other attacks. It isn’t hard to get started with or to put in place in order to secure your website or web application (I did that exercise in a previous post). However when the systems […]
While the admin is a well known and very useful app for your projects, Django also includes another admin package that isn’t as popular (at least I never seen it being heavily used) but that can also be quite handy. I’m talking about the admindocs app. What it does is to provide documentation for the […]