This is the first of a series of articles on security and exploiting. For starters we’ll cover basic debugging tools before we get into actual exploiting because the first step to exploiting is reverse-engineering most of the time. The series targets experienced developers and tries to go straight to the point for them. Every article in this series is tagged “security”. Introduction strace is a tool that prints system calls like open, connect, etc … and signals like INT, KILL, etc … of a process. Read More

The default pager in most linux distributions is more. But it’s not very colorful. This article presents a more fun alternative: most. Your manual probably looks like this: Not very awesome, wouldn’t it be nicer to have it with colors ? like this: Then go ahead and install most, ie.: sudo apt-get install most Try it out: MANPAGER=most man man If you like it, set something like that in your . Read More

django-cities-light 2.3.1 was released: #42 added FAQ: Some data fail to import or don’t import like I want, how to skip them ? #45 django-rest-framework support update by @almalki. #49 Added country_items_pre_import and region_items_pre_import by @mauricioabreu. #51 Slug should be used in unique_together along with name. #51 Skip duplicate cities with no regions #52 Added FAQ on MySQL and UTF-8 #53 Country phone prefix support by @csarcom Forms update. It is backward compatible and has migrations: don’t forget to run: Read More

A variable looks like this: export FOO=bar To get a variable in your interactive shell, source the script that contains it as such: source script_that_contains_FOO echo $FOO A function looks like this: function foo() { echo foo } To run a function in your interactive shell, source the script and call the function like this: source script_that_contains_foo foo To debug something that’s wrapped in a bash function or script, set the -x option. Read More

Check out the new applications documentation for Django 1.7 ! It’s still quite cryptic what will “holding app metadata” be really able to do. For starters it enables changing the name of an app in the admin without any hack. It will probably make installing and customizing apps easier, ie.: provides a default setting system, similar to django-appconf, automatically include app-specific stuff like middlewares, urls, etc, etc … ? replace an app’s model ? Read More

Another problem you might run into when testing Django apps with Selenium on Travis: ====================================================================== ERROR: tearDownClass (autocomplete_light.tests.widget.WidgetTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/travis/build/yourlabs/django-autocomplete-light/autocomplete_light/tests/widget.py", line 29, in tearDownClass super(WidgetTestCase, cls).tearDownClass() File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 1148, in tearDownClass cls.server_thread.join() File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 1072, in join self.httpd.shutdown() File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 959, in shutdown "Failed to shutdown the live test server in 2 seconds. The " RuntimeError: Failed to shutdown the live test server in 2 seconds. Read More

In this article we’ll explore a gotcha with Python 2 and 3 support on the long run, using Selenium as an example. Selenium is an automated testing tool enabling the tests to control a temporary browser GUI - Firefox by default. You can use it to automate functional testing. Selenium 2.37 had Python 2 and 3 support. But a little before the 2.38 release, some non-Python3-compatible code was commited. This was released in selenium 2. Read More

Django 1.5.4 security release is out. It limits password lengths so that people don’t upload 1Mb passwords (limit for nginx default config). Imagine 1000*1Mb to hash ? That could potentially cause a DoS. Update your django installs.

Overview Compile less in debug mode in the browser for development. This enables your integrator to work faster and to view syntax errors reports in the browser and make development awesome. Use django-compressor for production to pre-compile all your less into css and make performance awesome. Be able to reuse in your less scripts: bootstrap classes, variables, etc, etc … else what is less good for ? The problem is that you must get your compiler to compile both bootstrap and your own less scripts in the same run. Read More

For development, we host the project on some small server. It is running via ./manage.py runserver just for our customer to be able to see what’s going on. Also, this enables our designer to hack the project via SFTP without having to deploy the website locally. Currently we are working with a new designer who found out that GitHub’s editor was pretty cool because it saves him from doing backups himself. Read More