Gonçalo Valério

Tag: programming

  • So you need to upgrade Django

    No matter how much you try to delay and how many reasons you find to postpone, eventually the time comes. You need to update and upgrade your software, your system components, your apps, your dependencies, etc.

    This happens to all computer users. On some systems, this is an enjoyable experience, on other systems as painful as it can get.

    Most of the time, upgrading Django on our projects falls in the first category, due to its amazing documentation and huge community. Nevertheless, the upgrade path takes work and “now” rarely seems the right time to move forward with it, specially if you are jumping between LTS versions.

    So, today’s tip is a mention of 2 packages that can help you reduce the burden of going through your codebase looking for the lines that need to be changed. They are:

    Both of them do more or less the same thing, they will automatically detect the code that needs to be changed and then fix it according to the release notes. Attention, this is no excuse to avoid reading the release notes.

    django-upgrade is faster and probably the best choice, but django-codemod supports older versions of Python. Overall, it will depend on the situation at hand.

    And this is it… I hope these libraries are as helpful to you as they have been to me.

  • Preparing for Hacktoberfest

    It already starts tomorrow… the next edition of “Hacktoberfest”. For those who don’t know, it basically is an initiative that incentivizes participants to contribute to open-source software.

    During the month of October, those who do 4 contributions or more, can either receive a t-shirt or opt for a tree to be planted in their name.

    While the last editions seem to have been plagued with spam problems (as in “low-value contributions”), I still think it is an important initiate. Perhaps raising the bar for participation or completion would prevent these issues, but that is not the point of this post.

    Having already participated twice in the past, this year I will try to do it again (as you might have guessed from the post’s title).

    With this in mind, I spent a “few minutes” looking at my currently active/maintained repositories to see which ones could make use of a few extra contributions (the others will probably be archived).

    Here are the ones I ended up enabling for the “event”:

    • hawkpost – This old project that is still used, allows you to receive content in a secure end-to-end way from people without any encryption knowledge. Nowadays, there are better alternatives, but in some use cases it still is useful. The project has been unmaintained for a while and the idea for the next month is to upgrade its dependencies, fix the CI, improve the documentation and bring it to shape by making a new release.
    • inlinehashes – is a small CLI tool that takes an HTML document and produces the hashes of all inline elements that would need to be whitelisted in the Content-Security-Policy. Currently, the project only looks for styles and some places where JavaScript can be used. In the next month it would be good to extend the project’s coverage such as other inline JS possibilities, objects, etc.
    • worker-planet – Is a “Cloudflare Worker” that generates a single web page/feed with content from multiple sources. It is useful for communities where each member publishes content using his own blog/website. During the next month, it would be useful to include a few extra themes (and better ones).
    • worker-ddns – An elementary DDNS solution built on top of Cloudflare Workers and Cloudflare DNS. This project is very stable and could be considered complete, so I’m not expecting any significant changes. However, documentation could be improved, and we could also address systems that don’t support an agent written in python.

    Of course there are other improvements that could be made to all them, but these are my “priorities”.

    If you are participating on Hacktoberfest and still don’t know where to start, please give the above project’s a shot.

  • Documentation done right

    One critical piece of the software development process that often gets neglected by companies and also by many open-source projects is explaining how it works and how it can be used to solve the problem in question.

    Documentation is often lacking and people have an hard time figuring out how they can use or contribute to a particular piece of software. I think most developers and users have faced this situation at least once.

    Looking at it from the other side, it isn’t always easy to pick and share the right information so others can hit the ground running. The fact that not everybody is starting from the same point and have the same goal, makes the job a bit harder.

    One approach to solve this problem that I like is Divio’s documentation system.

    Divio's documentation system explained. Showing the 4 quadrants and their relations.
    The components of Divio’s documentation system.

    It splits the problems in 4 areas targeting different stages and needs of the person reading the documentation. Django uses this system and is frequently praised for having great documentation.

    From a user point of view it looks solid. You should take a look and apply it on your packages/projects, I surely will.

  • Rust examples and exercises

    Learning to program in Rust is as easy like other languages out there, because it ends up having different constrains and new concepts that you will have to go through, in the beginning everybody fights the compiler at least a little bit.

    I started this journey a while ago, however I’ve been progressing slowly just dedicating some time once in a while when I don’t anything else to do.

    I did what many recommendations on the internet tell you to do, start by reading the official book, that is in fact pretty good. But after reading one or two chapters, we need to practice and play with the language to have a feel of it and explore the new concepts you had just learned.

    So in this small post I just want to share two open resources that can be used while you read the book to practice what you have just learned.

    The first one is a website with examples you can modify and execute live in the browser called Rust by Example.

    The second is an official rust project that will put your knowledge up to a test called Rustlings.

    You can use it like the above video or with rustlings watch that stop and reload each exercise until you solve it.

    This is it, I hope they end being helpful to someone else as well.

  • Keep your dependencies under check

    Nowadays most software projects with a “decent size” rely on many software dependencies, or in other words: libraries and tools, developed by other people. That usually are under constant change.

    The reasons for these are clear and can go from implementing common patterns and avoid repeating ourselves, to accelerate the development, to use mature implementations and avoid some pitfalls, etc. Sometimes many projects rely on way too many dependencies for simples things (Remember the left-pad fiasco?).

    Once these dependencies are loaded, integrated and working as expected, people often forget they are there and many times they stay untouched for long periods of time. Even when newer versions are released, unless something starts breaking, nobody remembers to keep them up to date, a situation that might lead to security vulnerabilities, not in your code but on the code your project depends on.

    Of course I’m not telling you anything new, what I pretend to achieve with this post, is to show that there are many tools available to help you fight this problem. When you integrate them on your CI or on another step of your development process, they will keep you informed about what dependencies have known security vulnerabilities and what you should upgrade as soon as possible.

    The majority of the programming languages have this sort of tools, so a little search should help you find the one that better suits you stack. Below are some examples:

    As an example here is what I needed to do in order to check the dependencies of Hawkpost (an open-source project that I’m deeply involved with at the moment):

    $ safety check --full-report -r requirements/requirements.txt
safety report
---
No known security vulnerabilities found

    For most of these tools the basic check is this simple to do and in the long run it might save you from some headaches.

    Update (26-06-2018): Added cargo-audit to the list