Djangocon 2011 Day One

Real-time Django

I really enjoyed Ben Slavin’s talk on Real-time Django. He shed some good insight on what to cache and when. Essentially, I would summarize it as to cache many things at every level that makes sense. On top of perhaps view level caching, you should cache partial results or really anything that prevents you from hitting your database more than you need. I have been playing with an approach that uses this to cache data from multiple databases in one fast cache. I liked the concept of “continuous caching” where essentially some out-of-band process is caching views or data so that actual requests for views don’t hit the DB.

Choices

I chose to attend Alex Gaynor’s talk on Pypy at Quora rather than Frank Wiles talk on Postgres performance tuning but it was a tough choice. Alex thinks one big strength for Django (from his time at Quora not using it) was that picking up a foreign Django codebase is easy because of all the conventions that virtually all Django apps follow. If you know Django, you can easily tell all the URLs for any Django app (urls.py) or all the forms (forms.py). Unfortunately, the Django admin doesn’t use these conventions. In passing, he also mentioned a project called Johnny Cache which I have to try. I followed some live-blogging on Frank’s talk and it looked like there were some good tidbits.

I was interested by Eric Holscher’s talk on setting up Read the Docs and I really need to spend some time looking at their Chef recipes and learning Chef in general.

If you’re at Djangocon, say hi!

Blackhat and Defcon 2010

I’ve been in Vegas for what seems like forever attending Blackhat & Defcon. I’m completely worn out even though I’ve been going to bed sober and before midnight for the past two nights. Raging ’til four for a couple nights really does that to you.

Getting back to the point, it really looks like a lot of security folks love Python. There were a number of talks focusing on Python specifically and I didn’t notice any of them pointing out vulnerabilities in the language. In the talk on Offensive Python for Web Hackers, the presenters demonstrated a number of cool tools [Edit (August 2, 2010): like pywebfuzz] for testing web apps for vulnerabilities. However, I’ve been unable to find one of the tools — pywebfuzz — on google code where the presenter said it would be. Rich Smith’s talk on Reversing Python Bytecode was pretty interesting. Basically, it looks like companies selling closed source software by distributing .pyc files and doing some obfuscation aren’t doing enough.

Other talks of note were Jackpotting ATMs and Marco Slaviero’s Lifting the Fog (of memcached). If you have a memcached server that is not firewalled, fix it ASAP. That was one of the scariest and most interesting briefings.