Django 3.0 alpha1 released

A major version bump, with the largest change being built in support for ASGI, the Asynchronous Server Gateway Interface, that previously could be included via channels.

The biggest benefits ASGI offers over the traditional WSGI, is the possibility to build asynchronous operations in webapps, and leverage e.g. WebSockets to push information to the client.

Here are the in-development release notes: Django 3.0 release notes – UNDER DEVELOPMENT | Django documentation

Specification of DNS over Dedicated QUIC Connections

Specification of DNS over Dedicated QUIC Connections

While a lot of people debate DNS-over-https (and it’s dependencies), IETF has a specification for DNS-over-QUIC on it’s standards track.

This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DNS/QUIC) has privacy properties similar to DNS over TLS specified in RFC7858, and performance similar to classic DNS over UDP.

Source: Specification of DNS over Dedicated QUIC Connections

#FashionID

Heute hat der Europäische Gerichtshof in einem Fall von FashionID, des Onlineshop des Modehändlers Peek & Cloppenburg, ein Urteil gesprochen. Es geht darin darum, wie mit der Weitergabe von Benutzerdaten bei der Verwendung von 3rd Party Content umgegangen werden muss. Dass der Einsatz von beispielsweise Facebook Like Buttons

Unter anderem versucht die Tagesschau aufzuklären. Weil das Urteil durch den EuGH ergangen ist und daher Konsequenzen über Deutschland hinaus haben wird, berichten auch internationale News wie Techcrunch und Yahoo(Reuters).

Simon Assion von #twobirds, Twitter-aktiver Rechtsanwalt, fasst eben dort einige Stichpunkte zu dem Urteil in einem Thread zusammen.

Gefährdete Website

WER HAT GESAGT KÜNSTLICHE INTELLIGENZ FUNKTIONIERT NICHT, HABE ICH GEFRAGT?

WER HAT GESAGT KÜNSTLICHE INTELLIGENZ FUNKTIONIERT NICHT, HABE ICH GEFRAGT?

GitHub announces Package Registry

Your code. Your packages. One login. Meet GitHub Package Registry.
https://github.co/2vSuFG2

From the announcement on LinkedIn
Octocat Package Registry

The other day wrote this in their post on LinkedIn. Following the link takes one to the newly announced Github Package Registry, that allows developers to host releases for distribution. It’s currently in beta and supports npm, docker images, maven packages, NuGet and Ruby Gems. The corresponding blog article has a few more insights:

With GitHub Package Registry your packages are at home with their code—sign up for the limited beta to try it out.

From the blogpost

While I appreciate the thought and easiness of integration, the announcement doesn’t leave me with a cosy feeling. It’s a bit like GitHub is trying to become the Facebook of code. The Internet is made to work decentralised and the interesting part always has been the freedom of choice. With functionality merging together in one platform, choice gets lost and there is opportunity of misuse.

In particular, it seems almost forgotten that Github, just like Linkedin, have been acquired by Microsoft in 2016 and 2018. This perspective throws another light on the added functionality and developers may want to evaluate remaining alternatives.

Source: Introducing GitHub Package Registry – The GitHub Blog

Predicting Stack Overflow Tags with Google’s Cloud AI

Check out a cool project that leverages Stack Overflow Data and Google’s Cloud AI to predict what tags would work best on Stack Overflow questions.

Source: Predicting Stack Overflow Tags with Google’s Cloud AI – Stack Overflow Blog

A quick introduction to web security

CORS, CSP, HSTS, and all the web security acronyms!link.medium.com/jMrLJYrzBR

Celery Worker wide configuration

Celery is a distributed task execution environment for Python. While the emphasis is on distributed in this software, the concept of having workers allows for settings beyond the individual task. While the first rule of optimisation is “don’t”, sharing database connections is a low hanging fruit in most cases. And this can be configured per worker with Celery provided signals. To create a database connection for individual worker instances, leverage these signals to create the connection when the worker starts.

This can be achieved leveraging the worker_process_init signal, and the corresponding worker_process_shutdown signal to clean up when the worker shuts down.

The code should obviously be picked up at worker start, hence the tasks.py file will be a good location to keep these settings.

Example tasks.py:

from celery.signals import worker_process_init
from celery.signals import worker_process_shutdown

app = Celery('tasks', broker=CELERY_BROKER_URL)
db = None

@worker_process_init.connect
def init_worker(**kwargs):
  global db
  log.debug('Initializing database connection for worker.')
  db = sqlite3.connect("urls.sqlite")

@worker_process_shutdown.connect
def shutdown_worker(**kwargs):
  global db
  if db:
    log.debug('Closing database connectionn for worker.')
    db.close()

The example above opens a connection to a sqlite3 database, which in itself has other issues, but is only meant as an example. This connection is established for each individual worker at startup.

BOX-256

Box-256 is a browser game Bildschirmfoto 2016-09-04 um 18.38.57
where you need to solve
small tasks, e.g. let a program draw a square, in your browser. Through writing assebly. Since I wrote quite a bit assembly throughout my career, I thought this is interesting. Still, I failed at level one. Mostly because of impatience.

Source: BOX-256 – Tiny game about writing assembly to pass the graphics tests.