Setting up on PythonAnywhere

 Django, Technology  No Responses »
Apr 212016
 

A check­list for mov­ing a Django-Wag­tail pro­ject to Python­Any­where. There is doc­u­ment­a­tion on the Python­Any­where site; mine includes things I forget.

Setup: devel­op­ment and test­ing on my laptop, sta­ging and pro­duc­tion on PythonAnywhere.

The help files are pretty good, but I need my own check­list. Right now I’m in the sta­ging mode, but at some stage I’ll be mov­ing to pro­duc­tion. No point fig­ur­ing out the same things twice!

  1. Devel­op on laptop in a vir­tualenv. Push com­mits reg­u­larly to bit­buck­et account. At some stage squash the migra­tions and clean those up. Four sets of set­tings: dev, test­ing, sta­ging, production.
  2. Set up account on Python­Any­where that allows the use of Post­gres (it’s an add-on to a cus­tom plan).
  3. Cre­ate vir­tualenv and set up sta­ging web app. Delete vir­tualenv when you real­ise you did­n’t use the right ver­sion of Python and the default is 2.7, not 3.5. Recre­ate the vir­tualenv with python 3.5.
  4. Clone the repos­it­ory (using the ssh-key­gen instruc­tions). Redir­ect the pub­lic key to a file so you can copy it without line-breaks get­ting in the way.
  5. pip install -r requirements/production.txt (includ­ing psycopg2, which I did­n’t need for development). 
  6. Cre­ate the Post­gres serv­er, user, and data­base Don’t for­get a strong pass­word for the user (own­er of the pro­ject database).
  7. Update the set­tings file with the data­base settings.
  8. Set the envir­on­ment vari­ables for the set­tings and the secret key (gen­er­at­or).
  9. Attempt to apply the migra­tions. This will show where you made mis­takes on all the pre­ced­ing steps.
  10. Fix the mis­takes. Reload the web app to see if any­thing shows up. 
  11. Set up the stat­ic file serv­er. Check the stat­ic files are being served correctly.
  12. Cre­ate the Django super­user and log in.

The next step is data, of course.

Sun-dried tomato and olive tapenade

 Food and Wine  No Responses »
Jan 022016
 

Over the Christ­mas break I made a couple of dips, one of which got bet­ter reviews than the oth­ers. This is not a recipe for pur­ists, since a real tapen­ade should have anchovies in it, but I did­n’t have any and my fam­ily does­n’t like them anyway.

None of the quant­it­ies are exact. The sun-dried toma­toes were loosely packed in the meas­ur­ing cup and I did­n’t meas­ure the olives, just drained the can and tossed them in the food pro­cessor. I did­n’t chop any­thing before put­ting it in the food processor.

  • Approx 2 cups black olives (con­tents of one can, 398ml size). I used Cali­for­ni­an black olives since those were in the cup­board, next time I’ll prob­ably use Kala­mata olives.
  • Approx 3/4 cup oil-packed sun-dried toma­toes; let most of the oil drip off but not all of it.
  • 5 cloves of garlic.
  • 2 tbsp capers

Pro­cess in a food pro­cessor until finely chopped. If it’s too dry, add a few drops of olive oil (or oil from the sun-dried tomatoes).

WordPress password protection

 Identity and Privacy, Technology, WordPress  No Responses »
Nov 172014
 

Word­Press was designed for pub­lic web­sites, not private ones, so pass­word pro­tec­tion can be a little clunky. For­tu­nately there are plu­gins to help, but (as always) there are trade-offs to be made. 

When all you want to do is add a pass­word to stop search engines index­ing and out­siders read­ing the con­tent, but you also want make it as easy as pos­sible for people to use, there’s the Pass­word Pro­tec­ted plu­gin. As it says, it does­n’t pro­tect the images or oth­er uploaded content.

If you also want to pro­tect the media, you will need to give people an account on the Word­Press site (with user­name and pass­word). Then you can use the htac­cess edits detailed at http://www.idowebdesign.ca/wordpress/password-protect-wordpress-attachments/. This works, but in many cases you just don’t want to give lots of people accounts on the sys­tem, or make groups of people share an account. So it’s a trade-off — how import­ant is pass­word-pro­tect­ing the images versus the admin­is­tra­tion over­head of user accounts with the asso­ci­ated username/password ease of use issues? If you do want to use user­names and pass­words, per­haps giv­ing a group of people a shared account, I’d recom­mend also using one of the plu­gins that helps with finer-grained access con­trol, such as Mem­bers, to stop people being able to change things you don’t want them chan­ging (such as pass­words for the shared account).

GAE and OAuth 2 in the 2FA world

 General  No Responses »
Oct 302014
 

I’ve been try­ing out Google App Engine, for which I signed up with the Google account where I just enabled 2FA. Of course, that means chan­ging the way I update the uploaded tri­al applic­a­tion; the stand­ard Google pass­word has to give way to either a spe­cif­ic applic­a­tion-based pass­word, or OAu­th 2. OAu­th 2 is obvi­ously (to me) the bet­ter way to go.

The doc­u­ment­a­tion is reas­on­ably straight-for­ward. It even works as doc­u­mented, assum­ing you’re signed in with the right Google account on your default browser. My work­flow is a little dif­fer­ent — my main browser (Fire­fox) is signed into my main Google account, and I sign into my oth­er Google account (which I’m using for this devel­op­ment pro­ject) on Chrome. Copy­ing the URL from Fire­fox to Chrome to allow the appcfg applic­a­tion access to that Google account worked; it’s refresh­ing to see. I get tired of web applic­a­tions that use some hid­den JavaS­cript magic and give you non­sensic­al res­ults if you copy a URL from one browser to another.

There’s some­thing appeal­ing about OAu­th 2, even if it appears a little too magic­al at times (a bit like git; when it works it’s magic­al, when it does­n’t, good luck!)

2FA, the aftermath

 Identity and Privacy, Technology  8 Responses »
Oct 272014
 

Two-factor authen­tic­a­tion is gen­er­ally seen as a good idea; there’s a cer­tain amount of hand-wringing over the fact that more people don’t turn it on. The prob­lem is, it’s one of those things where you sign up for dis­rup­tion over the next few days, for uncer­tain reward. The reward is uncer­tain because you can nev­er tell wheth­er turn­ing on two-factor authen­tic­a­tion stopped someone hack­ing your account or not, just like you can­’t tell wheth­er hav­ing an alarm com­pany sign out­side your house dis­suades someone from break­ing into it. My main email account has been on 2FA for ages, but I decided to add it to one of my sec­ond­ary accounts as well, giv­en that lots of people seem to mis­takenly use that email instead of their own.

Tim sug­ges­ted I used the authen­tic­at­or app for my Google account 2FA, instead of using the SMS sys­tem. Just a hint: set it up while you still have access to your text mes­sages since SMS is used for the boot­strap­ping authen­tic­a­tion. You need to sign up for Google 2FA in the first place ‘on a com­puter’ (not spe­cified wheth­er a tab­let is suf­fi­cient? I used the desktop). You are sent an SMS to authen­tic­ate your­self, and then you get anoth­er one when you want to authen­tic­ate the Authen­tic­at­or app. After that, you don’t need your SMS sys­tem, as long as you have the device with the Authen­tic­at­or app on it.

But then there are the oth­er apps, which now need applic­a­tion-spe­cif­ic gen­er­ated pass­words. Adi­um for Google Talk, for example, or email with Thun­der­bird. Set­ting each one up does­n’t take long, but I’m sure some time in the future I will have for­got­ten and be won­der­ing why I can­’t log in with a val­id password.

And I under­stand what’s going on, more or less, and think the short-term hassles are worth it. There are lots of people who don’t have a men­tal mod­el of pass­words or authen­tic­a­tion, who see only the pain and not the gain (since the gain is only in the absence of a poten­tial future pain). Busi­nesses are sup­posedly imple­ment­ing 2FA fairly rap­idly, but I’d be sur­prised if people in gen­er­al were out­fit­ting their per­son­al accounts with 2FA at any­thing like the same rate. Mind you, I also sus­pect those sur­veys apply mostly to big­ger com­pan­ies in par­tic­u­lar indus­tries; anec­dot­al evid­ence I’ve heard points to a lower real adop­tion rate.

That was August

 General  No Responses »
Sep 042014
 

August ended up busy, busier than I inten­ded. Bal­is­age was as usu­al full of inter­est­ing dis­cus­sions although some of the people I’d hoped to see wer­en’t able to make it this year. I took part in a pan­el on Math­ML, figured out (finally) there is an over­lap between the over­lap­ping markup dis­cus­sions and the DOM Level 2 Range spe­cific­a­tion, and gen­er­ally enjoyed myself.

Not long after that I left Design Sci­ence; I was dis­ap­poin­ted it did­n’t work out the way I’d hoped, but I did learn a lot about Math­ML and type­set­ting math­em­at­ics that I did­n’t know before.

I’ve spent the last couple of weeks talk­ing to people about dif­fer­ent pro­jects in health­care and pub­lish­ing, wheth­er it’s some­thing for me to work at or not. It’s good to be able to take time occa­sion­ally to see what’s out there, what people are work­ing on. I’ve also been get­ting ready for the XML Sum­mer School (there are still a couple of spots left in some of the courses if you’re inter­ested in attend­ing). And I’ve been work­ing on learn­ing plans for my chil­dren since their teach­ers are on strike. Khan Academy, Codec­ademy, and vari­ous work­books to refresh last year’s skills to start with. I hope the strike is resolved before I have to do too much more planning.

At least we man­aged to spend a few week­ends at the cab­in for relax­a­tion amongst all of that.

 Older Entries  Newer Entries
/* ]]> */