This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not […]
Author: Armin Ronacher
Be Careful About What You Dislike
The last few months I keep making the same observation over and over again in various different contexts: that whenever you are confronted with a very strong opinion about a topic, reasonable discussions about the topic often involve arguments that have long become outdated or are no longer strictly relevant to the conversation. What I […]
I don’t understand Python’s Asyncio
Recently I started looking into Python’s new asyncio module a bit more. The reason for this is that I needed to do something that works better with evented IO and I figured I might give the new hot thing in the Python world a try. Primarily what I learned from this exercise is that I […]
Rust and Rest
A few months back I decided to write a command line client for Sentry because manually invoking the Sentry API for some common tasks (such as dsym or sourcemap management is just no fun). Given the choice of languages available I went with Rust. The reason for this is that I want people to be […]
A Europe For Our Children
Most of the readers of this blog are not from Europe, let alone Austria, the country I was born in. As such I’m not sure how many will actually care about Austrian politics here, especially if it’s a lengthy post. But I would still like if you read it because I think the topic is […]
Micropackages and Open Source Trust Scaling
Like everybody else this week we had fun with the pad-left disaster. We’re from the Python community and our exposure to the node ecosystem is primarily for the client side. We’re big fans of the ecosystem that develops around react and as such quite a bit of our daily workflow involves npm. What frustrated me […]
Introducing Lektor — A Static File Content Management System For Python
The longer I’m programming and creating software, the more I notice that I build a lot of stuff that requires maintenance even though it should not. In particular a topic that just keeps annoying me is how quickly technology moves forward and how much effort it is to maintain older code that still exists but […]
Python’s Hidden Regular Expression Gems
There are many terrible modules in the Python standard library, but the Python re module is not one of them. While it’s old and has not been updated in many years, it’s one of the best of all dynamic languages I would argue. What I always found interesting about that module is that Python is […]
The End of Safe Harbor and a Scary Path Forward
In the Austrian internets the news about the end of the safe harbor act has been universally welcomed it seems. Especially from non technical folks that see this as a big win for their privacy. Surprisingly many technical people also welcomed this ruling. And hey, if Snowden says that’s a good ruling, who will argue […]
Samsung Pay’s MST Transactions and Merchant’s Ability to Detect “Cloned” Magstripe Tracks
I have a weird obsession with payment systems. They fascinate me. I find it very satisfying to make a credit card transaction and to get a text message confirming the purchase on my phone a second afterwards. As someone obsessed with networks, scalability and user experience I find this a very interesting field even though […]
On Countries, Citizenships, Residence and Paying Taxes
Like many software engineers my life involved moving from one country to another for work. Since that moment this whole concept of relocation fascinated me because almost everyone in my circle of friends ended up in a place far from where they came but their stories were different. I learned that the topic of relocation […]
Rust for Python Programmers
Now that Rust 1.0 is out and quite stable, I thought it might be interesting to write an introduction to Rust for Python programmers. This guide goes over the basics of the language and compares different constructs and how they behave. Rust language wise is a completely different beast compared to Python. Not just because […]
Unintended Affordances (or why I believe encrypting everything is a bad idea)
In psychology there is the term of affordances. It’s the concept that an object affords different actions for someone interacting with it. Most objects in this world have a plethora of things you can do with them, many are not even intended by the designer of that object. As a crude example: a chair does […]
Bitcoin is Not a Good Consumer Product
Writing critical essays about Bitcoin is probably not a very good idea, judging by past feedback on tweets. However the topic is burning on my heart and I really want to share my thoughts about it once and for all since I’m getting more and more the feeling I live in crazy land. Bitcoin brings […]
Nameko for Microservices
In December some of the tech guys at onefinestay invited me over to London to do some general improvements on their nameko library. This collaboration came together because nameko was pretty similar to how I generally like to build certain infrastructure and I had some experience with very similar systems. So now that some of […]