Re: GSoc 2018

2018-03-14 Thread urijah 
Have you 
seen https://github.com/LegoStormtroopr/django-spaghetti-and-meatballs  ?

On Wednesday, March 14, 2018 at 9:11:59 PM UTC-4, jimw...@gmail.com wrote:
>
> Hello,
>
> My name is Chenxu Wang from China and I'd like to participate in the GSoC 
> with coding for Django.
>
> *My idea:*
> I want to develop a tool which can make statistics of every single Django 
> project. This tool will describe the structure of the selected project, 
> list its apps, URLs, models and things like that. I also want to draw a GUI 
> for it if possible.
>
> *Background and Significance:*
> About one year ago, I joined a club in my university which was developing 
> a wonderful campus App. My mentor was going to graduate and i had to take 
> over the project. I was a newcomer of Django at that time and it was 
> difficult for me to master the project in such a short time.
> It took me for a long time to understand the system structure and began to 
> contribute to the project(Of course, the doc is not very detailed). 
> Therefore, I guess it will be more friendly for a newcomer to a big project 
> if there is a tool to show them the URL path, models, 
> even views in a tree diagram.
>
> *About me and the Feasibility:*
> I am a computer science student and i have over three years experience of 
> programming(mainly in C/C++) and over one years experience of Python and 
> Django programming. I've developed few projects of Django and even tried to 
> translate its document( but its too much so I failed to translate it all) 
> and I am kind of familiar with compilers.
>
> I think I can get main URLs from urls.py and track them to find out the 
> tree of URLs(If there are other URL files in apps). I can get models in all 
> models.py in apps(I can also track them if necessary). It might be kind of 
> difficult to find the views,  but I guess track the URLs may help.
> If possible, I want to show them in GUI in order to be more friendly to 
> people who take over a new project especially if they are new to Django and 
> I plan to show the settings.py in GUI too so that users can easily find and 
> change their settings.
>
> Any advice?Sincere appreciation for any suggestion.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/5256927b-63a9-4193-84b8-fafd2ab97551%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC 2018

2018-03-14 Thread urijah 
> existing libraries like Brython or pyjs for the Javascript side

Also http://www.skulpt.org/ , used by https://anvil.works/ 


On Wednesday, March 14, 2018 at 10:36:03 AM UTC-4, Rotund wrote:
>
> While I'm not a deciding member by any means, I have seen enough proposals 
> to get a feel for what may be chosen. You left a very open idea of what you 
> plan to do. You are going to need to be specific as to what you plan to do 
> to accomplish your end goals and probably provide at least some sample that 
> shows off that you can do what you plan to do. Think launching a 
> Kickstarter campaign.
>
> Do you intend to use one of the existing libraries like Brython or pyjs 
> for the Javascript side? I can think of some interesting things that could 
> be brought over from the Drupal world that could later be leveraged into 
> something like Wagtail.
>
> On Wed, Mar 14, 2018 at 3:09 AM, Manasvi Saxena  > wrote:
>
>> Hello,
>>
>> My name is Manasvi Saxena and I wish to spend my summer coding for Django.
>>
>> *NOTE:* This is not a formal proposal. I only intend to introduce my 
>> idea to the Django-developer community for your valuable feedback and 
>> guidance.
>>
>> *My proposal-*
>>
>> Create libraries in python and integrate them with Django to generate 
>> HTML code for front-end development and thus contributing to make Django a 
>> full-stack framework.
>>
>> *About my proposal-*
>>
>> *A Short story...*
>> *"I started writing codes in python four years back and ever since I have 
>> been passionate about the language. *
>> *A few months ago when I was given a task of making a blog for my friend, 
>> I learned the basics of HTML, CSS, and Bootstrap and made a static website 
>> for her. But it was not enough as the content needed to be added 
>> dynamically and it is when I was introduced to Django, a framework written 
>> in the language I love.*
>> *And ever since I have been using it."*
>>
>> *Why this idea?*
>> For Python developers, it is an extra work to learn HTML and CSS to 
>> create a Front-end for a website. I intend to simplify their life by 
>> creating libraries that will convert Python code into HTML code to generate 
>> an HTML page. This feature, if implemented in Django will make it a 
>> one-stop solution for any python developer looking forward to making a 
>> website requiring only the knowledge of his or her programming skills in 
>> Python.
>>
>> *Conclusion...*
>> Details of how I intend to implement my idea along with the detailed 
>> description of what I intend to do will be mentioned in my GSoC proposal.
>> Please let me know what do you think of the idea and help me refine it.
>>
>>
>> *About me-*
>>
>> I am a penultimate year Electronics and Communication student.
>> Having done multiple projects in past, I have also recently completed a 
>> two-month internship at the position of Back-end web developer at a 
>> startup. And hence I'm experienced enough to build things from scratch and 
>> work under pressure with short deadlines.
>>
>> Github username- minusv23
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com .
>> To post to this group, send email to django-d...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-developers.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/CADwzVRvSLYGOAyxsRWm%2BRN4hKwK3S3ig3dQNQzhNj2PRSebP2A%40mail.gmail.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Joe Tennies
> ten...@gmail.com 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/d82b4bb3-de27-4b1a-ab99-8efbd7281564%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Improving MSSQL and Azure SQL support on Django

2017-04-28 Thread urijah 
I wonder if there have been any updates on MS support for a 
official/supported MS SQL Django driver? Did the offered engineering effort 
from MS ever come through? Given the availability of of MS SQL on Linux, as 
well as support for Django in Visual Studio, it would be great if this came 
to fruition.
Explicit support for Django with IronPython would also be nice, if MS would 
really want to take their Django support to the next level...

On Monday, March 7, 2016 at 5:37:06 PM UTC-5, Meet Bhagdev wrote:
>
> Hi all,
>
> On interacting with several Django developers and committers, one of the 
> questions often came up, can I use SQL Server on non Window OS's? I wanted 
> to share that today Microsoft announced SQL Server availibility on Linux - 
> https://blogs.microsoft.com/blog/2016/03/07/announcing-sql-server-on-linux/
> . 
>
> While there is still work needed to strengthen the MSSQL-Django story, we 
> hope this aids more Linux developers to give SQL Server a shot. Let me know 
> of your thoughts and questions :)
>
> Cheers,
> Meet
>
> On Monday, February 22, 2016 at 4:54:38 PM UTC-8, Vin Yu wrote:
>>
>> Hey Folks, 
>>
>> My name is Vin and I work with Meet in the Microsoft SQL Server team. 
>> Just wanted to let you all know we are still looking into how we can better 
>> improve and support MSSQL for the Django framework. We’ll continue to sync 
>> with Michael and let you know of any updates soon. 
>>
>> Christiano and Tim - thanks for sharing your interest and sharing how you 
>> are using Django with MSSQL. It's great to learn from your scenarios. 
>>
>> If you have any concerns, questions or comments feel free to reach out to 
>> me at vinsonyu[at]microsoft.com
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/8258f170-8f10-45fc-a1d3-9551efca6d1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Switching the default password hasher to Argon2 (was: Methodology for increasing the number of PBKDF2 iterations)

2017-01-16 Thread urijah 
One issue is that as far as I know, only PBKDF2 is officially approved by 
the NIST 
 
for password hashing. Many security standards explicitly or implicitly 
(e.g. "strong cryptography") defer to the NIST, and even if Argon2  is 
theoretically superior, using it can cause compliance/auditing issues.

On Monday, January 16, 2017 at 5:19:27 AM UTC+5:30, Tobias McNulty wrote:
>
> On Thu, Jan 5, 2017 at 10:58 AM, Martin Koistinen  > wrote:
>
>> Slightly off-topic, this presents a really nice case for switching to 
>> Argon2 via argon2_cffi (supported in Django 1.10+). Its super fast (C-lib) 
>> and resistant to GPU/ASIC brute-forcing. So, where as an attacker's 8-GPU 
>> hashing machine would probably have something on the order of 24,000X more 
>> hashing capability for SHA256 than a typical Django server, I estimate that 
>> the same hardware (8 GPUs) would only have about 20-30X more hashing 
>> capability than a typical server. (Note, the anecdotal evidence across the 
>> internet supporting this is pretty thin).
>>
>
> This is an interesting point. Argon2 is recommended over PBKDF2 by OWASP 
> 
>  and 
> even Django itself 
> . 
> From 
> what I understand, the only reason it's *not* the default now is the 3rd 
> party dependency, which does require a C compiler and the libffi library to 
> build, if a wheel isn't available for your OS. In a minimal Python 
> 3.5-alpine Docker image, I needed the following packages before I could 
> `pip install argon2_cffi` (which themselves had a collective ~12 additional 
> dependencies):
>
>- gcc
>- musl-dev (libc headers)
>- libffi
>- libffi-dev
>
> Could anyone familiar with the draft DEP 7: Dependency Policy 
>  
> and/or the addition of the Argon2 hasher 
> 
>  
> comment on the suitability of argon2_cffi (or not) for consideration under 
> DEP 7? I think it meets most if not all of the "maturity" guidelines in the 
> policy, with the one exception being that it presents an interesting test 
> case for the footnote 
> 
>  
> on the "dependencies that require C extensions are *probably* not 
> acceptable" statement. There are wheels available for argon2_cffi on a 
> large number of platforms, but I still had to compile it manually on Alpine 
> Linux (a popular OS for minimal Docker images) and for Python 3.6 on my Mac 
> (there is a wheel available when using Python 3.5 on a Mac).
>
> I have trouble imagining that there are many production Django apps out 
> there that don't compile *something* in their requirements file (e.g., 
> psycopg2 or Pillow), in which case argon2_cffi essentially requires no 
> extra lift. That said, it is pretty incredible that beginners can (still) 
> install Django just about anywhere they have Python without compiling 
> anything at all.
>
> I wonder if there's an alternative to forcibly requiring it, where most 
> users would eventually do so for production use, but had greater 
> flexibility when running locally? Only the security-minded will go through 
> the trouble of changing the default password hasher currently, so ideally 
> users would get a stronger nudge than they do now when it comes time to 
> deploy to production. Making a switch here also has the added benefit of 
> circumventing some of the concerns around increasing PBKDF2 iterations 
>  
> over time.
>
> Tobias
> -- 
>
>
> *Tobias McNulty*Chief Executive Officer
>
> tob...@caktusgroup.com 
> www.caktusgroup.com
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/1fca9868-c0a9-45ad-baf9-c09baac11b16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.