twoscoops / two-scoops-of-django-1.6 Goto Github PK

"For what it's worth...includes a wsgi.py in it's config/ directory"

Should be "its."

There should be a space after the first sentence. The first two sentences read:

"The teams behind Google Search and other search engines are very well aware of the growing use of single page apps.In theory some of them are already searching through content rendered by client-side JavaScript."

They should be:

"The teams behind Google Search and other search engines are very well aware of the growing use of single page apps. In theory some of them are already searching through content rendered by client-side JavaScript."

"Load balancers can be hardware- or software-based."

Probably meant to remove the "-" after hardware.

"As of January 2013, docker.io still warns that it is under heavy development, and not for production."

I think you mean "2014" as per this blog post, they state that until version 1.0 comes out, it's not ready for production: http://blog.docker.io/2014/02/docker-0-8-quality-new-builder-features-btrfs-storage-osx-support/

This is a nit, but in Example 8.3, it would be better to check permissions before leaking information about presence/absence of a certain sprinkle pk, via the 404.

I'd write:

request = check_sprinkles(request)
sprinkle = get_object_or_404(Sprinkle, pk=pk)

I do accept that this is not the focus of this section, but perhaps this highlights a topic that might be mentioned elsewhere -- preventing probing of address/data spaces, wherever possible. As it happens example 8.4 does not exhibit the leakage, perhaps underlining an additional benefit of CBV - separation of concerns into narrowly defined methods. In this case only permissions testing is needed in the dispatch override. Data access is defined presumably correctly in the superclass, and one would hope the order of operations would be correct (object or 404 only after dispatch()).

Pedant Alert... ;)

"As this is outside the scope of this book, we recommend the following books by MySQL experts to help you:"

Only 1 book listed, so should be "book."

My copy lists the last chapters as follows:

29 Identical Environments: The Holy Grail
30 Continuous Integration
31 Where and How to Ask Django Questions

But the change list lists Identical Environments as chapter 30, and Continuous Integration as 31.

It's a misquotation of Hamlet: http://en.wiktionary.org/wiki/therein_lies_the_rub. However, we're using that phrase in the wrong context. The sentence should say:

To this day, HTML remains a standard expression of content, providing the practices and patterns for this chapter.

Original Content of this Issue:

Section 12.1:

"... and therein lies the practices..."

s/lies/lie/ ?

The last paragraph on page 72 says

Another to remember when using ATOMIC_REQUESTS,…

I imagine that should be

Another thing to remember when using ATOMIC_REQUESTS...

"Second, and this might be unpleasant to hear, but malignant staff can as many problems as any bug or penetration staff."

Missing word, maybe you mean "cause" so "can cause as many...?"

Typo 1:
"This concept of change serves as a foundation for all sorts of things you can do with Django views, be they function- or class-based.

Unnecessary "-" after "function."

Typo 2:
"In other words, a callback function that handles the request/response cycle exactly the same manner as a function-based view!"

You're missing a word after "cycle" above. Perhaps "cycle in exactly...?"

The "TIP: " box on page 43 (section 5.3), mentions "section 32, '12 Factor-Style Settings'". I don't think I see any section numbered 32 in the book.

note by @pydanny: This refers to Appendix E, which without masking shows up as section 32.

Looking at the top of page 40, the table (5.2) spills over from the previous page, with an unsightly black bar that doesn't add any information.

The first sentence of the "Before you begin" section says:

"If you are new to Django, this book will be helpful large parts will be challenging for you."

Looks like some kind of forgotten edit :-)

Reported by @kracekumar:

I was reading 21st chapter of two scoops of django. http://nadiana.com/python-pickle-insecure url is broken, basically it is redirecting to her linkedin profile. The url is present in 21.9.2 Python Standard Library Modules That Can Execute Code.

Considering https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#a-full-example, perhaps we should chop out the similar example in 2SoD 1.6.

My reasoning:

• It's not a best practice, it's a tutorial. Is it worth repeating or covering with nuance what the Django docs provide for free?
• What we have nearly duplicates what Django provides.
• We could add a link to django-auth-tools and other libraries that work with custom user models.
• We could provide advice on migrating to custom User models from the old profile system.

Additional reasoning from twitter:

• No overlap. Reference the docs and move on. Being opinionated, if you think you do it better. Put it in the book. (we don't think we can do better)
• The more you just link to in the book the less people with physical copies will learn wrongly years from now when it's moved on.

In Example 19.4

# Only if you installed cookiecutter yet

should be

# Only if you didn't installed cookiecutter yet

https://github.com/django/django/blob/stable/1.6.x/django/utils/encoding.py

The comments state to "apply this decorator the the class.".

I've found that if you apply to the __str() method you get this error:

@python_2_unicode_compatible cannot be applied to str because it doesn't define str().

One of the docstrings on page 107 (section 9.4.4) says:

"""Returns a dictionary numbers of likes"""

Looks like some word was forgotten or added by mistake

The Startproject Template (when run as described in the instructions) generates a directory structure that contains three levels of icrecreamratings_project which is a bit confusing and isn't as described in the text.

While I know that Chapter 28 is meant to be a "high level overview" of deployment, I think that the section on Ansible could stand to be expanded. Section 28.4.2 (on Salt) is more than a page. Section 28.4.3 is two sentences, one of which is a link to an Appendix in another book which might not be included in the final edition.

In section 5.3 the use of environment variables is recommended to store secrets. However, environment variables can easily be leaked to other processes on the system which makes them less suitable for secret information.

For example, ps axeww lists environment variables for a large number of processes.

Environment variables should only be used if a dedicated user is used for the application and if this application does not start any other unrelated processes because environment variables are leaked to subprocesses.

Having a webserver serve multiple applications is also not easily possible when using environment variables.

It is easier to secure access to a single configuration file with access permissions than to prevent environment variables leaking.

As an alternative, we only have our production settings under revision control on the production environment (separate from development repositories).

I think that there is a problem with "...given project in available in its...", maybe it should be "...given project available in its..." instead?

INSTALLED_APPS is the list of Django apps used by a given project in available in its INSTALLED_APPS settings.

@pydanny note: This is on page 29, beginning of chapter 4

...MEDIA_ROOT to the file * to the image in a ...

• = 'or' ??

While I totally understand the authors' reasons for not releasing an Ebook in the first round of printing, I would still very much like for them to offer an ebook version. I don't buy paper books anymore if I can help it.

http://twoscoopspress.com/pages/two-scoops-of-django-1-6-faq

Be consistent throughout the book.

"Harry Percieval's book is a great way to revisit..."

Should be "Percival's" minus the "e."

http://chimera.labs.oreilly.com/books/1234000000754
https://github.com/hjwp

The code in the return statement of "def get" is off: each line has a different vertical alignment / indentation.

The instructions for setting environment variables in Windows are confusing.

1. The text says that Windows is tricky, but at the end, eventually goes on to recommend the same approach that's mentioned above for Linux and Mac (i.e., add to the end of the activate script). I recommend dropping the "is trickier" because I don't see that (if this was referring to the need to restart the command interpreter, you'd need to do the same thing if modifying .bashrc etc.).

2. The text says there's an issue with setx but then goes on to use it anyway. Perhaps you meant to use set in the example?

3. Using setx for secret information makes me nervous because it places the information in the registry (it looks like that's the same for the PowerShell examples). I'm wondering if it might be better to omit all mention of how to store secret information persistently. What do you think?

The layout of page 103 (end of section 9.3 and beginning of 9.4) is quite unsightly. A lot of whitespace in the bottom and just one line of content for the section. It would be better to move 9.4 to the next page.

"Fabric and it's Python 3-friendly..."

Should be "its."

Again, a wide-ranging issue, but, only reading up to section 2.2 (and doing vanity skims), I've noticed that you're not consistently constant-width-ing things like loaddata, dumpdata or package names (e.g. django-braces in some places and "django-braces") in others.

Hobgoblin alert.

The csrf.js misses somehow the cookie extraction for the X-Header of csrf token.
There is this variable that is set for the X-Header "csrftoken" that is not defined. From the django documentation this should be extracted from the cookies. The whole cookie code part is missing in this csrf.js file. This leads could lead into some confusion IMO.

My Proposal is to add the cookie extraction code to this csrf.js file and utilize it in the beginning before the X-Header is set like

var csrftoken = getCookie('csrftoken');

[1] https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/

Entries for "django.core.serializers.json.DjangoJSONEncoder, 322" and "django.utils.encoding.python_2_unicode_compatible. 207, 398" bleed from left column into right column.

The former bleeds between "execfile(), 280" and "Explicit Relative Imports, 4-7"; the latter over "Function-BAsed Views, 73, [and so fort]"

Page numbers are broken correctly.

"By setting it to True as show above, all requests are wrapped..."

Should be "shown" instead.

Top of the page, in the first sentence:
"Heroku...well known for it's documentation and add-ons...."

Section 13.2.4

"For example, Projects with very..."

bad capitalization of word Projects

Has:

If you are new to Django, this book will be helpful large parts will be challenging for you.

which should probably be:

If you are new to Django, this bool will be helpful but large parts will be challenging for you.

Now that we've understand how

should be

Now that we understand how

note by @pydanny: This occurs on Page 86, in section 7.4.

In the paragraph, the last sentence reads as follows, "...To do that, we following the following concepts." A simple typo.

'had to provide * for backwards...'

*=drop the 'it'

The current draft includes material on over 60 Python and Django packages. We've combined them into a single 'Packages' entry in the index as shown below:

One significant problem is that this isn't broken up in an easy-to-nagivate way. For example, they are bunched together without distinction between the first letter like the rest of the index is (see next image):

Our thought is if we separated general content from packages and made two indexes, it might be easier on the reader.

Advantages:

• Package Index would be broken out into it's own 'chapter' in the book.
• Package Index would be broken up into sections by first letter like the current index.

Disadvantages:

• We already have Appendix A, which lists all the packages in the book (plus bonus ones).
• Would add about 2 pages.
• Readers might not find the Package index, or the general index.
• Would take 1-2 more days of work.

Thoughts?

Page 83, Section 7.3 the topmost code block says:

class TasteListView(DetailView):
 ...

class TasteDetailView(ListView):
  ...

This looks like a bug (or at best, super confusing).

"The truth is that https://npmjs.org, as of this writing, is trying to migrate it's database-as-file-store system..."

Should be its.

"Sometimes we need a one-off views that do tiny things."

1. Delete the "a" above.

or

2. "Sometimes we need a one-off view that does tiny things."

"It's good practice to abbreviate the urls of your with the version number e.g..."

I believe the word "app" or "project" should go there?

"It's good practice to abbreviate the urls of your #MISSING WORD# with the version number e.g..."

@pydanny note: Occurs in section 14.3.5

will be helpful * large parts

*= but?