Setting up the Django Base Template for Website Development

I’m trying to expand my technical repertoire by building a website using Python and Django. I’ve been through a couple of Django tutorials and have modeled my data, page design and website user workflow, so there’s not much left to do but get the stuff coded up. Actually, I started project-specific coding as I worked through the tutorials.  By the time I realized that I needed to use Django Base Template, I’d already gone through two restarts. Restarts are a natural part of learning a new development environment and the practices that surround development in any language. For those who aren’t coders, let me explain a little. Starting development in a new language is more than just learning language syntax. On top of that you have to include the following stack (mouse over the text in the box to see a brief description): Deployment and Management Tools Development Tools Language Add-ons Style Rules Language Idiom If I were to arrive into a company that is already developing applications, they will have defined their preferred stack and would help me understand how to apply it to their standards. Since I’m currently a development team of one, I have to rely on the internet and networking to get the same information. That can wslow an independent developer down. While searching for information and tools to develop a Python/Django website with Twitter Bootstrap (CSS, HTML and JavaScript framework/templates), I stumbled upon the Django Base Template  that incorporates the work of Mozilla Playdoh  and Two Scoops of Django . Django Base Template is a project template with a lot of goodies that I probably won’t take advantage of in my first project. It was, after all, created for Mozilla Employees to support a very large set of functionality. At some point I’ll trim it down to what I actually need, but for now more is better. I’m using Django Base Template for development on a Windows 8 (yeah, it’s as bad as everyone says it is) computer with Bitnami DjangoStack v1.4.4  and virtualenv . I updated the version of Django that comes in DjangoStack from v1.4 to v1.5. I decided a few months ago to use Komodo as my Python editor. I use Programmer’s Notepad  for most other editing purposes, but Komodo seems to have a more tightly integrated set of Python templates. One of the cool things it does is give me real-time feedback on adherence to the PEP 8 programming style guide . I see that Programmer’s Notepad has a Python language add-on now, so maybe I’ll give it a try again. So I’m installing Django Base Template and suddenly the fun begins. The build process gets to the bcrypt component...

Read More

Distribution Scope, Security, and Useful Tools

While working on the Facebook Privacy Informer App, I had to tackle the issue of “Scope of Distribution” of your personal information. Actually, this should be more properly named as “Scope of (Intended) Distribution”. Facebook privacy controls allow you to set the distribution of various aspects of your Facebook profile. In general, the controls allow you to set distribution to: (The inappropriately named) “Only Me” A subset of your friends, Your friends Groups that you belong to The general public Why does Facebook say “Only Me” when you share information with Facebook? Shouldn’t the setting be labeled, “Only Facebook (and whoever they decide to share it with)?”. Even when you spend the time to tune those controls, there will certainly be leakage of your information beyond your intended settings. Facebook has enough money that you would think your biggest issues would be their intended privacy violations (sales of tracking ads) and your own privacy control lapses (friending people you don’t personally know). Unfortunately that’s not really true. There is a 1 in 4 chance that your account will be hacked this year. Given the information that Facebook acknowledges it holds about you, and other information it won’t tell you about, that’s somewhat alarming. With all that information, and many examples of leaky security, what happens when the almost inevitable major breach occurs? Still… Facebook is a very useful and entertaining service for many of us. So the issue is not how fast we run away from it, but how we control our risk to value ratio. The Privacy Informer Apps is intended to provide feedback on your risk and strategies for reducing that risk. The Privacy Informer for Facebook app is currently in development and has had limited demos. One of the issues I had to incorporate into the risk scoring strategy was Facebook’s distribution scope controls. Once I  added that factor to the scoring model, I saw that it could also be used to incorporate security and reputation risks into the scoring. An example of a security issue is when Facebook says that it will only share information with your friends, but then one of your friend’s account gets hacked. A reputation issue is when Facebook gives you control over some information, but then hides other information about you that it intends to monetize. In both cases, there is an expansion of scope beyond the limit your settings indicated. In this model, if you set that level to be “Friends”, I adjust the risk value calculation to include some leakage to the public. That adjustment begs the question, how does one know how much to tweak the value? That’s where some interesting tools and data sources can provide...

Read More

Update: Recent Online Privacy Activity

I was on a development death march for the weeks leading into the Internet Identity Workshop #13 (conference notes to be posted soon on the IIW website), but I succeeded and showed the Facebook Privacy Informer App at the conference. The goal of the Privacy Informer App is to analyze the inherent privacy risks associated with a particular website or online service. It then convolves the inherent risk metrics with how the viewer has configured their website and browser privacy settings, and generates a final number that rates your personal privacy risk (see this earlier post for more info on the algorithm). Detail data, and strategies for controlling that risk while still getting value out of the website or service, are also provided as a result of the analysis. Back in August, when Facebook made major changes in how they present your privacy settings and how they dynamically load their pages, I had to do a major retooling of the screen scraping code in the app. So I created a table driven, asynchronous, sequencing engine in cross-browser compatible JavaScript. I also used Kynetx to trigger the app when the browser loads the Facebook Privacy Settings page. The engine runs from the viewer’s browser, which has some advantages and disadvantages over one that runs as a web service. To make the basic sequencing engine useful, I added several “filters” and actions that can be included in the sequence table, to scrape the information off of Facebook and send it out to my server for scoring. The weakness of that approach is that I had to put the Facebook page into an iframe. Those of you familiar with using iframes know that while they’re useful for creating mash-ups, some websites abuse them to steal Google link “mojo” from the organization that actually created the content. For that reason, many websites include code that detects iframes and refuses to render the content. And that’s what Facebook recently did to break my Privacy Informer app again. Other apps that review your Facebook privacy settings, like the Reclaim Privacy app, appear to have been broken by that same change. Now, I have to create a true browser add-on to do the screen scraping without an iframe. That also means that I have to create an add-on for at least four browsers – Safari, Internet Explorer, Firefox and Chrome. It helps that I only need to put some of the URL detection, context data and sequencing into the add-on, and that I can leave a lot of the code in JavaScript. That should reduce the difficulty inherent in supporting multiple browsers. I’ll be done with a Facebook and Chrome version of the app soon, and...

Read More

Hunterdon FIrst Website Goes Live

For the last few weeks, I’ve been helping improve the web presence of a local business organization that  promotes the independent businesses of Hunterdon County, NJ. Check it out at HunterdonFirst.org. An interesting aspect of the website is that each business has the ability to edit their own page. A couple of businesses have taken advantage of this opportunity, and I’ll be working with more to build their own content and strategy. The website uses WordPress as its core tool, which I extended with a child theme for Presswork, and several useful plugins including: Folding Category List Visual Form Builder Ninja Page Categories and Tags Superfish Dropdown Menu Shortcode Exec PHP Modifications were made to several of the plugins to get them to work the way I wanted them to, but all provided a great starting point and I’m very thankful to their creators. I’ll be taking some of what I did for Hunterdon First and updating this website...

Read More