We start off with some sad news, Django BDFL Adrian Holovaty's brainchild, Everyblock, was abruptly shutdown by NBC News this week. Some of the code lives on, however, as part of the
RQ (Redis Queue) is a simple Python library for queuing and processing background jobs. It steals the best of Ruby's
and is designed to have a low barrier to entry. If celery feels like overkill for your needs, RQ may suit your needs.
Hoàng Vũ takes a deep dive into a few popular Python web frameworks (including Django) to see how they handle sessions by default. He shows a proof-of-concept attack that would allow an attacker with access to your
to perform remote code execution. Just a reminder to keep your
Rails has had it's share of security issues lately, primarily around the way it handles YAML parsing. Ned Batchelder looks at common practices in Python and how developers can prevent making the same mistakes.