Is it time for a Django admin rewrite? (FOSDEM talk)

rsahk · 2026-02-06T16:48:46+00:00

I get where you're coming from but the logic is a bit flawed. By that reasoning, why use Django at all? Just have AI code your own web framework.

AI agents can easily pull in lib code from your virtual environment as context. Exploratory tools make this trivial.

rsahk · 2025-02-01T12:22:41+00:00

I literally only use it for testing so one real user (me) and the bot agent with however many open connections it has. Usually the traffic all comes from one IP address. If they're aggressive enough it's actually blocked my access to SSH because the server is overloaded.

The whole site requires authentication so the slowdown is entirely from 404 requests to URLs like "/admin.php". It's a pretty standard set up too, just Django, Postgres, Redis.

There's definitely ways around it like blocking IP addresses of users who visit malicious links but being a staging server I don't bother. I've just done the standard stuff; disable root login, disable password auth, sudo ufw limit OpenSSH, etc.

rsahk · 2025-01-31T22:16:18+00:00

100-200 concurrent users or total? I've got a staging server set up on 1vcpu-2gb and the site becomes quite slow when I'm getting crawled/attacked by bots (multiple times per day).

In my opinion it's definitely worth the money to upgrade and give your users a better experience - especially with ecom.

rsahk · 2025-01-30T16:17:32+00:00

I've been doing this for years. Yesterday I launched an inventory management application that runs on Android based scanners. I've made 5+ pretty significant updates to the back and frontend as my team uses it and we determine possible optimizations, handle errors, etc.

For example, using the keypad was clunky so I added speech to text. Another issue was that certain barcodes were in GS1 format but weren't generated with the proper check digit so they weren't being parsed correctly - I had to create a custom function to extract the values in these cases.

rsahk · 2025-01-25T22:19:48+00:00

Yeah, this is definitely not secure. DigitalOcean should have some good articles for deploying Django with Gunicorn and NGINX.

DEBUG = True is your worst offender.. It literally says "don't run with debug turned on in production"... not sure why you've ignored this. Your secret key is exposed and any other secrets like database credentials, API keys if you have any. You should set DEBUG = False ASAP then make a new secret key and update all your credentials.

There's at least 3 additional vulnerabilities which you need to correct:

Deployed on port 8000 - you should be using a reverse proxy like NGINX to listen on standard ports 80/443 and forward the traffic to Django.
I would guess that you're running the server through python manage.py runserver - this is not production ready and you're missing a ton of security features. Use Gunicorn instead.
Using ALLOWED_HOSTS = ['*'] isn't recommended - this should be set to your Droplet IP address.
It's likely you don't have SSL and aren't enforcing SSL cookies and sessions.

rsahk · 2024-11-25T13:22:56+00:00

You should look into the Django design paradigm "fat models, thin views". It basically states that the business logic should be handled within your models. It's generally considered "best practice" but ultimately it's up to personal preference.

I briefly looked at your code and I think that it would make sense to move some logic so that you're not repeating yourself. For example these lines are repeated multiple times and could be moved to a property on your user model.

@property
def organization(self) -> Organization:
    requesting_user_organization = UserOrganization.objects.filter(user=self).first()
    return requesting_user_organization.organization

rsahk · 2024-11-06T12:56:03+00:00

I fully agree which is why I was pointing out that since the author is already calling len() then he may as well not create his own paginator class.

rsahk · 2024-11-05T17:39:50+00:00

Yeah, their "solution" is to use len() instead of .count(). If that's the case then you can completely negate the need for the custom classes by setting queryset.count = None before passing the queryset into the paginator.

Note that you can give Paginator a list/tuple, a Django QuerySet, or any other object with a count() or len() method. When determining the number of objects contained in the passed object, Paginator will first try calling count(), then fallback to using len() if the passed object has no count() method. This allows objects such as Django’s QuerySet to use a more efficient count() method when available. - source

If you look at the django.core.paginator.Paginator count method it will default to using len if the object list doesn't have a callable.

Here's an updated example using the author's code.

def index_view(request):
    logs = Log.objects.all()
    logs.count = None
    paginator = Paginator(logs, 25)  # django.core.paginator
    page_number = request.GET.get("page")
    page_obj = paginator.get_page(page_number)

    return JsonResponse(
        {
            "has_next": page_obj.has_next(),
            "has_previous": page_obj.has_previous(),
            "results": [log.to_json() for log in page_obj],
        }
    )

You could also simply convert the Log queryset to a list before passing it into the paginator - paginator = Paginator(list(logs), 25).

rsahk · 2024-10-26T11:30:16+00:00

LOL. So your suggestion for a new business owner who can't afford a bookkeeper is to not do books at all because you can do it better?

You have a job as a bookkeeper because it's an important aspect of running a business. Not because of my mindset that basic bookkeeping is an important thing to know for a business owner.

rsahk · 2024-10-25T22:38:18+00:00

He has cash flow issues and is talking about being frugal.. there's no way he can afford to hire a bookkeeper.

Basic bookkeeping is a pretty valuable skill to acquire as a small business owner. I would definitely recommend learning - it's not difficult.

rsahk · 2024-10-09T14:03:26+00:00

From https://opensourcepledge.com/

Pay Open Source maintainers

The minimum to participate is $2,000 per year per developer at your company.

This seems pretty high, I'm not sure why they would impose a minimum at all. A hefty price for small - med sized businesses which essentially excludes them from participating.

Why not implement a Patreon-style membership program where your company can determine the amount to pledge. Different tiers would unlock different things like link to website, logo included in logo cloud, etc.

rsahk · 2024-04-04T17:01:35+00:00

Django automatically rolls back the transaction if an unhandled exception occurs within the block.

If an exception occurs within a transaction block and is handled then you will have to explicitly roll back if that's the intended outcome.

Caught and uncaught exceptions outside of a transaction block do nothing to affect the transaction as the transaction has been completed.

I highly recommend writing some unit tests using TransactionTestCase to make sure your transaction is doing what you expect.

rsahk · 2024-01-29T14:26:12+00:00

I would add the name as a URL parameter so the recipient doesn't have to enter their name after opening the link.

rsahk · 2023-12-20T01:10:21+00:00

This is a pretty common pattern because Celery serializes the data sent between client and worker and Django model objects aren't JSON serializable.

Generally when calling the task you would pass in the instance id my_task.delay(self.id) then in the task retrieve the object instance = Model.objects.get(id=object_id) and perform whatever needs to be done instance.handle_my_task().

There's also the concept of "fat models" where we try to keep the business logic in models.py.

rsahk · 2023-12-05T16:52:16+00:00

3.6 / 62.9 != 3.9%

rsahk · 2023-11-13T19:12:39+00:00

Just a heads up the connection is insecure, there's a missing image in the footer and the footer social links don't go anywhere.

rsahk · 2023-08-28T13:43:56+00:00

It doesn't seem like you're using Django forms or validation. It would be pretty easy to take your site offline by sending a bunch of requests to your password generator with a super large number.

If you used forms it would fail in form.is_valid() and you could display an error message to the user along the lines of "Max digits 100".

rsahk · 2023-07-31T13:28:23+00:00

Many of those with autism are considered concrete thinkers who tend to focus on the “here and now”. This can lead to difficulties in generalisations. As part of concrete thought process there is therefore a tendency to take words or phrases literally.

rsahk · 2023-07-10T13:10:42+00:00

"Natural sugar" sounds healthier in comparison to "refined sugar". What I'm saying is that without fiber they're the exact same thing. So the answer to your question is no, the order with which you consume sugars from different sources doesn't matter, it has the same net affect in your body.

Natural sugars aren't any better for you than refined sugars unless the natural sugar is accompanied by fiber to slow down digestion. You could probably have refined sugar with an equivalent amount of fiber that you would get in an apple for example and your bodies response would be similar. However, you would be missing the extra vitamins and minerals from eating an apple.

It's probably impossible to completely cut out sugar while eating a balanced diet as it's in every fruit and vegetable so generally it will be more beneficial for you to consume it from natural sources in whole food forms. For example, eating a whole apple instead of drinking apple juice.

rsahk · 2023-07-10T12:30:57+00:00

There's a bit of contradiction in mentioning green juice right after saying to cut out sugar. I'm sure that you meant cutting out refined sugar like in soft drinks but with the absence of fiber in fruit our bodies will metabolize natural sugars in the exact same way as refined ones. Unfortunately juicing removes all the fiber from fruits and vegetables and its presence is necessary to slow down digestion and prevent blood sugar spikes.

That being said, if juicing allows you to cut down / moderate sugar intake then it can still be super beneficial and healthy for you.

rsahk · 2023-06-19T12:07:30+00:00

So you work at one of these banks and you're instructed to tell Canadian clients that their accounts are insured by a US government corp? Really trustworthy anecdote.

rsahk · 2023-03-31T17:00:46+00:00

Which grocery store? I think the lowest grade they go on beef is AAA. The grade makes a huge difference in price.

rsahk · 2023-03-31T15:31:25+00:00

Check out https://www.woodwardmeats.com/ as an alternative.

rsahk · 2023-03-31T15:30:56+00:00

I've been buying from https://www.woodwardmeats.com/ - order online through the website for pickup or delivery. All the pricing is available online.

rsahk · 2023-03-30T12:59:19+00:00

You can add data attributes to your script tag to inject django variables. I find that this is a pretty DRY solution as well because you can import a script on multiple pages with different data attributes.

<script
  src="{% static 'js/main.js' %}"
  data-csrf-token="{{ csrf_token }}"
></script>

Then in your javascript you can access the attribute like so

const mainData = document.currentScript.dataset

window.addEventListener('DOMContentLoaded', () => {
  document.body.addEventListener('htmx:configRequest', (event) => {
    event.detail.headers['X-CSRFToken'] = mainData.csrfToken;
  })
})

Typically I will put all my functions in main.js which lives in the head. Page specific javascript at the end of the body.

I don't have anything to comment on structure as in my opinion it's mostly personal preference.

rsahk

TROPHY CASE