Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

The PythonAnywhere newsletter, November 2016: Two-factor auth and a new system i ...


We try to get a newsletter out every month, but sometimes we just get too distracted working on our latest and greatest features to manage it. It wasn't that we were all out in Norway doing an opera , honest :-)

Here's what we were up to:

Two Factor Auth
The PythonAnywhere newsletter, November 2016: Two-factor auth and a new system i ...

Something you know, something you own, something borrowed, something blue...

We were very pleased to roll out two-factor authentication , meaning that you can now add a second step to your account login if you want extra security. We support the Google Authenticator token generator. More details on youraccounts tab.

The inside scoop

A couple of people were being caught by an error in FileZilla SFTP , which happens if anything in your .bashrc echoes anything to stdout -- a particularly sneaky bug to track down. (although the most common problem with SSH is still the case-sensitive nature of usernames...)

Ping! Our own Harry gives some tips on disabling console chimes

Bossman Giles gives a quick rundown of how to do blue green deployment on pythonAnywhere

willpaycoin wasworried about the Dirty Cow (geddit? a copy-on-write vulnerability. harhar). But he needn't have, our ever-vigilant cow security brigade were on it.

The PythonAnywhere newsletter, November 2016: Two-factor auth and a new system i ...
New batteries included? A whole new image more like!

Although you can install Python packages on PythonAnywhere yourself , we like to make sure that our preinstalledbatteries included are nice and up-to-date. A few weeks ago we released a wholenew system image which we're calling "dangermouse", which is the default for new users. If you are still on the "classic" image (see? it's alphabetical!) and want to switch,drop us an email and we'll upgrade you.

New whitelisted sites

Paying PythonAnywhere customers get unrestricted Internet access, but if you're a free PythonAnywhere user, you may have hit problems when writing code that tries to access sites elsewhere on the Internet. We have to restrict you to sites ona whitelist to stop hackers from creating dummy accounts to hide their identities when breaking into other people's websites.

But we really do encourage you to suggest new sites that should be on the whitelist. Our rule is, if it's got an official public API, which means that the site's owners are encouraging automated access to their server, then we'll whitelist it. Just drop us a line with a link to the API docs.

Here are some sites we've added since our last newsletter:

api.mailgun.net auth0.com botframework.com, pandorabots.com api.easypost.com api.hipchat.com api.skype.net/com api.wikimapia.org backend.deviantart.com login.microsoftonline.com strawpoll.me www.hipchat.com xboxapi.com

So if you've ever dreamed of building a weather-forecasting chatbot that posts deviantart images on skype directly from your xbox, now's the time!

A few minor things

Behind the scenes we made some fairly hefty infrastructure upgrades to the way our fileservers and web servers balance load, but that shouldn't be visible, except in increased reliability perhaps. There were a couple of minor security patches, and we got print preview working on Ipython Notebooks, which I'm sure everyone was just dying to see.

That's about it! Thanks for reading, and tune in at the same time next month (ish) for more exciting news from your favourite Python PaaS.

Viewing all articles
Browse latest Browse all 12749