File storage security update
Last Wednesday, a security researcher working under our bug bounty program found a way that they could access one account’s file storage from another by using the “Dirty Pipe” Linux kernel vulnerability. We put a mitigation system in place to stop that from happening, and then on Thursday we were able to patch the underlying issue. On Friday, another researcher found a similar issue, which the mitigation system we’d put in place originally made relatively harmless – we were able to patch that one within minutes.
Accessing the files API using our new CLI tool
The new release of the
pythonanywhere helper scripts package introduces
new commands covering our files API.
More secure websites on PythonAnywhere: sunsetting TLS 1.0 and 1.1
As of this week, websites hosted on PythonAnywhere using HTTPS will only be accessible using
modern versions of TLS (the encryption protocol on which HTTPS is based) by default. This
will make them all more secure.
We can still support older versions of TLS for custom domains if you need to support them, but
you’ll need to get in touch with us to get it set up.
We’ve written a help page with
the background – please let us know in the comments if there’s anything confusing there!
Understanding multiple web workers and multiple users of your website
Over the years, we’ve found that one regular source of confusion for people who
are just getting started with web development is how to handle what we call “global state”.
We’ve written a help page explaining how to solve problems like this
and wanted to expand on it here.
Our October system update
On 6 October we upgraded our EU-based systems to the latest version of our platform, and today, 20
October, we did the same upgrade on our US-based system. There are a bunch of
changes to report!
Async work in Web Apps or – Have Your Cake and Eat It Too
This post is intended for users who begin their adventure with web
applications. You’ll find below how to structure a web app that relies on
heavy processing of the input data – processing that takes so long that
you can’t do it inside a request handler with a five-minute timeout, or at
least so long that you don’t want to risk slowing down your website by
doing it inside the website’s own code. You want it to happen in the
background. You’ll see an example implementing some hints from the “Async
work in Web apps” help page, which involve writing a
jQuery script polling
simple API endpoint communicating with a database updated by an external
script (so there will be some
sqlalchemy stuff too).
Ten years on
Ten years ago today, on the blog for Project Dirigible, we announced that we’d recently
launched a new site called PythonAnywhere. It almost didn’t happen! The project
we were working on was something completely different, and it was only when we looked at how it was being
used that we realised that it held the seed of a much better idea.
Project Dirigible was an online spreadsheet,
based on Python. Unlike a traditional spreadsheet, where cells can hold only numbers, dates and text,
it supported any Python type, so a cell could contain a list, an object, a numpy array, or even a function
(so, if you don’t value your sanity very highly, you could write a formula like this:
=A1(A2.value, A3, A4(A5))).
We’d been hoping that Dirigible would be the breakout success that Resolver One, our desktop Pythonic
spreadsheet, had never been, and would help us free the world from the tyranny of Excel.
It was getting some interest, with a reasonable number of people signing up and using it, but we’d discovered
When we asked Dirigible’s beta testers what they were using it for, a surprising number said that it was
for general Python development online. They weren’t using the spreadsheet grid at all!
In retrospect, perhaps it shouldn’t have been so surprising. People want to write Python code, and
sometimes they don’t have a computer with it installed to hand – and it’s always useful to have your code
accessible so that you can work from anywhere. Programmers have
flexibility in the tools they use and can relatively easily move to a new system. By contrast, spreadsheet users
have a lot of existing documents that they want to keep, and many of them are far from being technical people.
They really don’t want to move to something new.
So, we started PythonAnywhere. Here’s a potted history of what happened next.
Glastonbury: a new system image, with Python 3.9 and Ubuntu 20.04
If you signed up for an account on PythonAnywhere after 21 June 2021, you’ll have Python 3.9 available – you can use it just like any other Python version. Additionally, the underlying operating system for your account will be Ubuntu 20.04, rather than the 16.04 used by older accounts.
If you signed up before that date, you’ll be on an older “system image” – essentially the version of the operating system and the set of installed packages that you have access to. You can switch to the new system image from the “Account” page, but you may need to make changes to your code and/or virtualenvs to make everything work – there’s more information on the linked page.
This post has more details on what’s new in the glastonbury system image. There’s a lot!
June system update brings easier task management
The most recent system upgrade brings a new way to organize
A new optional description field, combined with sorting, allows you to manage
big herds of multiple tasks.
Under the hood there were some more, larger changes, but we’ll be announcing the
details of those later.
System updates on 10 February and 11 March
It’s been a year since PythonAnywhere went all-remote,
but it has not slowed us down, and today was the time to deploy an
exciting set of changes to our system.