File storage security update

Last Wednesday, a security researcher working under our bug bounty program found a way that they could access one account’s file storage from another by using the “Dirty Pipe” Linux kernel vulnerability. We put a mitigation system in place to stop that from happening, and then on Thursday we were able to patch the underlying issue. On Friday, another researcher found a similar issue, which the mitigation system we’d put in place originally made relatively harmless – we were able to patch that one within minutes.

Read more…

Accessing the files API using our new CLI tool

The new release of the pythonanywhere helper scripts package introduces new commands covering our files API.

Read more…

More secure websites on PythonAnywhere: sunsetting TLS 1.0 and 1.1

As of this week, websites hosted on PythonAnywhere using HTTPS will only be accessible using modern versions of TLS (the encryption protocol on which HTTPS is based) by default. This will make them all more secure.

We can still support older versions of TLS for custom domains if you need to support them, but you’ll need to get in touch with us to get it set up.

We’ve written a help page with the background – please let us know in the comments if there’s anything confusing there!

Understanding multiple web workers and multiple users of your website

Over the years, we’ve found that one regular source of confusion for people who are just getting started with web development is how to handle what we call “global state”. We’ve written a help page explaining how to solve problems like this and wanted to expand on it here.

Read more…

Our October system update

On 6 October we upgraded our EU-based systems to the latest version of our platform, and today, 20 October, we did the same upgrade on our US-based system. There are a bunch of changes to report!

Read more…

Async work in Web Apps or – Have Your Cake and Eat It Too

This post is intended for users who begin their adventure with web applications. You’ll find below how to structure a web app that relies on heavy processing of the input data – processing that takes so long that you can’t do it inside a request handler with a five-minute timeout, or at least so long that you don’t want to risk slowing down your website by doing it inside the website’s own code. You want it to happen in the background. You’ll see an example implementing some hints from the “Async work in Web apps” help page, which involve writing a jQuery script polling simple API endpoint communicating with a database updated by an external script (so there will be some sqlalchemy stuff too).

Read more…

Ten years on

Ten years ago today, on the blog for Project Dirigible, we announced that we’d recently launched a new site called PythonAnywhere. It almost didn’t happen! The project we were working on was something completely different, and it was only when we looked at how it was being used that we realised that it held the seed of a much better idea.

Project Dirigible was an online spreadsheet, based on Python. Unlike a traditional spreadsheet, where cells can hold only numbers, dates and text, it supported any Python type, so a cell could contain a list, an object, a numpy array, or even a function (so, if you don’t value your sanity very highly, you could write a formula like this: =A1(A2.value, A3[6], A4(A5))).

We’d been hoping that Dirigible would be the breakout success that Resolver One, our desktop Pythonic spreadsheet, had never been, and would help us free the world from the tyranny of Excel. It was getting some interest, with a reasonable number of people signing up and using it, but we’d discovered something odd:

When we asked Dirigible’s beta testers what they were using it for, a surprising number said that it was for general Python development online. They weren’t using the spreadsheet grid at all!

In retrospect, perhaps it shouldn’t have been so surprising. People want to write Python code, and sometimes they don’t have a computer with it installed to hand – and it’s always useful to have your code accessible so that you can work from anywhere. Programmers have flexibility in the tools they use and can relatively easily move to a new system. By contrast, spreadsheet users have a lot of existing documents that they want to keep, and many of them are far from being technical people. They really don’t want to move to something new.

So, we started PythonAnywhere. Here’s a potted history of what happened next.

Read more…

Glastonbury: a new system image, with Python 3.9 and Ubuntu 20.04

If you signed up for an account on PythonAnywhere after 21 June 2021, you’ll have Python 3.9 available – you can use it just like any other Python version. Additionally, the underlying operating system for your account will be Ubuntu 20.04, rather than the 16.04 used by older accounts.

If you signed up before that date, you’ll be on an older “system image” – essentially the version of the operating system and the set of installed packages that you have access to. You can switch to the new system image from the “Account” page, but you may need to make changes to your code and/or virtualenvs to make everything work – there’s more information on the linked page.

This post has more details on what’s new in the glastonbury system image. There’s a lot!

Read more…

June system update brings easier task management

The most recent system upgrade brings a new way to organize scheduled and always-on tasks. A new optional description field, combined with sorting, allows you to manage big herds of multiple tasks.

Under the hood there were some more, larger changes, but we’ll be announcing the details of those later.

Read more…

System updates on 10 February and 11 March

It’s been a year since PythonAnywhere went all-remote, but it has not slowed us down, and today was the time to deploy an exciting set of changes to our system.

Read more…