The PythonAnywhere newsletter, November 2016: Two-factor auth and a new system image


We try to get a newsletter out every month, but sometimes we just get too distracted working on our latest and greatest features to manage it. It wasn’t that we were all out in Norway doing an opera, honest :-)

Here’s what we were up to.

Two Factor Auth

Something you know, something you own, something borrowed, something blue…

We were very pleased to roll out two-factor authentication, meaning that you can now add a second step to your account login if you want extra security. We support the Google Authenticator token generator. More details on your accounts tab.

The inside scoop

  • A couple of people were being caught by an error in FileZilla SFTP, which happens if anything in your .bashrc echoes anything to stdout – a particularly sneaky bug to track down. (although the most common problem with SSH is still the case-sensitive nature of usernames…)

  • Ping! Our own Harry gives some tips on disabling console chimes

  • Bossman Giles gives a quick rundown of how to do blue green deployment on PythonAnywhere

  • willpaycoin was worried about the Dirty Cow (geddit? a copy-on-write vulnerability. harhar). But he needn’t have, our ever-vigilant cow security brigade were on it.

New batteries included? A whole new image more like!

Although you can install Python packages on PythonAnywhere yourself, we like to make sure that our preinstalled batteries included are nice and up-to-date. A few weeks ago we released a whole new system image which we’re calling “dangermouse”, which is the default for new users. If you are still on the “classic” image (see? it’s alphabetical!) and want to switch, drop us an email and we’ll upgrade you.

New whitelisted sites

Paying PythonAnywhere customers get unrestricted Internet access, but if you’re a free PythonAnywhere user, you may have hit problems when writing code that tries to access sites elsewhere on the Internet. We have to restrict you to sites on a whitelist to stop hackers from creating dummy accounts to hide their identities when breaking into other people’s websites.

But we really do encourage you to suggest new sites that should be on the whitelist. Our rule is, if it’s got an official public API, which means that the site’s owners are encouraging automated access to their server, then we’ll whitelist it. Just drop us a line with a link to the API docs.

Here are some sites we’ve added since our last newsletter:

  • api.mailgun.net
  • auth0.com
  • botframework.com, pandorabots.com
  • api.easypost.com
  • api.hipchat.com
  • api.skype.net/com
  • api.wikimapia.org
  • backend.deviantart.com
  • login.microsoftonline.com
  • strawpoll.me
  • www.hipchat.com
  • xboxapi.com

So if you’ve ever dreamed of building a weather-forecasting chatbot that posts deviantart images on skype directly from your xbox, now’s the time!

A few minor things

Behind the scenes we made some fairly hefty infrastructure upgrades to the way our fileservers and web servers balance load, but that shouldn’t be visible, except in increased reliability perhaps. There were a couple of minor security patches, and we got print preview working on Ipython Notebooks, which I’m sure everyone was just dying to see.

That’s about it! Thanks for reading, and tune in at the same time next month (ish) for more exciting news from your favourite Python PaaS.

comments powered by Disqus