The PythonAnywhere Newsletter, December 2016

Welcome to our Christmas newsletter! Featuring a selection of the Internet’s very worst Christmas-themed animated Gifs!

snow with christmas tree in foreground

Here’s what we’ve been up to.

Read more…

System update this morning -- why it took so long

This morning we deployed a new version of PythonAnywhere – we’ve blogged about the new stuff that you can see in it, and this post is a run-down on why it took longer than we were expecting.

Our normal system updates tend to take between 15 and 20 minutes. Today’s was meant to take about 40 minutes – more about why later – but it wound up taking over an hour and forty minutes. That definitely warrants an explanation.

Read more…

New release, ft. 2016-style Javascript and the Deep Tarpit.

The main driver for our release this morning was a move, behind the scenes, to put our servers into a “VPC”, and despite the fact that it’ll have no visible impact, it was a significant change to the infrastructure, and not without its challenges, as you’ll hear in more detail from Giles later :)

One Yak, Fully Shaved.

new consoles list ui screenshot

One change you might notice is that the Consoles page has changed, and includes some little red Xs for killing consoles. The original idea was just to change them from being links that cause a page refresh to being ajax calls, which would let you kill multiple consoles at the same time. Somehow though, that small user interface tweak turned into the whole office deciding to treat that How it feels to learn JavaScript in 2016 comedy blog post as if it were an instruction manual, and we have now spent several days knee deep in React, ES6, promises, webpack, npm, Enzyme, fetch, promises, promises, and many, many more. Still, by the end of it, it all worked, and we have to conclude that ES6 is much nicer to work with than horrible old javascript.

The Deep Tarpit

The tarpit is one of the key ways we balance the resource needs of our various users. What happens when you exceed your CPU quota is that your processes still run, but they get a lower priority compared to people who are still within the amount they paid for. That’s been working fairly well, but as with all things, we notice there’s a power law at work, and there are a small number of users who regularly go massively over their tarpit limit. We’ve added some code that will automatically kill processes of these kinds of users, and send them a friendly notification email. Bad programmer! No biscuit.

We’ve also added some code to limit the amount of output in consoles, so that kids (and adults) whose first Python program is while True: print(“farts”) will have less of an impact on the system. Although plenty of farts will still be printed, fear ye not.

The upshot of all that should be that console performance will hopefully be a little more consistent from now on.

Better support for non-English keyboards

We do our best to avoid the classic Anglocentric, parochial laziness of imagining that the world ends with ASCII, but it takes work! For a while we’ve known that users on certain operating systems with certain keyboard types & layouts would have difficulties entering certain text into our consoles. So we’ve rolled out the ability to switch from hterm to xterm.js for our client-side terminal emulation.

If you’d like to try it out, give us a shout and we can switch it on for you. NB - keyboard shortcuts for copy + paste will be different, it’ll be Ctrl+Ins / Shift+Ins instead of Ctrl-C & Ctrl-V.

General bugfixes and security fixes

And the usual retinue of bug fixes. Some of which were (minor) security fixes, incidentally, as reported by some enthusiastic security researchers. Find out more about our bug bounty if that describes you!

The PythonAnywhere newsletter, November 2016: Two-factor auth and a new system image

We try to get a newsletter out every month, but sometimes we just get too distracted working on our latest and greatest features to manage it. It wasn’t that we were all out in Norway doing an opera, honest :-)

Here’s what we were up to.

Read more…

Nitrous.io shuts down

We were sad to hear about the sudden departure of our frenemies* at Nitrous.

Read more…

Today's upgrade: improving websites, better security

This morning’s system update went smoothly, and we’ve made a couple of great changes :-)

Improved website routing

This one should be pretty much transparent to you, but we’ve revamped the way we route requests for the websites that we host; this should speed things up for some people.

Noisy neighbours always cause problems, in the real world and on the Internet. When someone writes a website that hogs system resources on PythonAnywhere, sometimes it can impact other people who happen to be on the same server. Naturally, we monitor the system, and when we find a particularly badly-behaved website we notify its owner by email and ask them to fix it – or in extreme cases, if it’s causing serious problems, we shut it down. But that’s far from ideal.

Today’s update makes that all a lot better. We’ve given ourselves, the system administrators, fine-grained control over where websites run. So now, if we see a website that’s causing slowdowns for other users, as well as notifying the owner so that they can fix it, we can move it right away onto a server where it won’t impact other people. We’re calling it “putting them in the sin bin”…

Security is important

…as people have reminded us frequently in suspiciously-similar Tweets. And they’re right! So we’ve implemented two-factor authentication, using Google Authenticator (or any other TOTP app). It’s currently going through a short internal-only testing process (in other words, we’ve switched it on for our own accounts to see if it breaks anything) and if all is well, we’ll provide it as an option for everyone next week.

On the subject of security, we’ve also fixed a couple of bugs: Nikhil Mittal reported a CSRF issue on PythonAnywhere that would have allowed an attacker who knew both your username and the internal database ID of one of your scheduled tasks to delete that task, if they tricked you into visiting a web page that they controlled while you were logged in to PythonAnywhere. It wouldn’t have given the attacker access to any of your data, but it could have been really irritating, and we’re glad it was reported so that we could fix it. Bug: fixed. Bug bounty: paid. Nikhil also reported some issues around our email confirmation system, which we’ve also fixed.

…and the rest

As always, we’ve put in a number of user interface tweaks, including fixing the print preview on IPython notebooks.

That’s it!

Thanks for reading, and for using PythonAnywhere :-)

The PythonAnywhere newsletter, September 2016

We try to get a newsletter out every month, but in August we were all too busy working on our latest and greatest features to manage it. It wasn’t that we were all out sunning ourselves, honest :-)

Here’s what we were up to.

Read more…

Latest deploy: Some nice new features and a surprise

Rename web apps

Yes, we know it’s been a long time coming, but now you can rename your web apps (and, as a result change the domain they’re served from) right on the web app setup page. Look for the little edit pencil icon next to your web app address.

Students can share with teacher

We’ve made it easier for students to share their consoles with their teacher.

List invoices on accounts page

For those of you that may be wondering how much of your hard-earned money you’ve spent on PythonAnywhere, we’ve added a list of all of your invoices to the Account page.

PDF export for Jupyter notebooks works

A helpful user pointed out that “Download as PDF” wasn’t working in Jupyter notebooks on PythonAnywhere. So we fixed it.

“bash console here” on editor page

If you’re ever editing a file and want to open a Bash console in the same directory as the file, now you can.

General security, usability and stability fixes

As usual. This is usually where we put all the fixes for bugs that are too embarrassing to list.

Something great that we’re not telling you anything about

until we’ve tested it ourselves.

Back to school tips for teachers, from PythonAnywhere

Dear teachers,

If there’s one thing we know, it’s that teachers (and students) love, it’s being reminded that the holidays is that the holidays are coming to an end. Hooray!

Here’s a few ideas and pointers for some of the things that we hope will make your life, as a teacher, easier.

Read more…

Latest deploy: new stylings, editor fixes, and our API beta

Morning all! A lovely day for leave-ing an old server image behind and welcoming in a new, independent, codebase. #brupgrade #brelease #breployment.

Style tweaks, improvements to responsiveness

On a bit of a whim we decided to upgrade to bootstrap 3, so you’ll notice slightly different stylings. Flat buttons! Oh-so-3-years-ago. But also, there are some improvements to the way the site displays on mobile and smaller displays, which is nice.

We also upgraded to the latest version of the ace editor, which should bring a few little improvements too, like better vim keybindings, and better support for ipads (you can now scroll, yay!)

API beta

It’s not ready for prime-time yet, but we’ve started work on a PythonAnywhere API. It may end up not being something we publish for general use, and just something for us to use behind the scenes, but if you’re keen to take a look, get in touch, and we’ll switch it on for you. Currently the API allows you to do stuff to your web apps, namely:

  • create new web app
  • reload web app
  • update webapp settings: virtualenv, static files.

You should bear in mind that anything you build using that api will probably break when we next do a release, we’re making no guarantees about backward-compatibility, or that the api will even work as it is. So really it’s just for playing around or for the curious for now. Still, email us if you’re interested, we’d love to hear from you.

Other changes

  • There’s now a UI for updating the working directory and source files location for your web apps.
  • The editor now gives you a useful warning when you try and save if you’re over your quota (and it no longer deletes your whole file, which some consider a bonus)
  • We’ve made some changes to try and make it easier for us to deal with forum spam. ugh.
  • and a few assorted minor bugfixes.

Your comments and suggestions are always welcome. Enjoy!