From jake at buttercms.com Tue Dec 1 16:02:43 2020 From: jake at buttercms.com (Jake Lumetta) Date: Tue, 1 Dec 2020 16:02:43 -0500 Subject: [Baypiggies] Director of Engineering for Headless CMS SaaS Startup Message-ID: Howdy Baypiggies! I'm Jake, founder and CEO of ButterCMS. I'm looking for someone to own tech at ButterCMS. We're built on Django + Vue.js. You'd work closely with me (founder) on all product initiatives. There?s zero bureaucracy - you will have maximum autonomy and responsibility. Butter is the #1 rated headless CMS. Developers love us. We exist to make their lives better. As a Director of Engineering you?ll own all technology, be responsible for the entire ButterCMS platform, and most importantly, ensure that our customers are successful. Learn more: https://djangogigs.com/gigs/director-of-engineering-for-headless-cms-saas-startup-buttercms-lqyma8/ Cheers, Jake -- Jake Lumetta CEO of ButterCMS How Butter compares to Wordpress See what people think of ButterCMS -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjinux at gmail.com Wed Dec 9 18:02:57 2020 From: jjinux at gmail.com (Shannon -jj Behrens) Date: Wed, 9 Dec 2020 15:02:57 -0800 Subject: [Baypiggies] The Django admin and SOX compliance Message-ID: If you think about being compliant with certain things like SOX, SOC2, ISO 27001/2, one of the things you have to do is get a lot more careful about who can view and modify data. Consider the idea where you have a Django admin which allows you to mutate a bunch of the data in your database. Now, imagine a bunch of customer support agents making use of this Django admin in order to make changes on an as-needed basis. Now, imagine you want to add some workflow on top of this. Let's say a support agent needs to change some row (model object). However, we want such changes to be approved before making the change. Do any of you have some advice, guidance, or tool recommendations for this sort of problem? I know it's a little bit vague, but any advice about the intersection of the Django admin and SOX compliance would be useful. I'm happy to talk off-list. Thanks, -jj -- In this life we cannot do great things. We can only do small things with great love. -- Mother Teresa -------------- next part -------------- An HTML attachment was scrubbed... URL: From deirdre at deirdre.net Wed Dec 9 19:06:59 2020 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Wed, 09 Dec 2020 16:06:59 -0800 Subject: [Baypiggies] The Django admin and SOX compliance In-Reply-To: References: Message-ID: <70a54586-96dd-47e2-88cb-2b6c3d6fa7ac@www.fastmail.com> On Wed, Dec 9, 2020, at 3:02 PM, Shannon -jj Behrens wrote: > If you think about being compliant with certain things like SOX, SOC2, ISO 27001/2, one of the things you have to do is get a lot more careful about who can view and modify data. Consider the idea where you have a Django admin which allows you to mutate a bunch of the data in your database. Now, imagine a bunch of customer support agents making use of this Django admin in order to make changes on an as-needed basis. > > Now, imagine you want to add some workflow on top of this. Let's say a support agent needs to change some row (model object). However, we want such changes to be approved before making the change. In rails projects, I've just previously added a version (and tracking info like date and who made the change) to the data, and then incremented the version number when saving the record, with the unique key being the original UUID + the version. I haven't tried this in Django. There's also the wrinkle of documenting schema changes, because it's possible to lose data that way when it's transformed. In Rails, there was the acts_as_versioned gem, now succeeded by paper_trail, to handle that case. (This was above and in addition to migrations.) Once you've got it out of the database, looks like pyrsistent may help. In any case, I'm contributing to a project that uses it. Deirdre -------------- next part -------------- An HTML attachment was scrubbed... URL: From karreyes at gmail.com Wed Dec 9 21:06:26 2020 From: karreyes at gmail.com (Karla Reyes) Date: Wed, 9 Dec 2020 18:06:26 -0800 Subject: [Baypiggies] The Django admin and SOX compliance In-Reply-To: <70a54586-96dd-47e2-88cb-2b6c3d6fa7ac@www.fastmail.com> References: <70a54586-96dd-47e2-88cb-2b6c3d6fa7ac@www.fastmail.com> Message-ID: jj, I am actually trying to solve that same problem, but in regards to access to production hosted in aws / cloud. And the way i am framing this problem is, since sox does not cover any of the modern devops tools, our sox auditors follow 10 DevSecOps guiding principles, the one related to this would be [to have] : *Least privilege access to the tools* - if you are being 'controlled' you can't have elevated access. So i just share my example, as it might provide you some insight into how to solve your case. For AWS, I am trying to define a role within the prod account (and another non-prod account to steer sandbox & test usage to that), and assign this to a CI automated user, forcing that way all changes through your CI pipeline or automated deployment (happy path). Leaving a log/trace of this change. So CI user gets read+ write access. but the rest of the team have read-only role for troubleshooting purposes (non-happy path), which they will still have to push through a script from your automated build process (jenkins in our case). What Deirdre mentioned of version controlling the record for changes, is similar to turning on cloudtrail in aws, which we did. Except it only lets you know who preferred the 'cowboy' approach, without enforcing* 'least privilege access' *and comply with sox. -Karla On Wed, Dec 9, 2020 at 4:10 PM Deirdre Saoirse Moen wrote: > > On Wed, Dec 9, 2020, at 3:02 PM, Shannon -jj Behrens wrote: > > If you think about being compliant with certain things like SOX, SOC2, ISO > 27001/2, one of the things you have to do is get a lot more careful about > who can view and modify data. Consider the idea where you have a Django > admin which allows you to mutate a bunch of the data in your database. Now, > imagine a bunch of customer support agents making use of this Django admin > in order to make changes on an as-needed basis. > > Now, imagine you want to add some workflow on top of this. Let's say a > support agent needs to change some row (model object). However, we want > such changes to be approved before making the change. > > > In rails projects, I've just previously added a version (and tracking info > like date and who made the change) to the data, and then incremented the > version number when saving the record, with the unique key being the > original UUID + the version. I haven't tried this in Django. > > There's also the wrinkle of documenting schema changes, because it's > possible to lose data that way when it's transformed. In Rails, there was > the acts_as_versioned gem, now succeeded by paper_trail, to handle that > case. (This was above and in addition to migrations.) > > Once you've got it out of the database, looks like pyrsistent may help. In > any case, I'm contributing to a project that uses it. > > Deirdre > > _______________________________________________ > Baypiggies mailing list > Baypiggies at python.org > To change your subscription options or unsubscribe: > https://mail.python.org/mailman/listinfo/baypiggies > -------------- next part -------------- An HTML attachment was scrubbed... URL: From deirdre at deirdre.net Thu Dec 10 04:14:48 2020 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Thu, 10 Dec 2020 01:14:48 -0800 Subject: [Baypiggies] The Django admin and SOX compliance In-Reply-To: References: Message-ID: <8868F762-0FA1-4620-A342-269952C85961@deirdre.net> On Dec 9, 2020, at 6:06 PM, Karla Reyes wrote: > > ?What Deirdre mentioned of version controlling the record for changes, is similar to turning on cloudtrail in aws, which we did. Except it only lets you know who preferred the 'cowboy' approach, without enforcing 'least privilege access' and comply with sox. Good points about access. I was thinking from a programmer perspective rather than a dev ops one, but since we?re there: Debian (and now other linux distros) has the etckeeper package, which will git commit changes to system configurations automagically. https://www.tecmint.com/manage-etc-with-version-control-using-etckeeper/ Cool concept, and has saved more than one person?s bacon. There are likely analogous tools on other platforms. Deirdre -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeffrey.fischer at gmail.com Fri Dec 11 12:59:13 2020 From: jeffrey.fischer at gmail.com (Jeff Fischer) Date: Fri, 11 Dec 2020 09:59:13 -0800 Subject: [Baypiggies] Videos from July and August meetings available Message-ID: Hi Pythonistas, I'm pleased to announce that we have video from our July and August meetings up on YouTube: - July (Notebooks Night): https://youtu.be/8WnCWdbpIPU - August (Snakes and Queens): https://youtu.be/oCMWjRAvoyY Thanks to Karen for organizing the Zoom meetings and capturing the video. Thanks to Jason Fischer for doing the video editing. We hope to have more videos from 2020 available later this month (exact timing depending on my son's exam schedule). You can view the full list of available BayPiggies videos on our YouTube channel or on our website . Have a safe and happy holiday season! Regards, Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at esamir.com Wed Dec 16 22:25:05 2020 From: dev at esamir.com (Samir Faci (Dev)) Date: Wed, 16 Dec 2020 19:25:05 -0800 Subject: [Baypiggies] Configuration Suggestion for Python Message-ID: I was looking for something similar to GoLang's viper. https://github.com/spf13/viper If you're not familiar with it, it's nothing that fancy but it allows for config to be written in JSON, YAML, TOML and ENVIRONMENT can be used to override settings. I've found a few candidates like: https://pypi.org/project/gila/ https://github.com/alexferl/vyper Does anyone have any recommendations or experience with either of these tools? -- Thank you Samir Faci https://keybase.io/csgeek -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjinux at gmail.com Wed Dec 16 23:35:47 2020 From: jjinux at gmail.com (Shannon -jj Behrens) Date: Wed, 16 Dec 2020 20:35:47 -0800 Subject: [Baypiggies] Configuration Suggestion for Python In-Reply-To: References: Message-ID: There are standard libraries for reading things like .ini and .toml files. Some people just read JSON or YAML files. In Django, they just use Python code and read from the environment when you want overrides to happen; that's probably what I do the most often. I'm not sure of anything that combines a non-code config file with automatic overrides from the environment, but I'm sure it exists. I haven't tried either of the things you linked to. On Wed, Dec 16, 2020 at 7:26 PM Samir Faci (Dev) wrote: > I was looking for something similar to GoLang's viper. > https://github.com/spf13/viper > > If you're not familiar with it, it's nothing that fancy but it allows for > config to be written in JSON, YAML, TOML and ENVIRONMENT can be used to > override settings. > > I've found a few candidates like: > > https://pypi.org/project/gila/ > > https://github.com/alexferl/vyper > > Does anyone have any recommendations or experience with either of these > tools? > > > -- > Thank you > Samir Faci > https://keybase.io/csgeek > > > _______________________________________________ > Baypiggies mailing list > Baypiggies at python.org > To change your subscription options or unsubscribe: > https://mail.python.org/mailman/listinfo/baypiggies > -- In this life we cannot do great things. We can only do small things with great love. -- Mother Teresa -------------- next part -------------- An HTML attachment was scrubbed... URL: From deirdre at deirdre.net Thu Dec 17 01:07:41 2020 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Wed, 16 Dec 2020 22:07:41 -0800 Subject: [Baypiggies] Configuration Suggestion for Python In-Reply-To: References: Message-ID: In Dec 16, 2020, at 20:35, Shannon -jj Behrens wrote: > > There are standard libraries for reading things like .ini and .toml files. Some people just read JSON or YAML files. Since the definition changes apparently happened when I wasn?t paying attention, just thought I?d mention: YAML is a superset of JSON. JSON files are valid YAML. https://phoenixnap.com/blog/what-is-yaml-with-examples Deirdre -------------- next part -------------- An HTML attachment was scrubbed... URL: From shariesk at sundaelectronics.com Mon Dec 28 17:08:55 2020 From: shariesk at sundaelectronics.com (Shari Eskenas) Date: Mon, 28 Dec 2020 14:08:55 -0800 Subject: [Baypiggies] A picture book that teaches Python basics Message-ID: Hey everyone, I'm writing a unique Python book for beginners- it's in the form of a picture book! It tells a story with Python programs that represent real-life situations. The purpose is to teach the basics of Python with the code examples that compose the story. *A Day in Code: Python *is available for pre-order on Kickstarter (ends Jan. 15th): https://www.kickstarter.com/projects/914595512/a-day-in-code-python I'd love to hear any feedback. Have a happy new year! :) Best Regards, Shari Eskenas -------------- next part -------------- An HTML attachment was scrubbed... URL: