Latest blog posts

Where I write about things like Python, Django, JavaScript and Linux.

Mara - a Python network service framework

I've released a new version of Mara, my network service framework written in Python. It aims to make it easy to build TCP/IP services, such as echo servers, flash policy servers, chatrooms, talkers and MUDs.

It's event-based; that is to say you write event listener functions which you bind to events that your service raises - like Connect, Receive or Disconnect.

Mara is on pypi, so you can pip install mara, then start writing your service. An echo server in Mara looks like this:

from mara import Service
service = Service()

def receive(event ...

Read full post

Introducing Tagulous

Tagulous is a tagging library for Django which is based on ManyToManyField and ForeignKey relationships. I've been developing and using it internally for several years, and have recently tidied it up for release; it supports Django 1.4 to 1.9a, on Python 2.7 to 3.5.

It started with a simple enough idea - rather than use generic relations like other tagging libraries, use a subclass of ManyToManyField which supports assignment using tag strings, to allow things like this:

class Person(models.Model):
  name = models.CharField(max_length=255)
  skills = TagField()

person = Person.objects.create(name='Bob', skills='run ...

Read full post

A Tiny Web Font Loader

Today I'm releasing TinyWFL, my tiny web font loader which is about 95% smaller than other popular loaders.

When web fonts started to gain adoption around 2010, the problem people had was FOUT - the flash of unstyled text while you waited for the browser to download the font. I think most people would agree that this has since been solved very comprehensively by webfontloader from Google and Typekit, and that it's now the de-facto standard loader - but back in 2010 or 2011 FOUT was still an issue, which is why I wrote my own.

To be accurate, my ...

Read full post

Tips for SSL certificates

Display CSR information:

openssl req -text -noout -in foo.csr

Display signed cert information:

openssl x509 -in foo.crt.pem -noout -text

To remove a password from a key:

openssl rsa -in foo.key.pem -out foo-unlocked.key.pem

To decode a CRL:

openssl crl -text -in ca.crl.pem

To check a certificate against a CRL:

cat ca/ca.crl.pem ca/ca.crt.pem > crl-check.pem
openssl verify -CAfile crl-check.pem -crl_check foo.crt.pem

Read full post

Self-Signing Certificate Authorities


If you run a website which receives or displays personal information, passwords or other secrets, you need to encrypt your connections using SSL or TLS. This is what puts the "S" into HTTPS, FTPS, IMAPS, POPS etc, and requires private keys and public certificates. Your browser (or other SSL/TLS client) trusts certain CAs (certificate authorities), and they in turn are willing to trust you by issuing you a certificate, if you throw money at them.

This is necessary for public-facing production deployments, and these days the cheapest certificates don't cost the earth - for example, Namecheap's start ...

Read full post