Home

  • Finding broken slots in popular Python libraries (and so can you!)

    Adding __slots__ to a class in Python is a great way to reduce memory usage. But to work properly, all base classes need to implement it. This is easy to forget and there is nothing warning you that you messed up. In popular projects, a few of these mistakes have laid undetected — until now!

  • Is your Python code vulnerable to log injection?

    Following the news on log4j lately, you may wonder if Python’s logging library is safe. After all, there is a potential for injection attacks where string formatting meets user input. Thankfully, Python’s logging isn’t vulnerable to remote code execution. Nonetheless it is still important to be careful with untrusted data. This article will describe some common pitfalls, and how the popular practice of logging f-strings could — in certain situations — leave you vulnerable to other types of attacks.

  • Hello blog!

    I’ve decided to start this blog to keep track of my notes and programming, and hone my writing skills. As a bonus, I get to dip my toe back into frontend development after many years. Jekyll and GitHub pages made the setup easy, and CSS seems a lot easier than how I remember. Now – on to writing.