#django

i'd bet youtube has pro accounts and an api

eh the hard part of video processing websites is coming up with the $$$ to keep the lights on

that being said, aws also offers video transcoding and such

you can probably do the heavy lifting with a straightforward django celery setup

processing is just one part though. you also have to keep on top of file formats, device compatibilities, etc

Okay, well thanks for the brainstorming. I have a lot of homework to do for this. Leaning toward hosting solution though.

hi all, i'm using the sites framework to build a saas app of sorts, and have an extra model for storing site-specific details (site admin email, etc.) .... one of the fields is going to be for storing an API key for an external service, and i'm a bit on the fence how that should be stored (if it should not be stored in the database, etc. etc.)

does anyone have any suggestions?

mattt: think about the possible attacks on this _if the bad person already has access to your database_

mattt: it is possible that they can do worse things without the API key

Koterpillar: not really, causing my customers damage to their external services would be the worst thing that could happen

can the customers see the API key in the interface?

Koterpillar: well, i probably will mask it, but it will be manually entered by them at some point

entered != seen

mattt: an option is to encrypt just that field with the key somewhere else

there's not much sense in fencing in a public-facing server system into higher security parts

just make the entire thing secure

obviously i could pass in keys via environment vars, but that becomes hard to manage as customers scale and the number of additional vars increases over time

Koterpillar: yeah, i did consider this ... for the sake of backups not containing readable API keys

mattt: encrypted in the database with an external key sounds most sensible to me, just be ready to have a re-encryption strategy when you rotate key. `cryptography` has a `Fermet` class that can use multiple keys for this purpose

starting to doubt this architecture, maybe i should have had a model where i deploy a single instance for a customer, rather than a single instance using sites framework that hosts all customers :P

adamchainz: i never thought about the re-encryption strategy, but see how critical that will be, thank you for the info

Is there any performance benefit from gzipping DRF json responses, which are all 20kb max? Chrome network console is reporting they download is less than 1ms, which if it were true would obviously mean no, but that also seems vaguely impossible

In this case we're using JWT auth so breach attacks shouldn't be an issue

infinitesum: Bigger responses might take more time on conjested networks?

20kb/s can happen if you're on a cellular network.

I'd say unless there's a reason you have to _not_ gzip the output (like supporting really old clients), it can't hurt.

yeah, I'm just wondering what the right balance is because obvious gzipping the response is going to take a non-zero amount of time also. So I'm wondering if there is some best practice in terms of if the response size is less than X, don't gzip

*obviously

Honestly, I'd wager that you'd spend more time sending the extra bits than you'd spend gzipping.

If we consider the performance of the network layer, it's probably quicker to gzip 500bytes of data than it is to send an extra 500 bytes of data.

It's not just network time, it's also the time spent waiting on the PCI bus and time waiting on write.

So anything we can do to make the application more CPU bound and less IO bound is good.

But I don't have the data to back that up. :V Just anecdotes.

sounds good, I'll try it on staging and see what happens :-)

infinitesum: https://moz.com/learn/seo/page-speed says gzip anything >150 bytes which pretty much means everything

@+adamchainz Nice!

idk how authoritative they are though

Rand knows his stuff, I'd consider anything from SEO Moz to be pretty trustworthy, especially something like this where it's not going to be out of date

but that said I'll still measure what happens

Hi everyone, I am trying to buildup a n level menu with django.

I already have the data within mongodb but not sure how to render this

wokopo: recursion

Koterpillar but the idea is, using recursion send an object with all the data to the view?

wokopo: menu.html: {{ item.label }} {% for child in item.children %}{% include menu.html with item=child %}{% endfor %}

yes

or go back and foward between the view and the backend?

oh you can use recursion like that? :O

wow

haha is awesome

let me try that, thanks Koterpillar!!

given model.created_at how do I change the created_at value and then model.save() ?

just the hour though

best I got is model.created_at = model.created_at.replace(hour=18); model.save()

morenoh149: that's how, beware that that isn't always a valid thing to do