Caktus Blog

At Caktus, we maintain some open source packages, which are usually pieces of code that we’ve found useful when building an application, and we figure they might be useful to others. From time to time, those open source projects need a little maintenance: Maybe a bug fix has been provided from a community member, or we need to update to support a new version of Python or Django. I always hesitate to do this because I know there are multiple steps involved to ensure that any updates are properly tested, documented, versioned, and released. One of my silly blockers is that I always seem to forget how to upload a release to PyPI, which is the Python Package Index, a repository of software for Python. I call it silly because it shouldn’t really be a blocker, seeing how simple it actually is, but I still forget it each time and have to walk through the documentation step by step to make sure I do it properly. I recently found a tool that helps with this process.

I remember being really impressed the first time I encountered single sign-on (SSO), in which I could access multiple websites after just logging in once. But I was even more impressed when I learned that underlying SSO are just a few, basic HTTP features.

October 2020 marked the 14th anniversary of the introduction of “let” and "const" to Javascript. Yes, it was in 2006 that this feature was first introduced, and we’re still having conversations about it. So why, you ask, are we still talking about this? It seems that a lot of confusion remains, not to mention a lot of old code being passed around on StackOverflow with “var” all over the place. Here I’ll discuss the difference between these three declarations, and come to a conclusion about best practices

This is how to set up the One True Development Environment for Python.

Haha, just kidding, there is no such thing. Here's one way to do it that works for me, and an attempt to explain the benefits of doing it this way.

We’ve published summaries of our most popular blog posts before (see Top 19 of 2019 and Top 18 of 2018), but this time, we’re taking it a step further. We’re sharing the 20 most popular posts in 2020, regardless of the year the post was originally published. And some of these have been around a while! Based on total pageviews, here are the blogs that rose to the top of the popularity list, from most viewed to least viewed.

I keep up with what's happening in my field by following a number of blogs and an occasional email list. I don't read everything posted in all of these, but by scanning the topics in a feed reader, I can keep up with what's going on, without wasting a lot of time.

Part two of a two-part series. View part one.

Stateless authentication with JSON Web Tokens  —  safely!

As developers who build REST APIs, we are quite familiar with JSON Web Token (JWT) based authentication. The typical pattern is this:

React is a library that helps developers approach user interface (UI) development with the single-responsibility principle in mind, while building reusable, encapsulated components. But when it comes to styling, there is a heated debate in the React community. There are a few schools of thought:

Part one of a two-part series.

A REST API is a wonderful way to expose application data to a wide variety of clients. Anything that can speak HTTP can communicate with a REST API, and these days that means an exciting variety of devices. From plain old web browsers to mobile devices to a whole array of IoT applications  —  there are a lot of good reasons to use a REST API. And if you’ve ever built one, you’re familiar with the predominant means of restricting endpoints to authenticated users  —  JSON Web Token (JWT) based authentication.

Above: Caktus uses several mobile devices for accessibility testing. For a more realistic experience, it’s important to test on devices, and not just with simulators.