Jacob Kaplan-Moss

I'm a software developer, co-creator of Django, and an experienced engineering leader. I previously ran teams at 18F and Heroku. I'm currently the Principal Engineer at Hangar, and available for limited consulting engagements through my consultancy, REVSYS.


Preventing SQL Injection in Django 2 weeks, 5 days ago

I wrote this article for r2c, a security startup I’ve been consulting for. They’ve been building Bento, a program analysis toolkit that can find bug through static anaylsys of Python code. It uses semgrep, a code search tool that understands Python syntax. I’ve been helping them figure out which kinds of checks matter to Django developers. SQL injection is one of the places we decided to start, and I wrote this article to explain the problem, solutions, and how Bento/semgrep can help.

What accomplishments sound like on software engineering resumes 3 weeks, 2 days ago

Effective resumes need to contain two things: responsibilities and accomplishments. The first tells the read what your job was; the second, what your results were. Unfortunately, most people fail at the second part. I’ve seen thousands — maybe tens of thousands — of resumes, and most don’t contain accomplishments. This …

Layoffs are Coming 2 months, 2 weeks ago

It's looking increasingly likely that the COVID-19 pandemic will cause a recession. It's easy to think we might be immune from the effects of a global recession, but my experience is that tech companies are quick to cut staff, especially engineers, in the face of declining markets. I hope I'm wrong, but I don't think I am. Either way, it's not going to hurt to prepare.

Django’s new governance model 2 months, 2 weeks ago

Starting today, Django has a new governance model. Previously, a small “core team” made most decisions, including electing a Technical Board to own decisions about each release. Now, the “core team” is gone; all power rests with the Technical Board. Anyone who’s made substantial contributions to Django is now eligible …

The Innovation/Execution Spectrum 3 months, 1 week ago

Lately I've been working with our startups to establish their engineering strategies. One model I've found useful is to place their technical challenge on an innovation/execution spectrum.


To ••• With Passwords 7 months ago

A keynote I gave at North Bay Python 2019

How to Ace a Technical Interview 1 year, 3 months ago

A keynote I gave at PyCon APAC 2019

Let's build a web framework! 3 years ago

A tutorial I gave at PyCon US 2017

Implementing multi-factor authentication 4 years, 2 months ago

A talk I gave at dotSecurity 2016

Django's request/response cycle 4 years, 6 months ago

A talk I gave at Django Under The Hood 2015

Heroku Under The Hood 4 years, 6 months ago

A tutorial I gave at Django Under The Hood 2015

HTTP in Django 4 years, 6 months ago

A talk I gave at Django Under The Hood 2015

Minimum Viable Security 4 years, 8 months ago

A talk I gave at DjangoCon US 2015


📌 How I Dropped 250 KB of Dead CSS Weight with PurgeCSS | frontstuff #
📌 Kore4 and Python

There’s a bunch of interesting stuff here—async, automatic ssl—but the seccomp stuff is _really_ fascinating. I wonder how hard it’d be to do this with Django? #

📌 Design better data tables - UX Collective

I really like these patterns. I wonder if there’s a good front-end library that makes this stuff easy? I tend to use django-tables2 on the backend, which handles all the sorting/filtering nicely, but the UI leaves something to be desired. #

📌 Resources for measuring cybersecurity: a bibliography #
📌 AWSume: AWS Assume Made Awesome! | AWSume #