SShortSingh.
Back to feed

How to Fix Django's GenericForeignKey N+1 Query Problem Without Schema Changes

0
·1 views

Django's GenericForeignKey (GFK) fields, commonly used in audit logs and notification feeds, cannot be traversed by the ORM's select_related or prefetch_related, causing one database query per object lookup. On a page of 20 activity log entries, this can quickly balloon to 60–80 queries before pagination is even considered. A three-step workaround resolves all GFK references in bulk by grouping object IDs by content type and firing a single query per target model. The resolved instances are then cached on each log entry as a private attribute, allowing serializers to read from cache with a live-query fallback. This approach requires no model or schema changes, making it suitable for inherited codebases where migrations are not an option.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

JavaScript Pivot Table Processes 10 Million Rows in Browser Using Columnar Data

Developer Kasmav built AeroPivot, a framework-agnostic pivot table web component, and benchmarked it against a 2.8 GB CSV file containing 10 million rows and 33 fields. The project addresses a real-world challenge in embedded analytics: handling large datasets directly in the browser without server-side processing. A key architectural decision was using columnar data ingestion instead of traditional row-object arrays, which reduces memory overhead from repeated object keys, property lookups, and garbage collection pressure. Typed arrays such as Float64Array are used for numeric measures, making the data structure more efficient for aggregation operations. The benchmark recorded an initial CSV ingestion time of around 2 minutes on a Windows machine, with the post emphasizing that ingestion and pivot recalculation timings should be measured separately for accurate performance evaluation.

0
ProgrammingDEV Community ·

How AI Trading Agents Use Private RPC Relays to Evade MEV Bots on Blockchain

A developer running automated AI trading agents on the Polygon blockchain discovered their arbitrage profits were being consistently stolen by MEV (Maximal Extractable Value) bots monitoring the public mempool. These bots scan pending transactions in real time, copy profitable orders, and resubmit them with slightly higher gas fees to ensure their transactions are processed first — a tactic known as frontrunning. In one logged instance, an expected profit of 45 USDC was reduced to just 2.1 USDC after such an attack. To counter this, the developer integrated Private RPC relays such as Flashbots Protect, which route transactions directly to validators through an encrypted channel, bypassing the public mempool entirely. This approach prevents predatory bots from detecting and copying pending transactions before they are confirmed on-chain.

0
ProgrammingDEV Community ·

Persistent Context Files, Not Chat History, Are Key to Reliable AI Coding Agents

A developer essay published on DEV Community argues that AI coding agents produce inconsistent output because ephemeral sandbox environments give them no persistent state to read at the start of each session. The author explains that an agent's effective 'memory' is not chat history or cross-session recall, but the actual files on disk it can access — including component libraries, test suites, and convention files like CLAUDE.md or .cursorrules. Without these reference files, agents default to freeform generation, which may look impressive in short demos but degrades quickly across large codebases. The piece recommends that developers maintain a small, well-structured convention file in the repository root so agents can re-read consistent rules every session. According to the author, this low-effort setup — rather than vector stores or fine-tuning — is what enables reproducible, reviewable AI-generated code at scale.

0
ProgrammingDEV Community ·

Cookie Theft Can Bypass Two-Factor Authentication — Here Is How to Stay Safe

Session hijacking via cookie theft has become the fastest-growing identity attack in 2026, with over 2.1 billion stolen cookie records found on underground marketplaces, according to cybersecurity firm SpyCloud. Attackers use infostealer malware — such as RedLine, Lumma, and Vidar — to silently extract browser session tokens, which are then sold on dark web channels for as little as $5 to $30 per victim. Because session cookies represent already-authenticated logins, replaying them in another browser bypasses two-factor authentication entirely, with no password or verification code required. Microsoft confirmed in early 2026 that this technique, often combined with adversary-in-the-middle phishing kits, drove a significant wave of enterprise account compromises, even affecting users with hardware security keys. Experts warn that MFA alone is no longer sufficient protection, urging users to avoid unverified software downloads, use short session timeouts, and monitor accounts for unfamiliar active sessions.