Personal tools
You are here: Home
 

News - f'(x)

News from Brent and Celes

Full circle - Python web frameworks

by Brent Woodruff — Jul 19, 2008 05:58 AM

A little over a year ago I got serious about doing web development using Python. From what I have discovered, this is not exactly an easy field to break into and understand without either guidance or a lot of hard work. The first thing I had to do was choose a framework, and this was during a time when the number of viable frameworks seemed to be on the rise.

This is no longer the case.

Ultimately, I chose to use Plone and got some guidance from a Plone Bootcamp. You may be thinking "Plone is a CMS, not a framework" and I'll get to that in a minute. Recently, a project came up which presented the opportunity to review my choice with greater insight and a bit of experience. Also, a friend had just chosen to use CherryPy for a new project he is undertaking. What should I use for my new project? It's not exactly a website in the traditional sense. This will be a special purpose web application, the way I thought about web applications when I got started in all of this.

What is out there, available as open source, with enough of an established base to allow me to successfully implement my project?

This list is longer than the one given in the article linked above, but still justifiable. Each of these presents some interesting choices, but the list can be reduced somewhat with a small amount of research and expressing some preferences.

First off, I would rather reuse a quality component or mechanism than do it myself from scratch. This means I'm after a full featured framework rather than a DIY framework like CherryPy. Nothing wrong with CherryPy, it just doesn't provide anything other than the extreme basics - focus on processing requests. For example, CherryPy does not use a templating system by default, allowing you to use whatever you want. Now we have to evaluate templating systems. There is no default database for persistence, etc etc

Interestingly, Turbogears uses CherryPy as its application server and includes all of the 'best of breed' tools. The pieces have already been assembled in a usable way, allowing you to get to developing your application. Turbogears is considered a 'mega framework' because of this. Pylons is similar in this respect in that it assembles various tools that can be swapped out. Pylons uses the Paste application server instead of CherryPy at its heart. Pylons has a Ruby on Rails style of request handling.

CherryPy/Turbogears and Pylons can be reduced into one choice, keeping in mind the preferences expressed, and because the next version of Turbogears will actually not use CherrPy, but will instead run on top of Pylons! The communities are combining and I think this is great. CherryPy itself will probably continue to have a small hardcore following, but lose the support of developers working on things like Turbogears.

Django seems like the odd one out with other communities folding into each other. There is a great community around it and it has certainly been put through its paces in the professional world. Again, the common tools such as templating and persistence are in place. However, there are a couple of things that Zope/Plone has over Django, in my opinion. Not only that, but Django is very focused on the news / blog style of application. I know it can be used to do just about anything, but it's designed to make those kinds of applications easy.

Zope 3, Plone, and Grok all share a common Zope heritage in some way. They all make use of the Zope Object Database, ZODB, for persistence and use Zope Page Templates (ZPT). Plone is actually a Zope 2 CMS product that can also use Zope 3 development techniques through a project called Five (Zope 2 + Zope 3 = Five), which is now built in to Zope 2.

Grok is being worked on to become "Zope 3 for the common caveman", however, I am discovering that Grok is missing enough substance that nearly any complex web application will need to dip down into its Zope 3 base to make it work. One only needs to consider user management to see that Grok has a way to go to stand on its own. There's nothing wrong with this, except that if you already know enough Zope 3 to get a complex Grok application off the ground, you're probably already using Zope 3.

Any reasonably mature framework based on Zope at this point is battle tested and worthy of enterprise consideration. I'm a big fan of ZPT because they render in a browser, making them easy to write. I'm also a big fan of the ZODB because it is about the slickest persistence available and I'm a programmer, not a system administrator. The ZODB is often unfairly knocked on performance when in fact it is efficient, quite scalable thanks to ZEO, and able to handle heavy loads.

Zope, Django, and Pylons/Turbogears are all definitely worth considering. Obviously, I have had some good experiences with Zope technology and am leaning that way. Here's the thing though: a lot of what I'm after in a generic web application framework is already there with Plone, and it can be turned on and off easily (or so it would seem). These kinds of things, like user management, authentication, a sophisticated portlet and layout system, have to be built up in even an advanced framework like Zope 3. Additionally, the future of Plone development is using buildout, which should make it possible to quickly pull together the components needed without too much cruft.

All the above having been said, for the second time I am looking at choosing Plone. This time around, however, the application will be more like a one-shot, specific use application and not really resemble content management at all. I believe this process has given me a much better understanding of the "Plone as an application vs Plone as a framework" sentiments.

I'm currently reading through Web Component Development with Zope 3 and Professional Plone Development. I'm not much of a blogger, but I'll post what I eventually decide to implement this project in. It may even get released to the world if I do a good enough job!

Send-to form spammers

by Brent Woodruff — Jun 05, 2008 08:45 PM

Ugh. Spammers are truly the bottom feeders of the internet. I discovered recently that my development site was being used to send unsolicited email. My sincerest apologies to anyone who got junk mail from an fprimex.com address.

I have fixed the problem, and outlined for other Plone users below some precautions to take so that they too don't get used to make the spam problem any worse.

The main issue is that Plone has a feature through which you can email a link to someone using an online form. It's a "I bet Bob would want to see this", click send-to, put Bob's email into the form, click send scenario. Unfortunately, this feature is available to anyone and can be repeatedly abused by scripts and lowlifes.

Here's a checklist to get rid of Plone's send-to functionality:

  1. Take the "Allow sendto" permission away from everyone
    1. In the Zope Management Interface (ZMI) of your Plone site, select the "Security" tab.
    2. Scroll down to the "Allow sendto" permission and uncheck all of the boxes in its row, including "Acquire".
    3. This will make it so that people can still reach the sendto form, but when they attempt to send, they'll get an error. This is the minimum to fix the problem.
  2. Remove the sendto document action
    1. In the ZMI of your Plone site, select portal_actions
    2. In portal_actions, select document_actions
    3. Either of these achieves the same effect for end users:
      1. Delete sendto
      2. Select sendto, then uncheck Visible
  3. Replace the sendto_form page with a disabled message
    1. In the ZMI of your Plone site, select portal_skins
    2. Select the plone_forms folder
    3. Select the sendto_form, then click the Customize button
    4. In the template, delete the form and replace it with something like "This form has been disabled."

Note that doing only #2 will still allow spammers to reach and use the sendto form if they know the URL.

UFC 84, Gaming Club, Coding

by Brent Woodruff — May 25, 2008 11:11 PM

Congratulations to BJ Penn for getting an amazing TKO win over Sean Sherk at UFC 84. I have been keeping up with the UFC on pay per view for several years now, and 84 was a great buy. They showed 9 of the 11 fights, and only 1 of the 9 shown went to a decision. Even the decision fight (Ortiz vs. Machida) was entertaining.

Leander has been hard at work putting up game servers for the ASU Gaming Club. There's something for just about everyone if you like 1st person shooters. We've got TF2, CS 1.6 and Source, Quake 3 and 4, UT2004 (with UT3 on the way), and a host of military shooters - DoD, CoD4, and BF2. Get all the info here, then come out and play some.

I want to code something, but I've realized that I won't continue working on a program that I don't make use of at least sometimes. Work on LAD has stalled again, despite the long to-do list I made for it months ago. I just don't do graph theory every day (or at all any more, for that matter). I'd like to do something with Panda3D or the ZODB. I've also pretty much given up on managing my own code repository. My next open source project will probably be on Sourceforge or Google Code somewhere.

I'm noticing lots of hits on my development site. If you're getting a lot of the information there feel free to drop me a line and let me know what you think.

Python Lab, LANs, ZODB, web stuff, Zero Punctuation

by Brent Woodruff — Mar 23, 2008 07:31 AM

  • Support is deployed!
  • ALUG Python Lab March 27th, 7 to 9PM, JET 387
    • General Python get-together
  • ALUG LAN Party March 29th, 10AM to 10PM, JET 387
    • Games and geeking out, win stuff from the radio station
  • Gaming Club LAN Party April 19th, 12 noon to 11PM, ASU Grandfather Ballroom
    • Gaming LAN with tournamets and about 150-200 gamers
  • Posted introduction to using the ZODB (Zope Object Database) on dev
  • So awesome: Zero Punctuation
  • FYI - I'm now rewriting fprimex.com to www.fprimex.com
  • Trac 0.11 needs to hurry up and come out

Pictures!!!!!!

by Celes Alexander — Mar 09, 2008 11:39 PM

Yay! I finally listened to Brent and downloaded the Gallery plugin for iPhoto. That made it so fast to upload pictures. Before it could take up to 5 mins for one picture. Now I can upload 30-50 in the same time. So now, all of the pictures that I'll ever post from Mexico are there. Most of the pictures still don't have captions, but if anyone wants to know what was goin on, they can always ask me.

Catching up

by Brent Woodruff — Mar 03, 2008 02:08 AM

The new, Plone based, support website for Appalachian has been deployed. Work has also now started on aspects of the website that have been in planning for many months. Exciting times!

Speaking of Plone, my Introduction to Plone talk was given twice for the ALUG, along with the most recent talk, Introduction to wxPython. I haven't decided what to do for the last talk in the ALUG Python series, which is scheudled for 3/27, but it was suggested to host a lab. The Python Lab idea would give people a chance to work on what they wanted to do, but be able to get help.

One attendee of the Plone talk has launched a new Plone site about older computers that could be pretty cool.

Maybe now I can get some more work done on LAD. Working with Sage has so far been a bust, so I'm just going to go ahead with my own stuff for now. Hopefully we can collaborate and converge in the future.

Finally, let's end on an interesting note: XML-RPC thick client for Plone? I'm updating the code on that page (from 8 years ago!) and will hopefully come up with something cool soon.

Document Actions