News - f'(x)
News from Brent and Celes
Full circle - Python web frameworks
A little over a year ago I got serious about doing web development
using Python. From what I have discovered, this is not exactly an easy
field to break into and understand without either guidance or a lot of
hard work. The first thing I had to do was choose a framework, and this
was during a time when the number of viable frameworks seemed to be on
the rise.
This is no longer the case.
Ultimately, I chose to use Plone and got some guidance from a Plone Bootcamp.
You may be thinking "Plone is a CMS, not a framework" and I'll get to
that in a minute. Recently, a project came up which presented the
opportunity to review my choice with greater insight and a bit of
experience. Also, a friend had just chosen to use CherryPy
for a new project he is undertaking. What should I use for my new
project? It's not exactly a website in the traditional sense. This will
be a special purpose web application, the way I thought about web
applications when I got started in all of this.
What is out there, available as open source, with enough of an
established base to allow me to successfully implement my project?
This list is longer than the one given in the article linked above,
but still justifiable. Each of these presents some interesting choices,
but the list can be reduced somewhat with a small amount of research
and expressing some preferences.
First off, I would rather reuse a quality component or mechanism than
do it myself from scratch. This means I'm after a full featured
framework rather than a DIY framework like CherryPy. Nothing wrong with
CherryPy, it just doesn't provide anything other than the extreme
basics - focus on processing requests. For example, CherryPy does not
use a templating system by default, allowing you to use whatever you
want. Now we have to evaluate templating systems. There is no default
database for persistence, etc etc
Interestingly, Turbogears uses CherryPy as its application server and
includes all of the 'best of breed' tools. The pieces have already been
assembled in a usable way, allowing you to get to developing your
application. Turbogears is considered a 'mega framework' because of
this. Pylons is similar in this respect in that it assembles various
tools that can be swapped out. Pylons uses the Paste application server
instead of CherryPy at its heart. Pylons has a Ruby on Rails style of
request handling.
CherryPy/Turbogears and Pylons can be reduced into one choice, keeping
in mind the preferences expressed, and because the next version of
Turbogears will actually not use CherrPy, but will instead run on top of Pylons!
The communities are combining and I think this is great. CherryPy
itself will probably continue to have a small hardcore following, but
lose the support of developers working on things like Turbogears.
Django seems like the odd one out with other communities folding into
each other. There is a great community around it and it has certainly
been put through its paces in the professional world. Again, the common
tools such as templating and persistence are in place. However, there
are a couple of things that Zope/Plone has over Django, in my opinion.
Not only that, but Django is very focused on the news / blog style of
application. I know it can be used to do just about anything, but it's
designed to make those kinds of applications easy.
Zope 3, Plone, and Grok all share a common Zope heritage in some way.
They all make use of the Zope Object Database, ZODB, for persistence
and use Zope Page Templates (ZPT). Plone is actually a Zope 2 CMS
product that can also use Zope 3 development techniques through a
project called Five (Zope 2 + Zope 3 = Five), which is now built in to
Zope 2.
Grok is being worked on to become "Zope 3 for the common caveman",
however, I am discovering that Grok is missing enough substance that
nearly any complex web application will need to dip down into its Zope
3 base to make it work. One only needs to consider user management to
see that Grok has a way to go to stand on its own. There's nothing
wrong with this, except that if you already know enough Zope 3 to get a
complex Grok application off the ground, you're probably already using
Zope 3.
Any reasonably mature framework based on Zope at this point is battle
tested and worthy of enterprise consideration. I'm a big fan of ZPT
because they render in a browser, making them easy to write. I'm also a
big fan of the ZODB because it is about the slickest persistence
available and I'm a programmer, not a system administrator. The ZODB is
often unfairly knocked on performance when in fact it is efficient, quite scalable thanks to ZEO, and able to handle heavy loads.
Zope, Django, and Pylons/Turbogears are all definitely worth
considering. Obviously, I have had some good experiences with Zope
technology and am leaning that way. Here's the thing though: a lot of
what I'm after in a generic web application framework is already there
with Plone, and it can be turned on and off easily (or so it would
seem). These kinds of things, like user management, authentication, a
sophisticated portlet and layout system, have to be built up in even an
advanced framework like Zope 3. Additionally, the future of Plone
development is using buildout, which should make it possible to quickly
pull together the components needed without too much cruft.
All the above having been said, for the second time I am looking at
choosing Plone. This time around, however, the application will be more
like a one-shot, specific use application and not really resemble
content management at all. I believe this process has given me a much
better understanding of the "Plone as an application vs Plone as a
framework" sentiments.
I'm currently reading through Web Component Development with Zope 3 and Professional Plone Development.
I'm not much of a blogger, but I'll post what I eventually decide to
implement this project in. It may even get released to the world if I
do a good enough job!
Send-to form spammers
Ugh. Spammers are truly the bottom feeders of the internet. I discovered recently that my development site was being used to send unsolicited email. My sincerest apologies to anyone who got junk mail from an fprimex.com address.
I have fixed the problem, and outlined for other Plone users below some precautions to take so that they too don't get used to make the spam problem any worse.
The main issue is that Plone has a feature through which you can email a link to someone using an online form. It's a "I bet Bob would want to see this", click send-to, put Bob's email into the form, click send scenario. Unfortunately, this feature is available to anyone and can be repeatedly abused by scripts and lowlifes.
Here's a checklist to get rid of Plone's send-to functionality:
- Take the "Allow sendto" permission away from everyone
- In the Zope Management Interface (ZMI) of your Plone site, select the "Security" tab.
- Scroll down to the "Allow sendto" permission and uncheck all of the boxes in its row, including "Acquire".
- This will make it so that people can still reach the sendto form, but when they attempt to send, they'll get an error. This is the minimum to fix the problem.
- Remove the sendto document action
- In the ZMI of your Plone site, select portal_actions
- In portal_actions, select document_actions
- Either of these achieves the same effect for end users:
- Delete sendto
- Select sendto, then uncheck Visible
- Replace the sendto_form page with a disabled message
- In the ZMI of your Plone site, select portal_skins
- Select the plone_forms folder
- Select the sendto_form, then click the Customize button
- In the template, delete the form and replace it with something like "This form has been disabled."
Note that doing only #2 will still allow spammers to reach and use the sendto form if they know the URL.
UFC 84, Gaming Club, Coding
Congratulations to BJ Penn for getting an amazing TKO win over Sean Sherk at UFC 84. I have been keeping up with the UFC on pay per view for several years now, and 84 was a great buy. They showed 9 of the 11 fights, and only 1 of the 9 shown went to a decision. Even the decision fight (Ortiz vs. Machida) was entertaining.
Leander has been hard at work putting up game servers for the ASU Gaming Club. There's something for just about everyone if you like 1st person shooters. We've got TF2, CS 1.6 and Source, Quake 3 and 4, UT2004 (with UT3 on the way), and a host of military shooters - DoD, CoD4, and BF2. Get all the info here, then come out and play some.
I want to code something, but I've realized that I won't continue working on a program that I don't make use of at least sometimes. Work on LAD has stalled again, despite the long to-do list I made for it months ago. I just don't do graph theory every day (or at all any more, for that matter). I'd like to do something with Panda3D or the ZODB. I've also pretty much given up on managing my own code repository. My next open source project will probably be on Sourceforge or Google Code somewhere.
I'm noticing lots of hits on my development site. If you're getting a lot of the information there feel free to drop me a line and let me know what you think.
Python Lab, LANs, ZODB, web stuff, Zero Punctuation
- Support is deployed!
- ALUG Python Lab March 27th, 7 to 9PM, JET 387
- General Python get-together
- ALUG LAN Party March 29th, 10AM to 10PM, JET 387
- Games and geeking out, win stuff from the radio station
- Gaming Club LAN Party April 19th, 12 noon to 11PM, ASU Grandfather Ballroom
- Gaming LAN with tournamets and about 150-200 gamers
- Posted introduction to using the ZODB (Zope Object Database) on dev
- So awesome: Zero Punctuation
- FYI - I'm now rewriting fprimex.com to www.fprimex.com
- Trac 0.11 needs to hurry up and come out
Pictures!!!!!!
Yay! I finally listened to Brent and downloaded the Gallery plugin for iPhoto. That made it so fast to upload pictures. Before it could take up to 5 mins for one picture. Now I can upload 30-50 in the same time. So now, all of the pictures that I'll ever post from Mexico are there. Most of the pictures still don't have captions, but if anyone wants to know what was goin on, they can always ask me.
Catching up
The new, Plone based, support website for Appalachian has been deployed. Work has also now started on aspects of the website that have been in planning for many months. Exciting times!
Speaking of Plone, my Introduction to Plone talk was given twice for the ALUG, along with the most recent talk, Introduction to wxPython. I haven't decided what to do for the last talk in the ALUG Python series, which is scheudled for 3/27, but it was suggested to host a lab. The Python Lab idea would give people a chance to work on what they wanted to do, but be able to get help.
One attendee of the Plone talk has launched a new Plone site about older computers that could be pretty cool.
Maybe now I can get some more work done on LAD. Working with Sage has so far been a bust, so I'm just going to go ahead with my own stuff for now. Hopefully we can collaborate and converge in the future.
Finally, let's end on an interesting note: XML-RPC thick client for Plone? I'm updating the code on that page (from 8 years ago!) and will hopefully come up with something cool soon.

