Summary
Plone is one of the first CMS projects to be built using Python and it is still being actively developed. This week Eric Steele, the release manager for Plone, tells us about how it got started, how it is architected, and how the community is one of its greatest strengths
Brief Introduction
- Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
- I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable.
- When you’re ready to launch your next project you’ll need somewhere to deploy it. Check out Linode at linode.com/podcastinit and get a $20 credit to try out their fast and reliable Linux virtual servers for running your awesome app.
- You’ll want to make sure that your users don’t have to put up with bugs, so you should use Rollbar for tracking and aggregating your application errors to find and fix the bugs in your application before your users notice they exist. Use the link rollbar.com/podcastinit to get 90 days and 300,000 errors for free on their bootstrap plan.
- Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.
- To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers
- Join our community! Visit discourse.pythonpodcast.com for your opportunity to find out about upcoming guests, suggest questions, and propose show ideas.
- Your host as usual is Tobias Macey and today I’m interviewing Eric Steele about the Plone CMS.
Interview with Eric Steele
- Introductions
- How did you get introduced to Python?
- Can you start by explaining a bit about what Plone is and how you got involved with it?
- How did the Plone project get started and how has it evolved over the years?
- What makes Plone unique among the myriad CMS tools that are available and which of them do you consider to be direct competitors?
- Plone has managed to keep an impressive track record of security. What are some of the key features that enable that?
- I know that for much of its history, the default data storage for plone was the ZODB (Zope Object DataBase). How would you describe its benefits and drawbacks for someone who is familiar with a relational database?
- Plone is one of the most long-lived Python projects that I am aware of. What are some of the most difficult maintenance challenges that you have encountered over the years of its existence?
- What does the internal architecture of Plone look like?
- One of the major tenets of the project is the ability to install extensions. What are some of the most interesting plugins that you are aware of?
- What kinds of projects are Plone best suited for?
- What does the workflow look like for a user of Plone?
- What are some of the most interesting uses of Plone that you have seen?
- What are the biggest challenges facing the Plone project and community as development and deployment paradigms continue to change?
Keep In Touch
Picks
- Tobias
- Eric
Links
The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA
.
[00:00:14]
Unknown:
Hello, and welcome to Podcast Dot in It, the podcast about Python and the people who make it great. I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. When you're ready to launch your next project, you'll need somewhere to deploy it, so you should check out linode@linode.com slash podcast in it and get a $20 credit to try out their fast and reliable Linux virtual servers for you running your next app. You'll also want to make sure that your users don't have to put up with bugs, so you should use Rollbar for tracking and aggregating your application errors to find and fix the bugs in your application before your users notice they exist. Use the link rollbar dotcom/podcastinit to get 90 days to 300, 000 ARIS tracked for free on their bootstrap plan. You can also visit our site to subscribe to the show, sign up for the newsletter, read the show notes, and get in touch at pythonpodcast.com.
To help other people find the show, you can leave a review on Itunes or Google Play Music and tell your friends and coworkers. We also have a discourse forum where you can find out about upcoming guests, suggest questions, and propose show ideas. Your host, as usual, is Tobias Macy. And today, I'm interviewing Eric Steele about the Plone CMS project. So, Eric, could you please introduce yourself?
[00:01:14] Unknown:
Yeah. So, hi. I'm Eric Steele. I am the release manager for Plone.
[00:01:19] Unknown:
So how did you first get introduced to Python?
[00:01:22] Unknown:
My first introduction, I was working at Penn State University, and, we were looking to build out a website and a web application. And, my coworker, introduced me to this project called Soap. And we used that for a few months, and I hated it completely. And so we switched to ColdFusion. But I I came back a few years later with clone for a personal product project and, just kinda really fell in love with clone, the software, but also Python, the language. And so I've been with it ever since. So can you start off by explaining a bit about what clone is and how you got involved with it? Clone is a content management system, open source, Python based. The way I I explain it to my mom is it's, basically a blog on steroids. And, yeah, if you are building a website, for an intranet or a corporate outward facing site where you have a lot of content editors, where security is a major concern, where accessibility is something you're deeply involved in and, multilingual content is important to you, then, you know, clone is really where you wanna be.
[00:02:35] Unknown:
And how did you first get involved with the project?
[00:02:38] Unknown:
Let's see. I I started using clone, on my own in 2004. Let's see. I made my first commit to Ploom core in 2007 or so, and that was rejected pretty much immediately. But, a couple years later, I was approached, and asked to take over as release manager. And so I joined on, became the release manager for the clone 4 release, which came out in 2010, I believe. And I've stuck on ever since.
[00:03:08] Unknown:
Given that you joined in a little later, do are you familiar with the story of how the project got started and wondering if you can share a bit too about how it's managed to evolve over the years? Yeah. Sure. Sure.
[00:03:21] Unknown:
Yeah. So clone initially started as a, basically a theme and usability layer on top of the the Zope application server back in 1999, I believe. And that was, Alan Runyon and Alexander Leeny, were involved in that. And yeah. So they, kind of sat down and started building this add on product to Zope, but eventually, it was yeah. Eventually evolved into this entire application. Alan was more than happy to really take on the code based tasks, and Alex really kind of took on the community side of things. And they've mostly moved on since then, but the community has grown and has gotten so strong that they've, really been able to succeed without them, which is, I think, 1 of the really interesting parts, for me at least.
So, yeah, the first public release came in 2001. So it's 15 years old this year, and which is for any software project, an open source project is, I think pretty remarkable.
[00:04:33] Unknown:
Yeah. It's definitely pretty uncommon to come across, You mentioned particularly open source projects that have been able to stick around for that long. I mean, there are of course notable exceptions like a number of the languages that we use and things like the Linux project. But for end user applications, the fact that it's been around for 15 years and has been able to actually stay relevant within that time frame is definitely an impressive feat. Yeah, we're excited about that. So you mentioned too a bit about the community. So I'm just curious about sort of how the how that community has evolved over time. And I guess what are some of the methods that you've used to make sure that the people stay engaged with Plone
[00:05:14] Unknown:
as newer offerings have come available? Right. Right. In the past few years, we've spent a lot of time talking about where Ploom will be in the next 5, 10 years, pretty quickly as we come up up on this birthday of ours. And we sat down and started really looking at, you know, what are the strengths of clone. And as developers, we kind of really wanna focus on the code. But the thing that came out from basically every single person submitting that was that the community was the strongest aspect of the the software system. And that's really started from the beginning.
ZOOP, kind of really brought this idea of the the code sprint, into the the software community. And that's not just the in in the agile sense, but in the, like, get a bunch of developers or documentation writers into the same room together at the same time and, get them working on a single project, over a few days. And we've used that as a way to, you know, not just bring the software project forward, but also to kind of build this, this culture where we have stories from our early days that are still being told today about, you know, this this crazy thing that happened. We have we have an Austrian prince who is some on and off developer, and he's hosted sprints at his family's castle.
There's a story of working on a archipelago where, they had to literally commit all their stuff to the sir a local server, pick it up, and then carry it to the other side of the of a hill to hook up to a different thing so they can get it, off-site and backed up to the the central SVN. And, yeah, we've used that kind of that gathering as a way to, yeah, really perpetuate the culture of the community. When I first started, Alex Leeny said to me that, you know, we wanna meet you and make sure you're not crazy. And it makes it a lot easier to work with people in a distributed project when when you know them, when you know, if I get into a shouting match with somebody over email, we know it's not personal because we've met and, we're much it's much easier to, you know, kind of forgive and move on and find common ground as far as the code goes.
[00:07:37] Unknown:
Yeah. That's definitely an important point to, emphasize is that particularly as open source becomes more widespread, it's more often the case that the people who are working on a project might be, you know, located on opposite ends of the planet and have never interacted with each other outside of the issue tracker on the project's GitHub page. So having that shared community of people who have actually been in 1 location, worked on the code together, shared other experiences other than simply swapping bits definitely helps maintain the strength of the community. 1 of the guests who we had on a show a while ago, there were, I think, 4 or 5 of them.
And the first time that they had ever actually even been on a voice conversation together was to be interviewed for this podcast. Oh, wow. And outside of that, the only time that they had ever interacted was via email and issue trackers.
[00:08:32] Unknown:
Yeah. We've actually, in the past few years, start up a program of designating strategic sprints. And that was originally meant to be for stuff that we saw as extremely valuable to the software. But then we expanded the idea to also include getting specific people to to sprints. So, for example, we have a small community in, South Africa. And because they're so geographically not near the rest of us, you know, they most of them weren't able to get to the conferences and that sort of thing. And we use that strategic spread funding to send a few of us down there to meet with them, work for a few days, you know, kind of get them, spun up and working in in Plum core. And, I mean, the response from from those programs have been amazing.
[00:09:28] Unknown:
Yeah. It's definitely a great thing to hear because given that a lot of us spend a good portion of our time, you know, working deep in the guts of some piece of code and figuring out how that interacts with networks and computers, it's often easy to forget the fact that the purpose of the code is actually for humans and trying to consider what are the human impacts of this and, what are the human factors of all the other people who have put their time and energy into it. And then particularly when dealing with, for instance, submitting a bug report as an end user of the project and feeling that sense of entitlement that just because this software was made available to you, that that means that whoever's on the other end of it is going to take your bug report and, you know, thank you for it and then be expected to put in more of their time and energy just because they've done it in the past. So being able to ensure that there is that human face to it within the community helps to alleviate that and just contribute the basis where you can assume that when somebody is interacting with you, that they're doing it with the best intentions as opposed to assuming the worst because of the fact that it's difficult to maintain the humanizing factors through, you know, such asynchronous and impersonal communication channels?
[00:10:53] Unknown:
Real the thing I find most fascinating about it is that we've had so I mean, people move on from the from the project. They, you know, go get a job at a different company where they're not doing clone in their day to day work. But we found they tend to come back. I mean, we we joke that clone is a drinking game with an API. And we've only recently gotten the API part. But, we've had a lot of people who have left and then come back to our conferences when they're when they're in a nearby city, or to to sprints when they're nearby. And, it's been really fascinating for me because they'll say, you know, I haven't done clone in 3 years, and I I don't really wanna dive back into deep into the code. But I've been doing this thing over here, and it's similar to you know, I think I can solve a problem that you're having that's not part of your core product. You know? So we've had people, you know, help out with the JavaScript layer. We we recently did a huge rewrite of our JavaScript layer. And part of that comes from a person who left, and they came back with some really great ideas for us. You know, our our continuous integration infrastructure has come from a lot of that as well. And we've had a lot of, yeah, just great things where people who have left come back with you know, they've they've grown up elsewhere and come back and really helped us out because they still wanna hang out with us.
[00:12:17] Unknown:
That's great. So aside from the community, what are some of the things that make Plone unique among some of the other myriad CMS tools that are available? And, also, I'm curious which of the other CMS tools you consider to be direct competitors.
[00:12:30] Unknown:
Yeah. I mean, our main the things we really try to hammer into the core product are really strong security, and where, content workflow goes along with that. We also really try to focus on accessibility and multilingual content. And those are typically the the things we try to really they're they're not always our main focus, but they're the things we always try to keep in mind as we add new features. I think Plone really shines in that it is a really comes as a ready to use website right out of the box. A lot of the systems we tend to go up against will you know, they're a lot thinner out of the box, but then you have to add a lot of add ons. And so that brings in all kinds of security complications.
As far as competitors, our marketing guys will yell at me. In the US, we typically wind up going up against Drupal, and sometimes SharePoint. I think SharePoint's probably a lot more analogous to what we do. But when you say I want an open source CMS, it tends to be Drupal or WordPress are the ones that kind of come to mind here. I know in Europe, type o 3 is, another 1 that people bring up quite a bit.
[00:13:46] Unknown:
And you mentioned the track record of security and that it's a strong focus of the project. I'm wondering what are some of the key features of Plone and the way that it's built that have enabled you to maintain that level of security as the project continues to grow and evolve?
[00:14:01] Unknown:
Yeah. We're I mean, we're proud to say we've never had a 0 day vulnerability. We really focus on security as a process, and start from the, you know, from the design of the project. Yeah. A lot of that starts at the the Zope level, the way the the Zope database is set up. It's not SQL based. So there's no SQL injection to begin with, which is a huge vector. And the way Zope is set up, the the cert security is really built into the infrastructure. Each object in the database has access checks and both at the object and the attribute level. We also run something called restricted Python that prevents code written in scripts to be to do anything particularly nasty. Yeah. So and because of that, executing code doesn't really have the ability to patch itself. You can't add on you can install add ons through the web, which is yeah. It's something that we've had asked people ask ask us, you know, I really love the ability to do this, but we really try to avoid that because they there's scary bits of code that you can pick up on the Internet and shove into a site that can cause problems.
Yeah. And I guess the other thing to add is we recently added a, CSRF protection at the database level, that prevents any sort of write to the database without an access token. Between the CSRF protection and the not having SQL injection vulnerabilities, it really cuts out a large portion of the available vectors. And our security team is really active at both testing and patching. We've really ramped up the amount of testing and patching we do recently, the past few years. And, you know, we've put out more hot fixes, but it's nothing has been in the wild. It's it's all been stuff that's been either discovered by the security team themselves or, you know, disclosed to us and we've fixed before it's been pushed out there to the world.
[00:15:49] Unknown:
And you mentioned the 1 of the layers that helps enable that level of security is the fact that it uses the Zope Object database as the default back end. So I'm wondering if you can explain a little bit about what the Xopobject database looks like for people who are more familiar with the relational database and wondering if you can also describe some of the benefits and drawbacks, in comparison with the traditional sort of postgres or MySQL style database that people are used to.
[00:16:15] Unknown:
Yeah. The the zodb is really the thing that kind of takes new clone developers the longest to get their heads around. I I mean, it is it's really I mean, it is an object oriented database. So the data you're looking at are this could be obvious, but objects. So I mean, the zodb is really storing data objects just like they were in memory. So really, the biggest difference between that and the relational database is the developer doesn't need to do any sort of triggering to load or save the object. You just get the object. You modify it. And it acts like it was just a regular Python objects in RAM. As far as structurally, the z 2 v is very hierarchical. And so instead of storing everything in a flat table, everything lives within something else. So we have a clone site as the root, and you can have pages within that or folders within that that contain pages. And because of that, because of that structure, we get inheritance, and then you can apply security to that as well. So where you say this the folder has these permissions set, then everything underneath that will inherit that as well. So we don't need to apply security specifically to each object we have. We can we can get that from above. Yeah. You really, I guess, never have to think about your database. Like I said before, when you're storing content or editing content, it's just an object or a standard Python object.
[00:17:34] Unknown:
And so does the soap object database sort of act sort of an embedded data store in the Plone application, or is it possible to run it in some mode of a distributed or a clustered fashion?
[00:17:47] Unknown:
Yeah. So using something called Zio, you can distribute it. And then there's also so you can basically have several let's see. You have several ZOOP front ends talking to a single ZO back end, and then you can also use ZO Replication Service, which will basically allow you to make clones of that. So as as far as drawbacks go, yeah, like like like I said, there's, you know, you really have to train your mind to think in the object oriented way rather than, relational way. So people coming from a SQL back background tend to take a while to really grasp what's going on. If you use SQLAlchemy, it's very so it feels very similar to that. But anyone who's coming from a object oriented background obviously will pick it up pretty quickly. And if you're doing strongly structured data, that's really what relational data databases are for.
[00:18:35] Unknown:
So would it be fair to say that you could kind of think of the way that data is structured in the zodb similar to how 1 would use a similar to a document database such as CouchDB or MongoDB?
[00:18:48] Unknown:
Yes. Absolutely.
[00:18:49] Unknown:
There's definitely a bit of a, impedance mismatch when people are trying to think about document stores in the same way that they think of relational databases. So it sounds that there's a similar hurdle to overcome when you're getting started with the Zope object database because of the way that you do have to rethink how you model your objects and how they relate to each other? Right. Right. Yeah. I mean, it was, I believe, the original NoSQL database,
[00:19:12] Unknown:
back before it was called NoSQL. We're hipster.
[00:19:16] Unknown:
So as you mentioned earlier, Plone is a fairly long lived project, and it's certainly 1 of the most long lived Python projects that I'm aware of. I'm wondering what are some of the most difficult maintenance challenges that you guys have encountered over the years of its existence?
[00:19:28] Unknown:
Oh, boy. So, yeah, right now, the main thing is there's a lot of old code. Like I said, we've had a lot of people in in there working on the project who've moved on. So some of it is, you know, some of it is just old because we're 15 years old. Some of it's old because it's not maintained because the person moved on. And we're really, right now, trying to go through quite a bit of a refresh of the code base, cleaning up a lot of the features that aren't used, and in some cases, trying to renew the features that aren't used as much as they should be but really are something we wanna make work for everyone.
Recently, we had we have a thing called content rules, which allow you to do, actions based on, you know, if a workflow state changes or a comment is added or something happens with a piece of content, and basically allows you to set up a set of, you know, if this happens, then then do this automatically. And we found that people aren't using it, but it's it's all there. It works really well. It just really didn't make sense to the end users. We spent a lot of time kind of rethinking how that flow works, and released that recently, and it's been a lot more successful now. But, yeah, there's there's a lot of lot of dead code in there, and we've gone through recently and done a lot of work to clean that up. As far as that goes, 1 of the biggest issues we have right now is if you look at the structure of the application itself, there's there's ZOOP on on the bottom, ZOOP 2 on the bottom. Then there's a project called CMF, the content management framework in between, and then Plone sits on top of that. And then each of our users tends to build applications based on the clone layer. So it's, you know, 3, 4 layers deep right now. So CMF is not really being actively maintained. So we're in the process of trying to pull a lot of that code into clone itself and getting rid of the bits that we don't use. ZOKE 2 is is a political issue. I'll say it that way.
But, there's not a lot of activity happening there either. So we are in the process of trying to take that and modernize it ourselves. And so there's a lot of our stack that is we're kind of the last 1 left using these these 2 major projects underneath us, and we're trying to take them over and kinda make them part of Ploom itself so that instead of being based on these other technologies, clone is just based on clone. And so far, that's going surprisingly well. So, yeah, we have a lot of packages. I think our last release between the clones, open CMF layers, we have 300 some packages we track, and the bulk of those are the clone layer.
And so, you know, as as release manager, that's falls on me to make sure that every 1 of those has a package release and a version pin, and it gets to be really problematic. Part of the issue for me is that if I sit down and start making a release, by the time I've gotten through the 30 packages that, need to be released for that whole clone release, Somebody has already gone through and made changes to 1 of the first ones I've released. It's it's a great problem to have that it's so active, but it's it's hard for me to keep up. So we've kind of been trying to find ways to automate that and bring more people in to help with that. In recent years, we spent a lot of time working with, well, most of our developers are Python developers.
And when you have them do JavaScript, they code JavaScript like Python developers, which isn't a bad thing, but, the world is changing as far as JavaScript goes. And so we've been trying to do a lot of work to really modernize that, to get a JavaScript layer that is testable, which for me is huge because I have nightmares about releasing broken, you know, a clone release with a broken text editor because that pretty much makes the entire thing useless. So we've done a lot of work to really modernize that JavaScript stack, trying to bring in some people who are pure JavaScript developers to to really get involved in that as well.
[00:23:35] Unknown:
And I'm sure that given the age of the project, Python 3 has not been very kind to the people who are trying to bring Plone into the modern age. Right. Yeah.
[00:23:44] Unknown:
Python 3 is definitely something we've spent a lot of time talking about, and we've kind of decided we can't do a thing about it until we take care of the ZOAP and CMF layers. ZOAP is nearly there, I believe. There are a few packages left that, unfortunately, they're they're the biggest and kinda hairiest ones to deal with, But we have some people working on that now. So I think once once those are brought into the future, we can move flow in there as well. So I I think we're within, you know, a few years of having that happen. I'm really excited to see that happen. Yeah. Speaking of Python 3, reminded me that 1 of the weirdest things about being around so long is that clone and were developing things before it was in Python core. So we have our own datetime library, which precedes the the Python core datetime library.
And so we've been trying to, you know, move everything off of that to become more Pythonic, because what we were doing made you know, there there wasn't a Pythonic way when we build it. And now there is, so we kind of have to backtrack and modernize again.
[00:24:49] Unknown:
So another 1 of the major tenants of the project is the fact that there are a lot of extensions available
[00:25:02] Unknown:
followed on with what are some of the most interesting plug ins that you are aware of.
[00:25:04] Unknown:
Followed on with what are some of the most interesting plug ins that you are aware of?
[00:25:09] Unknown:
Oh, boy. Okay. So that's hard to describe. So we we've recently, in the past 3, 4 years have added a real actual API called clone dot API, which was not particularly inventive but highly descriptive. And yeah. So that that's right now really where we're trying to push people to, interact to do things, you know, adding, installing packages for doing any sort of interaction with the the the core and the database. We're trying to push people through that way. We also use, something I believe it's from so called generic setup, which is an XML based structure for defining settings, for the most part.
When we use that, it's gives us the ability to handle installation and upgrades, so changes between each each release of a of an add on. Hope that answers that fairly well. As far as popular add ons, there's there's quite a a few. I'm trying to think of since we we released plon 5 last year, so it's taking a few years. It'll take a couple years for, people to catch up with a lot of the add ons. 1 of the biggest has always been something called Ploomformgen, which, allow people to go in and add, well, to add forms easily through the web. And I use the the phrase through the web, and it's something that's been really big within clone. And people keep reminding me that it doesn't really exist outside.
Clone has this long standing setup of being able to go in and, you know, whether it's through Clone or Zope and, you know, add a new page templates, add new Python script, and do it all through your browser. And at times, it's been clunky, and I think we've really gotten back to it now where it's been a lot easier. But just being able to do everything right there in the browser, without having to go to the file system has been really great for adoption and makes the customization story a lot easier. Back to so back to Ploomformgen. It really gives people the ability to to to create forms, whether it's just like a mailer or writing to a data a SQL database, that sort of thing. That's actually 1 of the first things I helped out on in the community, but that's been rewritten now.
It'll be called easy form, but it'll work the same way. 1 of the things we're most excited about right now is something called Mosaic, which is a drag and drop content layout system. It's been something we've been trying to do for years and just kind of kept running into browser issues where, you know, IE 6 and 7 and 8 each had different issues that couldn't be addressed, in a way that we could work out. But we finally got something that's really working well. I'm fairly sure this is gonna go in some core very soon. Rapido is another huge 1 right now, which is another 1 of those through the web customization packages.
Really makes it easier for people to do that sort of, business logic through the web, straight through the plan interface. We've also had a lot of work recently, a number of, distributions cropping up. We've we've tried this in the past with, you know, like, a a clone for education distribution, and we've just kind of not really taken off. But, the past year or so, we've had 1 called Castle CMS, which adds a lot of, editing abilities on top of it, as well as content layouts. There's 1 called Ploomi, which is mainly for video sharing sites. There's a what's it called? Beeka for, managing, labs and, health health centers.
And another called Quave, which is previously known as Ploninternet, which is purely focused around building a really strong Internet project.
[00:29:20] Unknown:
And 1 of my early experiences of interacting with Plone was actually as a systems administrator trying to upgrade. I think it was version 2 up through version 4. And so I'm curious what the typical upgrade story looks like and how that might be complicated by the, you know, existence of some of these various plug ins.
[00:29:42] Unknown:
Yeah. We've always taken our upgrade story very seriously. Clone is fairly unique in that we have always tried to make sure that your data comes along with you, as you upgrade. We've seen some of the other systems out there say, you know, you're on your own. We've always tried to provide a, a way to at least at the very least, get the data from 1 1 version to the next. Clone.org, was built on 1 of the early alphas originally, like, point 1 alpha 2, something like that. And it the data on that had been brought through up until last year when we finally decided, you know, there there have been a thousand people in here poking at this. We need to probably just clean it out and start over. But, yeah. So we really do try to take the the upgrade story seriously.
1 of the major mistakes we've made in the past, we in, with clone 3, we made a lot of changes and not all for the best. It was it was a really it was a needed release. So we we made a lot of changes kinda based around the idea that, you know, things needed to be repeatable as far as coding and customization goes. We needed we were we were doing a lot of work that was really for kind of solidifying the product for developers. But at the same time, it really made it difficult for the integrators, the the administrators who are doing the upgrades, because we broke a lot of stuff. There were quite a few add ons that needed substantial work to be rewritten. Everybody's themes broke, that sort of thing. It was not a good time for us and definitely not a good time for the people who were doing the upgrades.
And, yeah. So we we we apologize profusely. And in the past few releases, Plun4 and Plun5, we tried to really minimize the amount of breakage we've put in there. You know, things still have to change, but we've tried to provide a very clear path. You know, here is here's what's breaking. Here's what you need to do. Provide deprecation warnings, and links to links to documentation about how, you know, when something breaks, here's the page you need to go to to read how to fix it, that sort of thing. Yeah. It was it was a really interesting time for us.
And I mean, not just from the the upgrade, point of view, but also because it broke that I talked about the through the web through the web customization. It broke a lot of that because as developers, we were trying to say, you know, we're we're trying to save you from yourself. You know, you're making all these changes directly through the web interface, directly to to the database. You you should really be doing this on the file system where you can commit it to SVN or Git or whatever. And that didn't go over well, because we're you know, every everything you've been doing for years is wrong.
And, yeah, it's, it was a major for many reasons, it was a major problem for us. Really turned a lot of people off to the to the software, and we've spent the last few years trying to kind of atone for that.
[00:33:08] Unknown:
You've sort of touched on it a little bit over the course of our conversation, but I'm wondering if you can address what kinds of projects Plone is best suited for.
[00:33:18] Unknown:
It's it's very strong for an Internet. It's got the collaboration abilities, the the the workflow flow, the, you know, the ability to share content and comment on it, that sort of thing, and and all the document management as well. The the the frustrating thing about being good for it being an open source project that's good for intranets is that you never know who's using your software because they download it and put it behind a firewall and never hear about it. Every year, I find somebody new who's using it, and it's been amazing. Just like, oh, I didn't know that. So, yeah, we're really liked for intranets.
If you've got a big company that has that wants to run all of your outward facing content through, content editors or through a vice president in charge of something or other, our workflow abilities are really strong for that. If you have a site that you're really worried about security, we're very good for that. I'm not sure I'm allowed to say it, but we run the fbi.gov and, I believe, NSA sites as well as several other large government sites in other countries.
[00:34:28] Unknown:
Another 1 worth calling out is actually the MIT OpenCourseWare site. I actually work for MIT and in the same office as the people who are managing that project. So I've spoken to them a few times about the use of Plone.
[00:34:41] Unknown:
Excellent. Yeah.
[00:34:43] Unknown:
So you mentioned the workflow. I'm wondering what a typical interaction looks like for somebody who's trying to publish content on a Plone site.
[00:34:51] Unknown:
Yeah. So Plone has always tried to make sure that you're interacting with the content objects you're looking at. So I know a lot of other systems will send you to a separate editing site to manage the content. In Plone, when you're logged in, you go to you know, you navigate through the content because it's got that hierarchical structure. You go through the folders to the content objects you're looking for to the document, to the news item, to the events, and you click the edit button, and it flips you over to a form that allows you to edit that right in line. And because of the security is there, if you don't have access to that, you don't see the buttons, you don't see any of the you know, we can prevent you from seeing certain fields, from seeing certain objects altogether.
[00:35:40] Unknown:
And I'm assuming that there's a method for people who prefer to work in their text editors for being able to create their content locally and then upload it to the site after the fact?
[00:35:49] Unknown:
Yes. Yes. There are some external editors, that work like that, and there are different ways of mounting, the ZODB. We have a guy who's built some really interesting stuff allowing you to mount a, you know, a Dropbox share or, you know, any other kind of sites, Google Docs, that sort of thing directly into your Plumb site so you can work on stuff from you know, that's living in your Dropbox and it'll show up live on your site.
[00:36:18] Unknown:
So what are some of the most interesting uses of Plone that you've seen? Yeah.
[00:36:22] Unknown:
Well, I I should mention that we, the Brazilian Olympic sites, ran Plone. So that was 1 of our big hits from this year, Managed to hold up to that strain very easily. Although, I'm sure Hector, if he's listening, will correct me on how easy that was. Yeah. We have let's see. Like, I yeah. I mentioned a bunch of government agencies. We have a lot of universities using it as well. I've always been fascinated our, so Plone is owned by the Plone, the software, is owned by a foundation, and our our foundation's president, works for the Clean Close campaign. And he's been doing some really interesting things working with labor unions starting up in countries, and he's basically been providing intranets on a USB stick, that can just be plugged in somewhere and fired up. And, you know, if it gets discovered, you know, they just pop a new 1 in somewhere else. And just to allow the these groups to self organize in a very secure and private way. And I've always found that just really fascinating from many levels.
[00:37:34] Unknown:
And what are some of the biggest challenges facing the Plone project in the community as development and deployment paradigms continue to change?
[00:37:43] Unknown:
Yeah. So, yeah, like I said, we're working a lot of doing a lot more front end focused work right now. And a lot of a lot of clone's core developers have been around for a while. And, you know, some of them were very in the, you know, get off my lawn JavaScript mentality. So we're we're trying to push back against that a bit, but we're making we're making solid progress there. I mentioned what we're trying to do with ZOAP, getting it Python 3 read ready and and cleaning up the stack. While we're approaching the Zope cleanup from approaching the cleanup from that, direction, we're also looking at, the idea of the headless CMS.
And that's the idea of having just a content serving back end that responds to rest API calls. Looking very seriously at that, it's going surprisingly well. We we met in Barcelona back in May, I believe, and sat down and decided, you know, let's just throw out everything and start with we'll take the zodb as our database layer. We'll use the Zope toolkit, which is part of the Xope stack, and dexterity, which is our our newer, way of defining content objects. And, you know, just those 3 layers, put them together, see what happens. And, we were able to, within a week, come up with a working prototype that, you know, stores content, spits it back out again, and it's it's really, really fast.
Asynchronous runs in Python 3. So we're really excited to see where that's going. So I think we've we've got these 2 concurrent projects of working on cleaning up our stack. 1 is, taking what we have and removing the bits we don't want, and the other is throwing everything out and then adding stuff back in. And so I will probably see those meet somewhere in the middle, and I'm excited to see what that looks like. 1 of the other really interesting things for me, being around so long is that it it's weird being an old software project because in some ways, that makes you venerable, but it also makes you ancient, which I guess probably isn't the best way of putting it.
People people look at at the software and say, clone is 15 years old. It's ancient and, you know, antiquated. And that that really ignores the fact that we've been modernizing all this time, and, you know, it's it's constantly growing. I talked last year about, this idea of my grandfather's axe, which is this idea of, you know, this is my grandfather's axe. And I've, you know, replaced the head when it chipped, and I I gave it a new handle, but it still does the very same axe my grandfather used. And I I kinda look at Plumbing the same way where we've been, you know, it's still Plumb, the software project, but we've been ripping out and rebuilding. And it's it's still Plumb, but it's brand new again.
[00:40:49] Unknown:
Yeah. It's definitely a great metaphor, and there's definitely a strong bias for everything that's new when we're dealing with software development, not taking into account the fact that most of the tools and principles that we're using are, you know, fairly well worn. For instance, Python, a lot of people don't realize, has been around since the early nineties. And yet, it's still managing to add new features and push the forefront in a lot of, language development paradigms. And, you know, Linux as upwards of 20 years old, and it's still powering the majority of computing devices that people interact with. So Absolutely.
Yeah. It's easy to lose track of what we can still learn from old software.
[00:41:35] Unknown:
Yeah. Absolutely. And, yeah, it's it's hard sometimes not to be, you know, the old guy shouting at kids that, you know, their their rock music's too loud. But when you've been around for a long time, you've you've made mistakes and you've learned from them. And to see others making those same mistakes, you kinda yeah. You just wanna you know? Yeah. You kinda wanna shake people. But, yeah, we do our best to try to get that that those, warnings out there.
[00:42:08] Unknown:
Hopefully, people listen. So are there any other topics that you think we should cover before we close out?
[00:42:14] Unknown:
Yeah. Nothing's immediately coming to mind. I mean, I'm happy to talk more community stuff, but, I mean,
[00:42:22] Unknown:
not everybody gets into that as much as I do. If you wanna talk more about the community, that that's, definitely a great subject to cover. Okay. Yeah. So
[00:42:32] Unknown:
I I mentioned, you know, I I've been with the project for, you know, 8 to 10 years now. And, yeah, around the same time and I mentioned, you know, clone 3 happened, and there was a kind of, exodus of both users and developers. And it was kind of this really weird time for us. Alan, our 1 founder, was has always been kind of, has always kinda stood back from the project. He's much more happy to just code and and, hang out with us. And Alex, was always the more involved 1, as far as organizing the community goes. And he, you know, moved on to a new job and, you know, kinda just had less and less time to work with us. And, you know, we were seeing that from a lot of people, and it really, for a while there, felt like the project was dying.
And there were a few of us that were sitting around talking and and realizing that, you know, somebody should do something and and then kind of like, oh, I I guess that's me. And, I I got really fascinated by this idea. There's a book I read called Open Advice, which is put out. It's a it's a collection of articles by, people who've worked with a number of open source products. And I read an article in there, and I wish I could remember the name. But, it was about this idea of generational turnover into open source products. And I never realized this was a thing. I just, you know, figured, you know, people stay around forever and, you know, it's a big shiny happy place.
And, it really opened my eyes that, you know, people move on from software projects and that's okay. And, you know, it's talked about, I believe it was Deviant where you know, the average contributor is there for 7 years, I think, you know, but between when they make their first commit and their final 1 kind of follows a bell curve and, you know, whether they, you know, start out slowly and get it really involved and then slowly taper off and sort of just disappear at the end. And so, yeah, we we've had this, we had this really major turnover in our contributors, and it was a weird time.
It's 1 of the reasons I've been kind of I've stayed on it. In the past, we've changed out release managers with every major release, and it's kind of the reason I've stuck along, through clone 4 and clone 5 just to kinda provide that continuity while we got back up up and running again. But, yeah, it's it's been a fascinating thing for me to watch and participate in. Just seeing new people come in who weren't there when the old old ones that were there, old ones, most of them are younger than me. But, you know, seeing people come in who who have no idea who you know, they've never met, you know, people who found the project and a lot of the people who were there at the beginning because, you know, they've come in well after they the others have left.
But we found with this this kind of very strong culture, and with our sprints, we have that continuity of culture. We have that ability to bring people in, kinda bring them into the fold, tell them all our old crazy war stories, and they're they buy in very quickly and, you know, make new stories of their of their own. And, yeah, it's been fun and scary and, yeah, it's been great. It's a great
[00:46:15] Unknown:
story. Was was there anything else that you wanted to cover?
[00:46:18] Unknown:
No. I think that's it. Great.
[00:46:20] Unknown:
So for anybody who wants to keep in touch with you and follow what you're up to and, follow updates to the Plone project, where are the best ways for them to do that?
[00:46:29] Unknown:
If you wanna follow the Plone project, you can go to clone.org, which is our community site. We have a discourse board there you can join and get involved with. We are we're also on free node, Hash Clone. And if you want to contact me, I'm esteele@ploan.org or just esteele on Twitter.
[00:46:52] Unknown:
Happy to answer any questions you have. So with that, I will move us into the picks. For my pick today, I'm gonna choose the inquiry podcast. So it's just a show where they pick a particular topic in the news, and then they will do a little bit of investigative reporting on it. And they're usually broken down into 3 parts where they have sort of the setups of the story, the middle of it, and then a follow on. And, it's been pretty interesting. They've got some good topics and good coverage of it. And then for my next pick, I'm going to choose the Pycon US and the PSF because they have graciously agreed to contribute a sponsor booth, for all of the Python podcasts. So if you make it out to PYCON US in Portland, Oregon next year, I will be there along with Michael Kennedy from Talk Python TO Me and Brian Oken of Test and Code podcast as well as the gentleman behind the Partially Derivative podcast.
So if you're there, come say hi, find us. I'd be happy to chat. And with that, I will pass it to you, Eric. What have you got for us? Yeah. So the first 1 I wanted to mention is a game I downloaded this week called Really Bad Chess.
[00:48:06] Unknown:
It's, I I have it on my iPhone. I think there's an Android 1 available. But it is basically I love chess, but it gets boring because, you know, there's 1 way to play. You know, there's there's a set of moves you make. And really bad chess basically shakes that up by, giving you, you know, 8, knights or, you know, 6 queens, that sort of thing, and will actually change changes the mix it gives you, as you get better at the game. And it's just kept it really fresh and really interesting for me. And the other thing I wanted to mention is, Home Assistant, which is another, Python project.
Have you talked to them yet? I have not. You should. They're very Definitely. Fascinating. It's, home automation software, or server. And I've been, for years, really wanting to, you know, geek out on my home, and this has really given me the the ability to do so, Set up all kinds of rules so that, you know, when I get home, these lights turn on if it's after, you know, if it's, within 30 minutes of sunset, that sort of thing. And been having a lot of fun with that. Too much fun. My wife is not happy about the amount of money I spent on light bulbs, but we'll get through that.
[00:49:26] Unknown:
No. It's definitely interesting. I'll have to follow-up with them. I, recently spoke with the CTO of the Mycroft project, So it ties into that a little bit, but I'll have to follow-up and speak with the folks at Home Assistant. Well, I really appreciate you taking the time out of your day to tell us all about Plone. It's a piece of software that I've been aware of for a while, but I've really dug deep into. So I appreciate the background and the deep dive on the technology.
[00:49:53] Unknown:
So thank you, and I hope you enjoy the rest of your evening. Yeah. Thank you. I really appreciate having the chance to talk to you.
Hello, and welcome to Podcast Dot in It, the podcast about Python and the people who make it great. I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable. When you're ready to launch your next project, you'll need somewhere to deploy it, so you should check out linode@linode.com slash podcast in it and get a $20 credit to try out their fast and reliable Linux virtual servers for you running your next app. You'll also want to make sure that your users don't have to put up with bugs, so you should use Rollbar for tracking and aggregating your application errors to find and fix the bugs in your application before your users notice they exist. Use the link rollbar dotcom/podcastinit to get 90 days to 300, 000 ARIS tracked for free on their bootstrap plan. You can also visit our site to subscribe to the show, sign up for the newsletter, read the show notes, and get in touch at pythonpodcast.com.
To help other people find the show, you can leave a review on Itunes or Google Play Music and tell your friends and coworkers. We also have a discourse forum where you can find out about upcoming guests, suggest questions, and propose show ideas. Your host, as usual, is Tobias Macy. And today, I'm interviewing Eric Steele about the Plone CMS project. So, Eric, could you please introduce yourself?
[00:01:14] Unknown:
Yeah. So, hi. I'm Eric Steele. I am the release manager for Plone.
[00:01:19] Unknown:
So how did you first get introduced to Python?
[00:01:22] Unknown:
My first introduction, I was working at Penn State University, and, we were looking to build out a website and a web application. And, my coworker, introduced me to this project called Soap. And we used that for a few months, and I hated it completely. And so we switched to ColdFusion. But I I came back a few years later with clone for a personal product project and, just kinda really fell in love with clone, the software, but also Python, the language. And so I've been with it ever since. So can you start off by explaining a bit about what clone is and how you got involved with it? Clone is a content management system, open source, Python based. The way I I explain it to my mom is it's, basically a blog on steroids. And, yeah, if you are building a website, for an intranet or a corporate outward facing site where you have a lot of content editors, where security is a major concern, where accessibility is something you're deeply involved in and, multilingual content is important to you, then, you know, clone is really where you wanna be.
[00:02:35] Unknown:
And how did you first get involved with the project?
[00:02:38] Unknown:
Let's see. I I started using clone, on my own in 2004. Let's see. I made my first commit to Ploom core in 2007 or so, and that was rejected pretty much immediately. But, a couple years later, I was approached, and asked to take over as release manager. And so I joined on, became the release manager for the clone 4 release, which came out in 2010, I believe. And I've stuck on ever since.
[00:03:08] Unknown:
Given that you joined in a little later, do are you familiar with the story of how the project got started and wondering if you can share a bit too about how it's managed to evolve over the years? Yeah. Sure. Sure.
[00:03:21] Unknown:
Yeah. So clone initially started as a, basically a theme and usability layer on top of the the Zope application server back in 1999, I believe. And that was, Alan Runyon and Alexander Leeny, were involved in that. And yeah. So they, kind of sat down and started building this add on product to Zope, but eventually, it was yeah. Eventually evolved into this entire application. Alan was more than happy to really take on the code based tasks, and Alex really kind of took on the community side of things. And they've mostly moved on since then, but the community has grown and has gotten so strong that they've, really been able to succeed without them, which is, I think, 1 of the really interesting parts, for me at least.
So, yeah, the first public release came in 2001. So it's 15 years old this year, and which is for any software project, an open source project is, I think pretty remarkable.
[00:04:33] Unknown:
Yeah. It's definitely pretty uncommon to come across, You mentioned particularly open source projects that have been able to stick around for that long. I mean, there are of course notable exceptions like a number of the languages that we use and things like the Linux project. But for end user applications, the fact that it's been around for 15 years and has been able to actually stay relevant within that time frame is definitely an impressive feat. Yeah, we're excited about that. So you mentioned too a bit about the community. So I'm just curious about sort of how the how that community has evolved over time. And I guess what are some of the methods that you've used to make sure that the people stay engaged with Plone
[00:05:14] Unknown:
as newer offerings have come available? Right. Right. In the past few years, we've spent a lot of time talking about where Ploom will be in the next 5, 10 years, pretty quickly as we come up up on this birthday of ours. And we sat down and started really looking at, you know, what are the strengths of clone. And as developers, we kind of really wanna focus on the code. But the thing that came out from basically every single person submitting that was that the community was the strongest aspect of the the software system. And that's really started from the beginning.
ZOOP, kind of really brought this idea of the the code sprint, into the the software community. And that's not just the in in the agile sense, but in the, like, get a bunch of developers or documentation writers into the same room together at the same time and, get them working on a single project, over a few days. And we've used that as a way to, you know, not just bring the software project forward, but also to kind of build this, this culture where we have stories from our early days that are still being told today about, you know, this this crazy thing that happened. We have we have an Austrian prince who is some on and off developer, and he's hosted sprints at his family's castle.
There's a story of working on a archipelago where, they had to literally commit all their stuff to the sir a local server, pick it up, and then carry it to the other side of the of a hill to hook up to a different thing so they can get it, off-site and backed up to the the central SVN. And, yeah, we've used that kind of that gathering as a way to, yeah, really perpetuate the culture of the community. When I first started, Alex Leeny said to me that, you know, we wanna meet you and make sure you're not crazy. And it makes it a lot easier to work with people in a distributed project when when you know them, when you know, if I get into a shouting match with somebody over email, we know it's not personal because we've met and, we're much it's much easier to, you know, kind of forgive and move on and find common ground as far as the code goes.
[00:07:37] Unknown:
Yeah. That's definitely an important point to, emphasize is that particularly as open source becomes more widespread, it's more often the case that the people who are working on a project might be, you know, located on opposite ends of the planet and have never interacted with each other outside of the issue tracker on the project's GitHub page. So having that shared community of people who have actually been in 1 location, worked on the code together, shared other experiences other than simply swapping bits definitely helps maintain the strength of the community. 1 of the guests who we had on a show a while ago, there were, I think, 4 or 5 of them.
And the first time that they had ever actually even been on a voice conversation together was to be interviewed for this podcast. Oh, wow. And outside of that, the only time that they had ever interacted was via email and issue trackers.
[00:08:32] Unknown:
Yeah. We've actually, in the past few years, start up a program of designating strategic sprints. And that was originally meant to be for stuff that we saw as extremely valuable to the software. But then we expanded the idea to also include getting specific people to to sprints. So, for example, we have a small community in, South Africa. And because they're so geographically not near the rest of us, you know, they most of them weren't able to get to the conferences and that sort of thing. And we use that strategic spread funding to send a few of us down there to meet with them, work for a few days, you know, kind of get them, spun up and working in in Plum core. And, I mean, the response from from those programs have been amazing.
[00:09:28] Unknown:
Yeah. It's definitely a great thing to hear because given that a lot of us spend a good portion of our time, you know, working deep in the guts of some piece of code and figuring out how that interacts with networks and computers, it's often easy to forget the fact that the purpose of the code is actually for humans and trying to consider what are the human impacts of this and, what are the human factors of all the other people who have put their time and energy into it. And then particularly when dealing with, for instance, submitting a bug report as an end user of the project and feeling that sense of entitlement that just because this software was made available to you, that that means that whoever's on the other end of it is going to take your bug report and, you know, thank you for it and then be expected to put in more of their time and energy just because they've done it in the past. So being able to ensure that there is that human face to it within the community helps to alleviate that and just contribute the basis where you can assume that when somebody is interacting with you, that they're doing it with the best intentions as opposed to assuming the worst because of the fact that it's difficult to maintain the humanizing factors through, you know, such asynchronous and impersonal communication channels?
[00:10:53] Unknown:
Real the thing I find most fascinating about it is that we've had so I mean, people move on from the from the project. They, you know, go get a job at a different company where they're not doing clone in their day to day work. But we found they tend to come back. I mean, we we joke that clone is a drinking game with an API. And we've only recently gotten the API part. But, we've had a lot of people who have left and then come back to our conferences when they're when they're in a nearby city, or to to sprints when they're nearby. And, it's been really fascinating for me because they'll say, you know, I haven't done clone in 3 years, and I I don't really wanna dive back into deep into the code. But I've been doing this thing over here, and it's similar to you know, I think I can solve a problem that you're having that's not part of your core product. You know? So we've had people, you know, help out with the JavaScript layer. We we recently did a huge rewrite of our JavaScript layer. And part of that comes from a person who left, and they came back with some really great ideas for us. You know, our our continuous integration infrastructure has come from a lot of that as well. And we've had a lot of, yeah, just great things where people who have left come back with you know, they've they've grown up elsewhere and come back and really helped us out because they still wanna hang out with us.
[00:12:17] Unknown:
That's great. So aside from the community, what are some of the things that make Plone unique among some of the other myriad CMS tools that are available? And, also, I'm curious which of the other CMS tools you consider to be direct competitors.
[00:12:30] Unknown:
Yeah. I mean, our main the things we really try to hammer into the core product are really strong security, and where, content workflow goes along with that. We also really try to focus on accessibility and multilingual content. And those are typically the the things we try to really they're they're not always our main focus, but they're the things we always try to keep in mind as we add new features. I think Plone really shines in that it is a really comes as a ready to use website right out of the box. A lot of the systems we tend to go up against will you know, they're a lot thinner out of the box, but then you have to add a lot of add ons. And so that brings in all kinds of security complications.
As far as competitors, our marketing guys will yell at me. In the US, we typically wind up going up against Drupal, and sometimes SharePoint. I think SharePoint's probably a lot more analogous to what we do. But when you say I want an open source CMS, it tends to be Drupal or WordPress are the ones that kind of come to mind here. I know in Europe, type o 3 is, another 1 that people bring up quite a bit.
[00:13:46] Unknown:
And you mentioned the track record of security and that it's a strong focus of the project. I'm wondering what are some of the key features of Plone and the way that it's built that have enabled you to maintain that level of security as the project continues to grow and evolve?
[00:14:01] Unknown:
Yeah. We're I mean, we're proud to say we've never had a 0 day vulnerability. We really focus on security as a process, and start from the, you know, from the design of the project. Yeah. A lot of that starts at the the Zope level, the way the the Zope database is set up. It's not SQL based. So there's no SQL injection to begin with, which is a huge vector. And the way Zope is set up, the the cert security is really built into the infrastructure. Each object in the database has access checks and both at the object and the attribute level. We also run something called restricted Python that prevents code written in scripts to be to do anything particularly nasty. Yeah. So and because of that, executing code doesn't really have the ability to patch itself. You can't add on you can install add ons through the web, which is yeah. It's something that we've had asked people ask ask us, you know, I really love the ability to do this, but we really try to avoid that because they there's scary bits of code that you can pick up on the Internet and shove into a site that can cause problems.
Yeah. And I guess the other thing to add is we recently added a, CSRF protection at the database level, that prevents any sort of write to the database without an access token. Between the CSRF protection and the not having SQL injection vulnerabilities, it really cuts out a large portion of the available vectors. And our security team is really active at both testing and patching. We've really ramped up the amount of testing and patching we do recently, the past few years. And, you know, we've put out more hot fixes, but it's nothing has been in the wild. It's it's all been stuff that's been either discovered by the security team themselves or, you know, disclosed to us and we've fixed before it's been pushed out there to the world.
[00:15:49] Unknown:
And you mentioned the 1 of the layers that helps enable that level of security is the fact that it uses the Zope Object database as the default back end. So I'm wondering if you can explain a little bit about what the Xopobject database looks like for people who are more familiar with the relational database and wondering if you can also describe some of the benefits and drawbacks, in comparison with the traditional sort of postgres or MySQL style database that people are used to.
[00:16:15] Unknown:
Yeah. The the zodb is really the thing that kind of takes new clone developers the longest to get their heads around. I I mean, it is it's really I mean, it is an object oriented database. So the data you're looking at are this could be obvious, but objects. So I mean, the zodb is really storing data objects just like they were in memory. So really, the biggest difference between that and the relational database is the developer doesn't need to do any sort of triggering to load or save the object. You just get the object. You modify it. And it acts like it was just a regular Python objects in RAM. As far as structurally, the z 2 v is very hierarchical. And so instead of storing everything in a flat table, everything lives within something else. So we have a clone site as the root, and you can have pages within that or folders within that that contain pages. And because of that, because of that structure, we get inheritance, and then you can apply security to that as well. So where you say this the folder has these permissions set, then everything underneath that will inherit that as well. So we don't need to apply security specifically to each object we have. We can we can get that from above. Yeah. You really, I guess, never have to think about your database. Like I said before, when you're storing content or editing content, it's just an object or a standard Python object.
[00:17:34] Unknown:
And so does the soap object database sort of act sort of an embedded data store in the Plone application, or is it possible to run it in some mode of a distributed or a clustered fashion?
[00:17:47] Unknown:
Yeah. So using something called Zio, you can distribute it. And then there's also so you can basically have several let's see. You have several ZOOP front ends talking to a single ZO back end, and then you can also use ZO Replication Service, which will basically allow you to make clones of that. So as as far as drawbacks go, yeah, like like like I said, there's, you know, you really have to train your mind to think in the object oriented way rather than, relational way. So people coming from a SQL back background tend to take a while to really grasp what's going on. If you use SQLAlchemy, it's very so it feels very similar to that. But anyone who's coming from a object oriented background obviously will pick it up pretty quickly. And if you're doing strongly structured data, that's really what relational data databases are for.
[00:18:35] Unknown:
So would it be fair to say that you could kind of think of the way that data is structured in the zodb similar to how 1 would use a similar to a document database such as CouchDB or MongoDB?
[00:18:48] Unknown:
Yes. Absolutely.
[00:18:49] Unknown:
There's definitely a bit of a, impedance mismatch when people are trying to think about document stores in the same way that they think of relational databases. So it sounds that there's a similar hurdle to overcome when you're getting started with the Zope object database because of the way that you do have to rethink how you model your objects and how they relate to each other? Right. Right. Yeah. I mean, it was, I believe, the original NoSQL database,
[00:19:12] Unknown:
back before it was called NoSQL. We're hipster.
[00:19:16] Unknown:
So as you mentioned earlier, Plone is a fairly long lived project, and it's certainly 1 of the most long lived Python projects that I'm aware of. I'm wondering what are some of the most difficult maintenance challenges that you guys have encountered over the years of its existence?
[00:19:28] Unknown:
Oh, boy. So, yeah, right now, the main thing is there's a lot of old code. Like I said, we've had a lot of people in in there working on the project who've moved on. So some of it is, you know, some of it is just old because we're 15 years old. Some of it's old because it's not maintained because the person moved on. And we're really, right now, trying to go through quite a bit of a refresh of the code base, cleaning up a lot of the features that aren't used, and in some cases, trying to renew the features that aren't used as much as they should be but really are something we wanna make work for everyone.
Recently, we had we have a thing called content rules, which allow you to do, actions based on, you know, if a workflow state changes or a comment is added or something happens with a piece of content, and basically allows you to set up a set of, you know, if this happens, then then do this automatically. And we found that people aren't using it, but it's it's all there. It works really well. It just really didn't make sense to the end users. We spent a lot of time kind of rethinking how that flow works, and released that recently, and it's been a lot more successful now. But, yeah, there's there's a lot of lot of dead code in there, and we've gone through recently and done a lot of work to clean that up. As far as that goes, 1 of the biggest issues we have right now is if you look at the structure of the application itself, there's there's ZOOP on on the bottom, ZOOP 2 on the bottom. Then there's a project called CMF, the content management framework in between, and then Plone sits on top of that. And then each of our users tends to build applications based on the clone layer. So it's, you know, 3, 4 layers deep right now. So CMF is not really being actively maintained. So we're in the process of trying to pull a lot of that code into clone itself and getting rid of the bits that we don't use. ZOKE 2 is is a political issue. I'll say it that way.
But, there's not a lot of activity happening there either. So we are in the process of trying to take that and modernize it ourselves. And so there's a lot of our stack that is we're kind of the last 1 left using these these 2 major projects underneath us, and we're trying to take them over and kinda make them part of Ploom itself so that instead of being based on these other technologies, clone is just based on clone. And so far, that's going surprisingly well. So, yeah, we have a lot of packages. I think our last release between the clones, open CMF layers, we have 300 some packages we track, and the bulk of those are the clone layer.
And so, you know, as as release manager, that's falls on me to make sure that every 1 of those has a package release and a version pin, and it gets to be really problematic. Part of the issue for me is that if I sit down and start making a release, by the time I've gotten through the 30 packages that, need to be released for that whole clone release, Somebody has already gone through and made changes to 1 of the first ones I've released. It's it's a great problem to have that it's so active, but it's it's hard for me to keep up. So we've kind of been trying to find ways to automate that and bring more people in to help with that. In recent years, we spent a lot of time working with, well, most of our developers are Python developers.
And when you have them do JavaScript, they code JavaScript like Python developers, which isn't a bad thing, but, the world is changing as far as JavaScript goes. And so we've been trying to do a lot of work to really modernize that, to get a JavaScript layer that is testable, which for me is huge because I have nightmares about releasing broken, you know, a clone release with a broken text editor because that pretty much makes the entire thing useless. So we've done a lot of work to really modernize that JavaScript stack, trying to bring in some people who are pure JavaScript developers to to really get involved in that as well.
[00:23:35] Unknown:
And I'm sure that given the age of the project, Python 3 has not been very kind to the people who are trying to bring Plone into the modern age. Right. Yeah.
[00:23:44] Unknown:
Python 3 is definitely something we've spent a lot of time talking about, and we've kind of decided we can't do a thing about it until we take care of the ZOAP and CMF layers. ZOAP is nearly there, I believe. There are a few packages left that, unfortunately, they're they're the biggest and kinda hairiest ones to deal with, But we have some people working on that now. So I think once once those are brought into the future, we can move flow in there as well. So I I think we're within, you know, a few years of having that happen. I'm really excited to see that happen. Yeah. Speaking of Python 3, reminded me that 1 of the weirdest things about being around so long is that clone and were developing things before it was in Python core. So we have our own datetime library, which precedes the the Python core datetime library.
And so we've been trying to, you know, move everything off of that to become more Pythonic, because what we were doing made you know, there there wasn't a Pythonic way when we build it. And now there is, so we kind of have to backtrack and modernize again.
[00:24:49] Unknown:
So another 1 of the major tenants of the project is the fact that there are a lot of extensions available
[00:25:02] Unknown:
followed on with what are some of the most interesting plug ins that you are aware of.
[00:25:04] Unknown:
Followed on with what are some of the most interesting plug ins that you are aware of?
[00:25:09] Unknown:
Oh, boy. Okay. So that's hard to describe. So we we've recently, in the past 3, 4 years have added a real actual API called clone dot API, which was not particularly inventive but highly descriptive. And yeah. So that that's right now really where we're trying to push people to, interact to do things, you know, adding, installing packages for doing any sort of interaction with the the the core and the database. We're trying to push people through that way. We also use, something I believe it's from so called generic setup, which is an XML based structure for defining settings, for the most part.
When we use that, it's gives us the ability to handle installation and upgrades, so changes between each each release of a of an add on. Hope that answers that fairly well. As far as popular add ons, there's there's quite a a few. I'm trying to think of since we we released plon 5 last year, so it's taking a few years. It'll take a couple years for, people to catch up with a lot of the add ons. 1 of the biggest has always been something called Ploomformgen, which, allow people to go in and add, well, to add forms easily through the web. And I use the the phrase through the web, and it's something that's been really big within clone. And people keep reminding me that it doesn't really exist outside.
Clone has this long standing setup of being able to go in and, you know, whether it's through Clone or Zope and, you know, add a new page templates, add new Python script, and do it all through your browser. And at times, it's been clunky, and I think we've really gotten back to it now where it's been a lot easier. But just being able to do everything right there in the browser, without having to go to the file system has been really great for adoption and makes the customization story a lot easier. Back to so back to Ploomformgen. It really gives people the ability to to to create forms, whether it's just like a mailer or writing to a data a SQL database, that sort of thing. That's actually 1 of the first things I helped out on in the community, but that's been rewritten now.
It'll be called easy form, but it'll work the same way. 1 of the things we're most excited about right now is something called Mosaic, which is a drag and drop content layout system. It's been something we've been trying to do for years and just kind of kept running into browser issues where, you know, IE 6 and 7 and 8 each had different issues that couldn't be addressed, in a way that we could work out. But we finally got something that's really working well. I'm fairly sure this is gonna go in some core very soon. Rapido is another huge 1 right now, which is another 1 of those through the web customization packages.
Really makes it easier for people to do that sort of, business logic through the web, straight through the plan interface. We've also had a lot of work recently, a number of, distributions cropping up. We've we've tried this in the past with, you know, like, a a clone for education distribution, and we've just kind of not really taken off. But, the past year or so, we've had 1 called Castle CMS, which adds a lot of, editing abilities on top of it, as well as content layouts. There's 1 called Ploomi, which is mainly for video sharing sites. There's a what's it called? Beeka for, managing, labs and, health health centers.
And another called Quave, which is previously known as Ploninternet, which is purely focused around building a really strong Internet project.
[00:29:20] Unknown:
And 1 of my early experiences of interacting with Plone was actually as a systems administrator trying to upgrade. I think it was version 2 up through version 4. And so I'm curious what the typical upgrade story looks like and how that might be complicated by the, you know, existence of some of these various plug ins.
[00:29:42] Unknown:
Yeah. We've always taken our upgrade story very seriously. Clone is fairly unique in that we have always tried to make sure that your data comes along with you, as you upgrade. We've seen some of the other systems out there say, you know, you're on your own. We've always tried to provide a, a way to at least at the very least, get the data from 1 1 version to the next. Clone.org, was built on 1 of the early alphas originally, like, point 1 alpha 2, something like that. And it the data on that had been brought through up until last year when we finally decided, you know, there there have been a thousand people in here poking at this. We need to probably just clean it out and start over. But, yeah. So we really do try to take the the upgrade story seriously.
1 of the major mistakes we've made in the past, we in, with clone 3, we made a lot of changes and not all for the best. It was it was a really it was a needed release. So we we made a lot of changes kinda based around the idea that, you know, things needed to be repeatable as far as coding and customization goes. We needed we were we were doing a lot of work that was really for kind of solidifying the product for developers. But at the same time, it really made it difficult for the integrators, the the administrators who are doing the upgrades, because we broke a lot of stuff. There were quite a few add ons that needed substantial work to be rewritten. Everybody's themes broke, that sort of thing. It was not a good time for us and definitely not a good time for the people who were doing the upgrades.
And, yeah. So we we we apologize profusely. And in the past few releases, Plun4 and Plun5, we tried to really minimize the amount of breakage we've put in there. You know, things still have to change, but we've tried to provide a very clear path. You know, here is here's what's breaking. Here's what you need to do. Provide deprecation warnings, and links to links to documentation about how, you know, when something breaks, here's the page you need to go to to read how to fix it, that sort of thing. Yeah. It was it was a really interesting time for us.
And I mean, not just from the the upgrade, point of view, but also because it broke that I talked about the through the web through the web customization. It broke a lot of that because as developers, we were trying to say, you know, we're we're trying to save you from yourself. You know, you're making all these changes directly through the web interface, directly to to the database. You you should really be doing this on the file system where you can commit it to SVN or Git or whatever. And that didn't go over well, because we're you know, every everything you've been doing for years is wrong.
And, yeah, it's, it was a major for many reasons, it was a major problem for us. Really turned a lot of people off to the to the software, and we've spent the last few years trying to kind of atone for that.
[00:33:08] Unknown:
You've sort of touched on it a little bit over the course of our conversation, but I'm wondering if you can address what kinds of projects Plone is best suited for.
[00:33:18] Unknown:
It's it's very strong for an Internet. It's got the collaboration abilities, the the the workflow flow, the, you know, the ability to share content and comment on it, that sort of thing, and and all the document management as well. The the the frustrating thing about being good for it being an open source project that's good for intranets is that you never know who's using your software because they download it and put it behind a firewall and never hear about it. Every year, I find somebody new who's using it, and it's been amazing. Just like, oh, I didn't know that. So, yeah, we're really liked for intranets.
If you've got a big company that has that wants to run all of your outward facing content through, content editors or through a vice president in charge of something or other, our workflow abilities are really strong for that. If you have a site that you're really worried about security, we're very good for that. I'm not sure I'm allowed to say it, but we run the fbi.gov and, I believe, NSA sites as well as several other large government sites in other countries.
[00:34:28] Unknown:
Another 1 worth calling out is actually the MIT OpenCourseWare site. I actually work for MIT and in the same office as the people who are managing that project. So I've spoken to them a few times about the use of Plone.
[00:34:41] Unknown:
Excellent. Yeah.
[00:34:43] Unknown:
So you mentioned the workflow. I'm wondering what a typical interaction looks like for somebody who's trying to publish content on a Plone site.
[00:34:51] Unknown:
Yeah. So Plone has always tried to make sure that you're interacting with the content objects you're looking at. So I know a lot of other systems will send you to a separate editing site to manage the content. In Plone, when you're logged in, you go to you know, you navigate through the content because it's got that hierarchical structure. You go through the folders to the content objects you're looking for to the document, to the news item, to the events, and you click the edit button, and it flips you over to a form that allows you to edit that right in line. And because of the security is there, if you don't have access to that, you don't see the buttons, you don't see any of the you know, we can prevent you from seeing certain fields, from seeing certain objects altogether.
[00:35:40] Unknown:
And I'm assuming that there's a method for people who prefer to work in their text editors for being able to create their content locally and then upload it to the site after the fact?
[00:35:49] Unknown:
Yes. Yes. There are some external editors, that work like that, and there are different ways of mounting, the ZODB. We have a guy who's built some really interesting stuff allowing you to mount a, you know, a Dropbox share or, you know, any other kind of sites, Google Docs, that sort of thing directly into your Plumb site so you can work on stuff from you know, that's living in your Dropbox and it'll show up live on your site.
[00:36:18] Unknown:
So what are some of the most interesting uses of Plone that you've seen? Yeah.
[00:36:22] Unknown:
Well, I I should mention that we, the Brazilian Olympic sites, ran Plone. So that was 1 of our big hits from this year, Managed to hold up to that strain very easily. Although, I'm sure Hector, if he's listening, will correct me on how easy that was. Yeah. We have let's see. Like, I yeah. I mentioned a bunch of government agencies. We have a lot of universities using it as well. I've always been fascinated our, so Plone is owned by the Plone, the software, is owned by a foundation, and our our foundation's president, works for the Clean Close campaign. And he's been doing some really interesting things working with labor unions starting up in countries, and he's basically been providing intranets on a USB stick, that can just be plugged in somewhere and fired up. And, you know, if it gets discovered, you know, they just pop a new 1 in somewhere else. And just to allow the these groups to self organize in a very secure and private way. And I've always found that just really fascinating from many levels.
[00:37:34] Unknown:
And what are some of the biggest challenges facing the Plone project in the community as development and deployment paradigms continue to change?
[00:37:43] Unknown:
Yeah. So, yeah, like I said, we're working a lot of doing a lot more front end focused work right now. And a lot of a lot of clone's core developers have been around for a while. And, you know, some of them were very in the, you know, get off my lawn JavaScript mentality. So we're we're trying to push back against that a bit, but we're making we're making solid progress there. I mentioned what we're trying to do with ZOAP, getting it Python 3 read ready and and cleaning up the stack. While we're approaching the Zope cleanup from approaching the cleanup from that, direction, we're also looking at, the idea of the headless CMS.
And that's the idea of having just a content serving back end that responds to rest API calls. Looking very seriously at that, it's going surprisingly well. We we met in Barcelona back in May, I believe, and sat down and decided, you know, let's just throw out everything and start with we'll take the zodb as our database layer. We'll use the Zope toolkit, which is part of the Xope stack, and dexterity, which is our our newer, way of defining content objects. And, you know, just those 3 layers, put them together, see what happens. And, we were able to, within a week, come up with a working prototype that, you know, stores content, spits it back out again, and it's it's really, really fast.
Asynchronous runs in Python 3. So we're really excited to see where that's going. So I think we've we've got these 2 concurrent projects of working on cleaning up our stack. 1 is, taking what we have and removing the bits we don't want, and the other is throwing everything out and then adding stuff back in. And so I will probably see those meet somewhere in the middle, and I'm excited to see what that looks like. 1 of the other really interesting things for me, being around so long is that it it's weird being an old software project because in some ways, that makes you venerable, but it also makes you ancient, which I guess probably isn't the best way of putting it.
People people look at at the software and say, clone is 15 years old. It's ancient and, you know, antiquated. And that that really ignores the fact that we've been modernizing all this time, and, you know, it's it's constantly growing. I talked last year about, this idea of my grandfather's axe, which is this idea of, you know, this is my grandfather's axe. And I've, you know, replaced the head when it chipped, and I I gave it a new handle, but it still does the very same axe my grandfather used. And I I kinda look at Plumbing the same way where we've been, you know, it's still Plumb, the software project, but we've been ripping out and rebuilding. And it's it's still Plumb, but it's brand new again.
[00:40:49] Unknown:
Yeah. It's definitely a great metaphor, and there's definitely a strong bias for everything that's new when we're dealing with software development, not taking into account the fact that most of the tools and principles that we're using are, you know, fairly well worn. For instance, Python, a lot of people don't realize, has been around since the early nineties. And yet, it's still managing to add new features and push the forefront in a lot of, language development paradigms. And, you know, Linux as upwards of 20 years old, and it's still powering the majority of computing devices that people interact with. So Absolutely.
Yeah. It's easy to lose track of what we can still learn from old software.
[00:41:35] Unknown:
Yeah. Absolutely. And, yeah, it's it's hard sometimes not to be, you know, the old guy shouting at kids that, you know, their their rock music's too loud. But when you've been around for a long time, you've you've made mistakes and you've learned from them. And to see others making those same mistakes, you kinda yeah. You just wanna you know? Yeah. You kinda wanna shake people. But, yeah, we do our best to try to get that that those, warnings out there.
[00:42:08] Unknown:
Hopefully, people listen. So are there any other topics that you think we should cover before we close out?
[00:42:14] Unknown:
Yeah. Nothing's immediately coming to mind. I mean, I'm happy to talk more community stuff, but, I mean,
[00:42:22] Unknown:
not everybody gets into that as much as I do. If you wanna talk more about the community, that that's, definitely a great subject to cover. Okay. Yeah. So
[00:42:32] Unknown:
I I mentioned, you know, I I've been with the project for, you know, 8 to 10 years now. And, yeah, around the same time and I mentioned, you know, clone 3 happened, and there was a kind of, exodus of both users and developers. And it was kind of this really weird time for us. Alan, our 1 founder, was has always been kind of, has always kinda stood back from the project. He's much more happy to just code and and, hang out with us. And Alex, was always the more involved 1, as far as organizing the community goes. And he, you know, moved on to a new job and, you know, kinda just had less and less time to work with us. And, you know, we were seeing that from a lot of people, and it really, for a while there, felt like the project was dying.
And there were a few of us that were sitting around talking and and realizing that, you know, somebody should do something and and then kind of like, oh, I I guess that's me. And, I I got really fascinated by this idea. There's a book I read called Open Advice, which is put out. It's a it's a collection of articles by, people who've worked with a number of open source products. And I read an article in there, and I wish I could remember the name. But, it was about this idea of generational turnover into open source products. And I never realized this was a thing. I just, you know, figured, you know, people stay around forever and, you know, it's a big shiny happy place.
And, it really opened my eyes that, you know, people move on from software projects and that's okay. And, you know, it's talked about, I believe it was Deviant where you know, the average contributor is there for 7 years, I think, you know, but between when they make their first commit and their final 1 kind of follows a bell curve and, you know, whether they, you know, start out slowly and get it really involved and then slowly taper off and sort of just disappear at the end. And so, yeah, we we've had this, we had this really major turnover in our contributors, and it was a weird time.
It's 1 of the reasons I've been kind of I've stayed on it. In the past, we've changed out release managers with every major release, and it's kind of the reason I've stuck along, through clone 4 and clone 5 just to kinda provide that continuity while we got back up up and running again. But, yeah, it's it's been a fascinating thing for me to watch and participate in. Just seeing new people come in who weren't there when the old old ones that were there, old ones, most of them are younger than me. But, you know, seeing people come in who who have no idea who you know, they've never met, you know, people who found the project and a lot of the people who were there at the beginning because, you know, they've come in well after they the others have left.
But we found with this this kind of very strong culture, and with our sprints, we have that continuity of culture. We have that ability to bring people in, kinda bring them into the fold, tell them all our old crazy war stories, and they're they buy in very quickly and, you know, make new stories of their of their own. And, yeah, it's been fun and scary and, yeah, it's been great. It's a great
[00:46:15] Unknown:
story. Was was there anything else that you wanted to cover?
[00:46:18] Unknown:
No. I think that's it. Great.
[00:46:20] Unknown:
So for anybody who wants to keep in touch with you and follow what you're up to and, follow updates to the Plone project, where are the best ways for them to do that?
[00:46:29] Unknown:
If you wanna follow the Plone project, you can go to clone.org, which is our community site. We have a discourse board there you can join and get involved with. We are we're also on free node, Hash Clone. And if you want to contact me, I'm esteele@ploan.org or just esteele on Twitter.
[00:46:52] Unknown:
Happy to answer any questions you have. So with that, I will move us into the picks. For my pick today, I'm gonna choose the inquiry podcast. So it's just a show where they pick a particular topic in the news, and then they will do a little bit of investigative reporting on it. And they're usually broken down into 3 parts where they have sort of the setups of the story, the middle of it, and then a follow on. And, it's been pretty interesting. They've got some good topics and good coverage of it. And then for my next pick, I'm going to choose the Pycon US and the PSF because they have graciously agreed to contribute a sponsor booth, for all of the Python podcasts. So if you make it out to PYCON US in Portland, Oregon next year, I will be there along with Michael Kennedy from Talk Python TO Me and Brian Oken of Test and Code podcast as well as the gentleman behind the Partially Derivative podcast.
So if you're there, come say hi, find us. I'd be happy to chat. And with that, I will pass it to you, Eric. What have you got for us? Yeah. So the first 1 I wanted to mention is a game I downloaded this week called Really Bad Chess.
[00:48:06] Unknown:
It's, I I have it on my iPhone. I think there's an Android 1 available. But it is basically I love chess, but it gets boring because, you know, there's 1 way to play. You know, there's there's a set of moves you make. And really bad chess basically shakes that up by, giving you, you know, 8, knights or, you know, 6 queens, that sort of thing, and will actually change changes the mix it gives you, as you get better at the game. And it's just kept it really fresh and really interesting for me. And the other thing I wanted to mention is, Home Assistant, which is another, Python project.
Have you talked to them yet? I have not. You should. They're very Definitely. Fascinating. It's, home automation software, or server. And I've been, for years, really wanting to, you know, geek out on my home, and this has really given me the the ability to do so, Set up all kinds of rules so that, you know, when I get home, these lights turn on if it's after, you know, if it's, within 30 minutes of sunset, that sort of thing. And been having a lot of fun with that. Too much fun. My wife is not happy about the amount of money I spent on light bulbs, but we'll get through that.
[00:49:26] Unknown:
No. It's definitely interesting. I'll have to follow-up with them. I, recently spoke with the CTO of the Mycroft project, So it ties into that a little bit, but I'll have to follow-up and speak with the folks at Home Assistant. Well, I really appreciate you taking the time out of your day to tell us all about Plone. It's a piece of software that I've been aware of for a while, but I've really dug deep into. So I appreciate the background and the deep dive on the technology.
[00:49:53] Unknown:
So thank you, and I hope you enjoy the rest of your evening. Yeah. Thank you. I really appreciate having the chance to talk to you.
Introduction and Sponsor Messages
Interview with Eric Steele Begins
Eric Steele's Introduction to Python
What is Plone CMS?
History and Evolution of Plone
Community and Code Sprints
Strategic Sprints and Global Community Engagement
Plone's Unique Features and Competitors
Security in Plone
Zope Object Database Explained
Maintenance Challenges in Long-Lived Projects
Python 3 Transition and Modernization Efforts
Popular Add-Ons and Extensions
Upgrade Path and Challenges
Ideal Use Cases for Plone
Interesting Uses of Plone
Challenges and Future Directions
Community Turnover and Continuity
Closing Remarks and Contact Information
Picks and Recommendations
