Ian Bicking: the old part of his blog

Re: Why Web Programming Matters Most

Simplicity is the key. Make testing changes as quick as possible.

So far my python web development has been done with the cgi module, zope, plone, twisted, simplehttpserver, mod_python, and now lighttpd + wsgi. So like a lot of people I have tried all sorts of things. I also use php, and a little java on some projects(not ones I have started). Here is my brain dump of where I am at, and what I'm doing with python web dev stuff.

So far I think plone+zope is the most advanced, and popular of all the python web development frameworks at the moment. It is really simple to install and get a site up. It is simple in some respects, if all you want is in the default plone site. However making modifications to it requires a lot of learning. It has sooo many users at the moment compared to other frameworks, that it will eventually have enough modifications available to do many common web tasks. Also getting good performance out of plone is hard.

I like the subway effort. That's a really good idea, and I wish them luck. Cheetah + SQLObject + WSCGI are pretty good building blocks, and are some of the things I'm using on my latest python web project. I want to see how they do automatic reloading of templates.

Simple. Five lines or less to do hello world. Simple. Twenty lines or less to do a CRUD application. Scalable. Should be able to be moved to run on multiple servers easily. Default config should handle lots of users.

Can any python framework get 'hello world' done in five lines or less of explanation? What about a CRUD app in less than 20 lines of explanation?

Archetypes is probably the only one I can think of that can do a CRUD one quickly, and simply.

Here is a less than five line php hello world explanation. It will work on most webservers around, so no need to describe how to install php. Not describing how to install php makes the explanation shorter than a python one would be.

  1. open a new file in notepad/vi.
  2. write into it this text: <?php echo 'hello world'; php?>
  3. save file as index.php
  4. upload to your webserver.

OR for unix shell users: echo "<? echo 'hello world'; ?>" > index.php

That is simple.

Doing a CRUD application with the basic php libraries is quite hard. There are many more frameworks in php than there is in python.

I really like WSGI, and I will be using that for my new stuff. With wide spread WSCGI support there should be able to run those types of applications more easily without having to do complicated install instructions. It should make using these various python frameworks easier. Luckily I don't have too much python code to convert on my latest project.

My latest project is based on these things(and others).

Cheetah for templates.
  • can be made to work nicely with html editors. nvu, and dreamweaver with the added <!--# stuff around cheetah stuff.
  • I made a basic inheritence system for templates on the file system. It checks to see if there is a template for each content types insert, update, and list things. Otherwise it uses the default templates for these things. This is nice, as the designers do not need to do up nice looking interfaces for every object, and I can prototype things really quickly without having to make up html interfaces.
SQLObject for SQL stuff.
  • makes it easy to get an app up quickly. Less insert, update, delete, select to write. Can use sql directly later for performance/more complex queries.
Simplexmlrpc server.
  • for allowing integration into other peoples systems.
  • for a common request object. So I should be able to move servers around if needed.
lighttpd + fastcgi
  • instead of apache for performance and security.

Using this howto for WSGI and lighttpd together. http://www.cleverdevil.org/computing/24/python-fastcgi-wsgi-and-lighttpd

I think lighttpd + fastcgi + python is an awesome combination. Each user can have their python processes run under their own userid. Then operating system security, and resource constraints can actually be used! You should get much better performance than apache + mod_php. You can have processes running on multiple machines with load balancing really easy to set up.

I tried using mod_python... but I prefer to have single, or separate processes running which makes caching data easier. Caching database connections, and other data is hard with multithreads/multi processes used in mod_python.

What is missing from this stuff I have jumbled together:

Validation library.
  • writing lots of stuff manually so far. Taking bits from old projects, and random places on the net.

  • sqlobject protects from some sorts of errors with sql.

  • I require js validation stuff for my forms as well. Because for some interfaces detecting errors early can save the users lots of time.
    • This needs to sit outside of the templates, and be inserted based on the id, or class of the html elements.
  • something like mod_security which can allow me to quickly block, or warn me about certain requests based on regexes.

  • So far I do not have simplicity. I can't even think how to write hello world off the top of my head.
Not as data driven as I would like.
  • I still have to define some things in code. Not good for different language access by other programs.
  • I need to make sure my load balancing works correctly with SQLObject, as it is not designed to be multi process friendly(I think?).
  • Need to figure out a good way to keep track of database schema changes, as I create my tables using SQLObject.

Python has been fun for web dev :) Certainly heaps easier than php. I can write a CRUD application in a few pages of code(basically an SQLObject with some extra meta data in there).

The full pipeline of development needs to be taken into account. Ie. design, testing and maintenance. The problem is this is different for most people. I mainly work with at max four other programmers, and a few designers. Which is quite different from one person doing the whole thing.

Simple. Simple for designers, programmers, and users to change things.


Not many web apps use database, or OS security to its fullest. Why should the appserver with a user logged in with anonymous rights have the same permissions to the database as an admin user logged into the app server. If you have different appservers running for different users(app, db, os users) then you can use those layers of security to protect yourself better. The root/god/admin user for you app may even be able to log into different computers than anonymous users. If you have the app server for anonymous users running with restricted OS, and database access then you can provide different resource limits. Eg limiting the memory of the user your anonymous appserver runs as, and limiting their CPU use, their number of open files, number of open sockets, firewall rules etc.

There's lots of words for you... I think python allready is quite good place for web development, and it is getting better all the time :)

Comment on Why Web Programming Matters Most
by illume


FWIW, WSGIKit tries to achieve many of these things -- some directly, some indirectly. Setup is pretty quick and directed (not well tested outside of my Linux box, but that just takes time). It doesn't support a whole lot of servers at this point, but I just haven't put any effort into that yet -- the WSGI part should make this easy, but easy enough that it's not a Hard Problem so I feel find putting it off ;)

The first tutorial uses Webware APIs and ZPT. The ZPT library (ZPTKit) handles template reloading so that works fine. WSGIKit itself has a system for restarting the server when code is changed, so that handles other files being edited.

SQLObject is growing some management tools (sqlobject-admin) which will help with upgrading schemas and managing the upgrade of devel and live servers.

So it's getting there. It takes at least a little while, though ;) Mostly I need to bring more developers in.

# Ian Bicking

This is how I write the "Hello World" program in Karrigell:

print 'Hello World!'

One line. Really!

# Luis