[ANN] SkunkWeb 3.0 Released!

Drew Csillag drew_csillag at geocities.com
Fri Aug 24 18:29:40 CEST 2001

On Fri, Aug 24, 2001 at 07:42:58PM +0400, Oleg Broytmann wrote:
> So we have very good discussion here! I want to stress that SkunkWeb and
> Zope seem to be oriented towards different classes of users. Let us
> clarify the differences.

You hit the nail on the head.

> On Fri, 24 Aug 2001, Drew Csillag wrote:
> > > > Like Webware, Zope uses a threaded model instead of a forking model
> > >
> > >    Forking Zope would be an issue. It is too heavy.
> >
> > On an SMP machine though, this kills performance because of the Python
> > Global Interpreter Lock.  It will only use a minute portion of the
> > other CPUs.  So if you're going to run Zope, basically don't bother
> > with SMP, you'd be wasting your money.
>    I know it. This should be fixed (and will be fixed sooner or later) on
> the Python level.

Very much agreed.

> > > > To call arbitrary code from Zope templates, you have to create Python
> > > > Method objects, which let's be honest, is a pain.
> > >
> > >    Where is the pain?
> >
> > I just want to import and call a function, not have to go through the
> > admin interface to say what functions people can call.  I want to
> > reduce the amount of work I (or others for that matter) have to do to
> > get the site up, running and fast.
>    Hence you think about small secure intranet sites.

Actually not.  I think of large, complex, public facing, database
driven, high-volume sites that have tight deadlines.  That is actually
the environment that SkunkWeb grew up in.  I think it would also be very
appropriate for the small secure intranet sites.

> > > > STML has an import tag
> > >
> > >    Insecure?
> >
> > You don't trust the people who build the website for your company?
>    Certainly NO! Let us see.
> 1. Some people do malicious things intentionally.

If they work for you, they should be fired, and quickly.

> 2. People often do mistakes. Do not allow people to delete important
> information by simple mistake.

Ahhh, but DTML's restrictions do not restrict this.  If you have to
provide a method to delete information to complete your site, you
still have the same situation where they could call the wrong one.
Trying to make something foolproof is an exercise in futitlity as
fools are incredibly ingenious.

> 3. There are outside crackers who will exploit every possible hole.

Obviously so, but giving your template author the import facility
doesn't exacerbate the hole.  They could just as easily break through
one of the python methods.  That is, assuming that you trust your site
authors.  But since you don't, yes that would be a problem.

One could argue that Zope's web based content management system offers
more holes for the outside cracker to exploit though.

> 4. And there are different types of sites and users. Think about Geocite.
> Do you trust its users? :)

Of course not.  SkunkWeb was not designed for, nor is it appropriate for
hosting in that way.


>    Definitely yes. Just don't say "Zope is for everyone. Every simple idiot
> can build portal in a minute".

Actually, complex idiots are required :), and they need 2 minutes <0.9 wink>.


> > > ZClasses are for simple programming.
> >
> > Wouldn't it seem reasonable for simple programming not to require a
> > class?
>    No. Without a class it is not programming at all. 

Ahem...  You are saying that without classes, you aren't programming?
So this whole Linux kernel is not *real* programming?  I respectfully
and emphatically disagree.

I guess the main crux of this discussion is: 

   SkunkWeb is best oriented towards sites where the site authors can
be trusted not to maliciously mess things up (e.g. where the site
authors work for the company that runs the site).  Contrapositively,
SkunkWeb is not suited to the environment where the site authors may
be hostile.


More information about the Python-list mailing list