Friday, September 17, 2010

Open Source

Canonical has encouraged us employees to blog about the work we do on open source. I intended to include these comments as part of the previous post, but that one was too long already.

Open source has been a huge part of my life for many years now. A friend once suggested I commission a song cycle about it, but I haven't been inspired in that particular direction yet. Reflecting back on my open source participation is interesting. I'll start with...


I'm one of the team leads on the Launchpad project. Launchpad's mission to connect open-source software developers within and between projects, and with Ubuntu packagers and users, is an amazing goal. Pragmatically, part of the goal is to help make Ubuntu the best Linux distribution available, and even the best general operating system available. That's a business goal. Beyond that, though, the engineers and managers behind Launchpad truly want it to be a part of improving the entire environment of open source. It's a huge, ambitious effort, and I'm proud to be a part of it.

Since I'm a manager at Launchpad, I have people to point to also.

  • Leonard Richardson has already spoken for himself on his blog.
  • Benji York doesn't have anything up on his blog yet as of this writing, but in addition to Launchpad, he has a long history of contributing to open source software. I think that Manuel and zope.testbrowser are highlights.
  • As part of the QA team, Diogo Matsubara works on analysing the "oops" reports (error logs from the Launchpad application), bringing the prominent ones to the engineers' attention. In the analysis work, sometimes Matsubara suggests ways to fix the bug or finds the root cause, saving the LP engineers time. To accomplish that analysis, Matsubara maintains and improves the Oops Tools, a soon-to-be-open-sourced Django application that helps summarize the oops reports. Matsubara has also been working on improving the testability of Launchpad API clients. The first mission was to convert the Apport tests to avoid screen scraping and use launchpadlib. In a related effort, he's working on defining a API SLA, using the Apport work as the initial test case. Finally, Matsubara helps with process changes to make the Launchpad development easier, more fun and faster. He helped design and hack on the changes to make the recent "merge workflow" process plan work and rock for the LP team.
  • Ursula Junque is a very valuable QA engineer for the Launchpad project who has initiated and contributed to many different parts of Launchpad. If she gives me a nice summary like Diogo's I will post it here. :-)
  • Stuart Bishop, Launchpad's database administrator, is crucial for keeping Launchpad running smoothly. Beyond that, he has produced several open source projects. Perhaps his biggest contribution is his own timezone library, pytz, which to my knowledge is the standard Python library for this task.
  • Maris Fogels hasn't posted anything yet either, but I know he has contributed to Windmill and done some great work on Launchpad's open source libraries.

Speaking of Launchpad's open source libraries, I should mention them too. None of them are mine, but I'm not sure anyone else will mention them all. If you head over to the LAZR project, you'll see many. I've heard mention of a few people finding uses for them, and I hope many more will too!


The Zope project was the biggest thing that brought me into the world of open source, and I learned a huge amount from it. It's been a big part of my life, and I wouldn't be the same engineer, or even the same person, without it. I think the changes that are happening in the Zope community that I talked about in the previous post are important and good, even if they are a bit painful to see sometimes.

I've contributed a lot to the Zope 3 project, and to the ZODB. Some of the projects I've done that are reasonably popular are zope.copy (over 25000 downloads, and actually useful in pure Python with only a dependency on zope.interface), zc.queue (over 19000 downloads), zc.relation (over 4000), zc.blist (890 downloads; heh, maybe I should move it out of "beta"), zc.async (only 355, but I know some use it heavily), and zc.catalog (meh, 267; I thought it was bigger than that). I have other, older and/or smaller ones too.

I've also contributed to the core projects, like ZODB, over the years as well.

Moreover, often while working on Zope projects, I've also made several other Python contributions. I'll mention those next.

Other projects

I just added the ability to use system Python packages with Buildout. That's a big deal for some.

I added the ability to have "latent slaves" to Buildbot. This means that, for instance, buildbot can start a slave on EC2 on demand when it needs to run a test. Hudson can do that now too, but at the time I added it, it was new, I think.

I did a bit of work on mechanize. The biggest job was teaching it to understand form labels, which made zope.testbrowser tests much more readable and usable.

I tweaked some table generation code in ReportLab.

It is fun to believe that I've contributed a decent amount to the world, and even (usually) had jobs while doing it.

Related work

Finally, since I'm here at a conference, I can't help but reminded that conferences--particularly presenting at conferences--can be very hard work too. I've presented several times (OSCON and DZUG most recently), and always about open source. I've also done crazy stuff in the past like writing a Zope 3 newsletter to let people in on all the changes when it was first being designed, and other promotional work for open source efforts.

In conclusion, though I don't share some of the more extreme opinions that some open source advocates espouse, it is a huge part of my life, and has been so for years. I hope I can keep working with and on it throughout the rest of my career. Maybe I'll even have the energy, time, and interest to work on it when I retire. :-)

Zope Summit, DZUG, repoze.bfg

I've spent a thought-provoking week in Germany, primarily in the company of people from the greater Zope community in Europe. By "the greater Zope community," I mean projects such as Plone, Zope 2/CMF, the Zope Toolkit, Grok, and BlueBream.

My week started in Halle, Germany, at Gocept's offices in a meeting called a "Zope Summit." 19 people gathered to try and figure out what we could collaborate on, how we could do it, and where things went from here. There was not a single answer to which everyone agreed. Some of the participants had heated words. By and large it was very friendly, though.

From my perspective, the only clear points of collaboration for us now are WSGI and libraries from the Zope Toolkit. Using WebOb would also give us more opportunities. Jim Fulton said he had began work on that integration over a year ago.

The most-discussed next step for people from the Zope community is repoze.bfg, also called BFG--a project with at least some measure of Zope heritage, but no direct representation in the meeting other than Charlie Clark's advocacy (see his EuroPython 2010 presentation and some of my previous blog posts).

In regards to BFG, I was pleasantly surprised to hear two pieces of news from Charlie. First, the next version of Pylons is slated to build on top of repoze.bfg. That's great news for the huge effort that Chris McDonough, BFG's lead developer, has put into this consolidation and the framework itself. It's also good news generally for sharing and collaboration in Python web frameworks: BFG, Pylons, and TurboGears will now all be interconnected, each building on the previous one, and all of them using WebOb and WSGI beneath.

Second, Tres Seaver, Chris McDonough, and others, are working on a layer above BFG for building content managing systems. While I strongly suspect that it would be years for this to compete feature-wise with longstanding efforts like Plone, a lighter-weight BFG-based CMS that could be customized much more easily would probably be immediately compelling for certain use cases.

After the Zope Summit, we moved Tuesday evening from Halle to Dresden, for the DZUG (German Zope User Group) conference starting the next day. The health of the German Zope community was startling to me. In America, the name "Zope" is often cause for many Python programmers to dismiss ideas and libraries, or look at them with prejudice. Here, developers acknowledge failings and are looking to the future, but the conference has a strength and positiveness that is a stark contrast to the attitude to which I have become accustomed.

That said, the conference, like the summit, was also a time of evaluation of where the Zope community is now, and where it might go soon. BFG was again a central topic in the meeting rooms and over meals, and the subject of a couple of presentations. BFG got positive notice, though some expressed a desire to see a clear path for more functionality, such as user management.

The first conference day started with Jim Fulton, the original Zope leader (or "Zope Pope," as he was called) talking a few minutes about his perspective on where Zope came from and where it is now. I interpreted it as a farewell, and certainly a repetition of the fact that he is no longer the Zope leader. Beyond that, he talked about mistakes made in the Zope project, and strengths and lessons to keep in mind for the future. A central opinion he stated was that Zope's problems came in part because it tried to be two things at once: a CMS and a framework for Python developers. He advised against making that kind of mistake in the future.

That evening I presented a keynote titled "Launchpad and Zope." It was a set of five loosely connected lightning talks, using a clever PyGame program fellow-Canonicalite Benji York wrote. It was very well received, and I had a lot of fun. Putting the slides up might be a little tricky because of the custom format, with movie integration, but maybe I'll try to put them up. These were the topics, with a short summary for each.

Launchpad and Zope
The Launchpad project aims to connect the open source community together, and particularly to connect Ubuntu developers, packagers, and users within it. It uses several key Zope Toolkit libraries, especially templating, publishing, security, interfaces, and the component architecture.
Launchpad's webservice
Launchpad's webservice is easy to use and exposes an amazing amount of Launchpad's functionality.
Open Source Libraries
Launchpad has a number of open-sourced libraries, such as lazr.restful, wadllib, lazr.resftfulclient, lazr.config, lazr.batchnavigator, lazr.uri, and lazr.delegates.
Buildout and System Pythons
The Buildout 1.5.X line introduced some nice features to make Buildout usable with exposed system Python libraries.
Launchpad and Zope?
Launchpad's use of Zope has some downsides and some upsides. We plan to keep some libraries because of their usefulness, but would like to remove others, such as Zope's publisher, because of complexity.

The other presentations were pretty much all in German, and I don't understand German well enough for a technical talk. One other was in English, but was about Plone, with which I have little practical connection or interest other than wishing Plone well.

While I was at the conference and the summit, I also spent time discussing interesting topics with attendees in the shared areas. Here are some representative summaries.

Launchpad is interested in using Chameleon, and had some work done over a year ago in that direction. I talked about some of the problems I had encountered and got some hints on next steps. I also learned that it was not yet in production for one of the people promoting it; and got confirmation that the maintainer is working on a rewrite. These last two items concerned me.
Volker Jaenisch brought up some concerns about the package. After discussing with him, we ended up with these observations and recommendations.
  • emphasize in that __parent__ *must* be set in order for expected behavior to occur. (Recommendation: use a factory?)
  • z3c.form: document that security is not ready until after addition.
  • design a cache to be held over multiple requests? Can be a big performance win, but must be very careful.
  • document that cache has potential edge cases
    • as long as cache is maintained, moving an object needs to either completely or partially clear the cache
    • similarly, children of moved objects must have their cached security values invalidated
    • would be nice to have a policy that did not have cache
  • would be nice if invalidations after grants and other security changes were localized (currently global)
  • would be better if the test showed integration between the policy and the proxy unauthorized
Christian Theune and I talked about the ZODB for a while, and he described some of the advantages and upcoming work on ZEORAID.
Django DB connections
Marc-André Lemburg showed me some interesting code he has to generate code to interact with the database, and we looked into how Django controls its Database connections.

It's been a nice week. The people at the conference and the summit were great to be around, and I particularly appreciate all the work from Gocept to organize these events. I'm also honored to have been invited as a keynote speaker.

And I'll be glad to be home. :-)