Weblog
Annual members meeting of the Plone Foundation
Annual members meeting Plone Foundation during the Plone Conference 2012.
Annual members meeting Plone Foundation during the Plone conference 2012.
There are seven nominees for the Plone Foundation board and there are seven places, so this year there is no election. The new board is accepted by acclamation. Geir Bækholt, Maurizio Delmonte and Sjoerd van Elferen are stepping down. Carol Ganz, Érico Andrei, Matt Hamilton, Paul Roeland, Steve McMahon, Elizabeth Leddy and Matthew Wilkes are the new board.
The report created by Paul and sent to the membership list are accepted.
Meeting adjourned.
Maurits van Rees - Internationalization in your package
My own talk during the Plone Conference 2012.
See example package and slides at https://github.com/mauritsvanrees/maurits.i18ntalk
Ramon Navarro Bosch, Victor Fernandez de Alba - plone.app.multilingual: Next generation multilingual history
Talk during the Plone Conference 2012.
Ramon Navarro Bosch and Victor Fernandez de Alba talk about plone.app.multilingual: Next generation multilingual history during the Plone conference 2012.
(Sorry, I missed the first part.)
There is no canonical language in plone.app.multilingual.
There support for a neutral root folder.
We have a translation map. Good for the mental sanity of site managers and translators. It show content and its related translations.
We have support for Google Translation Service. This is a paid service.
There is a migration path from LinguaPlone. It is non-destructive: the original information is still there on the content items. Lookup your code for LP dependencies before you migrate.
Some internals. There is an ITranslatable marker interface. Some adapters. We store the relations in a separate catalog. Unified interface for getting and setting the language of an Archetypes and dexterity item.
Now a demo. Works well.
Roadmap:
- XLIFF support
- remove the catalog patch
- support for Iterate
- LinguaPlus/Linguatools have a set of useful tools
- locator translation policy: allow user to decide in which folder a new translation should show up
- translation workflow support
- plone.app.toolbar support
Thanks to a lot of people who helped us!
Code: https://github.com/plone/plone.app.multilingual
Releases: http://pypi.python.org/pypi/plone.app.multilingual
See also: http://pam.iskra.cat
Alan Hoey - Security for product developers
Talk during the Plone Conference 2012.
Alan Hoey talks about security for product developers during the Plone conference 2012.
I'm Alan Hoey. I work for the Code Distillery. I am on the Plone Security team. I will talk about security in your add-on. The Plone core is reasonably secure, with a good track record. Add-ons are usually not audited though. A vast majority of developers probably try to the right thing, but some things may slip through the tracks. This talk is about what happens when you do not pay attention. If you have not thought about it, you may be vulnerable.
What are common vulnerabilities? It can be simple things like ratings on products or pages that get wrong, like getting an average score of 999 out of 5. There can be denial of service attacks. Cross Site Scripting and Cross Site Request Forgery (CSRF). Boxes can be taken over if you don't pay attention.
Why should you care? You don't want those calls from a customer whose server is hacked.
Object publishing in Zope. Zope will publish anything as long as it does not start with an underscore. So use security declarations. If some method is not meant to be published, you can decide not to add a doc string, which will work until someone innocently decides to add a doc string anyway.
Try to look at your code with the mind of an attacker.
Traversal. Look out with importing os as an attacker may be able to traverse to it. Do not use unrestrictedTraverse unless you know what you are doing.
All classes should use ClassSecurityInfo: declarePrivate, declarePublic, declareProtected. There is also ClassSecurityInformation, which is by default closed, but does not work. We should fix it. Monkey patches need security declarations, just like everything else does.
ZMI properties are readable when you can view the object. So not a good place to put API keys. The registry is a nice place: you cannot read it from the web.
The security on BrowserView is very good. If you override the __init__ method and set the context and request, or anything else, you have thrown that security away.
Use plone.protect on all forms that need CSRF protection. Also the postonly attribute.
Acquisition is scary from a security view point. Be aware that a script can be called on any context. It is better to use container instead of context.
Do not give Restricted Python access to untrusted users.
Do not use allow_module. Use ModuleSecurityInfo instead.
Zope Page Templates. Do not use structure if you do not need it.
Deployment. Please do not miss hotfixes. Do not think that you can hide acl_users in Apache and think you are safe.
Steve McMahon - Plone Production Deployment: Secrets & Tricks
Talk during the Plone Conference 2012.
Steve McMahon talks about Plone Production Deployment: Secrets & Tricks, at the Plone conference 2012.
We are going to have a special version of this talk: no secrets, to tricks!
If you are hear, or reading this blog item, you should be a (Unixy) SysAdmin or Friend of a SysAdmin. This is not going to be an advanced talk. If you want something more advanced, find Martin over in the Disco room.
A PHP programmer may run away screaming when you mention reverse proxying and caching, but if they manage a big site, they will use those technologies too, and will not still be on a five dollar/euro per month server.
A stand-alone is great for development, but you should not use it on production. It lacks versatility, SSL support, and more.
So we add a web server, like Apache or nginX. Modern web servers can be used for reverse proxying. It can handle SSL, efficiently queue requests, handle URL rewrites. They generally have battle-hardened logging and request sanitizing. Lots of people have tried to break it. It probably rejects requests that are obviously meant as an attack. It will play well with other server parts.
You may add other web applications. Plone is your CMS, but you may let another application handle one special part of the site. Single Sign On can be done between the two applications.
Donald Knuth famously said: "Premature optimization is the root of all evil." It was expanded by Elizabeth Leddy: "Measure, measure, measure. Then act." Do not make your stack more advanced than it needs to be. Measure, experiment, measure. If the measurement does not show an improvement, reverse the changes. You may not need load balancing, whatever that person on irc tells you.
Leonardo da Vinci said: "Load balancing means always having a canon ready to fire." We replace canons by zeo clients that can handle a request. Such a ZEO setup can scale to multiple machines. It is a good option, even without load balancing: you can use a second zeo client to handle debugging (hope you do not need it) and to run scripts that take long. The zeo server has different requirements for memory, disk space, CPU, so you can optimize. And of course you regularly do a bin/zeopack on the command line to pack your database.
Good load balancers distribute the load very well over the zeo clients that are live. This helps to avoid service interruptions. The balancing scheme can matter. Default is round robin. If sticky sessions are into effect, you usually end up at the same zeo client all the time, which helps for the caches that this zeo client has. But you can change your balancing scheme and measure if that improves responsiveness and stability.
Someone around 1566 said: "Good caching makes light work." You can add a server cache, a reverse proxy cache. Typically this weill be between the web server and the load balancer. It can be on a separate machine. You cache in memory or on disk. A good cache is usually varnish or (poor you) squid. David Glick, during the Cioppino 2012 sprint, said: "Caching is hard." If you expect a lot of traffic for a day, then you may need more aggressive caching."
plone.app.caching is how to do caching in Plone 4. There is cache invalidation, but that is hard. A page may show a portlet that shows a collection, which may need to be invalidated at random times, not having to do anything really with that page, which may not have changed this year. My general strategy is to start conservative with caching and then slowly turn it up. You handle anonymous and authenticated requests differently. Dylan Jay said during his lightning talk yesterday that he simply cached one minute. You do not need an invalidation scheme then.
Choosing some tools. Take care of your tools and they will take care of you. You can do the best of breed approach:
- web server: probably Nginx, maybe Apache
- proxy cache: our community chooses varnish. It makes incredibly good use of memory. It will make really good decisions about memory and swapping.
- load balancer: I love HAProxy. It allows you to use several different schemes. Sticky sessions are a bit tricky to setup, but it can be done. SSL can be a problem, but latest version has improvements.
A perfectly reasonable alternative in some circumstances, is to let the web server do it all. William of Occam, translated to modern speak, said: "Keep it simple, stupid." Having everything in one web server may make that web server too complex though.
Read about hosting here: http://collective-docs.readthedocs.org/en/latest/hosting/ You can edit that document, or propose changes.
Elizabeth Leddy: "Backup is serious shit." Restoring is serious too. You need to test a restore scheme, otherwise you do not actually have a backup. There are horror stories about that. So what you do is: backup, rsync to another server, restore. Use collective.recipe.backup.
Eric Steele: "Rotate your logs, or your server will do." Florian: "At some point, move the old logs as well, as they still keep up space." sudo apt-get install logrotate. Rotate your Z2.log, event.log (instance/zeoclient.log), do it weekly, postrotate do a kill -USR2 on the zope process so the logs are reopened. On the topic of log files: read your event logs. They have important information. Some tracebacks you may know about, and they drown out the nasty stuff. Read them regularly. Try to get the noise in the logs down. Look at mailinglogger for this, which is already in zope, or Sentry. Maybe set the log level to warning instead of info. That helps a bit for performance too.
ZODB packing: use the bin/zeopack script, installed by plone.recipe.zeoserver. Set it up in a cronjob.
Elizabeth Leddy, Cioppino 2012: "These days, I use system packages as much as possible. You should, too." I want my routine security updates of the operating system to apply without me needing to do much about it. The least used feature of the UnifiedInstaller: --with-python=/usr/bin/python2.7. If it meets the requirements, it will use it.
Last advice: never run buildout as root. Always create a separate user and run buildout and run zope as that user. If hostile code ended up in a setup.py of a package and you run buildout as root, then your server is owned by others.
Read about deployment here: http://collective-docs.readthedocs.org/en/latest/deployment/ You can edit that document, or propose changes.
If you edit this, put the complex information in the hosting docs and the beginner documentation in the deployment docs. And own that document as a community.