Pyramid and the Pylons Project in the wild
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 72 | |
| Author | ||
| Contributors | ||
| License | CC Attribution 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/54777 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language | ||
| Production Year | 2020 |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
Plone Conference 202030 / 72
1
3
6
9
13
14
18
23
34
35
39
40
43
46
50
51
56
58
60
63
66
71
00:00
Zoom lensCore dumpSoftware maintenanceProjective planeCore dumpPresentation of a groupBitSoftware developerTouchscreenCloningSoftware maintenanceComputer animationMeeting/Interview
01:14
Zoom lensSelf-organizationGroup actionOpen sourceSelf-organizationSoftwareGroup actionCategory of beingPerpetual motionOrder (biology)Software testingProcess (computing)Repository (publishing)Multiplication signRevision controlWindowLevel (video gaming)Software repositoryWebsiteCloningComputer animation
04:20
PiZoom lensSoftware frameworkEmailWebsiteSheaf (mathematics)Electronic visual displaySelf-organizationWeb pageComputer animation
05:07
Zoom lensDemo (music)Software testingAlpha (investment)HTTP cookieElectronic visual displayRight angleState of matterSoftware bugOpen setDemo (music)Beta functionComputer animation
07:39
Zoom lensSoftware frameworkDrop (liquid)Information securityLogical constantMathematicsKey (cryptography)ImplementationRemote procedure callMobile appUniform resource locatorDecimalHuman migrationWeb applicationAuthoring systemMoment (mathematics)Medical imagingAdditionWave packetVideoconferencingVideo gameInformation securityPoint (geometry)CodeLibrary (computing)AuthenticationAuthorizationWindowMultiplication signSoftware developerMaterialization (paranormal)Single-precision floating-point formatGame controllerType theorySoftware frameworkNamespaceSerial portElectronic mailing listDesign by contractCartesian coordinate systemLogical constantTrailPlastikkarteComputer animation
12:48
Zoom lensLibrary (computing)Repository (publishing)Serial portDecision theorySoftware testingMultiplication signDemo (music)Default (computer science)Object (grammar)Data typeCodeForm (programming)Information securityBootstrap aggregatingGoodness of fitArtistic renderingCASE <Informatik>SpacetimeAttribute grammarMusical ensembleMathematicsGUI widget1 (number)Different (Kate Ryan album)ImplementationoutputLibrary (computing)Standard deviationShared memoryHecke operatorExpected valueCuboidPerfect groupRead-only memorySource codeJSONXML
17:26
Associative propertyZoom lensLoginReduction of orderRule of inferenceWave packetUtility softwareOperator (mathematics)WebsiteLattice (order)Row (database)Wave packetMobile appAddress spaceIncidence algebraPhysical systemCategory of beingProcess (computing)TwitterClient (computing)Hecke operatorTerm (mathematics)Traffic reportingPower (physics)Procedural programmingCondition numberNetwork topologyNear-ringJSONXML
20:54
Demo (music)LoginPower (physics)Utility softwareMessage passingRow (database)Software testingMessage passingObject-oriented programmingUtility softwareElectronic mailing listSystem administratorAngular resolutionSheaf (mathematics)Right angleComputer animation
21:53
Demo (music)Computer iconRow (database)Utility softwareMessage passingRule of inferenceSoftware testingCodeSimultaneous localization and mappingTotal S.A.NumberPay televisionPower (physics)Lagrange-MethodeWater vaporWhiteboardInclusion mapPhysical systemLink (knot theory)Term (mathematics)Image registrationPasswordEmailTime zonePoint (geometry)Boundary value problemPerimeterCodierung <Programmierung>FrequencyCone penetration testLocal ringStandard deviationOperations researchSign (mathematics)AreaGlobale BeleuchtungProduct (business)WebsiteConfiguration spaceProgrammable read-only memoryDrill commandsBroadcast programmingTask (computing)Reduction of orderStress (mechanics)WorkloadBoss CorporationObject (grammar)Data typeGroup actionConsistencyState observerInfinite conjugacy class propertyComputer fileDependent and independent variablesFood energySource codeGUI widgetChecklistHazard (2005 film)InformationSpacetimeNP-hardElectric generatorOpen setFormal verificationProper mapPartial derivativeAddress spaceCountingCategory of beingIntegrated development environmentEvent horizonMultitier architectureError messageCausalityHost Identity ProtocolSalem, IllinoisStatisticsBit rateCASE <Informatik>Heat transferExplosionCalculationPersonal digital assistantWage labourNichtlineares GleichungssystemOnline helpInstance (computer science)Scale (map)Incidence algebraType theoryMessage passingUtility softwarePhysical systemTable (information)Real-time operating systemInformationCuboidHazard (2005 film)Incidence algebraComputer fileLattice (order)Presentation of a groupMultiplication signDigital photographyMassElectronic mailing listElectronic signatureSoftware testingStandard deviationText editorTraffic reportingForm (programming)NumberMeasurementBit rateSheaf (mathematics)Plug-in (computing)Right angleDifferent (Kate Ryan album)CalculationTotal S.A.Latent heatFrequencyData managementDefault (computer science)Error messageSource codeComputer animation
28:05
StatisticsUsabilityBit rateCountingZoom lensDemo (music)Plane (geometry)InformationRepository (publishing)WebsitePresentation of a groupUniform resource locatorComputer animation
Transcript: English(auto-generated)
00:01
All right, thank you, Erick, Ericko. Can you all hear me and see my screen? All right, let's get started. So, welcome. My name is Steve Piercy, and my presentation for today is Pyramid and Pylons Project in the Wild. Just a little bit about me. I am a self-employed, one-person shop.
00:26
So, I'm the full-stack developer and try to do as much as I can, and I play well with others when I'm on teams and working on projects. I'm also a core contributor to Pyramid,
00:40
and this year I became the Deform Maintainer, and I love to write documentation. I'm also, I live out here on the West Coast in Eugene, Oregon. I'm going to start talking about one thing that is kind of like the elephant in the room.
01:02
About two years ago, over in Japan, we made an announcement, or I made an announcement, that the Pylons Project was going to be assimilated by the Clone Foundation, and that never really happened. And there's a lot of reasons why,
01:21
but we spent some time, first of all, identifying what needed to be done, and we found that there were some roadblocks. First was that the Clone Foundation Contributor License Agreement had a process that was too cumbersome for what the Pylons Project folks wanted to do, and that there was one clause in there that wasn't agreeable.
01:50
And we do know that the Clone Foundation is totally open to amending it. However, there was more stuff going on at the same time. I know that the Clone Foundation was kind of busy
02:00
acquiring Zope, which definitely took precedence over going for merging with us. Internally, we also had problems with trying to re-license all of our software. We wanted to get stuff away from the repost public license and re-license it as MIT,
02:22
and doing it once and only once, and never doing it again. So, licensing is hard. We also wanted to make sure that copyright of the software and intellectual property was going to be maintained in perpetuity, and then of course COVID-19 hit, and then everything has kind of been on hold for
02:45
well over a year now. Well, we're about to start doing some revisiting of all this, and that means that we still have to get ourselves in order as far as an organization. We have been in discussion with the Python Software Foundation, and we'll probably start
03:03
talking again with Clone Foundation now that they have come, that's come over the Zope hurdle. So, what else have we been doing as an organization? Infrastructure. First of all, Travis CI and AppBear have gone out the window, and that's primarily due to Travis changing
03:27
its plans for open source projects. Their free level is pretty much insufficient with the amount of builds that we're trying to do. So, we switched over to GitHub Actions for
03:40
most of our active, for most of our active repositories and projects. The only thing that's missing is that we really wish we could have is the allowed failures feature from Travis CI. This allows us to test future versions of Python on our software to make sure that when that future version is deployed, then it will continue to run.
04:08
Besides that, we have been doing a lot of work on our marketing websites. The pylonsproject website for pylonsproject.org and trypyramid.com are now being automatically built using Hugo
04:28
and deployed on GitHub pages. This is really cool because now people who want to make a contribution can do so, and when their PR is merged, it gets automatically deployed.
04:42
It's so much easier and so much more pleasant to use. And we are definitely encouraging people who have an add-on for Pyramid or have a company, organization, project, or website that uses Pyramid to add themselves and be contributors to the add-on or the community section and proudly
05:07
display that they are powered by Pyramid. Show off your Pyramid flair. Aside from that, we have been really super busy with a release party of lots of updates to our projects.
05:26
Colander has gotten a new release. Dform and DformDemo are now up to 2.0.14, and .15 is hopefully coming out the door by this weekend. Pacedeploy just came underneath the pylonsproject this year.
05:46
The most interesting project, of course, to most of y'all is Pyramid. That's been updated to 1.10.5, and the first alpha release of Pyramid 2.0 has made it out the door. And the cookie cutter, which is used to generate projects, and if you saw my lightning
06:06
talk on Monday, you can see it actually being used and integrated into PyCharm Professional. It's really cool to see that. Go back and watch the lightning talk if you haven't seen it yet.
06:21
The Pyramid Debug Toolbar has a new feature as well. You can now watch sessions as session values come into your request and go out of your request and see the values change accordingly. That's really awesome. That was contributed by Jonathan Vanasco. Pyramid Open API is continuing
06:42
to be actively developed, so if you want to have a quick and easy way to have your API documented and functional and tested, check that project out. We've also had a few other projects. Waitress is probably the big one that's used by Plone,
07:08
and we've had another beta release. We want to get feedback so that when it's ready to be released as a final 2.0 that there's as few bugs as possible. When we released the first beta,
07:24
we found a bug really quick, fixed it, and was released within 24 hours. So we're right on top of it. Please let us know. So that's a brief overview of the pylons project. Now let's take a look at the state of Pyramid. So in the beginning,
07:41
I joined Pyramid as a groupie of a heavy metal band, and the after-parties were amazing. But at some point, we had to look respectable. So over the 10 years or so of Pyramid's
08:00
development, there are now over 419 projects in PyPI that have the Trove Classifier Framework Pyramid. In addition, Warehouse itself, the cheat shop or PyPI, is running on Pyramid.
08:23
Talk Python to Me, which provides technical training for Python data science web application development and run by Michael Kennedy, a fellow Oregonian, also uses Pyramid. Check him out. He has really good materials if you want to learn Pyramid and other Python technologies.
08:45
And finally, Mozilla, Roadcode, Cards.com, SurveyMonkey, Yelp, and NASA Image and Video Library are all using Pyramid. So what's new in Pyramid 2.0? First, we dropped Python 2.
09:04
3.4 and 3.5 are also end of life, so they're gone, and PyPI will be out the window. Where we've been supporting Python 3 for quite some time, but now we're supporting up to Python 3.9 as well as PyPI 3. We have a new security policy. This is the big one. So basically,
09:31
we had two policies, authentication and authorization in Pyramid 1.x. So those two have been merged into a single security policy in Pyramid 2.0.
09:46
The authentication and authorization policies can still be used, and they will continue to function normally for the time being, but this is the time to start learning about and adapting
10:02
your code to use the new security policy. You'll be much happier with it. Trust us. To go with that, we have new security APIs. Those have been added to support an overall of the authentication and authorization system. We have exposed some ACL constants.
10:29
ACL is an access control list for permissions. The constants that have been exposed are all permissions and deny all, so no permissions at all. These are now importable from the
10:45
Pyramid.authorization namespace. It's a nice convenience. We have a new serializer. We are throwing pickle out the window and now using JSON as the serializer.
11:00
Now, we did this because this basically is a stricter contract than the previous requirement because of security purposes. Previously, if a client-side session implementation was compromised, it left the application vulnerable to remote code execution
11:25
and using specially crafted sessions that could execute code when deserialized. That would be really bad to get owned. With this change, it is backward incompatible, and you will definitely need to update your code for that. The keys and values in your session
11:43
data must be JSON serializable, so that means dates and decimals, you're going to have to fiddle around with them to make them work. There's a few other highlights. Trailing slash routing, improvement of CSRF handling, pre-compressed static assets, we fixed a deprecation warning
12:08
from Imp, and a few other minor features. To see what all of these features are, as well as getting some documentation about how to make the migration for your pyramid apps,
12:24
please visit this URL. I'm going to pause for a moment and see if there's any questions, and if you do have any questions, feel free to type them away in the Slack app and then
12:42
Erica will follow up with me. So, no questions from the audience, but I do have a question. Basically,
13:01
are you planning in a pyramid to use a different JSON implementation by default, instead of the standard library one, one that already serializes date and time and other times?
13:20
Yeah, that's going to be a challenge. I don't know exactly all the implementation details, but that sounds like a good thing to do. But with all of that, there's also like standards requirements, right? So, there's some expectations that have to be there.
13:43
I think that would be a good thing to put on our roadmap. Yeah, especially because of sharing my previous company. In the previous company, we use pyramid extensively and every time we had to deal with serialization,
14:02
we had a piece of code that was replicated in many repositories that was basically updating the JSON serializer to handle some new data types like set, daytime and time and stuff like
14:23
that. Yeah, exactly. Yeah. We know it's an issue, but we had to make the decision of, well, is security more important? Yeah. So, let's get that taken care of and we'll handle the rest of it when the dust settles. Perfect.
14:46
Yeah. So, next one big project that I've been working on is Dform and the Dform demo. As I said, I'm the new maintainer and in the last year, we're now up to 100%
15:01
test coverage. 100% of the tests pass and the documentation has of course been vastly improved. We've had a lot of great contributors step up on this one that I'm so pleased that people are still using it. Yeah, there still is a good use case for server-side rendering of forms,
15:22
especially if you're a one-person shop and you just don't have the time or resources to develop within a Python ecosystem, a JavaScript ecosystem, React and adapt to all of those things. So, this is great if you just want to get something out the door.
15:43
Later this week, we'll have the biggest changes are there will be read-only HTML attributes that are properly handled. That's a big, huge feature that's been requested for a long time and it's finally going out the door. We're adding a new select widget. If you know,
16:04
using select inputs are terrible and so we've adapted a new one to use in Dform. We also have a new space where unofficial widgets can be brought in. So, these are ones
16:21
that are not tested. We don't have to write tests for them, but it's more like we want to cookbook or a recipe so that you can try various solutions. So, I have one where I have these custom checkbox layouts and I work with various other objects. I'd love to share them, but writing
16:42
tests for them is not a whole heck of a lot of fun as far as the UI. So, you know, just it's something to play with. We've also switched to using pytest and now Docker containerization of both Dform and the demo. Dform 3.0 is also on our roadmap and that will include
17:02
Bootstrap 4.5 and that's to prepare it for the eventual 5.0 release of Bootstrap and we're going to be doing a lot of sprinting this week. So, I hope you can come out and play with this. Okay. Next, I wanted to show you how Pyramid is actually being used in the wild.
17:27
I have a client, the American Public Power Association, and they provide a voice for not-for-profit community-owned utilities that power 2,000 towns and cities in the United
17:41
States. Here in Oregon, there's a lot of towns, including my hometown, my town here of Eugene, Oregon. That is a publicly owned utility. They represent those utilities before the federal government and they protect the interests of more than 49 million people
18:03
that they serve. And there's about 93,000 employees of all these utilities. Finally, they advocate and advise on electricity policy, technology, trends, training, and operations. And the app that I wrote, or led, it's a project on,
18:28
addresses a lot of those, all of those issues. So, we developed, together with me, I developed eSafety Tracker. It was released in June this year,
18:43
and it helps utilities to plan and record their safety meetings. So, these are their trainings. They also plan and record job briefings. So, when there's a utility outage, they have a meeting before they go out to the job site, and they get briefed on the conditions. So,
19:04
they say, watch out, there's a lot of ice and snow and fallen trees. So, these are the procedures that we have to follow before we go out there and make sure that we reduce our injuries. It allows the utilities to record safety incidents.
19:23
As well, that includes injuries, fatalities, property damage, and near misses. The utilities also record their investigation reports of those incidents. And finally, they use it to analyze and reduce costs related to workers' compensation, medical expenses, and lost time.
19:51
Until before the Safety Tracker was developed, they were kind of, they didn't do a whole heck of a lot of collection of data. And most of it was through OSHA, which is the government agency
20:05
that they report when there's an injury or incident. And now that they have the system, it standardizes a lot of the terms and the classifications of things so that it's, um, so that they're able to identify trends and see how they met, how one utility measures
20:26
up to another in their safety performance. So, this is a huge step forward for them, and they're really, really excited to be using this. And I feel great about it because I'm helping people stay alive, not get injured, and, you know, maintain their livelihood while
20:46
trying to keep the lights on. So, let's go ahead and take a look at this. I'm going to switch over to the actual app. Let's drag it over here, full screen, and log in.
21:07
Oops. So, there's some CRSF protection right there. There we go. And we're going to get
21:23
utility. When users log in, they're first presented with a message of the day, hello, greetings, some text here, and a list of unresolved entries. I'll get into that later. Across the top, we have navigation for users to select their section that they want to navigate
21:42
to. And if you are an administrator, you can select which utility you want to go to. So, this is a nice little thing for people to, excuse me, I forgot one thing.
22:08
This table here also is just data tables. So, it's just a JavaScript plugin. So, it's a nice thing that, you know, works in real time and just is useful. So, let's start off after this. When they are, let's see,
22:32
sorry, got lost here for a second. There we are, navigation. So, dive right into managing.
22:42
In the utility section, we have a nice little filter here. And utilities can edit their information and so forth. One of the things that's super important is that they record like how many employee work hours they have, their total number of utility employees.
23:08
And these numbers are used later on in reporting and performing calculations. We also have users. So, once the utility has access and a license to the system,
23:25
they're able to add new users on their own, which is super handy. It's making a request. Come on, baby. There we go. So, when they create a new user,
23:41
they have the ability to assign them a role, one of four different roles, and pick a utility and assign them to that. By the way, this is all D form stuff. I'm going to cancel out of that. They are also able to manage their messages of the day,
24:09
so that when people log in, they're able to greet them. Let's go back over here. There we go. And this is useful. We have ways of filtering all the messages of the day
24:31
up through a specific period of time. And we automatically load like default messages, and you're able to filter reports as they come, the messages as they come in.
24:47
That's over there in management. Under meetings and briefings. So, here we can see all the different types of information that is recorded. We have a collection
25:02
of all the meetings and briefings that are held. So, this is great when utilities want to look back in time to see what has actually happened, and they're able to filter, you know, however they like to see whatever is available. They're able to edit and delete meetings as they come in,
25:25
and they're also able to add people as presenters who attended the meeting, and they can add files. This is useful if they wanted to have like a sign-in sheet,
25:42
they can take a photograph of this and upload and say that these are the people who attended. Briefings are similar, and one of the cool things about this is, this is one of the custom things that I did for them, is this lovely massive checkbox list. So, they're able to classify
26:06
all of the various safety hazards and so forth that they have here, and they're also able to add signature sheets and other goodies. All right, now the meat of this is underneath
26:23
incidents. The incidents are really cool. We have, a person can, an editor can, or a user can create an incident, whoa that was not good, and create one of four different types.
26:44
They can create their incident with the date and time. One of the cool things too is that if you try to do something too far in the future, you'll get error out what you can't do in the future. So, you know, make sure that it's
27:06
validatable, and these are also cross-referenced as well. So, this is also another thing about, that uses colander with Dform. Steve, we are approaching the end of our talk.
27:24
Yes, so I will just wrap it up. I'm going to go back over quickly to reports and just see what happens when you do some incident history stuff. So, I'll go back in time,
27:40
if that's early enough. This is what's really helpful for the utilities too, is that once they get these incident rates, these are not realistic numbers of course, that they're able to look at this and compare it to other utilities and measure against standards. So, with that, I'm
28:02
going to wrap up here, switch back over to this, and just say I wanted to thank you for attending the, for my presentation. To get involved with the Pylons project, there's our URL for
28:21
our repositories on GitHub. We have the two marketing websites, trypyramid.com and pylonsproject.org. And to contact me, there's my contact information. Thank you, Steve. It's good to have the Pylons project back with us. This is always
28:44
something I look forward in our conferences.