Mewlo Web Framework Blog Entry #4 - October 14, 2013 - A First-class Addon/Plugin/Extension System

At the end of my last Mewlo blog entry I talked about the central role of an addon/plugin/extension system in Mewlo, and the idea that it would be  a natural first structure to start coding.

There are very good reasons to start with an addon/plugin/extension system.  First and foremost because it makes it easier for other coders to start independently writing drop-in code packages, and makes it easier to keep these updated and integrated.  But I think another key benefit is that it brings into sharp relief early in development the need to craft an API to interact with the rest of the system.  The earlier we force ourselves to view the system as an API, the better.

What exactly should the addon/plugin/extension system for a web framework do? What features does it need to have?

Let's start by restating briefly the main goal of a (web) framework.  The goal is to provide a base upon which custom coding can be done.  A framework enables coders to avoid re-writing the same structures and code for each new project, and provides a well-organized and easy-to-maintain structure that can be extended.

So it should come as no surprise that all non-trivial frameworks have facilities for adding and integrating 3rd party extensions.

For web frameworks, we can distinguish two aspects of how such extensions work:

First, we can look at the actual API provided for interacting with extensions, and how they communicate with the rest of the framework.  Here we find generally quite robust implementations.

Generally one sees a signaling system, where components can register to receive signals when certain events occur, and can register their own signals that listeners can subscribe to.  A signaling system is a key way to let modules interact without requiring them to know too much about each other.

One also often sees a kind of component "registry", where extensions can add new objects that can be used by other code, or new functions that can be called, or where extensions can replace existing components.

However, while the internal API for facilitating interactions between extensions and the core system is often robust and clean, web frameworks generally provide only the most rudimentary higher-level maintenance support for managing extensions.

What exactly do I mean by "higher-level maintenance support for managing extensions"?

If we take a look at software that is one-level higher-up and removed from a web framework, like a Content Management System (CMS) or a blog, what we often see is quite elaborate support system for maintaining extensions.

Such a support system can include an administrative backend that can provide information about current installed extensions and their version and status, and a button to click to check for extension updates online.  The online update check can be as full-featured as a desktop update check tool, providing information about new versions available -- the changes and release dates, etc.  The system may also support dependency checking between multiple modules, and report on incompatibilities and dependencies between extensions.  The administration system may even support searching for extensions online, and then automatically downloading and installing (or uninstalling).

In one aspect, extension updates/installs/uninstalls for online web services are more complicated then desktop applications, and that is when the database needs to be substantially altered.  Whether one is installing, updating, or uninstalling, the need to perform database upgrades can be tricky (especially for a live system).  Frequently one may want to save a database backup to be able to roll-back a problematic update, and one may need to take the system offline while updating.

I take the position that such functionality is exactly the kind of thing that a framework should do more to assist: It is common functionality found in most modern web applications, represents a substantial amount of coding, is hard to code properly and is hard to maintain.  This is especially true for the situations where an extension update needs to perform some one time database updates.  In short, this is an areas that a web framework should do much more to assist with -- building a web application should not require the coder to reinvent the wheel when it comes to supporting extensions.  And yet it is an area that few (any?) web frameworks support robustly.

The support for such extension management and updating is a good example of how Mewlo is trying to occupy a middle ground between traditional web frameworks and higher level content management systems.  In some ways you might say that Mewlo is more of a Content Management System Construction Kit.

Mewlo Web Framework Blog Entry #3 - October 2, 2013 - Where to Start?

I've been writing code for the Mewlo framework off and on for a couple of months now, but I think we still need one more preliminary blog post before I start getting into the details of the code.

What I want to talk about in this blog entry is establishing a solid foundation for a collaborative (open source) project.

Now I have to say off the bat that I don't have much experience with heading up active collaborative open-source projects.  I have written some open source projects in the past, but these projects were never popular enough to get much collaboration, and not much thought went into creating an environment that fostered collaboration.

But for this project, it's very important to have an environment that both encourages collaboration and ensures that the the ecosystem around Mewlo does not become chaotic.

In the past I have been highly critical of some large open source projects, primarily those that support 3rd-party community addons or extensions.  I find that such projects often become dumping grounds for large numbers of half-finished, abandoned, unsupported, conflicting addons, making it near impossible for anyone to find what they need and maintain a system built from these addons.

I am much more amenable to the idea of an actively "curated" ecosystem.  That is, I am in favor of having some centralized organization and supervision of addons, and a fairly strict set of guidelines, policies, and standards.

I was looking up what others had done in the way of making a Box.com client for Linux (there is none, just mount your folder with WebDAV).  Apparently, a client proper accesses your account using the OAuth 2.0 protocol.  I briefly looked at what it might take to whip up something of my own devising, perhaps with a bash script or my budding Pascal skills, when I came across a OAuth library for Delphi/Lazarus (which I can't find now) and decided to look up Oauth and see how difficult it might be to implement. 
I stumbled across this article written by one of the principle authors of OAuth, Eran Hammer, who abruptly quit OAuth last year after 3 years of dealing with the process of working up OAuth 2.0 to a proper IETF standard.  Scary.  I don't think I have enough Jedi skills to get very far with this...

This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad protocol. WS-* bad. It is bad enough that I no longer want to be associated with it. It is the biggest professional disappointment of my career.

http://hueniverse.co...nd-the-road-to-hell/

He is actually kinder to the IETF board members in the comments, and clearly he was frustrated with the process as much as the enterprise goons.
Opinions?

Sooner or later it happens. You posted what you felt was an honest and candid comment about somebody or something. Next thing your know, you're receiving shrill emails from somebody (not even somebody necessarily mentioned in you comment) who is threatening all sorts of legal action against you. Or even scarier, you made a negative remark about some company's product or service, and you receive an email a few days later from some law firm demanding you remove your post, issue a public apology, and turn over your domain to them (possibly with a certain number of dollars for their time and trouble) - or face banishment, a bad haircut, total destruction of all you hold dear in your life, and permanent revocation of your town library card.

What to do? What to do?

Attorney Ken White (chief ogre over at Popehat) posted a very good article on how to handle yourself - and what to do (and even more importantly not do) if you're ever receive a threat that somebody intends to file a "defamation" or "libel" suit against for something you (supposedly) said or posted online.

Link to the article is: http://www.popehat.c...th-a-defamation-suit

...Criminal defense attorneys like me tell our clients about something we call the Martha Stewart Rule: lots of people get into trouble not because the did something wrong, but because they heard they were being investigated for doing something wrong, and they panicked and started lying and deleting files and setting cabinetry on fire and making angry statements to the press and generally venting their agitation. They go to jail for stuff they did when they lost control over themselves, or they go to jail because in their panic they generated new evidence of prior wrongdoing....

A nice large set of youtube videos teaching essential physics:

Came across "Leonard Susskind Teaches You “The Theoretical Minimum” for Understanding Modern Physics".

For the past decade, Leonard Susskind, one of America’s pre-eminent physicists, has taught a series of six courses in Stanford’s Continuing Studies program.  The series “explores the essential theoretical foundations of modern physics,” helping lifelong learners (like you) attain the “theoretical minimum” for thinking intelligently about modern physics.

the lectures ... available to a global audience on YouTube and iTunes.

Susskind’s popular lectures found a new home of sorts with the launch of The Theoretical Minimum, a new web site that presents the six courses in a way that’s neat, clean and easy to navigate. The site also offers a short text summary of each lecture, plus related reference materials.

There also appears to be a book -- one reviewer mentioned that getting the errata had been very helpful for them.

Zeus Edit Review

Basic Info:

App Name	Zeus for Windows Programmer's Editor
App URL	http://www.zeusedit.com/
App Version Reviewed	3.97o 32-bit
Test System Specs	Windows 7 64-bit/Visual Studio 2010
Supported OSes	Windows XP/Vista/7 32-bit and 64-bit/8 32-bit and 64-bit
Support Methods	E-mail, FAQ, Forums
Pricing Scheme	$89.95 - A lite version is also available for gratis
Trial Version Available?	Yes, 45-day no limitations.
Upgrade Policy	Point in time upgrade scheme, detailed below by the developer.  45% discount available for further upgrades.
Reviewer Donation Link	wraith808

Introduction
Zeus is billed as a programmer's editor, but that is selling it short.  It is a text based IDE in the vein of SlickEdit and UltraEdit Studio.  It is fully scriptable, keyboard centric, fully customizable, and includes throwbacks to hardcore programming like Brief, WordStar, Epsilon, and Emacs keyboard emulation.  It supports visual studio solutions (in addition to it's own workspace format), has built in source control integration for Subversion and TFS, and a variety of other features.  In fact, there are so many features, that I'm going to have to break this review up into separate parts.

Review Notes
Many people swear by Visual Studio as an IDE, and I do like what Microsoft has done with it.  But it takes a while to start up, uses a lot of memory, and is prone to crashes.  I love SlickEdit, but over time, I've had to pare down, and I just haven't been able to justify the extravagant expense to use such an editor.  So, I've stuck with Visual Studio, and just used text editors to support it.  I discovered Zeus, and the price is right, and the feature set is right- I'm just hoping that it lives up to the hype on the site.