Skip to content. | Skip to navigation

Personal tools
Log in
You are here: Home

Latest Plone Posts

2015 Plone Conference - Schedule of Events

From Planet Plone. Published on Oct 08, 2015.

Everything you need to know from talks, to training, keynote speakers, events, and sponsors.

Security vulnerability: 20151006 - CSRF

From Planet Plone. Published on Oct 06, 2015.

Patches to Zope and Plone for multiple CSRF issues.

I Reinstalled Again

By Alex Clark from Planet Plone. Published on Oct 05, 2015.

A while back I wrote about reinstalling OS X. This is another one of those posts.

I like to reinstall OS X, a lot. So much so, you'd think I'd find some way to automate the process. There must be something soothing about it, though, because I keep doing it.

I'm writing this post now because since my last post, I've begun storing a snippets on to help automate the process. This way, I get "the best of both worlds":

  • Automation of the tedious parts &
  • Interaction with the fun parts.

Specifically, with El Capitan I've settled on these 4 snippets:





Next, I perform various additional steps manually either because I've not figured out how to automate them or the automation prospects are not attractive:

  • Security & Privacy → Allow apps downloaded from Anywhere
  • Drag /opt to Finder Favorites for easy access to Homebrew Casks, then:
    • Users & Groups → Login items → Jumpcut
  • Keyboard → Shortcuts → Mission Control → Move left a space → ⌘ ←
  • Keyboard → Shortcuts → Mission Control → Move right a space → ⌘ →
  • Dock → Terminal → Keep in Dock
  • Dock → Firefox → Keep in Dock

Still, I'd trade all these steps for full automation if I could find an approach that's not more tedious than cut & pasting the above.

Lastly, I hope this helps someone. Please add a comment below if you have a better approach.

Pillow 3-0-0 is out

By Alex Clark from Planet Plone. Published on Oct 03, 2015.

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors.

The Pillow Team is excited to announce the release of Pillow 3.0.0. While "3 is just a number after 2", there are some significant changes in this release all users should be aware of:

I'm particularly happy to see libjpeg & zlib required; this will avoid many-a-broken-installation in the future. PIL is of little practical value when installed without JPEG support, yet this has been the default for over 20 years. No more! Thanks to wiredfool for spearheading this change.

For more goodness, please see the release notes & changelog:

Lastly, we're approaching 10 million downloads:

$ vanity -q pillow
Pillow has been downloaded 9,906,841 times!

An exciting milestone!

Thanks to all the developers & users of PIL & Pillow. Enjoy the 3.0.0 release, and as always report'em if you got'em and we'll fix'em.

Support via Gratipay

Plone Foundation Announces 5 New Members

From Planet Plone. Published on Oct 01, 2015.

The newest Plone Foundation members are K.K. Dhanesh, Fred Van Dijk, Cris Ewing, William Fennie, and Roel Bruggink.

eGenix PyRun - One file Python Runtime 2.1.1 GA

From Planet Plone. Published on Oct 01, 2015.


eGenix PyRun is our open source, one file, no installation version of Python, making the distribution of a Python interpreter to run based scripts and applications to Unix based systems as simple as copying a single file.

eGenix PyRun's executable only needs 11MB for Python 2 and 13MB for Python 3, but still supports most Python application and scripts - and it can be compressed to just 3-4MB using upx, if needed.

Compared to a regular Python installation of typically 100MB on disk, eGenix PyRun is ideal for applications and scripts that need to be distributed to several target machines, client installations or customers.

It makes "installing" Python on a Unix based system as simple as copying a single file.

eGenix has been using eGenix PyRun internally in the mxODBC Connect Server product since 2008 with great success and decided to make it available as a stand-alone open-source product.

We provide both the source archive to build your own eGenix PyRun, as well as pre-compiled binaries for Linux, FreeBSD and Mac OS X, as 32- and 64-bit versions. The binaries can be downloaded manually, or you can let our automatic install script install-pyrun take care of the installation: ./install-pyrun dir and you're done.

Please see the product page for more details:

    >>> eGenix PyRun - One file Python Runtime


This patch level release of eGenix PyRun 2.1 comes with the following enhancements:

Enhancements / Changes

  • Upgraded eGenix PyRun to work with and use Python 2.7.10 per default.
  • eGenix PyRun will now adjust sys.base_prefix and sys.base_exec_prefix in the same way it does for sys.prefix and sys.exec_prefix. This is needed for Python 3.4 in order to have distutils find the Python.h include file when compiling C extensions.
  • PyRun for Python 3.4 will now show the correct file name of scripts in tracebacks when running them directly, instead of just '<string>'.
  • The new internal _sysconfigdata module used by the sysconfig module is now patched with the eGenix PyRun config data as well, to make sure that PyRun doesn't ship with two sets of build config variables.

install-pyrun Enhancements

  • Updated install-pyrun to default to eGenix PyRun 2.1.1 and its feature set.

For a complete list of changes, please see the eGenix PyRun Changelog.


Please visit the eGenix PyRun product page for downloads, instructions on installation and documentation of the product.


Commercial support for this product is available directly from

Please see the support section of our website for details.

More Information

For more information on eGenix PyRun, licensing and download instructions, please write to

Enjoy !

Marc-Andre Lemburg,

Security vulnerability pre-announcement: 20151006

From Planet Plone. Published on Sep 29, 2015.

Patches to Plone for a variety of issues

Installing Plone 5 on Cloud9 IDE

By David Bain ( from Planet Plone. Published on Sep 28, 2015.

Plone 5 was released today. Here's how to quickly try it out on Cloud9 IDE. I'll assume you have already signed up with Cloud9 IDE. Step 1 - Create a new Workspace On the Cloud9 IDE dashboard select Create a new workspace Use the default settings as a Starting Point Then click Create workspace. Step 2 - Enter the installer command in the terminal in the terminal type the following

Plone 5 Revealed: Modern, Powerful, and User-driven

From Planet Plone. Published on Sep 28, 2015.

The Plone community has again raised the bar in the Content Management System market with today’s release of Plone 5.

The Emerging GraphQL Python stack

By Martijn Faassen from Planet Plone. Published on Sep 28, 2015.

GraphQL is an interesting technology originating at Facebook. It is a query language that lets you get JSON results from a server. It's not a database system but can work with any kind of backend structure. It tries to solve the same issues traditionally solved by HTTP "REST-ish" APIs.

Some problems with REST

When you do a REST-ish HTTP API, you expose information about the server on a bunch of URLs. These URLs each return some data, typically JSON. You can also update the server using HTTP methods, such as POST, PUT and DELETE. The client-side code needs to know what URLs exist on the system and construct URLs based on what it wants to know. If your REST-ish HTTP API is also a proper REST API (aka a hypermedia API), you make sure that all information can actually be accessed without constructing URLs but by following links (or doing search requests) instead -- this is more loosely coupled but also more difficult to implement.

But REST-ish HTTP APIs have some problems:


Imagine you have person resources and address resources. If you have a UI on the client that shows a person's address, you will have to access both resources on separate URLs. This can easily add up to a lot of requests from the client to the server. This not only causes network traffic but can also make it harder to program the client, especially if you can only do a new request based on information you got in another response.

You can reduce this problem by embedding information -- a person resource has address information directly embedded in it. But there's no standard way to control what gets embedded and this makes the next issue worse.

too much information
In a HTTP API, you want to send out as much information about a resource as possible, even if a particular UI doesn't need it. This means that there is more network traffic, and possibly more work done on the server to generate the data even though it's not needed.
too little information
There is typically rather little machine-readable metadata that describes what the information on the server really exists. Having such information can really help with tooling, and this in turn can help avoid bugs. There are emerging specifications that tackle this, but they're not commonly used.

REST will be here to stay for the foreseeable future. There is also nothing inherent in REST that stops you from solving this -- I wrote about this in a previous blog entry. But meanwhile GraphQL has already solved much of this stuff, so at the very least is interesting to explore.


GraphQL introduces a query language that lets the client express what it really wants from the server. A single request with this query goes to the server, and the server comes back with a complete structure with everything that's needed for a particular state of the UI. To get person information with its address information embedded, you can write something like:

  person(id: 101) {
    address {

You get back JSON like:

    "fullname": "Bob Lasereyes',
    "address: {
      "street": "Laserstreet",
      "number": "77",
      "postalCode": "XYZQ",
      "city": "Super City",
      "country": "Mutantia"

Check the GraphQL readme for much more.

This solves the issues with RESTish HTTP APIs:

less spamminess
To represent a single UI state you can typically get away with doing just a single request to the server specifying everything you need. The server then gives you a single response.
the right amount of information
You only get the information you ask for, nothing more, nothing less.
enough meta information
The server has a schema (which tools can introspect) that describes exactly what kind of data you can access.


If you use GraphQL with the React UI library there's another project from Facebook you can use with it: Relay. Relay lets you declare what data you want (using GraphQL), co-locate GraphQL snippets with the bits of UI that need it, so your UIs are more composable and can be rearranged more easily, and has a sophisticated system to help with mutations, so that you display the updated information in the UI as quickly as possible without re-fetching too much data.

It's cool, it's just new, I want to explore it to see whether it can tackle some of my use cases and make life easier for developers.

On the server side

So Relay and GraphQL are interesting and cool. So what do we need to start using it? To use React with Relay on the client side to build UIs, we need a Relay-compliant GraphQL server.

Facebook released a reference implementation of GraphQL, in JavaScript: graphql-js. It also released a library to help make a GraphQL server Relay compliant, again in JavaScript: graphql-relay-js. It also released a server that exposes GraphQL over HTTP, again in JavaScript: express-graphql.

That's all very cool if your server is in JavaScript. But what if your server is in Python? Luckily the Facebook people anticipated this and GraphQL is not bound to JavaScript. See the GraphQL draft specification and the GraphQL Relay specification.

The Python GraphQL stack

Last week I started exploring the state of the GraphQL stack in Python on the server. I was very pleased to find that it was in good shape already:

  • graphqllib: this is an implementation of GraphQL by Taeho Kim with contributions by an emerging open source community around it. Lots of contributions are by Jake Heinz, who was also very helpful in discussions on the Slack chat (#python at
  • graphql-relay-py: an implementation of graphql-relay-js for Python by Syrus Akbary, so we can make our GraphQL Relay server more compliant.

The piece that was missing was actually using this stack as a backend for a React + Relay frontend. Was it mature enough to do this? I figured I'd give it a try. So I set out to port the one missing piece to Python, the HTTP web server. So I took express-graphql and ported over its code and tests to Python + WSGI using WebOb. The result is wsgi_graphql, a WSGI component that offers the same HTTP API as express-graphql.

It was a fun little exercise. I found a few issues in graphqllib while doing so, and they're fixed already. I even found a minor bug in express-graphql while doing so, which is fixed as well.

So does it work? Can you use React and Relay on the frontend with Python on the backend? I created a demo project, relaypy, that experimentally pulls all these pieces together. It exposes a GraphQL server with a Relay-compliant schema. I hooked up some simple React + Relay code on the frontend. It worked! In addition, I threw in a cool introspection/query UI that was created for GraphQL called GraphiQL. This works too!

Should you be using this stuff in the real world? No, not yet. There are big warning letters on the graphqllib project that it's highly experimental. But while it's all very early days for these components, but the Python support has come very far in just a few short months -- GraphQL was only released as a public project in July, and Relay is even younger. I expect that in a short time this stuff will be ready for production and we'll have a capable GraphQL stack in Python that we can use with React and Relay.

Bonus: Graphene

Emerging just last week as well was graphene, which a very new library by Syrus Akbary to make implementing GraphQL servers more Pythonic. The API offered by graphqllib is rather low-level, which is nice as it's very flexible, but for many Python projects you'd like to use something more Pythonic. Graphene promises to be that API.

Friends sometimes let friends curl to shell

By Domen Kožar from Planet Plone. Published on Sep 27, 2015.

Friends sometimes let friends curl to shell

What's Plone for you? discover the Plone community.

By Maurizio Delmonte (Admin) from Planet Plone. Published on Sep 24, 2015.

Here's what people like about Plone, in a short video mixing different perspectives on an open source tool.

eGenix mxODBC Connect 2.1.4 GA

From Planet Plone. Published on Sep 23, 2015.


The mxODBC Connect Database Interface for Python allows users to easily connect Python applications to all major databases on the market today in a highly portable, convenient and secure way.

Python Database Connectivity the Easy Way

Building on our mxODBC database interface for Python, mxODBC Connect is designed as client-server application, so you no longer need to find production quality database drivers for all platforms you target with your Python application.

Instead, you use an easy to install royalty-free Python client library which connects directly to the mxODBC Connect database server over the network.

This makes mxODBC Connect a great basis for writing cross-platform multi-tier database applications and utilities in Python, especially if you run applications that need to communicate with databases such as MS SQL Server and MS Access, Oracle Database, IBM DB2 and Informix, Sybase ASE and Sybase Anywhere, MySQL, PostgreSQL, SAP MaxDB and many more, that run on Windows or Linux machines.

Ideal for Database Driven Client Applications

By removing the need to install and configure ODBC drivers on the client side and dealing with complicated network setups for each set of drivers, mxODBC Connect greatly simplifies deployment of database driven client applications, while at the same time making the network communication between client and database server more efficient and more secure.

For more information, please have a look at the mxODBC Connect product page, in particular, the full list of available features:

    >>> eGenix mxODBC Connect Product Page


mxODBC Connect 2.1.4 is a patch level release of our successful mxODBC Connect database product. It includes these enhancements and fixes:

Security Enhancements

mxODBC Connect Enhancements

  • Added support for the BinaryNull work-around added to mxODBC 3.3.5 in order to better support VARBINARY columns in MS SQL Server.

    Both mxODBC Connect Client and Server will need to upgraded to version 2.1.4 in order to be able to use the new singleton. 
  • The mxODBC Connect Client can now be compiled to a wheel file to simplify deployment. Simply point the pip at the prebuilt archive.

mxODBC API Enhancements

MS SQL Server

  • Documented and recommended use of SET NOCOUNT ON for running multiple statements or stored procedures. This can not only resolve issues with error reporting, it also results in better performance.
  • Added a work-around for MS SQL Server Native Client to be able to support VARCHAR/VARBINARY(MAX) columns when using the Native Client with direct execution mode or Python type binding mode. Thanks to ZeOmega for reporting this.
  • Added new helper singleton BinaryNull to allow binding a NULL to a VARBINARY column with SQL Server in direct execution mode or Python type binding mode (as used for FreeTDS). Using the usual None doesn't work in those cases, since SQL Server does not accept a VARCHAR data type as input for VARBINARY, except by using an explicit "CAST(? AS VARBINARY)". mxODBC binds None as VARCHAR for best compatibility, when not getting any type hints from the ODBC driver.
  • Added a fix for the MS SQL Server Native Client error "[Microsoft][ODBC Driver 11 for SQL Server][SQL Server]The data types varchar and text are incompatible in the equal to operator." when trying to bind a string of more than 256 bytes to a VARCHAR column while using cursor.executedirect(). cursor.execute() was unaffected by this. Thanks to Paul Perez for reporting this.
  • Added a note to avoid using "execute " when calling stored procedures with MS SQL Server. This can result in '[Microsoft][SQL Native Client]Invalid Descriptor Index' errors. Simply dropping the "execute " will have the error go away.
  • Added a work-around to address the FreeTDS driver error '[FreeTDS][SQL Server]The data types varbinary and image are incompatible in the equal to operator.' when trying to bind binary strings longer than 256 bytes to a VARBINARY column. This problem does not occur with the MS SQL Server Native Client.
  • Reenabled returning cursor.rowcount for FreeTDS >= 0.91. In previous versions, FreeTDS could return wrong data for .rowcount when using SELECTs.This should make SQLAlchemy users happy again.
  • Add work-around to have FreeTDS ODBC driver accept binary data in strings as input for VARBINARY columns. A side effect of this is that FreeTDS will now also accept binary data in VARCHAR columns.

SAP Sybase ASE

  • Added work-arounds and improvements for Sybase ASE ODBC drivers to enable working with BINARY and VARBINARY columns.
  • Added a work-around for a cursor.rowcount problem with Sybase ASE's ODBC driver on 64-bit platforms. It sometimes returns 4294967295 instead of -1.
  • Added note about random segfault problems with the Sybase ASE 15.7 ODBC driver on Windows. Unfortunately, there's nothing much we can do about this, other than recommend using the Sybase ASE 15.5 ODBC driver version which does not have these stability problems.


  • Added improved documentation on the direct execution model available in mxODBC. This can help in more complex parameter binding situations and also provides performance boosts for a few databases, including e.g. MS SQL Server.

For the full set of changes, including those of the 2.1 series of mxODBC Connect, please check the mxODBC Connect change log.


The mxODBC Connect 2.1 series was announced on 2014-05-28. These are the highlights of the new release:

Stored Procedures

  • mxODBC Connect now has full support for input, output and input/output parameters in stored procedures and stored functions, allowing easy integration with existing databases systems.

User Customizable Row Objects

  • Support for user customizable row objects by adding cursor/connection .rowfactory and .row constructor attributes. When set, these are used to wrap the normal row tuples returned by the .fetch*() methods into dynamically created row objects.
  • New RowFactory classes to support cursor.rowfactory and cursor.row. These allow dynamically creating row classes that provide sequence as well as mapping and attribute access to row fields - similar to what namedtuples  implements, but more efficient and specific to result sets.

Asynchronous Processing

  • Compatible with the latest gevent and greenlet packages. mxODBC Connect Client will happily work together with the asynchronous libraries gevent. All it takes is a single configuration entry in the client side config file.
For the full set of features, please see the mxODBC Connect product page.


You are encouraged to upgrade to this latest mxODBC Connect release. When upgrading, please always upgrade both the server and the client installations to the same version - even for patch level releases.

We will give out 20% discount coupons for upgrade purchases going from mxODBC Connect Server 1.x to 2.1 and 50% coupons for upgrades from mxODBC Connect Server 2.x to 2.1. Please contact the Sales Team with your existing license serials for details.

Users of our stand-alone mxODBC product will have to purchase new licenses from our online shop in order to use mxODBC Connect.

You can request free 30-day evaluation licenses via our web-site or writing to, stating your name (or the name of the company) and the number of eval licenses that you need.


Please visit the eGenix mxODBC Connect product page for downloads, instructions on installation and documentation of the client and the server package.

If you want to try the package, please jump straight to the download instructions.

Fully functional evaluation licenses for the mxODBC Connect Server are available free of charge.

The mxODBC Connect Client is always free of charge.


Commercial support for this product is available directly from

Please see the support section of our website for details.

More Information

For more information on eGenix mxODBC Connect, licensing and download instructions, please write to

Enjoy !

Marc-Andre Lemburg,

PyDDF Python Sprint 2015

From Planet Plone. Published on Sep 16, 2015.

The following text is in German, since we're announcing a Python sprint in Düsseldorf, Germany.


PyDDF Python Sprint 2015 in Düsseldorf

Samstag, 26.09.2015, 10:00-18:00 Uhr
Sonntag, 27.09.2015, 10:00-18:00 Uhr
trivago GmbH,  Karl-Arnold-Platz 1A,  40474 Düsseldorf
4. Stock, Raum 25 "Madrid"


Das Python Meeting Düsseldorf (PyDDF) veranstaltet mit freundlicher Unterstützung der trivago GmbH ein Python Sprint Wochenende im September.

Der Sprint findet am Wochenende 26/27.09.2015 im 4. Stock der trivago Niederlassung am Karl-Arnold-Platz 1A statt (nicht am Bennigsen-Platz 1). Bitte beim Pförtner melden. Folgende Themengebiete haben wir als Anregung angedacht:
  • Openpyxl
Openpyxl ist eine Python Bibliothek, mit der man Excel 2010 Dateien lesen und schreiben kann.

Charlie ist Co-Maintainer des Pakets.
  • Python 3 Portierung von mxDateTime

mxDateTime ist ein Python Bibliothek für Datums- und Zeitgrößen, die früher der Standard für solche Datentypen war, bevor das datetime Modul zu Python hinzukam.

Die Bibliothek wird von einer ganzen Reihe Projekten verwendet und soll auf Python 3 portiert werden. Marc-Andre hat mxDateTime geschrieben.

Für die Portierung sind Kenntnisse in Python 2.7, 3.4 und ANSI C von Vorteil. Fehlende Kenntnisse können aber natürlich schnell erlernt werden.

Natürlich kann jeder Teilnehmer weitere Themen vorschlagen, z.B.
  • Kivy (Python auf Android/iOS)
  • RaspberryPi (wir werden ein paar davon mitbringen)
  • FritzConnection (Python API für die Fritzbox)
  • OpenCV (Bilder von Webcams mit Python verarbeiten)
  • u.a.

Anmeldung und weitere Infos

Alles weitere und die Anmeldung findet Ihr auf der Sprint Seite:

Teilnehmer sollten sich zudem auf der PyDDF Liste anmelden, da wir uns dort koordinieren:

Über das Python Meeting Düsseldorf

Das Python Meeting Düsseldorf ist eine regelmäßige Veranstaltung in Düsseldorf, die sich an Python Begeisterte aus der Region wendet.

Einen guten Überblick über die Vorträge bietet unser PyDDF YouTube-Kanal, auf dem wir Videos der Vorträge nach den Meetings veröffentlichen.

Veranstaltet wird das Meeting von der GmbH, Langenfeld, in Zusammenarbeit mit Clark Consulting & Research, Düsseldorf.

Viel Spaß !

Marc-Andre Lemburg,