Hi Brandon, Keith,
I think Keith is referring to the thread I started earlier about a
service that would provide a very easy way to install Mezzanine.
Like you Brandon, I'd love to be able to recommend a Django-based
alternative to WordPress. It seems that there isn't a solution like this
yet. There is a real question in my mind about whether non-developers
can really produce good quality web sites without learning quite a bit
about coding. All of the approaches I know have serious problems:
1) The WordPress approach:
The biggest problem is security. WordPress themes and plugins are just
PHP code. The system suffers terribly in terms of security because of
that. A WordPress site inherits all of the security problems that PHP has:
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
In addition, WordPress adds it's own:
* 'convenient' SQL APIs that makes SQL injection vulnerabilities
extremely likely.
* use of PHP as template language, which makes XSS very likely,
* complete lack of proper structure in request handling, which makes
access permission vulnerabilities very likely.
* Ability to edit the PHP templates, which means that admin access to
a WordPress site (e.g. through a guessed password) immediately
elevates to a remote execution vulnerability - the most serious kind.
I recently evaluated the practicality of using WordPress as a cheap
replacement for our current church website. I found a professional
looking plugin that would actually do our "sermon MP3" page, and so
analysed the code. Within an hour I had found dozens of XSS
vulnerabilities, and a bug that allowed *any* user (completely
unauthenticated) to delete any file on the server.
In other words, in terms of structure, WordPress provides a free-for-all
that guarantees a security mess. The situation is terrible, and we all
know WordPress sites that have been hacked as a result. This is really
not something you want non-technical people to be dealing with.
And even if you don't get hacked, you are still end up with something
that is a nightmare to maintain - all the different plugins and themes
are just cobbled together, and once you start upgrading things, you can
expect a mess.
2) "Website builders"
e.g. http://www.wix.com/
http://www.weebly.com/
http://squarespace.com/
This is the other end of the spectrum. You get a fairly locked down
system, in which you must choose a template, with some controls for
customisation, and add your own pages. There might be an "apps market"
if you want to add custom server-side logic, but that's probably your
only option.
There are lots of downsides:
* Quite limited in what you can do
* Often badly optimised for mobile
* Once you have more than a few pages, managing them all and keeping
them consistent gets hard
* You are locked into their platform
If their templates and functionality suit your needs, they are great,
but you can hit a limit fairly quickly.
3) Designer oriented sites
For example https://webflow.com/
These can help web designers build good looking sites. You get a good
level of control over HTML/CSS, but when it comes to CMS features I
think they are lacking, and custom server-side logic is again going to
be a problem. The idea is that designers "hand off" their code to a
developer at that point.
And that is the point at where something like Mezzanine comes in, which
aims at the people who have 1) found the above three solutions
inadequate for their needs, and 2) are technical enough to handle the
alternative, or are happy to pay someone else who does have those skills
e.g. an agency that builds custom web sites for people.
It also aims to be "just Django", which gives you the flexibility of
building a lot more than just a blog. But this flexibility means that it
cannot be totally opinionated about what it does, and therefore cannot
do everything for you.
I don't know if some "middle ground" between the alternatives is even
theoretically possible. It is precisely the flexibility of WordPress in
terms of installing arbitrary code that gives it the power it needs, and
makes it a nightmare. Complete flexibility also means it's going to be
very hard to create responsive (mobile optimised) sites, and that is
more and more of a minimum requirement today.
I have been toying with the idea of a building a service that would help
you get a Mezzanine instance up and running, and would manage it
entirely for you, including providing a set of themes you can choose
from. There are some challenges in doing that - the Mezzanine themes
that are available basically assume that you are going to edit them with
a text editor at some point, rather than be installable in a
point-and-click way.
My ideal implementation of this would allow users to cut themselves
loose when they outgrow the system, and at that point have a Django app
that would be implemented using best practices, would have instructions
about how to set up their own dev environment, deploy etc., and their
own (small) VPS to manage.
The bigger challenge for me at the moment is knowing if I would be able
to make money out of a service like that, without which I can't afford
to be working on it. It would be a lot of work to do in a competitive
way. (You'd need a lot of themes etc., and a slick interface).
And it's possible that a system that attempts to hit someone in the
middle of the different extremes might end up with the worst of both
worlds, rather than the best, and not actually be useful for anyone who
wants to build a web site.
Those are my thoughts any way.
Regards,
Luke
On 29/04/15 21:04, Ken Bolton wrote:
Hi Brandon,
I hear your frustration. I encourage you to stick with it. Get through
the excellent official Django tutorial. I have observed individuals of
wildly varying skill levels and backgrounds use Mezzanine to great
effect. The key that unlocks Mezzanine is always Django.
There was talk recently on this list about a WordPress.com clone based
on Mezzanine. I hope someone does it and sees wild success.
Keep in mind that Mezzanine was built by developers who needed a
powerful, consistent, and flexible platform on which to build bigger
projects. Mezzanine is for developers, without apology. The first
parts of the documentation make it clear that a knowledge of Django is
required and that the target audience are front- and back-end
developers and systems administrators.
Finally: Until I deploy, I have nothing. So the first task is always
to deploy. A successful running deployment – even to a local VM – is
the /mis en place/ of software development.
- ken
On Wed, Apr 29, 2015 at 2:52 PM, Brandon Keith Biggs
<brandonkeithbi...@gmail.com <mailto:brandonkeithbi...@gmail.com>> wrote:
Hello,
I have been looking around the web, comparing different python
CMSes with Mezzanine and I keep coming back here. I am wondering
why mezzanine does not implement functionality for non developers
to use it out of the box?
So for example, I have my website on wordPress and would like to
migrate it to mezzanine. I know python, but not django. In order
for me to move my site to mezzanine and make it look like I want,
I need to both modify the CSS file, the template files, learn
django so I can display some variables that I have on my
front-page and figure out how to deploy mezzanine on a server.
After I get my website up and running I want to learn django and
start building apps.
Granted, mezzanine has a much easier entry than any other python
CMS I found, but I think it could and should be a little easier.
After all, there is a huge audience of people who know basic
python and would really like to use a python CMS, but don't want
to learn django or a complex templating language to create a good
looking website.
For example, why does it take 5 commands to run? (granted 5 is
really good as most other places take 10+), but mezzanine-project
myproject could totally make the db, setup the user and ask if you
would like to run the server. (possibly a -s or -b could setup the
server for server-side development and -b could set the folder
like it is now).
I have not yet deployed it on a server yet, so can't say how
difficult it is, but it would be really awesome if mezzanine
either did what wordPress.com does or give a really easy (no more
than 10 step) tutorial on how to install mezzanine on something
like Python Anywhere.
Also, why does mezzanine not have a content folder with subfolders
of plugins, themes, apps and the default templates? I think it
would be super easy to make and would promote well-organized site
structure.
I know that mezzanine is built for developers, but so is python. I
think that mezzanine could totally remain super developer friendly
while also being non programmer and basic python programmer friendly.
These are just a few thoughts from someone who is just coming into
mezzanine never having developed for the web in python before.
(Other than brython :)). I really would like to tell people to use
mezzanine rather than wordPress because learning how to script in
python is just so much easier than learning how to script in PHP,
but currently it is too complex.
I am learning django and hopefully I can either make a separate
CMS based off mezzanine or help mezzanine to become novice friendly.
Thanks,
Brandon Keith Biggs <http://www.brandonkeithbiggs.com/>
On 4/22/2015 4:46 PM, Josh Cartmell wrote:
Hi Brandon, hopefully the following are helpful answers!
1. Title + the publishing controls are present across all things
that inherit from the Displayable class where as the type of
content on those various models will vary from class to
class. Blog Posts have categories and content, Rich Text
Pages just have content, Links have no content, etc... All
the admin classes of those models inherit from Displayable so
they end up all having those things grouped. Besides the
technical reasons I think the consistency is useful and I
find it nice to always be able to have the publishing
controls right there.
2. The editor is a WYSIWYG, particularly one called TinyMCE.
Here's what they have to say about accessibility,
http://www.tinymce.com/wiki.php/TinyMCE3x:Accessibility, but
maybe some or all of that isn't working?
You can change what is used though, for example in your
project's settings.py file you could put:
RICHTEXT_WIDGET_CLASS = "forms.Textarea"
Doing that should get rid of the WYSIWYG and those types of
fields should just show up as normal HMTL textareas. That
would affect any admin user, not just yourself.
3. There isn't anything like that built in, there might be other
projects that do things like that for Django that you could
integrate with Mezzanine.
4. I don't think we have considered Brython but it should be
easy to integrate any front end technology you want. Right
now Mezzanine ships with Twitter Bootstrap as a frontend
framework and I think most people, myself included, are very
happy with it. But really, Mezzanine doesn't force front end
technology on you, it just default to Twitter Bootstrap and
you can change that easily by changing your project's base.html
Brython does look interesting though so I may have to take a
look at it at some point!
5. Mezzanine does have some user account/profile support. Here
are the docs,
http://mezzanine.jupo.org/docs/user-accounts.html. Mezzanine
doesn't have any social login support but there are quite a
few Django apps that do that which you could use to add that
functionality
6. I tend to use https://www.digitalocean.com/ (VPS) or
https://www.webfaction.com/ (shared host). I've never used
it on a cPanel host but you do need ssh access to a host to
be able to deploy Mezzanine.
7. Mezzanine doesn't have plugins in the same sense as
Wordpress. You can't install anything through Mezzanine's
admin interface other than possibly adding some Javascript to
the content of pages. Here is a list of modules that have
been created for use with Mezzanine,
http://mezzanine.jupo.org/docs/overview.html#third-party-modules
but most if not all of them probably require modifying at a
minimum your projects settings.py file
Here are a few more thoughts:
Mezzanine is Django so anything you can do with Django you can do
in Mezzanine. That means that when you look for modules you can
cast a wider net than just looking for things that were
specifically made for Mezzanine
The following is my opinion and I'm sure my bias towards
Mezzanine will show. Mezzanine and Wordpress have fundamentally
different philosophies. Wordpress is more targeted at end users
by making it easy to install plugins through the admin
interface. I tend to think that with a Wordpress site you could
get 80% to 90% of the functionality you want with plugins but
that last 10% may be very difficult. Mezzanine on the other hand
requires you to either have a developer or know how to code
yourself. It doesn't try to be all things to all people but does
provide a solid core feature set and makes it easy for a Django
developer to add missing functionality.
Hopefully that helps. Welcome to Mezzanine and please keep
asking questions. Good luck!
On Wed, Apr 22, 2015 at 6:10 AM, Brandon Keith Biggs
<brandonkeithbi...@gmail.com
<mailto:brandonkeithbi...@gmail.com>> wrote:
Hello,
After spending 8 months with wordPress, I am throwing my
hands up and moving back to my home language python.
I saw mezzanine was probably the cms that would give me the
least problems, but I have some questions:
1. The edit page screen is really messy and difficult to
navigate. I am using a screen reader, so that may be part of
it, but why is the publish date stuff right under the title?
why is not content right under title? I would like to enter
the title, hit tab and enter the page content. Also, why is
the body text editor not a multi edit field? The weird thing
is that it now is almost unusable... I can't use navigation
commands to get into it or out of it, it says "paragraph
editable" while arrowing through each line and there is no
advantage anywhere for having this. Perhaps it is a wysiwyg
editor and that is why I don't see anything good about it. If
so, how can I disable the wysiwyg editor for my account?
2. Not being able to write html from within the editor is
horrible, I need to fix it. I spent all last night trying to
think about how one could change the user permissions on them
self, but couldn't come up with anything. Perhaps it has to
do with the backend, but it just seems so unlikely it will
never happen.
3. Is it possible to add short-codes or code within the
editor so I can access variables and or functions that I have
created without making a template?
4. Has mezzanine considered distributing brython along with
the servers? I can add it, but it would make more sense to
have things in brython rather than javascript for a python
based product...
5. How is the user account support? I would like to have
people connect with Facebook or google and grab info from
there to populate the user's fields on their account pages.
6. What hosts are easy to use with mezzanine? I am looking
for a new one and would prefer one with CPanel.
7. Are all the plugins there on the front page? Is there a
way to get plugins or templates from within the dashboard?
This is something that makes wordPress exceptional for quick
development.
Thank you,
--
Brandon Keith Biggs <http://www.brandonkeithbiggs.com/>
--
You received this message because you are subscribed to the
Google Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to
mezzanine-users+unsubscr...@googlegroups.com
<mailto:mezzanine-users+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the
Google Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to mezzanine-users+unsubscr...@googlegroups.com
<mailto:mezzanine-users+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to mezzanine-users+unsubscr...@googlegroups.com
<mailto:mezzanine-users+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to mezzanine-users+unsubscr...@googlegroups.com
<mailto:mezzanine-users+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
Hofstadter's Law: It always takes longer than you expect, even when
you take into account Hofstadter's Law.
Luke Plant || http://lukeplant.me.uk/
--
You received this message because you are subscribed to the Google Groups "Mezzanine
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
