The more I learn about Zope, the more I like. Mostly.

I’ve always had a keen interest in software composition, and so was particulary impressed with Zope’s notion of “acquisition”, which is just composition by aggregation. What’s really novel here is not that, which has been done before, many times, but the binding of the URI hierarchy to containment relationships. Kudos for that.

One of the very few criticisms I have about Zope though is the use of “URL Traversal”, to locate scripts named in a URI. I added some comments to that page (itself, a nifty feature!), as you can see there;

I was thoroughly impressed with most of what I’d seen in Zope, but not so much with this feature. Perhaps it’s convenient, but it’s also quite dangerous in general I think. The examples of “feed” and “wash” are are called “unsafe” methods in Web architecture terms (http://www.w3.org/TR/webarch/); that is, they change the state of the object. Therefore they, shouldn’t be invoked with GET, as Googlebot might come along and accidentally feed your hippos. If you want to change the hippo directly to the fed state, use PUT with a document which represents the state of that fed hippo. If you just want to give him food (that he may or may not choose to eat), use POST with a description of the food.

I also wonder if the same misunderstanding about GET vs. POST was responsible for some problems I noticed with object publishing. For example, both GET and POST end up invoking the “index_html” method (eek, a horrid name) of an object (basically the equivalent of doGet() for you servlet fans). It’s odd that the object model define ambiguous dispatch behaviour for GET/POST, yet define proper dispatch behaviour for PUT, HEAD, and the WebDAV extensions. Perhaps a legacy mistake that’s too costly to fix? Dunno. But the more I read the publishing section, the more it seems that Zope has a bit of split personality in supporting both the Web and RPC models.

Hopefully that doesn’t get in the way of what I want to do with it.

I can finally give a bit of a glimpse into what I’ve been working on the past few months. It’s just a small piece of the big picture, but a really interesting part of it. Nanometrics has just announced Taurus(PDF), a portable seismograph. It’s Java/Linux/Web/Semantic-Web all the way. Definitely the coolest device I’ve ever worked on.

When you double-click an application[...]

Isn’t that cute? It’s so 1988. Of course, any self-respecting application developer today single-clicks theirs. 8-)

Thanks Roy. That’s really good to see. Roy’s far more articulate than I am on these matters, and I’d say that he picked the right guy to come out of the woodwork for too. My favourite bit;

I don’t buy the argument that programmers benefit from a Web Services toolkit. Such things do not build applications — at most they automate the production of security holes.

8-)

I found this in in my aggregator, but it’s not on his site any longer;

Adam Bosworth admits he doesn’t get REST. I like that. It takes courage. The REST advocates promote by intimidation. A clear sign they don’t want you looking too closely. Now Bosworth is going to do exactly that. Bravo.

Apparently I intimidate Dave so much that he’s unable to dig deeply into the issues himself! I rule. Golly.

I am jazzed about Adam’s latest weblog entry though. I’ve always expected that he’d be one of the first big Web services proponents to really get the Web, since he’s such a bright guy. I’ll respond when I get a minute.

I’ve just been getting into Zope, and was reading The Zope Book when I stumbled upon this;

The technology that would become Zope was founded on the realization that the Web is fundamentally object-oriented. A URL to a Web resource is really just a path to an object in a set of containers, and the HTTP protocol provides a way to send messages to that object and receive its response.

I would have phrased the last part of the last sentence differently – perhaps “provides a way to request the state of the object, and to process the serialized state of objects” – but yah, close enough.

Identity; check.

State; check.

Behaviour; check.

Encapsulation; check.

Data hiding; nope, but I personally never considered data hiding axiomatic of OO-ness.

Sean points, indirectly via Jorgen to an effort out of Microsoft Research (CRL) called Project Samoa, which provides tools for verifying the security of Web services.

Cool stuff, but you realize that you’d have to apply this to every single application interface out there? Ouch.

Yet another example of a benefit of using a single application interface.

In a post to service-orientated-architecture.

For your (re)viewing pleasure.