OpenACS and you (or, “Mental Hygiene for the Internet generation”)

February 7, 2003

Similar to the way people assume “oh, you’re getting Windows” when you mention that you’re getting a computer, the assumption made when you mention building a web site is “oh, you’re going to use LAMP”, that is, Linux, Apache, MySql, and PHP/Perl/Python. Like the Macintosh is an alternative to Windows, there exists a very good alternative to LAMP: OpenACS, the Open Architecture Community System.

A Bit of History

OpenACS is an open-source success story, being a piece of software that has survived and flourished after the demise of the company that created it. The arsDigita company initially created the ACS (ArsDigita Community System) as a toolkit to assist programmers in creating large scale community web sites. The original ACS was based on Unix (Solaris and HP-UX), the AOLserver web server, and the Oracle database. The code for ACS was released under the GPL (GNU public license). Since a number of folks in the community wanted to use the ACS toolkit, but didn’t want to spend the money for a commercial unix (Linux works fine) and for Oracle, they ported this version of ACS (version 3.x, also known as “Classic” ACS) to PostgreSQL, an open-source relational database with many features similar to Oracle.

Based on programmer and client feedback, arsDigita undertook a rewrite of ACS to unify some common features that had been coming up in many client jobs. This version (4.x) was also released under the GPL. Towards the tail end of ACS 4 development, arsDigita heard the Java siren song, ditched their existing technology and undertook another rewrite, this time in Java. The company then went under and some assets were sold to Red Hat in a venture capitalist shell game. The community that adopted ACS 3 then adopted ACS 4 and proceeded to finish the work that arsDigita started. The current version of OpenACS, 4.6, is a robust and reliable piece of software.

Stop, drop, and (don’t) roll your own

So, what does OpenACS bring to the table? The major feature of OpenACS is a unified data model. For instance, there is one way to represent users in the system, and this representation is shared by all OpenACS modules. One of the problems of mix-and-match LAMP projects is that many projects are built in a vacuum. You install PHP-nuke for your main site software. When you add a shopping cart module that wasn’t expressly designed for PHP-nuke, guess who gets to do the integration? And if you don’t do the work, you’ll have your users register for new accounts whenever they want to buy something from you.

Crack the whip, give permission

Another big feature is the permissions model. Access control, particularly for a large site with many contributors is a headache. The OpenACS permission model lets you tell the system “User X can do Action Y on Object Z”. For instance, on a User Group website, I can tell the system that the user Bob has admin privileges over the Book Review pages. He has complete control over the book reviews in that he can create new ones, delete old ones, and edit existing ones. He doesn’t have permission to do anything to the rest of the site outside of just browsing the pages like anybody else. These permissions can also be inherited, (restrictions on /reviews/admin extend down to /reviews/admin/delete-review), and applied to groups as well as individual users (e.g. every person in the editorial group has access to page editing).

Templates: good!

OpenACS also has pervasive templating. The content pages for the site are split between a data generating portion (which queries the database for the data to be displayed) and a data presentation portion. Programmers can write the data sources, and HTML scripters and graphic artists can create the presentation portion. For instance, this code gets information about some users, and runs the user name through the Swedish chef filter:

set title "Some User Stuff"

db_multirow get_user_stuff user_stuff {
     select user_name, age, shoesize
       from my_user_table
      where name like :name
} {
     set user_name [encheferize $user_name]
}

And then this template code can show the information in a bulleted list:

...
<title>@title@</title>
...
<multiple name="user_stuff">
   <li> Name: @user_stuff.user_name@ is @user_stuff.age@ years old.
</multiple>

or as a table, showing a cell in red if the user is under 21 years old:

<blink>@title@</blink>
<table border=5>

   <multiple name="user_stuff">
      <tr>
          <if @user_stuff.age@ le 21>
              <td bgcolor="red">
          </if>
          <else>
              <td bgcolor="green">
          </else>
          @user_stuff.age@</td>
          <td>@user_stuff.shoesize@</td>
      </tr>
   </multiple>
</table>

One thing to notice in the query is the use of a “bind variable”. The query looks in the function’s environment for a variable called “name” and sends that value on to the database. This is a performance optimization (the database only need to parse and generate the execution plan once), as well as a security measure. Many web scripting systems just have you construct a query by pasting together strings, some coming from data the user entered in a form. A malicious user can turn a query that looks like

delete from users
   where user_id = 1

into

delete from users
   where user_id = 1 or user_id = user_id

in other words, wiping out your users table. Bind variables prevent this kind of exploit from happening.

All content generated by pages throughout the site is included into a master template, which can have site-global features, like nav bars and logos. The master template that is used can vary on a per-connection basis, in case you wish to serve a different layout to a PDA or WebTV.

Some additional features of ACS

The OpenACS Content Repository is a place where modules can put their data, such as headlines, story bodies, and user comments. Data put into the content repository can be versioned (meaning that previous versions can be reconstructed) Since content is in a central place, it can be indexed for full-text searching.

Workflow is a petri net-based model for designing sophisticated workflows, such as an editing pipeline where authors can submit articles via web forms, then editors and executive editors and approve the articles, make changes, or bounce them back to the writer for updates.

OpenACS has a package manager, similar to Red Hat’s RPM and Debian’s APT, allowing individual modules to be loaded and unloaded, so if you don’t need ecommerce right now, you can always install it later. Individual instances of packages can be “mounted” at different places in the website. For instance, you could create a bboard at /blab-o-rama for general discussions. Later on you want another bboard at /development/discussions. You can easily create a second instance of the bboard and mount it at that URL. Presuming this is an internal bboard, you can use the permission system to restrict /development/discussion (and all the subsequent discussions) to authorized personnel. These two bboards are also independent of each other.

Module Mania

What good is all of this technology if there’s nothing you can do with it? OpenACS comes out of the box with a number of pre-built modules, ranging from the simple and fun to the incredibly powerful and complicated:

• bboard and forums : discussion forums
• ecommerce : Amazon in a box. includes a payment gateway service for authorizing credit cards using Authorize.net or PayFlowPro
• photo album : upload images, along with titles and descriptions
• survey : probe your users minds
• ticket tracker : a system for tracking user issues.
• general comments : Modules can use services provided by General Comments to let users comment on content
• CMS : a full-featured content management system
• Edit This Page : a smaller-scale content management system, making it easy to create templated content.
• Postcard : upload pictures and send friends picture postcards
• GateKeeper : Apply permissions to existing CGI applications
• News : site news and press releases
• Glossary and FAQ : handy for technical sites that need to explain terminology or display a Frequently Asked Questions page.
• File Storage : allow users to upload and download files
• Ad Server : display banner ads
• Wimpy Point : an online slide show for presentations.
• Developer Support : show page execution times and the database queries (and times) those pages performed

Plus there are number of individuals and companies producing modules. The MIT Sloan School of Business is sponsoring .LRN, an eLearning platform based on OpenACS that supports course management and online communities. Also Collaboraid is creating .WRK, an intranet / extranet platform based on .LRN and OpenACS technologies.

Fundamental Technologies of OpenACS

OpenACS runs on many Unix variants (including Mac OS X), and is based on two fundamental technologies: the AOLserver web application server, and the PostgreSQL relational database. For those who already have it (or just want to give away money), OpenACS also works with Oracle.

When folks see the “AOL” in AOLserver, the first reaction most have is “AOL SUCKS!” I’ll reserve judgment on the average AOL user, but the technology that lives behind the AOL service is astounding, handling billions of user requests each day. AOLserver, one of the web server technologies AOL uses, has a long history (internet-wise) dating back to 1995, having many features then that Apache 2 has only recently re-implemented, such as multithreading (for better use of system resources), pooled database connections (saving on setup and tear down for connecting to the database, a pretty slow process), and an embedded scripting language. AOLserver embeds Tcl (the Tool Control Language) and provides a powerful API that supports web systems. Several high-traffic AOL properties such as Digital City and MapQuest are based on AOLserver.

Tcl is a very simple language, (a good programmer can learn it in a day and master it in a week), but it is also a full-featured language, including control structures and organizational aids that systems like PHP lack. Tcl is also much smaller than other scripting languages, like Perl, and so is an easier language for newer programmers grasp.

PostgreSQL is a true ACID-compliant (Atomicity, Consistency, Isolation, Durability) relational database, complete with transactions and referential integrity, has had those necessary features for many years, and are robust and well-tested. Web pages make database queries, as well as a number of OpenACS features implemented in the database using the pgplsq language (similar to Oracle’s PL/SQL language)

One thing to be aware of is that OpenACS is not a turn-key system. You can’t really download it, install it, and click a couple of buttons and get a completed customized site. You can get a long way there with OpenACS, but nearly all sites will have some customizations that will need to be made, and to do that you (or someone on your staff) will need to be a programmer. Where OpenACS really shines is building highly customized sites. It has a very strong foundation on which to build that which makes your site unique.

License Madness! (or, Implications of the GPL)

OpenACS is released under GPL. A common misconception is that if you use GPL’d software you have to give away all of your source code. If you create a website using OpenACS, do you then have to give away all the custom code you’ve written? No. You only need to make your code available to others if you are redistributing OpenACS. So for example I can use OpenACS to run borkware.com (which I do), and I don’t have to give anything away. If I then decide to sell “Borkware’s Web Toolkit” based on OpenACS, then yes, I’d need to give away my module customizations. Any new modules I create I can release under my own license.

Who else is using it?

OpenACS.org of course. GreenPeace recently deployed an OpenACS-based system. Carnage Blender is an online combat game serving millions of battles. WGBH in Boston uses the arsDigita ACS 4 CMS for doing content managment. SemiZone is a semiconductor industry online learning resource. OpenACS.org has a list of sites that run OpenACS.

Where can I get it hosted?

Similar to the “there are fewer pieces of Mac software” lament, it can be difficult to find hosting for an OpenACS site. If the site is for inside of your company (for an intranet or intneral Knowledge Base), you can just install a machine (a Mac or a Linux box) on your local network. Another option is to co-locate your own machine. Some of the surviving Mom-And-Pop facilities can provide co-location at reasonable rates. (I do this for borkware.com and other sites I host.) If you don’t mind a Linux hosting solution, Acorn Hosting is specifically targeted at the OpenACS market. Also pair.com, hub.org, and zill.net can do OpenACS hosting. One of the nice things about OpenACS is that it is a platform independent toolkit. You can develop on your iBook and deploy on a Linux box somewhere.

I’m obviously a big fan of OpenACS. It strikes a good balance between being simple enough to get work done without too much hassle, but has a depth of power available when the site requirements get complicated. If you’re planning a new, large-scale web application, it’s worth the Time to check out OpenACS and the technologies it is based on.

Mark Dalrymple (markd@borkware.com) has been wrangling Mac and Unix systems for entirely too many years. He worked at AOL on AOLserver for several years, before becoming one of the first dozen arsDigita employees, and has contributed to both projects over the years. In addition to random consulting and custom app development at Borkware, he also teaches the Core Mac OS X and Unix Programming class for the Big Nerd Ranch.

E-mail this story to a friend