After much deliberation, I have decided to start publishing my screencasts in a separate YouTube channel, instead of in the same channel where I’m also publishing my vlogs. The reason is simple: I think these videos are very different in approach and have a different target audience (but there will be some overlap).
While my vlogs will usually be rather personal, the screencasts are more technical and in a tutorial format. I don’t think these different types of video go well in the same channel, so I’ve decided to split them up on YouTube. You can subscribe to one of them, or both if you want to see all my videos. In the near future, I’ll be opening a section for the screencasts, as I did for my vlogs already, so you can also keep track of everything via my website here. Continue Reading…
Tim Nash has published his predictions for the next year. The entire piece is worth a read, since I think Tim’s predictions are not far off, but the Bumping up PHP 5.2 part obviously sparked my interest:
[…] should we be aiding hosting companies, in supporting out of date potential security black holes. It’s clear that until hosting companies are forced to update they are not going to. So if WordPress was to change it’s minimum version number then hosting companies have no choice but to upgrade.
This is about the same as Anthony Ferrara has been telling us (also read his followup post: Being A Responsible Developer). I truly believe that the hosting companies are in a demand driven market. They will update their PHP versions as soon as large open source software projects like WordPress announce that they will bump their PHP version requirement for future releases.
If you like to read predictions for the new year (like I do), go read the full list of Tims predictions for 2015. As I said before, he’s not far off and I’m sure it will be a great inspiration for future projects or things to learn, like it was for me.
Eric Mann has published a post on his blog titled Bundling and Bloatware, in which he describes his frustrations with the Jetpack plugin doing a lot of the exact opposite of what’s in the core WordPress philosophy:
The epitome of everything opposite of this drive to pare WordPress down to a barebone feature set was Jetpack by Automattic. […] It began to add more and more features as the Automattic team brought other projects into the fold, though. Today, Jetpack bundles 33 discrete features, each of which could ship (and in many cases has shipped) as a separate WordPress plugin.
This goes well with the post I wrote a little while ago, about lean and mean plugins. It’s also something that I struggle with every time I use Jetpack (3/34 features enabled here on this site). I’m all for a modular approach in Jetpack, so we can load just the modules that we need on our servers. Heck, I would even prefer them to continue to release all these plugins as actual separate plugins.
When you go read the post, be sure to check out the comments as well. Some of the Jetpack development have joined the conversation there and more or less defend the decisions the Jetpack plugin has made. I can’t say I agree with them, but at least this post opened up the conversation again.
Today we did our first Google Day. For those of you who don’t know the 20% time offer, Google offers her employees 20% of their time to work on side projects. We decided that the side projects we work on are preferably projects that benefit the company in the long run, but can be anything.
At first I wanted to (finally) dive into some other programming language, like Ruby or finally get my hands on some Node.js. None of this all happened though, as we discovered during some discussion that we really needed a project management tool and we never took the time to properly set things up. Continue Reading…
For a while now, I’ve been trying to think of ways to do more with video. At the top of my todo list is something called “the vlog experiment”.
I asked on Twitter why I didn’t know of any developers who post vlogs. I got a lot of responses, but nobody was able to name someone. Finally, Jeffrey Way’s response gave me the push I needed. The fact that there are no developers out there posting vlogs, probably means that there is room for someone to start doing this (or it means that it’s a bad idea, but let’s not assume that’s the case…). Continue Reading…
We’ve been telling customers to always be on the latest and greatest version of everything WordPress related. It has become the de facto answer to any bug report: “Are you running the latest version of plugin x and y?”. That’s fine, for most use cases. But what if I’m in a situation where I can’t be at the latest version? Or what if I find a bug in the latest version and have to restore to an older version?
Of course, we run our version control for websites. We can restore older versions of plugins after we find a bug. This requires us to have the premium plugin in our own version control, writing our own history. While this works fine, there are a couple really big downsides to this. Continue Reading…
I’m not a sysadmin by any means, but I like to think that I know how to setup a little server environment. Having used Vagrant for a long time now helps, it definitely lowered the bar of getting into it.
One thing that has puzzled me for quite some time, is so silly that I wanted to document it. Maybe I can have a good laugh about it when I look back at this in a couple months. Long story short: PHP uses a different php.ini file for each program it loads in. This can be in the command line, or anything really.
So if you want to install the mcrypt extension for example (in my case on Ubuntu: sudo apt-get install php5-mcrypt) and wonder why it isn’t loading when you use PHP on the command line; make sure the extension is loaded in /etc/php5/cli/php.ini. In case you use PHP-FPM as well, make sure to load the extension in /etc/php5/fpm/php.ini as well.
I have spent hours to find it, only to forget this is a thing a couple weeks later when it showed up again. Call me silly, but a quick Google search learned me that lots of people are struggling with this issue as well. If this post isn’t just going to give me a good laugh when I find it in a couple months, maybe it will help someone who stumbles upon it.
Ever since Barry announced that he’s working on a related posts plugin, I’ve been keeping track of the project. Now that it’s available, the reviews for the free plugin have been five stars all the way, so there must be something good in it, right?
The one thing that has always been a challenge for related posts plugins, is performance. Related Posts for WordPress makes a bold statement about that:
Related Posts for WordPress won’t lag your server!
We don’t think having related posts should slow down your website. That’s why Related Posts for WordPress creates its own cache and does all the heavy lifting in the admin panel, keeping your website fast as it should be!
So it’s free, gets five star reviews all the time and is not making my site any slower? Sounds too good to be true? Well, the new premium version of the plugin adds even more juice. It offers related posts for all (including custom) post types, support for all (custom) taxonomies and themes for the output of the related posts (no coding required). Continue Reading…
Andrey Savchenko, better known as Rarst, announced that he’s removing all his WordPress plugins from the official repository. He’s been talking about it for a while, but now finally pulled the trigger on this decision.
Things like the mandatory support forum for each plugin, without the option to disable it or use an external support system, is something that has been bugging me a lot. Now WordPress core will start accepting pull requests on GitHub (as announced in Matt’s Town Hall talk at WordCamp San Francisco), the version control state of the plugins repository becomes even more painful:
While SVN is usable it is hardly pleasant or popular for modern development, lacking in newer distributed version control paradigms, performance, and other conveniences. More so WordPress actively discourages using its repository for active development, reducing it to storage mechanism with updates only happening for release versions.
I agree on a lot of Rarst his points, but am not really at the point of removing my plugins from the repository myself. What I do hope, is that decisions and bold statements like this post can become a catalyst for all the changes in the WordPress ecosystem.
Yesterday, Sucuri published a very detailed document about a critical vulnerability in the Slider Revolution plugin. This is a vulnerability that’s about as bad as they can get. It allows access to files like wp-config.php and makes it fairly easy to compromise a website.
This wouldn’t be so bad if it wasn’t the case where the plugin author decided to not disclose the vulnerability and patch it without notifying their users:
The problem was fixed 29 updates back in 4.2 in February. We were told not to make the exploit public by several security companies so that the instructions of how to hack the slider will not appear on the web.
Right now, the exploit is being actively exploited and lots of websites are compromised because of it. But it gets worse. This plugin is bundled in a ton of themes sold on the internet, including some very popular themes on ThemeForest and other marketplaces. All of those sites are probably vulnerable to this exploit and can be compromised within seconds.
The good news is, there is a patch available. Users of the plugin can just update and the vulnerability will go away and their website will be safe again. There is only one problem. The themes that come with this plugin bundled, probably have no idea this vulnerability even exists and more important: They have no easy way to update the plugin. Yikes. Continue Reading…