Categories
-
More Feeds
External Links
Archives
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
Tag Archives: WordPress
GR Shared Link - Wordsplosion!
September 13, 2008 – 6:06 pm
Piquing Curiosity
June 13, 2008 – 6:05 pm
I don’t have time to do a more detailed post on the technical details of my new blog consolidation approach, but I thought I’d throw a teaser out there and mention that I did it without adding any additional plugins. Just something for you WP enthusiasts to ponder / wonder about until I get around to explaining it. 
Long, rambling thoughts on WPMU
May 31, 2008 – 9:07 pm
I’m posting this a bit late, but just about two weeks ago I finally caught a few spare minutes to upgrade this thing to the latest released version of WordPress MU. Things went surprisingly well, especially since until that point I’d been running a “custom” version (more on that later), and this was the release that synced up all the new admin changes released in the 2.5 “regular” WP release.
I run this domain (freepressblog.org) with several blogs as well as two other domains (”sites” in WPMU terminology), each with their own set of blogs. So far no reports of any problems; the transition went pretty smoothly. Prior to the upgrade, I heard a lot of noise about the new admin UI being a hard adjustment, but in my experience, I haven’t encountered any difficulties, and haven’t heard of any from the other people who use this install.
I’ve been wanting to the “big” upgrade for quite a while now, since it was kind of a pain to be maintaining my own hacked together version. The unfortunate thing was that I didn’t really have much of a choice in that matter, as the “main” line of development in the WP project had been getting all sorts of urgent security patches and MU just doesn’t really keep up with them to the degree that I’d like.
As an example, you may remember the password hashing / salting and cookie authentication vulnerabilities from WP 2.3. These two issues were initially reported (to “regular” WP) November of 2007, and patched in that code base relatively quickly (December 2007). There was a similar ticket for incorporating the same changes into WPMU, and it was arguably (IMHO) even more important to do there, since MU installations generally have more registered, non-admin users.
I’m using these two in particular as an example because I’m familiar with them; later that month (12/2007) I submitted a patch that corrected these two issues for MU users as well, and I’ve been running it without error here on this installation ever since. Unfortunately, it was decided that these changes should follow the same path as the rest of MU - namely wait and eventually do a huge sync-up release that ports all the latest stuff from standard to MU.
The problem is that this “sync-up” release only just happened earlier this month (May 2008). This means that for anyone running only “released” versions of the software, they had been lacking these (and other) security fixes for 5-6 months. Personally, I consider that to be a problem, since running only released versions of the software should be a reasonable and safe choice for people who aren’t willing or able to hack together their own code.
There are various things that have recently kept me from being as involved in WP development stuff as I was at one point. Mostly it’s just other priorities / demands on my personal time, but I do have to admit that part of the motivation I initially had after WordCamp in San Franciso last July has certainly faded.
Even that I won’t attribute entirely to the issues I’m “complaining” about here; a good deal of it is probably just a shift in interest for me personally. But I also have to honestly admit that I do not feel as interested in pushing for / working on the kinds of things I’d like to contribute to in a project like this, since I think it’s clear that they often don’t quite line up with the values / priorities of the people who control the direction of the WP project, for better or for worse.
I imagine it’s this way with any open source project with a healthy number of contributors, and I certainly do believe whole-heartedly in the benevolent dicatorship model of guiding changes in open source projects like this. It’s just a bit discouraging when you’re on the wrong side of that equation, and don’t have the time or energy to campaign for your position, getting your patches in, etc.
Even that I wouldn’t mind much, assuming that rational discussion would be an effective way to discuss / debate the differences. There have been some unfortunate situations in which such discussions, even from core contributors, were basically ignored (here’s one, admittedly very minor issue, but still). At other times I’ve seen (and once experienced personally) what I’d consider to be reactions more grounded in emotional involvement / defensiveness than concern for the actual issue at hand.
I’ve struggled with this state of affairs for a while now, but have yet to come to a satisfactory conclusion on what to do about it. At this point, I’d switch if there were a better alternative, but I haven’t seen one yet.
I still think it’s a great platform overall, but I do think that there’s certainly some room for more serious competition. I hope to see such strong competition arise, not just for my own benefit, but for the benefit of WordPress as well.
Starting Something
January 24, 2008 – 7:50 pm
I’ve been kicking around an idea for quite a while about a software application that I’d like to do. It would target a very specific but fairly large vertical market, and based on what I’ve seen so far of the other offerings, the field is definitely ripe for competition.
I’ve been holding off on posting about it for a couple reasons. One is that I’m still not sure how public I want to be about exactly what it is, for a variety of reasons, including the element of surprise, which may be more or less relevant depending on some other decisions yet to be made.
Regardless of those details, I do plan to post about the process as I go, it’s just a matter of how much detail I want to go into pre-launch. Either way, some of the key decision points up front that I am currently working through (and plan to expand on in future posts) are:
The name - I’ve done quite a bit of reading and research around branding recently, because I know how critical of a decision this is. In looking for feedback and suggestions, I will of course have to share a bit about what the product will be. I may (in these early stages) do that in a more private manner with those of you I know, so that the opinions you’ll hopefully offer will be well informed.
The business model - This one will probably decide a lot of other things. You’ll notice I used the word “product” in the first point, and the existence of this second point clearly indicates that I intend to make money on this venture. Only time will truly tell how successful it will be in that regard, but at the moment I’m hoping that it can eventually grow into being able to providing full time employment for me and eventually others.
Right now I’m on the fence between two models I’m familiar with, and open to considering others. Revenues from both models would be from a subscription based hosted service (at least the way I’m thinking about it right now). One would be the service-only, non open source approach employed by 37Signals for their products like Basecamp, etc. The second would be going open source (probably GPL) and still selling hosting services, similar to Automattic’s wordpress.com. Which leads into…
Closed or open source? - I heavily lean towards favoring open source projects, but there are some considerations for this particular type of application in which that aspect may be seen as more detrimental. In addition, there is the more obvious question of to what degree having a free version available to people who are skilled enough to host it themselves would cut into my potential revenue (if at all) vs. the increased free publicity that an open source offering would be likely to generate.
Programming language - I’ve already pretty much decided on this one. I went back and forth for quite a while as to whether I wanted to make it Java or Ruby on Rails. I’m now leaning heavily towards doing it on Rails but using JRuby, so that I can effectively capitalize on the best of both worlds. As with all the other points, though, I’m still open to thoughts and suggestions.
Well, that’s about it for the intro. Since I do plan to journal the progress of this project in blog form, from these up front decisions all the way through and beyond the release, I’ve considered branching off another blog dedicated to it, but I haven’t quite decided on that yet either.
Bug tracking for WP Plugins
January 19, 2008 – 11:36 am
Looks like WordPress has added Trac support to the Subversion repository that powers the WordPress “Extend” plugin hosting system, so now you’ll be able to track bugs there instead of trying to run your own system.
I’d highly recommend using Trac (or some other actual bug tracking system) as opposed to less formal processes like support forums, blog post comments, etc. as it makes the process of managing your issues much easier.
If you’re concerned about security, though, there is one catch in that I don’t think the extend system supports SSL (https) for subversion or trac access, which means that if you’re managing your plugins from a network you don’t own (work, coffee shop, etc.) your password is up for grabs for whoever wants it, unless you’re tunnelling through another secure channel of course.
For this reason, I’d probably prefer to use my own SVN + Trac server for now, but for a lot of people this is a huge extra feature, if they’ll take the time to learn to use it.
WPMU Security Update
December 23, 2007 – 12:25 pm
If you run your own installation of WordPress (and you’re paying attention to security) you’ve probably heard quite a bit of talk recently about a couple issues that could lead to a compromise of your blog.
I won’t go into too much detail here on the exploits, but they’re definitely out there, “in the wild”, as they say, because I’ve seen quite a few hacked blog posts show up in my RSS feeds in the last couple days.
This prompted me to get to work on patching these issues in WordPress MU. I put together a patch that addresses the two main issues: stored password hashes not being salted, and the cookie authentication vulnerability. (See those last two links for detailed discussion on the problems). If you’re running WPMU, I suggest applying this patch to keep your installation safe.
The patches have already been applied to the standard version of WordPress, but not in a released version yet. This may be complicated for those of you running regular WP, because there are a ton of other significant changes that have also been commited to the SVN repository , and you may not want some of those in your day-to-day install yet (specifically, the unfinished redesign of the admin UI).
The changed files are all the same as in my patches, though, (only the line numbers will be different) so you could probably use them to figure out what you need to change in your own installation to apply the security fixes without the other current changes.