Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • New Plugin – WP Grins SSL

    WP Grins SSL is in development. So there’s that.

  • SSL Self Certification and WordPress

    SSL Self Certification and WordPress

    I wanted to lock a single-site WordPress install down to use SSL admin because I’m a tin-foil hat wearing nerd. Or more to the point, I detest the idea of clear-texting passwords! Most of my problem was finding directions. See, I knew I had to add define('FORCE_SSL_ADMIN', true); to my wp-config.php file, but when I did that, I got an error:

    SSL error on chrome

    Turns out I’d never turned on SSL for my server! My problem then became that I don’t want to shell out $100 a year for SSL when it’s just me no my server, no one else. Once I determined all I wanted was to create an SSL Self Signed Certificate on my server, which has WHM, it got a lot easier!

    There are drawbacks to self-signing.  Firstly, every time I login on a new browser, I have to tell it ‘Yes, trust me!’  That’s annoying.  If I was using this for other things, I’d have to remember to type in httpd every time, but WordPress is smart enough to redirect that for me.  Also, back in the day, Chrome was an idiot about them and wouldn’t let me use them!  but I use self-signed without knowing it for ages, because my host set that up for cPanel and WebMail.  I’m not a business, it doesn’t bother me.  If I was, I’d charge more and shell out.

    Chrome Cert Alert

    All that error means is that “Hey, ipstenu.org signed this, and I don’t know who that is!” If you read further on that page, there’s a link to ‘Help me understand!’ and it explains:

    In this case, the certificate has not been verified by a third party that your computer trusts.

    Which is 100% true. By self signing, I’m skipping 3rd party verification and telling you to trust me. Looks scary, it’s really not if you know what you’re doing. If you’re willing to deal with this error every time you login on a new computer, then you too can SSL yourself to a little more safety!

    These directions will only help you if you’re using a VPS or dedicated server. You’re going to do all the work in WebHost Manager.

    1. Go to Main >> SSL/TLS >> Generate a SSL Certificate and Signing Request
    2. Fill in the fields – the passwords have to be alphanumeric, and remember to use the right domain. If you use www.example.com as your default, use that.  I use just example.com for all my sites so I did that.
    3. Save the data to a text document.
    4. Go to Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain
    5. Import your certificate data (or paste in from text)
    6. Select Submit

    If it works, Apache will restart and you’re done!  If not, you have to read the error.  My problem came with the domain details:Browse/details

    I was able to skip steps 1-3 and just go right to ‘browse’ since, apparently, at some point I’d done them before.  The problem was for my second site, it’s on my shared IP, which meant I had to put in the User of ‘nobody’ instead of the user name.  Not a big deal.

    After that, I was done and could log in to my site via SSL!

    But wait… What about MultiSite?  Well if you’re using subfolders, this is great.  Subdomains, however…  See the host name has got to be the domain name:  halfelf.org in this case.  So if I wanted to make one for all my subdomains… Owch.

    Then I thought that maybe, just maybe, the computers were smart enough on their own.  So I did this:

    Create a New Cert - Wildcard

    And then this:

    Wildcard certificate install

    Now, since I already had an ipstenu.org cert, I had to delete that one first. But once I did it, I was done. I turned my multi-site into something a little more secure!

    And now you can too.

  • All Subs Are Equal

    The Drebbel For years we’ve told people “The only difference between subdomains and subfolders is that search engines see subfolders as being all a part of the same site, and subdomains as separate sites.

    That may not be true for very much longer.

    As August ended, Google dropped this little bomb casually:

    Most people think of example.com and www.example.com as the same site these days, so we’re changing it such that now, if you add either example.com or www.example.com as a site, links from both the www and non-www versions of the domain will be categorized as internal links. We’ve also extended this idea to include other subdomains, since many people who own a domain also own its subdomains—so links from cats.example.com or pets.example.com will also be categorized as internal links for www.example.com.

    via Official Google Webmaster Central Blog: Reorganizing internal vs. external backlinks.

    This is, I think, a good thing. They make sure you understand that ipstenu.wordpress.com won’t be the same as jane.wordpress.com, which makes sense since their own blogger platform runs off subdomains as well. Somewhere in their logic they know ‘Aha! Ipstenu doesn’t own wordpress.com! But she does own Ipstenu.org.’

    To reiterate,  this only affects things in Google’s Webmaster tools:

    This update only changes how links are displayed in Webmaster Tools. It doesn’t affect how links are valued in relation to the search algorithm or ranking. It has nothing to do with Panda, nothing to do with keywords, nothing to do with PageRank.

    I fully expect that it’s going to change and expand.  Since most of us end up registering our ‘master’ domain (i.e. ipstenu.org) off Google Webmaster, they can easily leverage the data they already have in order to tweak search engine results.  Another tactic would be to start using a new meta type tags.  After all, the big guys already organized schema.org (which isn’t as picked up as it might be yet).

    schema.orgSidebar: Schema.org’s problem is how complicated it is to fold into CMS tools.  If they’d started by releasing this with a couple plugins/extensions for the popular open source tools like Drupal, Joomla, MediaWiki, MovableType and WordPress, which as they’re open source, they could have, we’d be way ahead of the game.  As it stands, the one WordPress plugin I’ve seen requires you to import SQL tables!  If they get schema ironed out so it’s simple and easy to use, then we can add in ‘parent’ or ‘main’ site parameters to our code and every search engine can know ‘halfelf.org is internal to ipstenu.org, but taffys.ipstenu.org is not.’  And wouldn’t that be cool!

    Personally, I have ipstenu.org, ipstenu.org, halfelf.org and so on all listed separately in Google Webmaster right now.  I could do that with subfolders as well, to track data internally to itself (i.e. each subdomain/subfolder), and still track them at the master level with the main domain.

    So no effect on your SEO or ranking or any of that stuff, but a nice change for Webmaster Tools.

    Where do you see this going?

  • WordPress and the Erroneous Update Message

    WordPress and the Erroneous Update Message

    DebuggingIt’s time for a little example in debugging!

    This domain is running WordPress trunk.  When I say that, what I mean is I’m running the very latest SVN, no more than four hours behind, thanks to a cron job.  At the moment I’m writing this, I’m on revision 18690.  I did this so that I could get off by butt and actually test thing without having to think about it.  To a degree, it tells you how much trust I have in WordPress and the core commit team.  My whole site runs because they know what they’re doing.

    This doesn’t mean there aren’t errors, though.  So far I’ve been very “helpful” breaking the responsive CSS on the admin dashboard.  I’m sure Helen, Andrew and Andrew just adore me right now.  Yes, that was sarcasm.  My methodology is pretty straight forward.  Just Use WordPress on ipstenu.org.  If I find a problem, make a note and bring up my local install.  I can only do this at home, on my Mac, so usually I come home with three or four notes.  Update SVN manually on ipstenu.loc (yes) and ipstenu.org.  Is the problem still there?

    Most of the time the problem goes away.  When it doesn’t, I take a screenshot and make a trac ticket (though perhaps I should add them all to the one ticket… if any of you core folks wants to tell me, please comment away!).  I’ve also taken to popping onto the IRC channel -ui and chatting with people there before trac’ing.  Last night I found one, told someone working on the project, and she patched it right then and there.  Teamwork!

    Yesterday, I noticed my ipstenu.org site had a weird problem.  I have a subsite on the network called test.ipstenu.org (feel free to check it out).  It’s just there so when someone says “When I use this theme/plugin…” and I can quickly go look.  I make fake posts, etc etc.  It’s quite seriously just for testing.  At one point, I’d spun up bbPress on that site.  I’d since turned it off, but it was on RC4.  RC5 just came out this week, and I had an update message on only that site, telling me to upgrade it.  Instead I deleted it.  That made the update notice go away on my network dashboard, like it should, but not on test.ipstenu.org.

    Say what?

    I tried to reproduce this like mad.  I installed bbPress RC4 on my local box, activated it, left it active, deleted it, and pretty much every which way I could think of to break it.  The error only happened on that site, even though bbPress had been running on another subsite as well!  I checked on multiple browsers, and wiped cache, logged out, nuked cookies, etc. Multiple computers even! Finally I gave up and said “I need help.”

    Weird WordPress MultiSite Question

    I have a multisite and one site on that network is showing that I need to update a plugin. Every other site correctly says “No Updates!” This one doesn’t.

    I’ve poked around, but I had assumed (bad me) that the admin bar would cache that network wide, somehow. But then why is it only on one site? So I wiped and rebuilt the wp_10_options table and it still shows up.

    I haven’t the foggiest idea why it’s happening. Luckily this is only on my test site, test.ipstenu.org, but it’s maddening.

    I don’t find a huge amount of use for Google Plus, but that was great for me.  I posted, I tagged it with my WordPress circles, and went to catch my train.  It was too long for a tweet, too weird for the forums as I didn’t want people to get fussy – I’ve noticed if I raise a post, it scares people.  I guess I have ‘street cred’ on WP and some people worry when I have a problem I can’t fix right away.  Flattering.

    I got replies from Raincoaster, Brad, Ron & Andrea, and Otto, who all said “That is weird.”  Andrea pointed out that it could be caching.  Brad asked about plugins.  Otto and Ron said that if it was cached, it was network wide (which made it even weirder to only see it on one site), and then Ron told me to look in wp_sitemeta table.  I was, I admit, already looking there, but I’d gotten distracted when I found the “Add a Link” page was broken on trunk.

    Fancy Pants ManAfter Ron’s comment kicked my pants, I went to that table and thought to myself “Where are the caches?”  I knew this from ages back, that anything named _transient… was a cache.  There are tons of transient feeds in your wp_options table because the RSS feeds you see on the dashboard are cached.  Cool, right?  Well, what if, just what if one of them was corrupted?  You can delete them without hurting your site!  So I hovered my mouse over the update alert and noticed the mouseover said “1 Plugin Update.”  Then I looked at the transients and found this:

    _site_transient_update_plugins

    And I deleted it.

    And my error went away.

  • PMC Sues THR Over Open Source Code

    Bet you never thought you’d hear that one!

    Today Deadline’s Parent Company Sues The Hollywood Reporter’s Parent Company For Copyright Infringement. They posted a link to the complaint and its exhibits. And this is where I sat up and blinked.

    See, TVLine uses WordPress. And part of their claim is that their (I assume) home-grown plugin was lifted. Specifically this file: http://www.tvline.com/wp-content/plugins/todaysnews/js/jquery.featuredarticle.js

    Now, I’ll totally allow that the site stole the code. But it’s WordPress which means the code is GPL which means … they can. They’re dicks about it, mind you, but they totally can. I’m interested to see how this one plays out.

    ETA: By ‘the code’ I mean not JUST that .js file, but the HTML, the specific WordPress calls, etc. THR actually isn’t using WordPress, as it happens.

  • Oversight and Responsibility

    Oversight and Responsibility

    I was actually asked by a handful of people what my thoughts on this were, and while part of me is loath to wade in(I’m loathe because someone will accuse me of being pro-WP or anti-Devpress, and ignore the fact that I’m a Devpress affiliate or that I don’t work for WP. I don’t pretend to know all the answers, or the reasons, but I know what bothers me.), I agree it’s something that affects the open source community. Personal attacks aimed at me will be deleted.

    I’ll let WPCandy sum it up:

    Yesterday I posted about DevPress’ offer of free memberships to any WordCamp attendees, provided the WordCamp organizers are legit and contact DevPress about their interest. A number of organizers showed interest in the comments of that post, and WordCamp Philly organizer Doug Stewart announced the deal for attendees on their blog.

    Then, last evening, WPCandy was contacted by Andrea Middleton, who took an administration role with WordCamp Central earlier this year. Middleton notified WPCandy that the WordCamp guidelines (specifically the part on fundraising), WordCamp organizers should not allow companies that are not sponsoring their event to do giveaways at a WordCamp.(Source: WPCandy – Devpress deal for WordCamps is against WordCamp Central Guidelines.)

    They cover the situation pretty well, but the comments on WPCandy and the twitterverse is what has upset me, greatly. This whole mess was blown out of proportion and could have been handled quietly and maturely off book, without any of the name slinging and pointy-fingers that I’ve seen.

    What went wrong?

    WordCamp Philly should have said “Let’s double-check about the rules, because this is a grey area.” They made a perfectly understandable human ‘gaff’ and assumed it was cool, because we all know Devpress is cool and GPL and basically awesome.

    WordPress Hand StampDevpress should have said “I want to give things away at WordCamps.  I’ll ask the head honchos at WordCamp and find out what I need to do!”  They too made a perfectly normal mistake, assuming that WordCamp Philly would do any needed due diligence.

    One of the many things I’ve learned working for The Man is that people see a server on fire and always assume someone else has reported it, right up until you run in with a fire extinguisher and shout at them.(That’s a true story.)  I always quote Lord Buckley here: If you know what to do and you don’t do it, there you bloody well are, aren’t you?

    The right thing was to look before you leap and not assume.  People made mistakes.  They could have kept it all off the funny pages, too, by being patient.  WordCamp telling WPCandy “Hey, sorry, not so much kosher.” was a polite heads up and WPCandy, being journalistic in inclinations, ran with the story.  Devpress’s rep was, understandably, frustrated and upset at the smack down and at the slowness of resolution, and it showed.  But as a ‘formal’ statement, his email is the example the need of a bit of PR.(This mess is in part why I don’t consider websites like WPCandy (and certainly not this site!) to be journalism.  There’s an attitude and (supposedly) ethics to which journalists abide and a code to follow about how to handle this.  One of them is that WPCandy’s email should have explicitly stated that Justin’s response would be posted on their blog.  I studied journalism for a year, and I know I’m not a journalist!)

    Who is right?  Devpress or WordCamp?

    A lot of ‘right and wrong’ ties into my last two big posts, about legality and morality. I’ll put it plain and simple for you: If you’re going to have a WordCamp, which is sanctioned and branded by WordPress, then you are obligated, legally and morally, to abide by their guidelines.

    The rest of the bitching is commentary. If you don’t like WordPress’s rules and regulations, don’t use them. It’s just like the theme and plugin repos. If you don’t want to follow those guidelines, then you self-host, and as long as you abide by GPLv2, everyone’s happy. But WordCamp is run by WordPress, and they get to make the rules. No one’s stopping you from making ‘BlogCamp’ or whatever you want. You could probably even get away with using ‘Word’ in the title, though you would be wise to make it painfully clear that it was not a sanctioned WordPress event.

    WordCamps are an extension of WordPress.org and the WordPress Foundation, which means that they are not community ‘owned’ products, though they are community driven.  Maybe people are forgetting that, at the end of the day, the responsibility for WordCamp, and WordPress, is not us.  We’re the result, and the reason, but not the responsibility.  If WordPress vanished tomorrow, we could fork it and move on, make our own forums, and actually be okay.  But right now, we’re all taking advantage of a free product.  We give up our time and our efforts for something that doesn’t directly make us money.

    Why isn’t the community in charge?

    That points right back to the heart of the issue for me.  The community isn’t in charge because it’s not a Big Dog.  At the end of the day, every project needs someone to stand up and say “This is what we’re doing.”  We need a big dog, someone to be in charge, and someone to draw a line.  A lot of people have made noise that this should be a person the community votes on and approves.  I disagree.

    WordPress was never about ‘community’ in that sense.

    The community doesn’t provide oversight to the plugins, the themes, or the forums on WordPress.org.  Sure, we volunteer our time, but we don’t all have trac commit privileges, do we?  We are not where the buck stops for this, and we have to keep that in perspective. You can tout all you want about doing what the ‘community’ wants, but the community provides ideas, suggestions, dreams and hopes. Someone else looks at the bottom line and says yes or no.

    Fly Again - Some rights reserved by cornerofartThat’s really very freeing to me.  That makes it easy for me to say ‘You know, I really hate this new thing.’ and I don’t feel like they’re going to revoke my license.  As long as I keep it all in perspective and remember that I don’t have to like it, but as long as I play this game, thems the rules, and it’s okay.  You can support the tool without loving every aspect of it, and no one says otherwise.

    The responsibility of oversight belongs with WordPress, not you or me, and the fall out does too.  A community has trouble being in charge like that because oversight ‘committees’ rarely work to anything but mediocrity.  As it stands today, WordPress is benignly governed by a company who listens, pays attention, and respects us, even if they don’t do everything each individual wants, and they keep their eye on the scope. (Perhaps by comparison, you should read up on the growing pains Drupal’s had recently.  Not enough oversight there, perhaps, but I have to study more about their entire situation to know for sure.)  If everything goes great, we ignore our overlords, and when we don’t like something, we vilify them.

    Why are you so mad about this?

    The vilification.

    I’m upset to see people being mean to each other. People are blaming each other, calling names, and pointing fingers. Of course this is a situation that makes people angry and emotional, but if we’re running a business, we don’t get the luxury of doing that publicly anymore. You no longer speak for yourself, you speak for your group.(I run a fan website for an actress.  Every single time I speak my own speculation about the TV show she’s on, someone assumes I know something secret and am not telling them, or I’m hinting at what’s to come.  I no longer am able to speak for me the fan because of this.  Trust me, I know how daft it is, and I hate it.)

    But the problem is I see a lot of name calling aimed at one person alone. That really bothers me because it looks like people are attacking a person and not remembering that the WordPress Foundation manages WordCamps. NOT the community. NOT the sponsors. NOT you or me. Hell, not even the volunteers who are doing the work!

    The Foundation.

    If you have a problem with WordCamp and the WordPress Foundation, do the right thing and take it to them.

    Most importantly, we need to be patient with each other. You don’t change the world in a day. Sure, we’re used to a fast paced world, where decisions are made on a dime and the whole status quo changes in the time it takes to svn up. But things still need to happen with thought and understanding. We have to look at the whole situation. And that’s why with responsibility comes the need to have oversight.