Category: How To

Resilient Responses in Reviews
I review a lot of code. A lot.

On average, I look at around 100 plugins and themes (combined) per day. If I’m not reviewing code for the WPORG plugin repository, I’m debugging sites for customers, writing my own code to make it better, testing patches for WordPress, and pretty much dancing the dance a lot. I like this sort of thing a lot, since I get to see all sorts of different methods to madness, and it improves my abilities to see people doing it right and wrong.

That said, I’m not the best coder in the universe. I don’t claim to be, I don’t plan to be, and I don’t worry that I’m not. We all have our skills and mine is not to be a psycho awesome super coder. Mine is debugging, breaking, helping people debug and break, and writing. We call that support, generally, and it’s a noble profession! But more on that another day. The fact is I don’t know all the code in WordPress. I’m guilty of doing_it_wrong() often enough. And yet, I don’t see my ignorance to be a detriment to what I do.

In an article “Probability and Possibilities”, my father talks about how we react to natural disasters, and how that impacts how we predict them, and their costs. Near the end, he talks about being prepared by having resilient responses, and lists the following traits of those people/groups:
1. Drawing on experience
2. Questioning that experience
3. Intuition
4. Improvisation, or making the most of materials at hand
5. Listening and speaking
6. Examining preconceptions
7. Ignorance + knowledge = wisdom
8. Recognizing and taking advantage of luck
I didn’t realize it at the time, but my dad raised me to be resilient, because those eight traits are ones I apply constantly to my code reviews. It’s because of those that I’m able to do all those plugin reviews, even when I don’t know all the right moves. As a senator once said, I know it when I see it.

Many times, I’ll review a plugin and flag it saying “This is not secure” or “This is not done properly” and sometimes I’ll take a moment to explain exactly why, but given the sheer volume of reviews I need to get through to keep up my end of the review process I will often use some standard ‘predefined’ replies. I don’t review all plugins, nor do I reply to all the emails, though sometimes I know it looks like I do. Still, if one person has to review 25 plugins a day, and craft a reply for half of them (yes, about half the plugins we get need some sort of reply that isn’t ‘approved!’), how am I, a non-uber coder, capable of actually knowing that the code is wrong?

I’m going to tell you the biggest secret of support ever. You ready?

You don’t have to know how to fix what’s wrong to know that it is, in fact, wrong.

That’s it. Not knowing how to fix things was, I admit, one of the leading causes as to the impostor syndrome feelings I had when writing my WordPress Plugin Support ebook. But the thing was, I knew that the code was right or wrong most of the time. Oh, sure, I make a couple mistakes, but if I see someone calling wp-load.php directly in their code, I’ll tell them it’s not permitted and then they get a canned reply as to why, with some general suggestions.

I stopped worrying about not being able to help someone debug their own plugin for a couple reasons, though. It’s (generally) not my job to help you write your own code. If you have a jquery conflict or need help calling WP functions outside of WP (please don’t), I can help you with a search or suggestions where to ask, but just because I don’t know the answer doesn’t make my telling you that you’re not permitted to do something in the WPORG repository invalid.

Ah, there’s the crux isn’t it? Someone was doing code in a totally janky way. It happens. Most of the time, we end up doing this by accident, not knowing there’s already a WP function or action to use for it. We reinvent the wheel by accident. Let’s pretend this guy was using his own copy of jQuery. Now, as we all know, you don’t need to do that! WordPress comes with jQuery and you can just enqueue it. So there’s a canned email we send, explaining you can’t include your own, nor can you call it remotely, please use ours.

The reply comes back “My code won’t work without my own.”

So I reply to the effect of “Please correct your code to work with our version of jQuery. The most common cause of these conflicts is not writing your code to work in no-conflict mode.” And then there was a series of links.

He replied, “Why don’t you just tell me what I did wrong?”

I explained I would if I could. But I don’t know his code, I’m not awesome at jQuery, I don’t care to reverse engineer everything to figure out exactly what’s broken, and it’s not my plugin anyway. So … no. I don’t know how to fix it, but I do know that, having listened to a lot of smart people and having read a lot of code, that the primary cause is an issue with no-conflict mode. So I can Google that and get wp_enqueue_script() – jQuery noConflict Wrappers as a hit (this is the WordPress Codex) and read that this happens if you use the $ shortcut, so I take a second look at his code, determine this is the case (though perhaps not the cause of all issues), and reply back with that info and a link. I’m helpful.

He doesn’t agree. “If you know so much, you should fix it.”

No, sorry. This time I explain I don’t know much more than that as I’m not great with JS yet, and now I expect to get smarmy commentary on how, if I don’t know how to fix it, I don’t have the right to tell him it’s wrong. After all, I’ve heard that a hundred times before. Instead, this guy says “Yeah, I don’t know either, so who am I to judge? Okay, any suggestions where to ask for help?” After picking my jaw off the floor, I sent him to wp-hackers and stack-exchange, after doing a quick search to see what other direct links might help, including one on SE that looked like the absolute answer. He came back, said the SE answer was it, and everyone was happy!

I solved the issue by being resilient, and giving the ultimate support. Also now the guy has the tools to do it himself next time.
31 March, 2014
ZOMG! You Stole My Code!

While the GPL is pretty clear about this, and my personal moral code is as well, the topic today is not about the question of is it right to resell someone else’s work, but what do you do when someone’s reselling yours?

This happened to my friend not too long ago. Someone else took her theme and was reselling it and you either already know who it is or you don’t, it doesn’t matter for the sake of this story. Now, the issue was not if they could resell it, we all agreed they could. The issue was how they resold it. That is, they took her images, much of her ad copy, and resold it, presenting it as if it was their own code. And that was, we all agreed, wrong. That’s fraud, in my eyes. You’re taking someone else’s work and claiming ownership of it. But. That wasn’t my fight, it was my friend’s, and all I could offer was some moral support and connections.

But when this happens to you, what do you do?

First, don’t type angry. It’s okay to type while you’re mad, but if you’re like me, and your skin heats up when you’re angry and you get all green and violent (I type really loudly), it’s probably a good moment to step back and think about why you’re angry. After all, GPL says this is allowed, right? I get mad because of perceived ownership. It’s one of my things. You should never claim to be something you’re not and you shouldn’t sell something that isn’t yours.

And that’s the angle I’d use to approach the situation. I would find the person, ping them privately if possible (almost everyone has a contact page these days) and ask them if they could change the wording to make it clear that this isn’t their code, it’s mine, and they’re using and providing it without the support of the original author. That’s what my friend did, and that’s also what the other people whose themes were being resold did. They pointed out that the reselling was confusing to the customers, and the customers got an unlicensed product.

What if that fails? Well. Now it’s messy. Legally if they’re taking my content and putting it up on their site with verbiage that implies it’s theirs, I have a DMCA takedown right. My content is all under copyright (I have not, nor will I any time soon, chose to go copyless) and I use the CC BY-NC-SA 3.0 license, so if you use my content, wholesale, without attribution, you’re stealing. But this isn’t about my content, it’s my code, and all my code is released GPLv2 (unless otherwise noted). That means in order for me to come up and tap your shoulder, you have to take my code and my content.

Boy this got complicated. But if I ping you and say “Hey, bro, not cool.” and you ignore me, or tell me to sod off, I’ll come back and ping your webhost. “Hi, this guy is stealing my content. I asked him nicely to stop. Here’s a copy of our conversation.” I should note, none of the times I’ve ever had to do this have gotten past this step. The hosts have always stepped in, poked the perpetrator, and that was that. The times I was the bad guy (reprinting news articles), the content owners have only ever had to ask me to take it down. It’s never gotten past me.

Well okay, so what happens if the host says “Tough luck” or “We agree, but we can’t do anything without a takedown notice.” Now you bring in the law and file a DMCA (Digital Millennium Copyright Act) take down. DMCA is a U.S Copyright Law covering intellectual property. Your blog posts and ad-copy are your intellectual property. This went to a pretty dark place, didn’t it? I mean, I hate the DRM with a passion, and I freely give away my stuff, so let’s stop talking about the legal stuff. You can look it up on your own if you really want to know how to file all that.

Most of the ‘handling’ of someone who steals your stuff isn’t even the legal hassle, anyway. It’s just the pain of getting in touch with them, explaining the situation, and getting it sorted. And the headaches come from having to explain over and over that you’re not mad (though you probably are) and you just want them to stop making it look like they’re you, please and thank you.

Okay, so how might I justify selling someone else’s theme or plugin? I would sell a service. It’s really that simple. I would sell the downloading, installing, configuring, and tweaking of the product. I would charge them the raw cost of the product AND give them the license information (it’s their now). I may charge them for some ‘placeholder’ text to import via the WP importer, and to import it. Certainly I would charge for some training on how to do this going forward. But the thing I wouldn’t do is actually say “This is our plugin” or “This is my theme.” Because it’s not.

I’m just making sure you can have the theme better, faster, and easier. Plus now they can upgrade and I can go to Fiji!

28 March, 2014
Migrating A WordPress Site With wp-cli
This is … crazy simple. I wanted to move a site from ipstenu.org to ipstenu.com (yes, I own that too). While ipstenu.org is a Multisite network, ipstenu.com is where I put a ton of add-on domains. I was moving a site over and, as it was WordPress, did it in a matter of minutes.

Add the domain to the … domain

Since I don’t care to have multiple hosting accounts, and I’m the only one with SSH/FTP access, it’s safe enough for me to do this. There is a risk when you share multiple domains in one hosting account, that if one gets hacked they’re all vulnerable, but I consider it low in my situation. Every plugin is vetted, every file is checked, and then I went and gave each add-on it’s own FTP account. Neurotic? Thy name is me.

Anyway, I add the new domain to my hosting where I want it.

Create the new DB

I have to make a new database, and generally a new DB user, on the server too.

Export!

On existing hosting, I do this:
```
wp db export
```
That gives me my SQL file, thanks to WP-CLI. It’ll be named example_com.sql and will sit in my folder with .htaccess and everything else.

Copy!

I do it via SSH. I go to the new location and run this:
```
scp -r olduser@example.com:path/to/files/ .
```
Since I have ssh keys set up, it’s easy. If I don’t, I’ll put in the password, but that’s straightforward.

Edit wp-config.php

Now I have to point to the new DB. Sometimes I name it the same, but usually I don’t, so I’ll edit the DB name, DB user, and password.

Import the old DB

Ready?
```
wp db import example_com.sql
```
Boom. It’s all dumped in! Only two steps left!

Search & Replace

I love this one.
```
wp search-replace example.com newexample.com --dry-run
```
I ALWAYS dryrun test it. This is a serialization safe search, so rarely is it ever going to be an issue to just run, but it lets me make sure I don’t get any wonky results. I never have, so re-run without dry-run.

Cleanup!

Delete the SQL file, delete the old files on the old server.

Drink

I moved code. That’s shipping, right? Or is it margaritas are for migrations?
26 March, 2014
Embedding Videos from TVGuide
This one goes out to my fellow fansites.

There are a lot of you guys who use WordPress (probably that’s my fault) and like me, you bash your head in when a news source makes a video embedable, but only if you use their code. Why is this a problem? Most of us like using WP’s visual editor, and that means we have to switch to text mode, paste this in, and then never ever ever visit that page in the visual editor again:
```
<script src="http://player.ooyala.com/player.js?width=600&amp;amp;video_pcode=VlajQ6DTdv9-OYPHSJq6w4eU0Bfi&amp;amp;embedCode=NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn&amp;amp;height=337&amp;amp;deepLinkEmbedCode=NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn"></script>
```
Augh!

In part this is because WordPress uses TinyMCE for editing GUI-like, and switching between visual and text mode kills things. But on the other hand, how come we can just paste in a YouTube URL and that works? Well it’s a magical thing called Embeds, and basically WordPress sees that URL for YouTube and knows “OH, I should be a video and YouTube has a special code on it’s sever to tell me how to display it! Yay!”

Not everyone has that. TV Guide, CBS, etc. I’m looking at you. Where this makes sense is where they do not want you to embed a video because they want the traffic to themselves, which is fine. We can link. But where it’s daft is when they make it embeddable, give you that link, but it’s flipping ugly and can’t be used in the visual editor!

For TV Guide, at least, there’s a fix. Ooyala Video Browser.

While the search function doesn’t work ‘great’ right now, probably because I’m searching for their videos with the wrong keywords, but still I was able to embed a video like this:
```
[ooyala code="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn" player_id="undefined"]
```
The ‘code’ is the ’embedCode’ from the embed they gave me before.

I can also use this:
```
[ooyala code="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn" player_id=&"VlajQ6DTdv9-OYPHSJq6w4eU0Bfi"]
```
Using ‘video_pcode’ for ‘player_id’

So this wasn’t super obvious, and personally I would love it if Ooyala had an oembed and then a ‘share this on WordPress’ link for things, but seeing as Automattic (and Pete! Hi Pete!) helped with the plugin, this may be as good as it gets for now. Maybe they could marry it into the Media Uploader, below ‘Insert from URL’ – have ‘Insert from Ooyala’. Dreams. I haz them.

There’s a lot to this plugin that I didn’t need, though. After all, since I don’t have an account, I don’t need all the search stuff, so I stripped it down to just this (which is an mu-plugin):
```
/**
 * Ooyala Shortcodes
 * Usually for crap like TV Guide
 * Example: [ooyala video_pcode="VlajQ6DTdv9-OYPHSJq6w4eU0Bfi" width="222" embedCode="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn"]
 */
add_shortcode( 'ooyala', 'ooyala_shortcode' );

function ooyala_shortcode( $atts ) {
	extract(shortcode_atts(array(
		'width' => '500',
		'video_pcode' => '',
		'embedcode' => '',
		), $atts
	));

	$width = (int) $width;
	$height = floor( $width*9/16 );
		
	if ( !is_feed() ) {
		$output = '<script src="http://player.ooyala.com/player.js?video_pcode='.$video_pcode.'&amp;width='.$width.'&amp;deepLinkEmbedCode='.$embedcode.'&amp;height='.$height.'&amp;embedCode='.$embedcode.'"></script>';
	} elseif ( $options['show_in_feed']  ) {
		$output = __('[There is a video that cannot be displayed in this feed. ', 'ooyalavideo').'<a href="'.get_permalink().'">'.__('Visit the blog entry to see the video.]','ooyalavideo').'</a>';
	}
	return $output;
}
```
And that is that!
17 March, 2014
Not The Bug I Expected
“Comments aren’t working,” he said and I winced. I hate when people say ‘broken’ or ‘not working’ because I don’t magically know what they mean by ‘working.’ But this guy was a coworker whom I like and trust so I asked what he meant by not working, and he said “When you enter a comment, the page reloads, but there’s no comment.”

“Okay,” I muttered to myself. “Touché, Mika.” Because that, indeed, was ‘not working.’ We turned on debugging and got a strange error:
```
WordPress database error: [Duplicate entry '0' for key 'PRIMARY']
INSERT INTO `wp_comments` (`comment_post_ID`,`comment_author`,`comment_author_email`,`comment_author_url`,`comment_author_IP`,`comment_date`,`comment_date_gmt`,`comment_content`,`comment_karma`,`comment_approved`,`comment_agent`,`comment_type`,`comment_parent`,`user_id`) VALUES (507,'lori','admin@example.com','','12.248.40.138','2014-02-07 23:07:08','2014-02-07 23:07:08','test',0,'1','Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0','',0,1)
```
And then it was a mess of ‘Trying to get property of a non-object…’ and ‘headers already sent.’

After some kicking of the usual suspects (reinstall WP, remove plugins, theme, etc) I realized I was stupid and the problem was that the table wasn’t updating the primary entry. It should start at 1 and move up to 2 and so on. Since everything else was working, I compared the table to a working one … and they were not the same. Here’s a good one:

There’s had comment_id as the name, and the rest of the values were blank. So I restored the values and it worked! Except … I was getting a new error.
```
Notice: Undefined property: stdClass::$comment_ID in /home/wp-includes/comment.php on line 155

Warning: Cannot modify header information - headers already sent by (output started at /home/wp-includes/comment.php:155) in /home/wp-includes/pluggable.php on line 896
```
I stared at that for a moment and after I had given up and proposed we reinstall WP and copy tables over, my brain kicked in and I said “Wait a second, isn’t that comment_ID and not id?” I changed it on a whim and shouted “HOLY **** I AM GOOD!”

Yes, it was in all caps. Yes, it was said to my coworker, who said I have his vote.

That was, by far, the weirdest error I’ve seen in months. And the moral of all this? You can’t know everything, but if you read and pay attention and are willing to experiment, you can solve pretty much anything.
14 March, 2014
InBox Insanity

I get a lot of emails. I’m usually receiving and sending every hour or so. Most of the time they’re email alerts, sometimes conversations. While I’m a massive unsubsciber of email lists, I filter a lot of my emails into folders, where I’ll leave them unread until I have time, and then I delete them. Oh yes, I’m a member of Inbox Zero.

I started doing the Zero because I wanted to cut down on the stress in my digital life. An unread notification sits there, like a malignant ‘Deal with me!’ eye. And the thing is I do, I will, I always at least read the email. I don’t always reply, but I will read it. But what I don’t need is a five year old kicking my seat asking if we’re there yet.

I’m not patient. I eat my bagels undercooked because if the dang thing isn’t done in the time it takes me to start the toaster, get my cream cheese, make a coffee, and go to the bathroom, then it’s getting eaten as is. I would never be a good chef because I don’t care if every slice and dice is the same, I care about eating. If it’s time to go and you’re dawdling, I hate you. I get annoyed when people can’t budget their time well and thus are always late. It’s a thing, it’s mine, and it’s what it is.

Conversely, when it’s not food, or when its not a specific time event (like “I’ll meet you there between 4 and 5”) then I don’t stress about it. And when it’s email or Twitter, I’m seemingly negligent about serious replies because I may take a long time, and reply to other people frivilously, but in reality I’m thinking about the right reply. I have a couple emails in my drafts at any one point in time because I’m thinking.

It’s funny, I know, that I get upset when people nag me about replying. But I understand that people need processing time, and while I’m terribly impatient when I wait for an email reply from someone (seriously, ask my wife, I’m really annoying), I try as hard as I can NOT to bother them about it! I may send them a little “Hi” note after a week or so, depending on the issue, but I’m usually asking someone for a special favor in the first place, and I try to respect their boundaries.

Whew. Lots of me me me here!

Also I like using desktop applications. I like email apps, and Twitter apps, over in their own thing that I can totally close out and ignore if I need to write or whatever. I’m not tempted to open twitter.com in my browser because I never do it. It’s good for me and my sanity, because I don’t get those ‘gotta clicks.’ The only ones I have in my browser are my RSS reader, Facebook, and Google Plus, none of which annoy me with alerts in my browser (well, not once I forcibly turned off all alerts).

But email and Twitter, being a desktop tool on my Mac, need some settings changes too. Twitter has two places:

On the first settings page, General, I set my menu bar icon to disabled, so nothing to pester me up there. On the Notifications page, I turn of nearly everything. The exceptions are mentions (which I keep as menu, just in case I change my mind… it’s been a month, I suspect not) and messages. Messages are important. Very few people DM me on Twitter, and when they do, it’s probably important or private, so it needs serious attention.

Nothing else does.

Email is weirder. How do you turn off the dock? Surprisingly easy. Go into your System Preferences and click on Notifications (first row, last column). In there, I always turn on “Do Not Disturb” settings from 9pm to 7am. If I’m up and coding at that hour, I’m in a zone and leave me alone. Otherwise I’ve left the laptop open, and either way I’m probably not in a mood to talk to people. The last thing I want is more alerts.

Next scroll down to your email app (mine is Postbox) and turn off everything. Uncheck the boxes and set the style to ‘None’ and walk away:

Boom. No more red number.

Don’t worry, I’m still checking mail.

21 February, 2014