Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: cms

  • Markdown Isn’t All Bad

    Markdown Isn’t All Bad

    It’s not a secret I hate markdown. It’s annoying to remember various commands, and one of the things I loved about WordPress from the start was that I didn’t have to learn bbCode or anything beyond the HTML I knew. When Jetpack included Markdown, I was a huge opponent. I thought it was useless and pointless and a waste of space.

    I now use it in many of my posts.

    You see, I don’t write in the visual editor. I used to, but there are ‘glitches’ with it. Like I couldn’t see the embed for Facebook (it showed up blank for some reason), and I had trouble embedding video content that required me to paste in script code. Then when I starting writing code, like I do on this site, I needed to make sure the formatting didn’t get mangled. It all boiled down to giving me two places where I use the Visual editor, and everything else is text.

    That’s all well and good until I fell in love with my iPad mini.

    You see I also have a major annoyance with the iOS app for WordPress. It’s too easy to post to the wrong site and it’s problematic when you want to upload featured images or make custom excerpts or have any custom post types. That means I use Chrome or Safari on iOS to write blog posts. If I’m offline, I write it up in Notes or Byword and just have it there until I’m ready to import. But I use WordPress in my browser because that’s where it works ‘best.’

    Except HTML on an iPad is a pain in my ass.

    It really, really, is. The number of clicks you have to do just to make a header, or strong text, is annoying. It’s three clicks to make an <h2> and it’s not even in the same place. It’s one click to get to the numbers, another (one up from where you hit to get to numbers) to go to advanced characters. Then you can press the button. Any chance I have to minimize my clicks means I can type even fast.

    And you bet your bippy I’m fast at typing on my iPad.

    Markdown’s syntax is intended for one purpose: to be used as a format for writing for the web.

    John Gruber’s Markdown syntax primer is the only place that really took the time to make sense of Markdown to me. Everyone else just said ‘It’s what we use’ or ‘It’s faster’ or (worst) ‘It’s better.’

    No. No. No. Better is what works for you. HTML, for the most part, works for me. And for me, a small subset of markdown syntax terms work very, very well to speed up my writing:

    
## Title

### Subtitle

&amp;amp;gt; Blockquote

    There are a few more, like the codeblock (which I don’t use, since I like pretty formatting better) but the ability to use backticks and say <code> is pretty nice.

    So do I like Markdown? No. It’s hard to remember ‘new’ syntax. But the ones I can use without having to close tags makes me a little happier and speeds me up a bit. For that, it’s pretty good. I can use it to enhance my HTML, and I wish that MediaWiki let me use HTML and Markdown instead of their woe begotten WikiSyntax. My kingdom for <table> in MediaWiki. Am I right?

    Now. If I could just get John Gruber to increase his font size.

  • Git The Master Race

    Git The Master Race

    I was working on a project, a side project for fun with a friend, and she expressed a slight worry. We weren’t using any versioning on our theme or mu-plugins code. Or anything else for that matter. There were three of us. We thought about using GitHub until I pointed out I had git on my server, where I was hosting it all.

    In many ways I don’t use git like a ‘normal’ person, or so I’ve been told. I don’t have public git repo of everything because some of it is just private. I don’t even have a public GUI interface for people to file issues on my private code. Public code? Sure, and I use GitHub for it. Personal stuff is not up there, and I don’t care to make it.

    What I do instead is, since I do have Git installed on this server, is allow each user account to make a git repository folder off their home folder. Everyone has ~/repositories/ and in there they can store their code!

    Here are the ones for mine:

    ~/repositories/ipstenu-code.git/
~/repositories/ipstenu-mu-plugins.git/
~/repositories/mothra.git/
~/repositories/scripts.git/
~/repositories/slides.git/

    The two that start ‘ipstenu’ are for the website ipstenu.org and all it’s children. Mothra is some server scripts I want to keep backed up, scripts are user scripts, and slides are my slides.

    But how do I get there, and how do I keep everything synced up? First is the basic setup for git:

    cd ~/repositories/
mkdir projectname.git
cd projectname.git
git --bare init

    From here it’s a simple git clone, too:

    git clone user@example.com:/home/user/repositories/projectname.git

    But… I have that project named ipstenu-mu-plugins. When I’ve checked in code, do I manually copy the files over? Of course not.

    When you go into that git folder where I ran the init, you see this:

    [~/repositories/ipstenu-mu-plugins.git]# ls
./  ../  branches/  config  description  HEAD  hooks/  index  info/  objects/  refs/

    If you go into the hooks folder, you get a list of files:

    ipstenu@ipstenu.org [~/repositories/ipstenu-mu-plugins.git/hooks]# ls
./                      commit-msg.sample   pre-applypatch.sample      pre-push.sample
../                     post-update         pre-commit.sample          pre-rebase.sample
applypatch-msg.sample  post-update.sample  prepare-commit-msg.sample  update.sample

    You’ll notice I only have one file that isn’t a .sample: post-update

    That’s my secret sauce.

    #!/bin/sh
export GIT_WORK_TREE=~/public_html/wp-content/mu-plugins
git checkout -f master

    This just uses git checkout, forces the master branch, and dumps the files where I want them. I set it up for each repo when I’m ready to start deploying, and then my dev process is this.

    1. Pull master and all remote branches to make sure I’m up to date
    2. Make a new branch to develop
    3. Push the new branch to origin when I’m sure it’s right
    4. Merge the new branch into master
    5. Push master

    And in that moment, the push will copy my files live.

    Since I don’t ever do dev work in master, this is safe for me. It’s five steps, but I actually have a script to run that first one every single day, so that’s almost step zero. When I work with other people, I always make a backup local branch of master as ‘last known good’ just so I can roll back fast if I’ve been phenomenally stupid. This is usually a date like “GOOD_20141117”, which I know is different from my actual release labels, that are always “REL_1.2.3” style. If it’s a weird thing, like when I was folding Ninja Forms in my site, it was “NINJAFORMS_1.0” because I wanted to be clear what that dev branch was for.

    The Master Race - Doctor Who

    By the way, if you need to set up a shared repository, you should read Kovshenin’s “How To Create a Remote Shared Git Repository”. I don’t, since everyone logs in using SSH keys to the account (so on my shared project, everyone uses ssh projectaccount@projectdomain.com) since they actually need that access anyway.

  • Not Everything is WordPress

    Not Everything is WordPress

    I touched on this when I talked about a project that forked, and I’ve said it before. I don’t use WordPress for everything, and I don’t think I should.

    A lot of you will probably disagree with me, especially since it’s well known much of what I love about WordPress is the fact that I don’t have to remove features. The problem is where WordPress started from has determined what kind of product it will be. But let me step back.

    When I spoke at WordCamp Miami, I said that the kind of WordPress user you are defines the future you will have with WordPress. What we are before WordPress is what makes us use it the ways we do, and the way we use it makes us who we are today. That makes sense, I hope. What we are is what makes us do what we do.

    So WordPress started as a blog. This means that no matter how many times we say “It’s a CMS and you can use it for anything!” it still shows blog at it’s heart. I use it for a store, it’s great at it, but there are aspects that remain bloggy. Similarly, MediaWiki was an ‘encyclopedia’ first, so while I know people who blog on it, it’s made for that cross-referencing. Certainly plugins can make these products fit the bill but at their base, you’re talking about the fundamental core of a product.

    Step back again.

    This is something I think is totally okay.

    I don’t buy a scooter and get upset it’s not a motorcycle. I don’t buy a tank and get upset that the Fiat has better gas mileage. I understand that each tool has its place, and while I certainly can tow a trailer with the Mini Coop, I’d rather use the truck. And that’s what I mean when I say WordPress shouldn’t be everything.

    If I was to use WP as a wiki, and I have, I end up disliking the edit/comment relationship. Regressions are easier with revisions, but prelinking pages and moving them is easier with MediaWiki. Image uploads? Easier on WordPress, as are updates (and don’t get me started on extensions), and html editing in a Wiki can make me drink. At the same time, I have a more flexible template situation, where I can have one that formats a whole page or just bits of one in easy, repeatable ways.

    Both projects have a lot to learn from each other. Both should steal bits from each other. But I think both should be separate because I will always have places were WordPress is a better fit than plain HTML or a wiki or a gallery. Oh, yes, I still use plain HTML in some places. I use Reveal.js for slides. I experiment and find the right tool for the right job.

    Step back again. I got new furniture on my birthday, and it was flatpacked. That means it came with a couple allen wrenches. You know the crappy Ikea L-shaped thing?

    Allen Wrench

    Right. After I put together one chair I announced “Fuck this” to myself and got my ratcheting screwdriver with swappable bits. There was one for this size, I switched to it, and finished three more chairs in the time it had taken me to do one. The tools were similar, but clearly different, and one was better than the other. One was easier, though, in that the chairs came with the less perfect one.

    It seems clear cut, doesn’t it? The one I bought was better than the one they gave me. Duh! That’s how I feel about software. Sometimes what I have isn’t right and I have to go get that other one. But I’m willing to experiment, to try, and to be wrong in order to get to what’s right. And ‘right’ means right for me and how I want to use it, not you, which is why WordPress has a bajillion plugins that do similar things.

    There is not one right way to skin a cat. So why do you think there should be one right CMS?

  • Dr. Jekyll and Ms. Hyde

    Dr. Jekyll and Ms. Hyde

    I like WordPress. I like the community and I like the way I can invite other people in on it. But. I wanted to run a site, a small site, with static content for the most part, no comments, and just the basics. So why not Jekyll? After all, I’m big on self-hosting, and while most people I know seem to be running Jekyll on GitHub, you know me. I want to do it myself, I want to have it all here.

    Six drinks later…

    DVD cover of Dr. Jekyll and Ms. HydeMy major issue with Jekyll is that the ‘Simple’ directions aren’t obvious the way everyone seems to think they are. I mean, yes, they’re simple, but they lead you to some pretty crazy misconceptions based on how websites and CMSs work, and have worked, for a long time. And given all the posts I’ve read about how terrible WordPress is, my remark on that is: No, Jekyll is not terrible, but it has an audience.

    Look, of course WordPress can be terrible. So can your car. It’s all in how you use it, what you add on to it, and what you fuel it with. I have a lot of reasons to use WordPress, and I really like it for many reasons (least of which is if you asked me to explain Jekyll to someone who emails me a PDF of a Word Doc to post on WordPress… Well, yeah, no, it’s not simple.)

    Misconception: Where Do I Install Jekyll?

    jackie-chan-memeDaFUQ?

    Okay… you think “Hey, Jekyll’s running my site so it’s all on Jekyll, right?” Nope! Jekyll is installed on my laptop. It’ll be used to create content that I will deploy to my website. Jekyll generates the webpages. Just bear with me. Yes, it also runs the site, but it doesn’t have to. In fact, it generates all of my pages into a subfolder called _site, which you can actually load as a webpage. If I copied all of that over to a folder, it’d work as is. So option one here is that I could just do that. But that’s not what I’d call ‘friendly’ and it means all my code has to be on the server where a sneaky person could go get it. Part of why Jekyll interested me is that it’s more secure by being a flat site.

    Option two is to use a Jekyll ‘front end’ deployer, like Octopress or Prose. Option three was to stop and think “Maybe I just don’t get this and I should start simpler.” It’s very odd to me to have my ‘content’ on a server, but the ‘source’ not there. While if it’s just me running a site, that’s great. But as soon as I have to tell my dad to check code out… Maybe this is a bad idea. I don’t want end-users to have to learn all this. I want to tell them “Write your content. Save it here. Magic.”

    Revise: Needs vs Wants

    When I get really bogged down in thoughts like this, I step back and ask my self “What are my needs?” That’s similar to asking “What problem am I trying to solve?” but it’s a little broader, as I may not have an actual problem, I may just need a small change.

    I’m looking for a product with a small footprint, no comments, a way to subscribe to updates (RSS or email), separate content and design (so my writers don’t mess with the layout), and it needs to have a workflow that does not involve me having to teach svn or git commands to a music major. Oh and it has to be easy for me to upgrade (one click or git pull will do).

    Say what you will that git is easy (it is for me, albeit sometimes confusing). It’s not necessary for everyone to learn. I really feel a journalist shouldn’t have to learn to use it in order to write content! Still, after banging my head on this, I finally decided I was making my life too complicated by trying to self host before I understood the actual workflow of the process. So I went one step further back and decided not to self host right now.

    KISS: GitPages

    Everyone uses GitHub Pages. So fine, so will I. They walk you through the setup, so that’s nice. It was pretty painless to make a repo. But what did that have to do with Jekyll? I can edit everything within GitHub which is nice but I don’t want that. I wanted to learn Jekyll… Scroll to the bottom and there’s a nice graphic saying I can use Jekyll!

    Now that you’re up and running, here are a few things you should know.

    And they link to the Jekyll quickstart. Okay, thank you, I can install Jekyll. How do I hook them up? I had to actually Google to find the link to Using Jekyll with Pages and frankly, after reading it… I don’t want to. Oh I did it, but it’s not “simple.” It’s a total pain in the ass. It reminds me of the old MoveableType when you had to fuss with cgi-bin. It’s all manual. And this is fine for a dev, but I don’t want to have to install this on my Dad’s laptop. Did I mention he was on Windows?

    See? Jekyll running on my laptop

    So using this for a version controllable, static website, is actually far less tolerable than I wanted it to be. I can use it, I kind of understand it (the whole source folder is confusing me a little…) but it’s not something I could easily roll out to a medium-technical person without some serious training. In fact, I need some serious training to get good at just pushing my content, and when I compare that to WordPress…

    I get why people like it, though. The static files alone are pretty cool, but it’s going to be a learning curve.

  • Your Username is Not A Secret

    Your Username is Not A Secret

    I keep seeing this pop up. “Your CMS is not secure because it makes your username/id public! Once a hacker has that, they can try to break in!” At one point I snapped “Sure, and your house isn’t secure because someone knows your address.”

    Secret FilesIt’s one of those logical fallacies that seems vaguely accurate on the surface, but really are just plain wrong. On some level, you’d think that if a hacker doesn’t know your ID, they can’t get in, but the reality is most hackers, the surface level idiots who are trying to break into any site available aren’t checking for your user ID/Name, they’re looking specifically for a vulnerability, like they did with the TimThumb accidental (D)DoS.

    In addition, they’re not usually looking for your ID when trying that brute force login attack. The practical difference between someone trying to log in with “admin” and someone trying to log in with “ipstenu” is pretty negligible, since they’re killing my server before they get in anyway.

    As I wrote this, I thought what it would be like if there was a mod_security rule that checks if you’re trying to log into a site with the username ‘admin’ and, if so, blocks you from being able to log in. Of course, there are millions of sites with millions of CMS tools, and for some you actually cannot change the admin account name away from admin.

    WordPress is not alone in thinking your username isn’t a secret. Drupal also thinks disclosure of usernames/id is not a security risk. In fact, Google doesn’t think your ID is a secret. After all, you can log in to Google’s devices with your email, and everyone whom you’ve ever emailed kinda knows that. “Oh, you emailed me from ipstenu@gmail.com? I’ll attack that!”

    Now of course, if you try to log in with that too many times, you lock your IP out. And similarly, if you try to log in to my server via SSH too many times, the same thing happens. Have I ever locked myself out? You bet. Less since I switched to 1Password and SSH keys, but it still is very effective.

    Why isn’t this built into the core of most CMSs? Because a CMS like Drupal and WordPress is not as volatile as, say, the healthcare.gov site. The danger that comes from someone getting into my blog is minimal compared to someone getting into my email. But again, everyone knows my email account, so they’ve always got one half to the puzzle right then and there.

    Top Secret FilesOne of the other primary reasons this isn’t built in to WordPress is that it’s hard to do right, and in a way that will work on all servers, and in a way that will be easy for someone to undo. I said I locked myself out a couple times, right? I can unlock myself with a device on another IP, or I can call up my webhost and tell them my IP and can they please unlock me. Now flip that to your blog. How do you handle it? Who do you call? Do you make this a ‘solvable by the host only’ problem? Can you envision your host being happy about handling that?

    Not that I’m passing the buck here. There are plugins and extensions that do this, but they’re still best used by people who already understand security than by the common man, because the people who know what to do when they have to edit a .htaccess are the ones who probably already know how to pick a secure password, or install two-factor authentication already.

    All this comes back to something blindingly obvious though. Everyone is going to know part of your access. The reason we tell people not to use ‘admin’ as a login ID is not because it’s more or less secure, but because it makes it easy for script kiddies to target. Remember, most of the time when you’re being attacked it’s nothing you did personally, it’s just a script running. When it’s someone who has an absolute vendetta against you, your userID is the least of your concerns.

    The crux of the matter here is that your username is not a point of authentication, it’s a point of identification. Giving you an identification (I am Ipstenu) is not the same as giving you data that can be used to authentication (my mother’s maiden name is Jones; I was born in Battlesboro, VT; My favorite superhero is the Flash). There’s a reason we call them ‘Secret Questions’ as they’re both identification and authentication. Only I would know these things. And no, that’s not true, which is why secret questions are pretty useless. The more obscure they are (my first maths teacher) the less likely I am to remember them correctly. “His name was Smith… Now did I put in Dr. Smith, Mr. Smith, or Smith? Oh wait, how did he spell Smith? Smythe? Smyth? I know people with all those spellings! Which was he?”

    So no. Your user ID is not a secret, nor should it be. I spend no time hiding it.

  • ZenPhoto and ColorBox

    ZenPhoto and ColorBox

    A color boxI use ZenPhoto for a gallery on a site that has a pretty hefty (gigs) gallery with many albums and subalbums. It’s too big for WordPress, in my experience, and so I picked up ZenPhoto as sort of the WP of the gallery world. Not knocking WP, it’s great for text, but sorting and organizing images are a hassle. The flip side to this is that getting straight directions on how to do anything in ZenPhoto makes me bang my head on the wall.

    See, WordPress has a lot of people involved, so the forums are filled with people who’ve been there before. And these people come from a varied array of talents, so some are designers, some programers, and some users. This means the documentation, while lacking in many respects, is actually a pretty awesome display of crowd-sourcing when you compare it to other web apps. The worst part is there’s no perfect way to replicate this dynamic. ZenPhoto is still relatively young, even though it’s only a year younger than nine year old WordPress! MediaWiki (at 11) is older than both, but ‘behaves’ more like the middle child, if you really want to break your head on things.

    It’s a lot to do with goals, and you can’t knock any one tool for the other. They have their places. I would never try to blog on MediaWiki, nor would I put a seriously hard-core gallery on WordPress. ZenPhoto has branched out into ZenPage, a simple CMS, but personally I’d rather see them optimize the hell out of their back end, which could use some UI love. Still, a lot of its simplicity is why I chose to use it instead of, say, Gallery or Coppermine.

    But the help is still lacking, so today was a bit of a wrangling and head bashing.

    What I want is, you’d think, straightforward: How do I edit the default theme of ZenPhoto to include ColorBox? If you ask this on the ZenPhoto forums, you get an understandably annoyed mod saying ‘This has been asked before.’ I feel for them, but as a mod and a user, I look at that and think ‘If people keep asking and you can’t give them a link to how to do it, something’s not right.’

    The directions I found in the forums never worked, but it wasn’t long before I realized why. There were simple typos. So here’s how you can turn on ColorBox for ZenPhoto.

    ZenPhoto

    1. Activate the Plugin

    This is a duh moment, but go Admin -> Plugins and check ColorBox. You do not need slideshow.

    2. Make sure ColorBox is on for your theme

    Go to Admin -> Options -> Plugins and click on ColorBox. Then find your theme and make sure that the pages you want to run ColorBox on are checked. I only wanted it to run on albums, so that’s all I checked.

    3. Edit your theme

    This is where everyone’s directions fell apart for me. Since I only want it on albums, I went to my default theme copy and set my image section to look like this:

            <div id="images">
        <?php while (next_image()): ?>
		<div class="image"><div class="imagethumb">
		<a href="<?php echo html_encode(getDefaultSizedImage());?>" rel="showcase" title="<?php echo getBareImageTitle();?>"><?php printImageThumb(getAnnotatedImageTitle()); ?></a>
		</div></div>
		<?php endwhile; ?>

    Make special note of your classes and rel here! In specific, notice how that I have two divs for image and then imagethumb? While either one will work, I made a note of imagethumb, since it was a little more specific. Also I made a note of the rel in my image itself, in this case rel=”showcase”

    Then back up before I close my head section, I added this:

    	<script type="text/javascript">
	// <!-- <!&#91;CDATA&#91;
	$(document).ready(function(){
	$(".colorbox").colorbox({inline:true, href:"#imagethumb"});
	$("a&#91;rel='showcase'&#93;").colorbox({transition:"none", height:700, width:"75%" });});
	// &#93;&#93;&gt; -->
	</script>

    See how I’m using the showcase and the imagethumb? That’s why I needed those.

    4. Customize

    Everyone says ‘Read the directions!‘ but when you look at them, they’re written for people who know jQuery. I don’t. So when I don’t know what I’m doing, I make a list of what I want. By the way, yes, it irritates me when directions are ‘too techy.’ You can’t know where people are in their understanding of things, and you can’t expect everyone to be amazing at everything. I was very close to appealing to anyone who owed me a favor for help before the end of this.

    No set height

    That’s as easy as removing height:700 from my js.

    Force colorbox to treat my cached image as an image

    Just add photo:true to the js. I had to do this because my server renders the images via a php file (to redirect to cache) and this was causing funny problems. It’s a known issue, though, so one I figured out how to search for ‘ColorBox is making my images show up as gibberish!’ I found the answer.

    Put a link to the full sized image

    And here began my headache. If I put in this (where I used to have the height code):

    title:function () { return "To view full size, " + "click here!".link(this.href);}

    … then my link goes to the getDefaultSizedImage() size (which is a max width of 540px for my theme) and that isn’t what I want. I could change it to getFullImageURL(), but then colorbox loads the fullsized image, and that’s just a little silly and bad for bandwidth. I spent the next hour reading up on jQuery to understand that I really wanted to pass data through. Finally I struck about the notion that I could make a new variable in my href.

    full=<?php echo html_encode(getFullImageURL()); ?>

    This makes a link to the full-sized image. And then I changed this.href to $(this).attr('full')

    In the end, it really wasn’t hard, but nowhere were all the pieces laid out in a way I understood. I’m happy with how it all turned out and the site now behaves like it’s 2012.