One of the fun projects I've been involved with in my work at Automattic is bringing Joel Spolsky's esteemed writings at JoelOnSoftware.com to a WordPress-powered site. That site went live earlier this week just in time for a big announcement from Joel's company Fog Creek Software.
I recently played around with building a new WordPress theme from the ground up, and I'm sharing some notes here about what I learned along the way.
It had been a while since I'd created a WordPress theme from nothing, and I knew that best practices had shifted quite a bit since then. I also wanted to use a more modern development workflow than I'd previously been used to. In my daily work I get to help our clients test, refactor, optimize and launch their WordPress themes (and I enjoy that quite a bit), but sometimes I just want to tinker for a personal project.
I also had an itch to scratch with 47374.info, a site I'd created in 2011 to aggregate local news headlines into a single, simple list display. It uses the great FeedWordPress plugin (along with some custom Perl scripts I wrote to scrape news off of local sites that embarrassingly don't offer their own RSS feeds) and does its job just fine, but it wasn't responsive, the mobile theme wasn't working so well for this use case, and there were more and more parts of the original theme I'd used that needed cleaning up. I also wanted to create something that looked and worked a little bit more like the Hacker News front page (without voting or comments). I am my own primary target user here; the site in question tends to get 40-60 visitors per day (I hope you're enjoying it, whoever you are), but I know I use it every single day.
I didn't quite have the time to start with a totally blank slate, so I started looking at some of the starter themes out there: Underscores, Components, Minimum Viable VIP, and Bones were the main ones I considered. These starter themes include all of the basic requirements of a WordPress theme so you don't have to literally create each new file (like
style.css from scratch). Each option then offers its own unique flavor to what a starter theme should have. For example, the Minimum Viable VIP theme is designed to have everything a developer on the WordPress.com VIP platform would need to implement basic functionality while also meeting code security and performance standards on our platform.
In my case, mobile-first and responsive was a top goal, and while Components has some great options there, Bones seemed to take care of what I wanted with a little less extra stuff thrown in. (Some day I will learn to write media queries from scratch, not this time around.)
So I downloaded Bones, opened it up, and started poking around. And that's when I encountered this:
A few weeks ago I created a new, simple WordPress plugin, Debug Bar Widgets.
It adds a panel to Debug Bar that displays all of the widgets registered on a site, even if the widgets aren't active. There are probably simpler ways to get at the same info but I've found it useful in developing some of my other widget-centric plugins.
Pull requests welcome.
There are many online resources about using SSH keys to achieve passwordless, cron-initiated tasks like rsyncing some files around. Most of these assume your SSH key is either not encrypted with a password, or that you're running the related command in an interactive session.
What I couldn't easily find recently was a way to make sure that a script initiated via cron on OS X 10.10 (Yosemite) and that uses an SSH key that is encrypted with a password would have access to that key as managed by the current login session's
This problem manifested itself with the following kind of output from my rsync command - being used to back up some files from a remote server - when it was executed via cron:
Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: unexplained error (code 255) at /SourceCache/rsync/rsync-45/rsync/io.c(453) [receiver=2.6.9]
If I ran the same command from the shell prompt it worked fine.
There are a couple of extensions for Chrome that I've been using for a while now to try to maintain or improve my privacy online. Some have been helpful, others haven't. Some mini-reviews:
Most every modern website has a "Terms of Service" that governs your interactions with it. The document usually lays out how and when the site will use any data it collects about you - helpful, right? The document is also usually many pages long and would potentially take hours to fully absorb and understand. Terms of Service, Didn't Read is an extension that tries to give you a high-level view of the Terms of Service of the site you're on, based on their team's reading and interpretation of those documents on your behalf. If there are particular concerns related to privacy and personal data use, the extension will flag that when you arrive.
I used this extension for several months, finding it interesting at first to see how the sites I visited regularly measured up to TOSDR's evaluation. But after the initial curiosity wore off, I realized that for the most part, the information here wasn't changing my behavior. If TOSDR flagged something like "The copyright license is broader than necessary" or "This service tracks you on other websites," I'd still have to do some more digging to figure out exactly what that meant, and whether or not I was comfortable with it. So, the information provided by TOSDR is helpful, but not always conveniently actionable when it comes to protecting privacy. (There's a theme in all this: protecting privacy is rarely convenient.)
I recently released two simple WordPress plugins:
This creates a simple pet adoption search form in a widget on your WordPress site. Once you enter a postal/zip code, you're taken to results on Adopt-a-Pet.com where you can look for a homeless dog, cat or other animal waiting for your love. (Yes, I've worked a lot in the past with Adopt-a-Pet.com, but this plugin is not affiliated with or endorsed by them, I just created it for fun and to promote pet adoption.) Pull requests welcome.
This creates a simple widget display of the current U.S. national debt, based on the latest data available from the U.S. Treasury. If you want you can animate the number so that it is increasing/decreasing on the page according to recent changes in the actual debt. Pull requests welcome.
You need to be using two-factor authentication (2FA) for your online accounts that matter.
In the past 2FA was a kind of geeky thing that only the most security-conscious would bother with. Today, it's essential that anyone storing sensitive information online or using online services for anything remotely important employs the use of 2FA.
It's an imperfect security mechanism and there things about it that are inconvenient, but for now it's the best intermediate option for protecting against unauthorized access to your accounts and your information. Using it is much less inconvenient than trying to recover from having someone take your money, abuse your identity, or access your private data.