Status Check
Despite the decision to release beta 2 last Monday, the menus are still holding everything up. Work is continuing on the menu system and once it’s close to being finalized, beta 2 will be pushed out. Right now, it looks like Beta 2 will be released in the next few days and hopefully, RC1 after the post code sprint at WordCamp San Francisco is completed. As for Multi-Site, Andrew Nacin pointed out that there are still some bugs that need addressed. Specifically: upload directories, network.php needs non-apache awareness, IIS rewrite rules, and 12142.
GSoC
There are a total of 15 students for this years edition of the Google Summer Of Code. They can be found here along with their respective projects. A more detailed post about this is forthcoming for the dev blog once WCSF is over with. There will also be a public blog for student updates that people can follow if they are interested in a specific project.
JavaScript library preferences
Keep an eye on the WordPress Developers Prologue site as a debate regarding the use of jQeury versus Javascript ensues. According to Filosofo, there are issues with performance, bad design, and bugginess with jQuery.
Menus
One of the big ticket items concerning menus is ticket 13154 where editing menus causes pages/posts to be deleted. There are also some serious styling issues seen in IE6. There are also some drag n drop issues. I encourage you to read the log file as it’s an interesting discussion surrounding menus and IE6.
Ticket 10607
There was a bit of discussion around ticket 10607 that ended up breaking WordPress MU.
WPMU literally used is_null() to check, in a loop, which completely tanked a page. We now return an empty array. No problems if a plugin is using empty(). But we’re introducing back compat issues with is_null. I’m okay with that, but if it was used in MU, who knows where else it was used. If we change it back, we’ll continue to need to occasionally cast as an array, or use empty, et al. This is a change that can break plugins.
Plugin developers are reminded to test their plugins on the beta versions of WordPress to see if this particular change breaks them.
Trashed items interfere with page/post slug generation
Based on ticket 11863. After some discussion, there will be some added messaging for users when they are trying to use a permalink that is already present and held within the trash bin.
If you want to suggest a topic to be discussed at the next meeting, you can by visiting the WordPress development updates blog. If you would like to participate in the chat next week, install IRC or an IRC compatible client and connect to the following IRC server.
chat.freenode.net or any random server on the Freenode network and then join this channel at 4:30PM Eastern time or 20:30 UTC Thursdays. #wordpress-dev.
WPDocs was passed along on the hackers mailing list this morning. It was created by the folks over at The Dextrous Web which is a web development company that focuses on building websites for the public sector. The WordPress API along with files are located in a sidebar on the left with the explanation provided on the right. So far, the feedback from other developers has been great. Among some of the enhancements in the works is for the pages to be indexed by Google, linking to the WordPress trac’s code browser, and listing the uses of a function. You can never have enough resources like this so be sure to add it to your bookmarks.
Andrew Nacin who is one of the core developers for WordPress has put together an interesting visualization that displays all of the names of those who have contributed patches to the core of WordPress, specifically, 3.0. No surprise that Andrews own name shows up pretty large along with a few notable others.
So, based on a Trac report I made for demetris so he can compile the list of contributors, I generated these word clouds. These are based on changesets 12456 to 14319 (thus, as of this morning). Of 1864 commits, 677 of them had props given, for a total of 720 props (some commits had more than one). Patches were contributed by 170 people so far, the most ever (or so I’m told).
Head on over to his site to check out both the Wordle and the Tag Cloud. Congrats as well as a hearty thanks to all of those individuals who contributed patches to make WordPress 3.0 possible.
Cruising through the feedreader today, I came across an article that explained how to customize the feed length as well as the HTML tags used. However, the site providing this advice was located on Blogger.com. This had me wondering if users would be less likely to heed WordPress specific advice if it were published on a non WordPress using site. So far on Twitter, the feedback has pointed towards no. However, it’s open to discussion in the comments, after you place your vote of course.
Are You Less Likely To Take WordPress Advice From A Site Not Running On WordPress?
I love it when other podcasts interview employees of Automattic, especially ones I’ve never heard from before. WordCast Conversations, episode twelve features an interview with Maya Desai who is charge of operations for Automattic. She is also the one WordCamp organizers most likely talk to when it comes to planning an event or having Automattic employees show up. In the interview, we find out how she became an Automattic employee (it’s a funny story), what it was like to transition from a corporate environment to a virtual one, and some other experiences she’s had. One tidbit of information that I picked up in the interview is that the WordPress store will be moved and run in-house. No word yet if there will be any new products added to the store. I’m waiting on a hat or a long sleeve shirt.
If you’ve been too busy to spend some time playing around with the new menu system in the latest bleeding edge version of WordPress, WPEngineer has a couple of screenshots of the latest user interface that will be part of the 3.0 release for managing menus. A couple of the comments mentioned that based on the screenshots alone, it was clear that it would be difficult to scale. I’ve played around with the menus for a little bit and I was able to create five of them before the sixth menu forced the menu widget to the bottom of the screen. One of the only complaints I have with the system as it stands now is a cosmetic one. Since the menu addition widgets are on the left hand side and the menus are on the right, it looks totally different than most of the other pages throughout the administration page, especially the widget management page. It’s not a huge issue but I think it detracts away from the consistency of the back-end. Here are two screenshots showcasing what I mean.
5 Menus
Widgets Have A Sidebar Content Sidebar Layout
I suppose if the menu addition item sidebar were moved to the right, leaving the menus in the middle, it just might address the consistency factor. As for actually using the menus, I love the idea of not being limited to category or page links per menu. I can mix and match them as I please.
By the way, I’ve decided to add one more screenshot of what the WooNavigation system was like before it was hacked to death. There are some things that didn’t quite mesh with the surroundings such as the icons but just about everything else seemed native to me. I’ve not had the opportunity to use WooThemes version of the menu system but just from watching the video, it seems easy enough.
It will be interesting to see how the menu system will change either UI or functionality wise before the release of 3.0. I’m also looking forward to reading all the feedback around the menu system once it hits the public’s hands although many who upgrade right away may not even see the menu system until they upgrade their theme with the required functions.
There is a great post over on the Akismet blog talking about some of the newest trends they have noticed in web spam since 2005. Among them are Chinese wholesaler spam, human-posted spam, and malware spam. Considering the large volume of comments running through the Akisemet service, it’s always interesting to see what the trends are. I agree with them that Trackbacks and Pingbacks have been abused or used in the wrong way so much, that many large sites have abandoned using them altogether. Thankfully, Trackbacks apparently are so unpopular that many spammers have abandoned that tactic.
The one thing I’ve noticed on WPTavern.com is a large number of comments that specifically advertises the software that generated them. I’ve also noticed a large increase in the amount of human spam that is what I consider border line legitimate. I’ve even approved one or two by mistake. However, the most annoying aspect of spam is coming from websites that display 10 or more related posts from across the web. Some of these legitimate and illegitimate websites are showing 100 or so links generating a massive amount of pingbacks. I became a victim of a denial of service attack thanks to this method combined with a large splog network.
What are some of the specific trends you’ve noticed on your own site?
April has been a troubling time for a couple of well known web-hosts security wise. Ipstenu wrote a post on the various hacks that took place this month and I thought it was a well written piece that explains the variables that needed to happen for those events to occur. I’m not sure if she coined the phrase but I like her idea that security is a tripod.
* The Web Host is responsible for making sure the server itself is up to date with the latest patches etc, and that the server is configured in a safe way.
* Web-apps are responsible for not unleashing needless insecurities to the system.
* The end-user we pray to the flying spaghetti monster that they’ve not done something to violate security out of ignorance.
We’ve also been chatting in the WordPress Tavern forum on whether WordPress should ship with a built in set of security tools. Based on feedback within the thread, the majority don’t feel as if that is necessary. When thinking about this topic, it’s important that we try to figure out how far the responsibility of the WordPress codebase goes in terms of security. Should WordPress make sure that the code is secure out of the box and that’s it? Or should it have built in mechanisms to protect users in certain use cases? Security only goes so far on the application level and as has been discussed on the forum, if the server that is hosting a WordPress powered site becomes compromised, then it’s all over. The only glaring security issue I’d like to see tackled in WordPress is a built in login lockout system where password crackers can’t sit on the WP-Admin page and try out as many passwords as they want.
I think the biggest part of security as it relates to WordPress is using a competent host, especially if it’s shared hosting because you as a customer can’t configure anything on that server as it relates to security. Therefor, when hosting with them, you are putting your eggs in their basket hoping they don’t break. I think what I’ll do is try to put together a guide or questionnaire with the help of the Tavern community that you can use for potential webhosts you’re interested in to see if they meet certain requirements for secure hosting.
Jean-Baptiste Jung who runs CatsWhoCode.com has compiled a list of what he considers to be the top WordPress hacks so far in 2010. Among the list are code snippets to allow contributors to upload files, display ‘time ago‘ dates, WordPress navigation outside the loop, and disallowing the ability to switch themes. One of my favorite tips in his list is the MySql query statement that makes it easy to remove specific shortcodes from posts. However, can anyone verify if I could use the search and replace plugin to search every post for the short code and just replace it with blank space? Wouldn’t that do the same thing but without going into phpMyAdmin?
In this series wrap up, Jake and I talk about some of the sticking points from the previous three episodes. We discuss what we’ve learned and what we thought was useful information for those looking to start a business in anyone of the three areas that we covered. Among some of the topics of discussion were the low barriers to entry for theme and plugin authors, the costs of running a Software As A Service model, the majority of panelists not taking to the Freemimum model too well, and other tidbits of information. I hope you all enjoyed this series and if you could, please tell me anything you learned from this series in the comments.
Smashing Book Contest:
Week Three Winner - Carlos Frevert
Congratulations to all the winners.
Ad Copy:
This episode did not have a sponsor. If you’re interested in advertising on WordPress Weekly, check out the Advertising information page to find out how.
Status Check
Loading ...
In this series wrap up,