Browse: Home / 2010 / April
Interview With Beau Lebens Talking BackPress

Interview With Beau Lebens Talking BackPress

By Jeffro on April 16, 2010

Have you heard about BackPress? The only times I’ve seen it mentioned are within inner development circles of WordPress and for good reason. It’s not widely known and is a project that has a different focus than WordPress. To get more information about this project, I sent a few questions to Automattic employee, Beau Lebens.

First off, what is BackPress?
BackPress is a library of code which gives developers a head start on creating web applications in a very WordPress-inspired way. It provides a lot of functionality that WordPress developers are used to and have come to rely on, while handling a lot of compatibility and common issues in a standardized way.

What is the history of this project?
When bbPress was being developed, it was quickly realized that a lot of the functionality needed already existed: in WordPress. Rather than re-inventing the wheel, it made a lot of sense to extract some of that code from WordPress and move it into a place where it could be shared between the 2 projects. Once it was modularized like that, it became easier for other projects to include BackPress and use it as a foundation for a common set of features.

What projects currently use BackPress entirely or parts of it?
WordPress (and by extension, WordPress MU) uses parts of it, although as the “seed” for a lot the BackPress codebase, it’s often not indicated as such. bbPress uses all (or most) of the BackPress library. GlotPress is based heavily on BackPress (and is the motivating driver behind a lot of the i18n code in there, which then feeds back to WordPress). Automattic has an internal project called SupportPress which uses BackPress code, and I have a personal project called HTFS which uses it as well. I know there are a few other folks working on unreleased apps using it, but I’m not aware of anything else public that’s using it.

Who’s in charge of or involved with BackPress and is it open to the public?
The current project lead is Peter Westwood (westi), who is also one of the core committers of WordPress. Major contributors include Mike Adams, Nikolay Bachiyski and Demetrious Kelly. I’ve helped out setting up the website and drumming up some attention.

What is the immediate future of BackPress?
For now we’re keeping BackPress in line with WordPress and seeing what happens with the development of bbPress. We’d love to hear from anyone who’s using it in their own projects to see what’s missing, if there’s a better structure for the files, or anything else.

Where can we find more information regarding the project?
http://backpress.org is the best place to start. We also have the #backpress room on IRC (freenode), but it’s normally pretty quiet.

Posted in | Tagged , , | 1 Response

No More Unlimited Support Or Upgrades For GravityForms After May 1st

No More Unlimited Support Or Upgrades For GravityForms After May 1st

By Jeffro on April 14, 2010

GravityForms recently made a big announcement that will affect new customers who make a purchase after May 1st. Currently, all customers who purchase a single or developer support license receive unlimited upgrades for life.

On May 1st we will be changing the Gravity Forms Terms of Service. Support and automatic updates will change to a 1 year term for all NEW purchases beginning on that date.

Customers who purchase before May 1st will NOT be impacted and will continue to receive lifetime support and updates for the license they currently own.

Not only will the 1 year of support and upgrades be tied to the single site license, but the developer license as well. Customers who make a purchase before May 1st will get lifetime support and upgrades as well as those who upgrade to a developer license. If you haven’t purchased your copy of GravityForms, now may be the best time to do it so that you’re set for life when it comes to support and upgrades.

If you need a reminder of what GravityForms is capable of doing, check out this recent review from BloggingPro.com.

Also for existing GravityForms customers, check out Joost De Valks GravityForms widget.

Posted in | Tagged , , , | 5 Responses

Using Amazon S3 To Set Up A CDN In WordPress

Using Amazon S3 To Set Up A CDN In WordPress

By Jeffro on April 14, 2010

Ghacks.net has a great, in depth article on how to set up a content distribution network in WordPress using Amazon S3. The guide gives you the ingredients needed and walks you through the entire process of installing and configuring the W3 Total Cache plugin, setting it up to use the CDN, getting an S3 account, etc.

It takes between one and six hours to configure and activate a CDN on the WordPress blog. Most of the time is spent waiting for the DNS to propagate, the account to become active and the data to be transferred. Webmasters should check the speed of their website in Google Webmaster Tools (or other tool) to see if the changes have decreased the load time for the users of the site. They should also monitor the costs over at Amazon.

On the flip side, I’m currently using WPCDN on WPTavern.com and it was easy to setup. Even though they have a plugin to use, W3 Total Cache made it even easier to setup thanks to its built in way of handling different types of CDNs. I’ll be using this CDN for a month and then asking you if the site has loaded any faster.

Posted in | Tagged , , | 15 Responses

Who’s Right? Network Solutions Or Matt

Who’s Right? Network Solutions Or Matt

By Jeffro on April 13, 2010

I haven’t had the time to write about much WordPress news lately but after reading the post published on the WordPress developer blog regarding Network Solutions, it might have been for the best.

There have been a number of WordPress based sites hosted on Network Solutions that have had their databases compromised but overall, the issue was not directly targeted at the company. There has also been an ongoing discussion in the WordPress Tavern forums regarding all of the information surrounding the attacks. I’ve been keeping an eye on my feedreader to view the thoughts and opinions of many different websites all following and reporting on the story and if you didn’t know any better, you’d think there was a major exploit in WordPress 2.9.2. As Matt points to in the dev blog post, many websites reported this as a WordPress security issue.

However, Matt’s response is a direct conflict with what Network Solutions has stated. First, Matt’s response.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

What Network Solutions has stated:

Although this issue is not with our hosting servers, we can help you clean this issue up and restore your site to a previous backup. However, this may not guarantee that the issue will not occur again. We are working with the WordPress community and affected Network Solutions customers to help determine which WordPress theme or plugin that may be causing this issue and we will update this post as we learn more.

We continue to look out for our customers and our security team is reviewing logs to determine which WordPress instance or plugin may need to be fixed. We have also been working with experts in the WordPress community on this issue.

It will be interesting to see if anyone from Network Solutions will come out and vouch for it being a permissions issue that caused all of the problems. Until then, we won’t know for sure if that was the case. Andrew Nacin who is also one of the core developers of WordPress has requested that a proper explanation be given that sets the record straight.

There are two posts in the Tavern forum thread that I wanted to bring to light here that might help others when it comes to directory and file permissions.

ChipBennett – So, I’m not experienced with administrating shared server environments. Wouldn’t setting wp-config to 0640 prevent this attack, even if all else were held equal? (Apparently, only WordPress installs for which wp-config.php was 755 were getting compromised.)

Otto – 640 or 750 indeed prevents this.

The reason WP doesn’t check for that is two-fold:

1. On a standard server with a basic and straightforward configuration, The site will fail with 640/750 on wp-config, because Apache won’t have rights to read the file. For 640/750 servers, you must be running suPHP for it to work. suPHP lets Apache run with the user credentials. Many, many hosts don’t run with suPHP.

2. On a single-site box (dedicated), you don’t need to worry about other users reading your files, since hopefully you have no other users. So requiring esoteric configurations makes that setup harder.

Basically, shared hosts *NEED* to run suPHP in order to be secure. suPHP prevents webapp attacks from moving outside their personal sandbox, and it allows users to set xx0 file permissions to eliminate other users on the box from reading their files.

But, suPHP is not the default configuration, so unless the host knows their stuff, they don’t do that sort of thing.

I’m also going to link to the following articles as they contain some great information regarding WordPress sites being hacked and how to harden the software.

http://codex.wordpress.org/Hardening_WordPress
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://www.devlounge.net/code/protect-your-wordpress-wp-config-so-you-dont-get-hacked
Top 5 WordPress Security Tips You Most Likely Don’t Follow

There is an aside to this entire series of events. While Network Solutions was doing an admirable thing keeping their customers updated via a public blog, other agencies picked up on the news and considering it’s a blog for a known webhosting company, took their facts for face value. This was like a bad wildfire that kept spreading until the official WordPress development blog post was published today, putting a damper on those flames. I was very close to writing about the security issues being reported and if I did, I would have linked to the relevant articles and I probably would have added fuel to the fire. I wonder if Network Solutions should have kept their customers updated in a different method than one that was so public. Also, none of the articles that I read concerning these security events quoted Mark Jaquith or Matt Mullenweg confirming that there was a specific issue related to the WordPress software. Mark did give a rule of thumb to Network Solutions regarding permissions.

“the most restrictive permissions that still work.” File permissions vary from server setup to server setup, Generally, “644″ is recommended for wp-config.php. For public_html, it is usually 755.

Let’s keep an eye on the Network Solutions blog to see what they say.

Posted in | Tagged , , , | 33 Responses

WPWeekly Episode 95 – Commercial Plugins

WPWeekly Episode 95 – Commercial Plugins

By Jeffro on April 11, 2010

wordpressweekly1In this episode of WordPress Weekly, Jake and I chatted with three commercial plugin authors. Two of which are in the middle of maintaining a successful business while the third was just getting started. The panel members consisted of Carl Hancock of Rocketgenius, Jonathan Davis of the Shopp e Commerce plugin and Ronald Huereca of Ajax Edit Comments. We went from the ground up in terms of questions regarding each persons business. Jake and I had large shoes to fill based on the feedback of the commercial themes round-table episode but I think we pulled it off. Thanks to everyone who showed up in the chat room during the show.

Ad Copy:

This episode is also sponsored by EnvironmentsForHumans.com This is an organization that excels at getting experts together in a given topic and then exploring that topic from different angles. The next topic to be handled is the UX Web Summit on Wednesday, April 21, 2010 from 9:00 AM – 5:00 PM (CT). This event will teach people how to improve their websites so that they are more responsive to visitors as well as making this more usable. If you’re interested in this summit, visit UXWebSummit.com

Related Links:

During this episode, we talked briefly about the topic of selling GPL licensed software. To put the issue to rest on whether folks are allowed to sell GPL software or not, please view this link which was passed along during the show. Selling Free Software

Smashing Book Giveaway Contest:

Congratulations to JeremyOLED for winning a copy of the Smashing Book courtesy of Jacob Goldman. If you want to put yourself in the running to win week two, here is what you need to do.

Help us publicize the special WordPress Weekly series on commercialization! Just follow @WPTavern and guest co-host @jakemgold on Twitter, and Tweet a message mentioning us both with a link to the most recent episode. We’ll randomly pick one of our favorite tweets right before the next show.

We’ll be giving a book away for each of the episodes (excluding wrap up). You can participate each week. Each contest starts at 2pm on Saturday with the show’s recording, and ends the following Friday evening. You may participate if you’re outside of the contiguous United States, but will be asked to cover shipping expenses.

Announcements:

Part 3 of this series will take place on April 17th with the Services Round-table featuring Joshua Strebel of Page.ly, Daniel Bachhuber – Formerly of CoPress, and Raanan Bar Cohen of Automattic

WPWeekly Meta:

Next Episode: Saturday, April 17th 2P.M. EST

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Length Of Episode: 2 Hours 28 Minutes

Download The Show: WordPressWeeklyEpisode95.mp3

Listen To Episode #95:

Posted in | Tagged , , , , , , | 4 Responses

Marshall – Newest BuddyPress Core Contributor

Marshall – Newest BuddyPress Core Contributor

By Jeffro on April 7, 2010

Marshall who goes by the user name MrMaz in the BuddyPress community has been appointed the newest member of the BuddyPress core team. Marshall will be focusing on the BuddyPress API which will make the lives of developers easier to seamlessly integrate their plugins into BuddyPress. His work will be slated for release in 1.4 and onward. Marshall has a successful BuddyPress plugin called BuddyPress Links which adds rich media sharing. How this plugin integrates into BuddyPress as if it’s a part of the core was a sure sign that Marshall knows what he’s doing and was one of the major reasons why he was asked to join the team.

Congrats to Marshall.

Posted in | Tagged , , | 1 Response

A Little Closer To Being Global

A Little Closer To Being Global

By Jeffro on April 7, 2010

Gravatar has yet to live up to the G (Global) in its name but it’s slowly getting there. Beau Lebens has published a few more developer resources that have been submitted to the Gravatar site including a Gravatar extension to the Yii framework, extension to the TYPO 3 CMS, and a Django custom tag.

I remember in 2009 when I asked why Gravatar was not mainstream, despite the service existing for a number of years now. It’s not as if Gravatar needs to completely replace avatar systems. It just needs to be one of the choices when configuring your avatar. I was very surprised to find out that VBulletin does not have built in support for Gravatar nor is there an extension to add support for it. I’d think that there is a benefit to using Gravatars on a forum instead of uploaded custom avatars because the images are loaded from a third party service and that means less space in the database being used by all of the uploaded avatar images.

Since the avatar system still does not have global support just yet, I was happy to read the news regarding Gravatar Profiles. This definitely gives Gravatars more oomph. I wonder if support will be added to show the most recent blog posts or other things on the Gravatar profile.

Posted in | Tagged , , , | 1 Response

You Can Now Share PollDaddy Survey Reports

You Can Now Share PollDaddy Survey Reports

By Jeffro on April 7, 2010

PollDaddy has introduced a new feature today that enables users to share the results of their survey with other people without giving complete access to their account. Survey reports are password protected and you can set exactly which parts the sharer can view. This feature is only available to Pro and Corporate account holders. More info on how to utilize this feature can be found here.

I’d like to see something like this for Woopra. Right now, the only way you can share statistics with someone is if they have a registered account with Woopra.com and you give that account access to see your stats. Instead, I’d like to create a private URL that expires in a given amount of time to someone interested in detailed stats. Something like what PollDaddy has introduced would be a good time saver and not require the person I want to share stats with to have an account with Woopra.com

Posted in | Tagged , , , | 2 Responses

Name Your Dream Theme Team

Name Your Dream Theme Team

By Jeffro on April 7, 2010

Automattic recently hired yet another theme wrangler to join their theme team that they are putting together. His name is Lance Willett.

I’m stoked about my position as “Theme Wrangler” with Automattic. I’ll be working on web design and development projects, mostly revolving around themes and WordPress.com. I’m sure I’ll also use my Spanish and French skills since people all around the world use Automattic products.

Congratulations to you Lance for landing an awesome job with an awesome company.

In my post show discussion with Matt Mullenweg he mentioned to me that Lance was recently hired. I inquired what exactly the theme team was supposed to do for Automattic. The theme team is comprised of individuals that will focus initially on creating and porting themes for WordPress.com. One of the most requested items from WordPress.com users is the ability to choose from more themes. Themes that stand the highest chance of being ported over into WordPress.com are the ones found within the theme repository. However, as they have done in the past, Automattic may choose to contract out a theme design from a commercial theme company. On top of that, if a company such as WooThemes or StudioPress developed a theme exclusively for WordPress.com, Matt has no problem with the credit link going back to that companies home page.

Automattic is planning on putting together a theme team of about 5 or so people. So far, Lance Willett and Ian Stewart are part of that team. Maybe Justin Tadlock will submit his application to Automattic to be part of this team. He obviously has the skills necessary but I wonder if he has the interest in working for Automattic or if he’s even submitted an application already. At any rate, I figured I’d give you the opportunity to name your dream theme team consisting of 5 people.

  • Ian Stewart
  • Justin Tadlock
  • R.Bhavesh
  • Casey Lee
  • Drew Strojny

Posted in | Tagged , , , | 6 Responses

WPWeekly Episode 94 – Commercial Themes

WPWeekly Episode 94 – Commercial Themes

By Jeffro on April 4, 2010

wordpressweekly1This episode was the first in a series discussing the commercialization of WordPress. Within this episode, we talked with three commercial theme authors who are in the midst of maintaining a successful business. Joining us on the round table was Jason Schuller of Press75/ThemeGarden.com, Brian Gardner of Studiopress, and Cory Miller of iThemes. Considering the commercial theme market will be red hot this year, this episode gives those new guys or aspiring commercial theme authors plenty of food for thought. Also, Matt Mullenweg made a surprise appearance near the end of the show to ask some questions he had to the members of the panel. Jacob Goldman did a great job asking some meaty questions that were really business focused and I feel that just about anyone who listens to this episode will be able to learn a thing or two about the business of commercial themes.

Smashing Book Contest:

Want to win a copy of the Smashing Book and a chance to participate in our wrap up episode on April 24th? Help us publicize the special WordPress Weekly series on commercialization! Just follow @WPTavern and guest co-host @jakemgold on Twitter, and Tweet a message mentioning us both with a link to the most recent episode. We’ll randomly pick one of our favorite tweets right before the next show.

We’ll be giving a book away for each of the episodes (excluding wrap up). You can participate each week. Each contest starts at 2pm on Saturday with the show’s recording, and ends the following Friday evening. You may participate if you’re outside of the contiguous United States, but will be asked to cover shipping expenses.

If we get over 500 participants in the contest, before the wrap up show, we’ll also give away one copy of Smashing WordPress to one participant after the last episode!

Ad Copy:

This episode is also sponsored by EnvironmentsForHumans.com This is an organization that brings together expert speakers on a given topic exploring that topic from different angles. While they recently had a WordPRess Workshop, the next event will be a UX Web Summit on Wednesday, April 21, 2010 from 9:00 AM – 5:00 PM (CT). This event will teach people how to improve their websites so that they are more responsive to visitors as well as making this more usable. If you’re interested in this summit, visit UXWebSummit.com

Stories Discussed:

WordPress 3.0 Beta 1 Was Released Friday Evening

Announcements:

Part 2 of this series will take place on April 10th with the Commercial Plugins roundtable features Carl Hancock of Gravityforms, Ronald Huereca of Ajax Edit Comments and Jonathan Davis of the Shopp plugin.

WPWeekly Meta:

Next Episode: Saturday, April 10th 2P.M. EST

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Length Of Episode: 2 Hours 12 Minutes

Download The Show: WordPressWeeklyEpisode94.mp3

Listen To Episode #94:

Posted in | Tagged , , , , | 15 Responses

Page 3 of 4« First...234