Development Notes #6 Project on hold

I think it should take no surprise that I’ve been a little bit tight on time. And to keep myself from going insane I decided to put this on a little hold for a while and decided to use the remaining time to focus on hobbies in the meantime. Like playing Genshin Impact or any other game.

The reason for this is quite simple. Because there’s quite a lot of back and forth going on with my life at the moment I just thought it was easier to put this on hold and continue it on mid November. I think I have made a lot of progress so I’m not really worried taking a bit of time for myself.

Also, on a fun fact my servers went down and I had to install the servers from scratch so… at times the site loaded extremely slow because the database server was in Italy while the application server was in the United States. I’m finally back online and now I can continue writing posts.

Upgrades: Hello, Ubuntu Server 20.04 LTS

It’s been a fairly busy day of multitasking on my end. I’ve been waiting to upgrade the servers to 20.04.1 once it was out and today I felt like it was the best decision to do this.

Maybe because I don’t have a lot going on my servers it was just easier for me. The thing that really stuck out for me were the configurations I have done, you don’t really want to go around overwriting things with the maintainers configuration. Not because they are “bad” but because they will return things to its vanilla form.

I think the only thing I’ve been disappointed so far has been the PHP 7.4 performance. It’s been said that it was a huge leap over the previous versions so I thought that once I upgraded to that version everything would be lightning fast… but that’s not really the case… things aren’t lightning fast they are just… normal fast and not really different from PHP 7.2.

That said, there are some things I want to do but it requires networking knowledge… and that’s something that I don’t really have sadly because I just suck at networking.

Anyway, here’s to future-proofing!

Development Notes resuming

My MacBook Pro broke down and I switched over to a Dell XPS 9500. I didn’t go over for the 4k screen because I prefer having a better battery life overall and I mostly do programming with a side of gaming. The thing that I mostly miss about the mac is having good font support it seems that on Windows 10 if you are on 1080 or 1200 it means that fonts gets pixelated a bit.

The font being pixelated a bit doesn’t really bother me much. This machine is a bit of a bit. Anyway, I’m happy to say that I’m back on Windows 10 and I’m back to continuing my development.

Development Notes #2: WordPress suggestions and practices are awful when it comes to security

Photo by alx_chief

A disclaimer: This post doesn’t have anything to do with the core team or their roadmap.

As anyone doing software development, when we have questions one of the things we have to do is use a search engine. The documentation in WordPress can sometimes be extremely vague, or at times there are situations where a hook or filter I need exists but I end up recreating the wheel just to be annoyed that it’s already there and my time has been wasted.

One of the things that really stood out is the amount of really, really bad recommendations because some of the answers are copy/pasted from other answers and of course maybe the person writing out the answer hasn’t come to the realization that WordPress way of naming their hooks and filters can come out as vague.

And to know surprise I’m talking about:

is_admin()

The is_admin() function is meant to just check if you are within the administrative interface. But given the rather free and exposed nature of WordPress it’s also a function that could have unintended effects. For example, Some plug-in creators doesn’t develop plug-ins with security in admin, I’ve noticed with a plug-in that I use that anyone could literally change the configurations of my plug-in as long as he/she is registered.

But the problem goes deeper. The workflow that WordPress has introduced over the year is a bit convoluted. A plug-in is literally a free soul that is attuned to the environment, it’s a vacuum that receives all types of requests.

is_admin() while it is an offender doesn’t cover the next thing. Some plug-ins aren’t aware of AJAX/RESTful calls so they end up blocking the calls because the plug-in is expecting the call to be done while a user uses the admin interface but that may also break features that are meant for the public, depending on how things have been laid out.

I feel like while WordPress does tell the developer “hey, you can use this to achieve this”, it doesn’t instruct the developer on “hey, that’s cool you are using our hook/filter but before all that you should check out documentation on security and understanding the functions you need to safely provide resources to your users.”

But it’s not only a thing about security. Like I said, a plug-in in WordPress is a free soul. It listens to all requests, meaning the developer has to devise a way to tend to the needs of:

  • public requests
  • private requests (within admin)
  • public (ajax/RESTful)
  • private ajax(RESTful) (within admin)

That aside for a moment, I have actually enjoyed my time developing my plug-in. I can’t actually wait to use it in the public myself but it’s under heavy development.

One of the things I love is how flexible/extensible/versatile WordPress do things. It takes very little effort, or any at all! But as all things, it’s also super easy to mess up your code and leave yourself wide open to attacks.

And I fear that while WordPress has vast amounts of plug-ins out there the bigger question is how many of them are secure?

Would the fault lies with WordPress core team not communicating things? Would WordPress StackExchange need to go on a purge to flag all high risk answers ?

It’s food for thought honestly. Personally, we are already here, and I’ve seen their new documentation and it’s amazing but the people who are writing plug-ins may not be aware of such documentation and maybe being more vocal about security isn’t a bad idea.

DNS Updates

Small update that the site is currently switching over to new nameservers and it might not work for everyone. Propagation usually takes 48 hours.

Hello, WordPress, great to see you again! Development Notes #1

This week has been extremely busy for me. It’s been a while since I worked on the development of a new site. A lot of what I’ve done this week has been pretty much the definition of: “Can I do this with WordPress?” *proceeds to poke the code with a stick*

And so far the answer has been, yes, a lot of the difficulties I’ve thought would cause me a a lot of headaches has turned out to be great, yet I don’t want to make it sound easy either I have spent a lot of time reading documentation and going back and forth with the core code. As to why you wonder, why would you go to the core code? Surprisingly because the answers I seek weren’t found in Google.

A lot of the answers became more of a sales pitch: “Hey, what’s up, my company works on this plug-in it just costs $60 monthly”. Quite frankly I’m not against making a living out of this at all. I’m gearing myself towards this as well.

As I progress I notice a lot of potential that can be untapped with WordPress… it’s actually insane how much you can do with it and the nature of how you do business with WordPress code always feels slightly primitive. It’s like having this piece of software akin to the likes of Slackware which a lot of well-tested scripts to power through the OS, but instead you have a lot of scripts, tiny functions that can be overridden or filtered.

WordPress is honestly a miracle that has stayed glued together.

You still find code from WordPress 1 or WordPress 2 versions and see them hanging around in 2020.

Overall, it’s been a great experience. That were some things with the structures that took me by surprises and in the long run it makes sense to have it that way.

I’ve also been using Visual Studio Code which so far has been a delight to use. I thought about paying for PHPStorm but ultimately…. the experience provided by Visual Studio Code suffices.

Evolving the site and giving everyone their place to talk. Humble Spaces™

Photo by Lilac and Honey

As of late I’ve been thinking of expanding this site into something else. It’s been a long time since I’ve done something community-driven and for someone who moderated communities a long time ago I guess there’s a small part of me who feels a tiny bit uneasy.

Well, in general handling people is never easy in any profession.

The Humble Spaces thing is a joke… kinda. I mean, in a sense I’m giving you the space to have your own thing going. I also don’t usually talk much of what I do, I’ve always adapted the idea that it’s always better to speak with actions rather than words. Words are cheap, actions solidifies your commitment to what you have planned. Excitement gets the best of us, and it has happened that sometimes I get overly excited about something and talk about it endlessly but at the end of it it’s all hot-air, nothing. So, in a sense I actually dislike talking about things that I have in mind for the future because I consider it a taboo, consider it something I’ve instilled within me as a code to follow.

I do think it’s the best approach and for whatever it’s worth it’s more of an experiment than anything else. I don’t think I’m going with the mindset that suddenly it’ll be flooded with people.

I ended up choosing WordPress as my go to content management system. I think at some point, and it happened again this year is that I usually prefer to create my own stuff, but the truth behind that is that it takes 10-15x times the effort to just roll out on your own for an audience that may not be exactly there at all.

WordPress fits the bill in almost every area. It’s easy-to-use, it’s manageable, and it has all the tools I need for people to use. PHP 7.4 is around the corner for me, although I could go ahead and make it available for me but I’d rather wait for Ubuntu Server 20.04.1 because it’d be less headaches.

There are some integration things that I want to do to broaden the way the audience share their content. But ultimately, my expectations are that I just gotta keep working on it.

I do subscribe to the ideas of Jeff Atwood. I’ve always wanted to get better at writing, but there’s a huge part of me that fears writing. Quite honestly, you can’t get good at something if you don’t practice every day or at least a few times in a week. And what I mean by all of this is that you’ll see more content from me. I will continue writing more, and I hope that once the site has expanded that you also join me in writing and speaking your thoughts.

Sometimes I wonder if WordPress is unbeatable…

For years I’ve been looking at possible replacements for WordPress. I’ve thought about Drupal but it requires too much time to setup to bother. I did like Movable Type when it was open source ages ago but that somewhat died really quick as well… plus you needed to have extensive knowledge of Perl to get somewhere programmatically, something I didn’t have.

Checking other languages like C#/Java/NodeJS seemed to have good contenders… but in the end it was a mix of:

  • How much time do I really want to spend on this?
  • WordPress is extremely well documented with its StackExchange site as a backup if things go wrong.
  • Ghost blogging platform looked like a great contender but at the time there wasn’t much documentation on how to create plug-in. Plus it would defy my “how much time do I really want to spend?”
  • PHP is still one of the easiest language to get around. And like JavaScript it’s also one language you can mess up pretty quickly or misunderstand.
  • In an unrelated note I’ve noticed PHP community has gotten worse? There seems to be a lot of zealots than in the old days when everyone was just happy with what they had. Most of my fond memories with the PHP Community was how open it was to help.
  • In another unrelated note: Python community is still one of the most loving helpful folks beating almost any community. They are chill and ready to help.

Unrelated notes aside…. it seems that even in 2020 WordPress remains to be one of the strongest platforms ever created. It’s easy to get into, easy to work around changes, easy to do stuff.

If you have any open suggestions just let me know below if you ever stumble upon this article.

It’s good to be 127.0.0.1(home): New (blazingly fast) host

Hurrah!

I’ve been meaning to actually move this site to a new host. Not just this site but all the other sites that are under this…. I can say that I’ve been successful and it took me a sweet 3 hours to configure everything.

Ouch!

Now, usually moving large amount of files I don’t even bat an eye to that. I just put my trusty rsync command to do its magic and get all files transferred.

What took me a bit was the MySQL configuration part. Now it actually has more secure configurations so it’s really nice, but…. I had users set to specific IP addresses that I’ve forgotten about. Testing nginx configurations was remarkably fast… to the point I was surprised how little you need to get nginx running. I also have extra users for PHP FPM so they run isolated from everything.

What’s left is a series of doing some security configurations and update the backup script I’ve used for all my sites.

All in all. I’ve been meaning to do this for a long time. Yay me!

This world has been connected aka “this site is live again”

As you can guess this site is back. I had a couple of hiccups with SSL as the renew in certbot wasn’t working correctly. I didn’t sweat the issues but it did take me a while to figure out why the site wasn’t loading. Turns out that I had a plugin for wordpress that enforced https thus making me nginx redirect to the https.

I like https. But seeing that it has become a bit of a hassle to maintain it and I only blog on a monthly basis I don’t see why I should consider SSL anymore.

I ended up mass updating a lot of stuff in the database to clean out any https reference that belonged to my site. It turns out that storage.thehumble.ninja has been offline for 2 months now. There’s a quick fix coming for that.