Closer To The Ideal

I had to deal with the Pharma attack recently. It is worrisome that no one yet knows how this gets onto your server.

Kind of funny, kind of odd. Darren Hoyt notes a Republican candidate re-using his Obama theme:

Today Geoff Fox tipped me off to something ironic: the website for Republican congressional candidate Daria Novak is using a WordPress theme I designed back in 2008 for Obama supporters. What’s interesting is that soon after Geoff made the observation, Novak’s web team removed all references to Obama from the CSS and templates, even changing the name of the /theme/ directory.

I was just looking at the video on DIY Themes that explains their Thesis framework. I was surprised by the part of the video where he describes how to move the nav bar from above the title to below it. Moving the nav bar involves adding 2 lines of code to their custom_functions.php file, as you can see in this screen shot:

Doesn’t it seem bizarre that you need to type these 2 lines of code?

remove_action(’thesis_hook_before_header’, ‘thesis_nav_menu’);
add_action(’thesis_hook_after_header’, ‘thesis_nav_menu’);

I’m curious what theory of user interaction justifies these 2 lines? When you want a particular element to be exposed to control by some end-user, there are 2 ways to go that make sense:

1.) Expose the element in the simplest way, allowing for the most straightforward manipulation.

2.) Control the element from your code, so it can be manipulated from a GUI.

Since we are talking about a block of HTML, the simplest way to expose it would be to leave it as plain HTML in the template. A user could then open the file and cut-n-paste the block of HTML to another part of their template. The user could use a text editor, or perhaps GUI design software such as Dreamweaver. Or you (the programmer creating the code/theme/template) can control the element from your code, and create a GUI that allows the user to drag the element around to wherever they want it. But why would you ever do what DIY Themes does here – control the element from code, and ask your users to edit the code?

In the 1970s, personal computers were usually driven from commands typed into the command line. In 1984, Apple made a big splash when it came out with the Macintosh computer, the first personal computer that had a modern GUI. Since that time its been recognized that GUIs can do a lot to make software easier for end-users to use.

I know a lot of designers who are comfortable with HTML and CSS but not necessarily with PHP code – the risk of some maddening, hard to track down parse error is too high.

I’ve the impression that over the last 2 years frameworks such as Thesis have become popular in the WordPress community. And the kind of code tricks that you see above have become common. This is counter-intuitive. The WordPress community is one that I would have thought would have disliked this kind of design style. WordPress originally became popular with designers because it offered a fairly simple way of editing templates.

I’ve been working with PHP for 10 years. I’m comfortable with the code. But I hate template systems where design elements are controlled from the PHP code. I prefer simple, literal templates full of plain HTML, with only a few PHP commands embedded in the templates. I hate controlling the placement of anything from PHP code. I want designers to be able to open my templates and re-design everything, without ever having to edit any PHP code.

I’m surprised that DIY Themes is taking the approach that it is taking.

Much of the effort in the Thesis framework seems aimed at at wrapping a GUI around some of the technical details of running WordPress. I wonder why they didn’t wrap a GUI around these 2 lines?

Small Potato started a good conversation over on WP Tavern, about using free themes as a method of getting more business.

Pretend selling themes is short-term moola and long-term moola lies in the benefits of free themes.

How do you make money from releasing free WordPress themes?

Obviously, if your plan is sustainable, the theme community would benefit more from your free themes than from commercial themes.

Carl Hancock then argues that this doesn’t scale:

The problem with giving away free themes with the hopes of a percentage of those customers like your theme and come to you for consulting, customizations, etc. is simple… it doesn’t scale.

Consulting doesn’t scale. Selling a product scales.

You can sell that same product over and over again. You can’t do that with consulting and customization services. Consulting can also be feast or famine when it comes to income, if you have a solid product it can continue to sell 24/7.

Would you rather work on your own product or work on one offs for customers and be severely limited in how much work you can take on without overloading yourself?

If you want to monetize free themes you would want to do what Jestro is doing by using the free theme to up sell them on a “pro” version of the theme.

The next bit seems relevant to what Darren Hoyt and I are trying to do with WP Questions.

developdaly said:

What I don’t see as a “real” option is just selling themes. I totally agree that the “big theme shops” are viable businesses because their main asset is support. All I was saying was that if they didn’t offer support their business would likely disappear after the themes were distributed for free by someone else.

To which Andrea_r responded:

Totally in agreement there, I think we’re coming at it from two ends to the same conclusion. There’s absolutely no point in *just* selling a theme. Because the code can & will be redistributed, GPL or not.

This suggests that WP Questions, to the extent that it soaks up support dollars, is either in alliance with the plugin and theme developers or it is in direct competition with them. And we do not want to be in direct competition with them.

I saw this round up of interesting posts on WP Tavern. This points to a very long discussion in the forums about privacy, a conversation kicked off by this post by Elpie:

In 2007, when WP2.3 implemented the “phone home” there was a lot of concern over privacy. At that time, it was too close to the release of 2.3 so the issue was going to be revisited later. Matt said it would be reviewed with 2.5. That review never happened and I’ve just reopened the issue.

If you don’t know, everytime WordPress checks for updates it sends information such as your PHP version, WordPress version, and blog URL.
If it checks plugins then all data about all plugins is sent to wordpress.org – this means name, version, description – for every plugin. Including the custom ones you wrote, and including inactive plugins. The theme update checker does much the same thing.

All of this is sent to wordpress.org with your blog URL but the update checkers do not need the blog URL. (Remove it and they still work fine).

It’s a trivial matter to remove the blog URL but because people are not asking for this its not likely to get done. People are using plugins that prevent the update checks from being run and we’ll never know how many people decide not to use WordPress once they learn about this data disclosure.

I’ve opened up the discussion on wp-hackers. You can read it on Google Groups here: http://j.mp/66qnI3

If you agree that WordPress should not collect blog URL’s (given there is no need for them to do so and no use being made of this information that anyone knows of) then please add your voice to this discussion.

I block this on my own sites but have just been working with someone whose site was hacked after they used a “Disable Updates” plugin. The only reason they were using this was to prevent their private data being sent to wordpress.org. It concerns me that there are likely to be others doing the same thing, which is stupid when a small change in the core would remove privacy issues.

Darren Hoyt and I have launched a new website. My ideas about this site grew out of m frustration with Experts Exchange. I’ve written about the evolution of my thoughts over on the WP Questions blog.

Darren has written a summary of everything that WP Questions is, and isn’t.

We used the Symfony framework to build this site. I’ve written a somewhat technical post, over on Symfony Nerds, explaining why this was a good choice for us.

The site took Darren and I about a month to develop. I thought about the right structure for the database during the last week of October, and we got to work in early November. We both took a month long break from doing work for clients, and pretty much just worked on this site, full time, for the month. Our focus was a minimalist but sufficient feature set, a clean design, and a database structure that will be flexible in the face of future changes (among other things, I was wary of too many foreign key relationships).

This last spring I was thinking about question and answer sites where money might be exchanged. On May 5th, I wrote this in a email:

“I’ve the easiest time imagining building out a site for a particular niche… Personally, I’d love a site devoted to programming, where I could put up a question for $20 or $30. Just this week I lost 4 hours tracking down an obscure conflict in the Javascript used on a site – one script was used to fix the PNG transparency problem in IE6, and another script, which preloaded large images used in rollovers, was triggering the first script too often, adding extra images to the page. I would have loved to pay $25, or even $50, to let some IE6 specialist tackle that one. I could imagine being a customer of such a site.”

Our first day went well:

1,389 visitors

200 users signed up

A few paid questions

150 tweets on Twitter

We are starting off focused on a small niche: web developers who use WordPress. If the site is successful, we will roll out similar sites for other, broader technologies: Java, Ruby, Rails, Grails, SQL, .NET, Oracle, etc.

As I said today on our blog, in reaction to user responses:

I’ve been working on websites for 10 years, and I’m very pleased with how our first day went – much better than average. We received a lot of valuable bug reports and thoughtful feedback. I was pleased to see some questions posted. Our fees are 9% plus 50 cents. PayPal takes about 3% and 30 cents, so our net profit from yesterday was less than $10 dollars, but, hey, that means we made more on our first day than Twitter made during its first 2 years. Which leaves me hopeful that we are, in fact, offering a service that provides real utility to people. And as we listen to your feedback and implement the better ideas, we hope to be able to offer an even greater service in the future.

I went to WordCamp yesterday. Here are some thoughts about some of the speakers that I heard.

Dan Milward offered the best presentation we heard all day, about the WP-e-Commerce plugin. This is an impressive package that integrates smoothly with WordPress. From now on, when I do WordPress e-commerce sites, I’ll always consider this plugin first.

Scott Kingsley Clark was awesome. He spoke about his Pods plugin. This allows a dramatic expansion of the CMS abilities in WordPress. This could be the death knell of Drupal and Mambo and Joomla and Expression Engine. It seemed as if you could build a CMS of unlimited complexity, using the Pods plugin. It offers a GUI interface for creating new database tables, which allows you to add an unlimited number of custom types to a WordPress site.

I’m sorry to say that Mark Jaquith’s talk was weak. We caught his talk about making a living doing WordPress development. He had a handful of good insights, for instance, you should pick a specialty. He said he started off making $20 an hour but once he became a specialist in security, he was able to charge $100 to $150 an hour. But his good advice amounted to maybe 5 minutes of his 45 minutes. The rest was a dull list of slogans that I think most of us already know: keep your day job until you have enough client work coming in, once you go for it then really go for it, and if all of your clients agree with your prices then you may be charging too little. Also, he twice introduced an anecdote by saying “Okay, here is one anecdote…”. Public speakers should work anecdotes into their talk, but I think it is awkward to explicitly announce that you are doing so.

The session about the GPL license was extremely lopsided. There were 4 people on stage. Nominally, there were 2 people who represented the Automattic point of view, and then there were 2 developers of premium themes, and the issue to be discussed was how much those themes needed to conform to the GPL license (or, as Grant Griffins would say, to Automattic’s interpretation of the GPL). But only Griffins (of Headway Themes) disagreed with Automattic, so the session was 3 to 1.

I’m normally sympathetic to advocates of the GPL, however, I think some of the advocates do their cause harm with the stridency with which they advance their cause. Yesterday’s presentation about the GPL was an extreme example of this tendency.

The session had overtones of how the police might try to break a suspect. Of the 2 people from Automattic, one played the role of Good Cop and one played the role of Bad Cop. There was also the Convert – he used to be Evil, but now he is one of the Good, because he has seen the light, and now his interpretation of the GPL license is in sync with Automattic’s. Griffiths was setup as the Bad Guy – he does not need see the need to align his company with Automattic’s view of the GPL.

The Good Cop spoke in reasonable tones about how much happier businesses are, once they comply with Automattic’s view of the GPL – there were plenty of profits to be made even after complying with the community’s norms. The Bad Cop spoke in threatening terms about the selfishness of not complying with the community’s norms – how dare any company try to make money off the WordPress eco-system, without complying with the norms of that eco-system (and in the background was the threat of a lawsuit for companies that did not comply). The Convert said they had once feared the loss of sales that might result from complying with the GPL, but now that they had switched over, they found that their business was still thriving.

Mind you, the way the Good Cop/Bad Cop routine plays out is that the captive comes to think of the Good Cop as a friend, so when the Good Cop says something threatening, it carries more weight. Sure enough, the Good Cop eventually mentioned that his law firm had filed several lawsuits against companies for violations of the GPL. However, he added cheerfully, no suit had ever needed to go to court, because once his firm had filed suit, the companies they targeted immediately saw the wisdom of complying.

If they could have only held Grant for 24 hours without sleep or food, he too would surely have come to see the wisdom of aligning his business with Automattic’s view of the GPL. As it was, he continued to assert that his themes were not necessarily in violation of the GPL. He kept saying, “No one has shown me where we are in violation.” He also said that the GPL should not be treated as a religion. He also made the good point that the fear and ambiguity surrounding the GPL was probably bad for business (surely some businesses avoided GPL technologies out of concern for what the courts might find, regarding enforceability).

Mind you, I think Automattic is correct to strongly defend their interpretation of the GPL. The world has benefited a great deal from the GPL, and so it deserves to have strong debate regarding its proper interpretation. I want to be clear about my criticism here: it is good that Automattic strongly defended its point of view, but the workshop would have been much stronger if they’d had on stage more people who had disagreements with Automattic. In other words, the session would have been better if it had been more balanced. That the session was 3 to 1 had some of us feeling sympathetic to Grant, simply because he was so outnumbered. (And also, I thought he did a good job of defending his point of view.)

Also, there were some people in the audience (including a good friend of mine) who had questions that would have added much to the conversation, but the organizer of the session felt it was more important, at the end, to offer their own summary of the issue, rather than take additional comments from the audience. As I said before, sometimes the advocates of the GPL do their own cause harm through their stridency.

Grant got in the last word. He referenced a recent speech where Matt Mullenweg had apparently called certain premium theme sellers “evil”. Grant had reason to believe that the remark was aimed at him. It sounded like Matt owed Grant an apology. We should all work to avoid a situation where disagreements about the GPL are elevated to the level of Good and Evil.

After the conference, some of us went down the street to get some drinks at Tonic. I met Ramil Teodosio, who has been doing excellent work introducing WordPress as a project management tool. He has worked in some large, conservative corporations that need to innovate the ways they organize teams and resources, and he seems to be doing a good job of bringing agile methods and agile tools into such environments.

All in all, I am glad I went. I learned about 2 really great plugins and met some interesting people. I do think Automattic should consider investing in some public-speaking training for its employees. I think someone like Jaquith would benefit a lot if they had some coaching about how to deliver a talk. Other than that, a conference like this is always an interesting chance to get some sense of a community.

Darren Hoyt points me to this good article about 8 ways to make the WordPress interface easier for your clients to understand.

There is a woman in England who maintains a blog 100% devoted to listing the weaknesses and failures of WordPress. In this, she provides a much needed service. Lord knows, WordPress has weaknesses. I offer this as a sample of her wisdom and scathing wit:

aw, Scoble got hacked after abandoning wordpress.com for not letting him be quite Special enough to have plugins. One cannot blame Matt for experiencing some schadenfreude, though blaming the host rather than Scoble sounds disappointingly like he’s scared of losing any chance of him and his dollars coming home to VIP-land. I bet he wouldn’t be criticising Rackspace if it were on the wordpress.org affiliate page.

Seriously, though, why is anyone who gives a shit about not having their blog hacked still using wordpress? Do they actually enjoy having to upgrade every couple of weeks? I never thought I’d say this, but there are more important things than pretty themes when you’re choosing a blogtool. I think we can now officially declare that WP is the Windows of blogging. It’s easy, it’s convenient, but the tradeoff is YOU GET WORMS.

This post of hers deserves double points, since she not only attacks WordPress but she also criticizes the second biggest cry baby the Internet has yet produced (only Scoble’s mentor does a better job of being a cry baby: “‘Why has my personality become the issue? They’re using that to try to get me to shut up,’ Winer said in an interview“).

I use WordPress to run this blog. It is one of those platforms that seems to have a lot of potential, though the constant security issues make it a huge hassle over the long term. I think at some point Matt Mullenweg will either have to get much more serious about the infrastructure of the platform, or eventually something like CodeIgniter/ExpressionEngine is going to eat away WordPress’s market share.

My friend Lark just made live a site she’s been working on for a lot of the summer, the new Stripes Group website. She pushed WordPress to the limit, in terms of customizing it to achieve the kind of CMS that the client wanted. To get this much customization, she was helped by 3 plugins. The first 2 plugins allowed her to customize the backend dashboard:

Adminimize

Capabilities Manager

These allowed her to customize the roles that the employees of the client would have when they log into the dashboard, and it also allowed her to control what they would see. The full WordPress dashboard has become very complex, more than the average employee would want to deal with, so these plugins allowed her to remove some of the unnecessary complexity, as well as specialize some of the roles that the employees will play.

The other plugin she used was More Fields.

I was lucky enough to get a glimpse of the work that Lark was doing on this site, and what she did with More Fields really blew me away. In the past, talented developers like Darren Hoyt have relied on Expression Engine when they’ve needed to create custom listings. But Lark was able to do nearly everything that Expression Engine allowed Darren to do in the past. Personally, this really opened my eyes to how far you can push WordPress. Lark turned it into a full scale CMS, able to handle a complicated site. With More Fields, she gave Stripes Group the ability to control most of the content on the site. For instance, she was able to create a custom type of data for the entries about team members. This gives the client the ability to control the content of the team member pages, update the info, and also control the order of appearance, both in the sidebar, and on the main team page.

Very impressive work.

Brad Delong asks “Why does Berkeley think it should be in the business of building its own content management systems anyway?“.

His complaint:

May I say that a content management system that–if you have been off dealing with another crisis in the middle of a task–decides when you come back and try to save your work that you are no longer logged in and dumps you to a login page after which it dumps you not on the page you were working on but on the root page, LOSING YOUR WORK!!!1!!

Such a content management system is HELLSPAWN!! Is WROSE THAN HILTER!1!!!1!…

He is complaining about bspace, which is based on the open-source
Sakai, a content management system written in Java, and focused on the needs of universities.

I think Delong’s post is a good reminder of how infuriating it can be for users when software fails to behave in the ways users expect. I also suspect this is a good example of an issue that users will regard as a bug, but the programmers will see it simply as a potential future feature that they may or may not add (”Should we catch POST info if a user is not logged in?”).

I should add, WordPress has exactly the same problem. Last week I started writing what I thought would be a short post for this blog, but I got carried away by my theme and wrote a long post. Then I went to get some dinner. I left the browser open, with the post unpublished. I came back after dinner and made some more edits, then hit the publish button – and just like that, my work vanished, because while I was out getting dinner, WordPress logged me out (for some reason I’d assumed that the auto-save feature was also refreshing my session info).

One of the nice things about building my own CMS was that I was free to fix the bugs that bothered me most, and this was a big one for me. I added a feature to my CMS that caught any POST info and showed it on screen, even if the person was logged out. This allowed recovery of the post. I worked on my CMS from 2002-2007 and then abandoned it because I could not keep up with projects like WordPress. Nowadays I force myself to use other people’s open source software, because it is economically rational to do so, but I hate some of the choices they make, and some of the features that they fail to implement.

In the comments, Jacob Davies posts this comment, which I thought was very funny and very on point:

Conversation that has happened more times in my career than I care to mention:

Someone else: “How long of a title shall we allow? 32 characters? 64?”

Me: “FOR THE LOVE OF GOD WHY DO WE NEED TO SET A MAXIMUM LENGTH? IS THIS 1952???”

Someone else: “But what if they put in a really long title and fill up the database?”

Me: “THE VERY NEXT FIELD – THE ‘CONTENTS’ FIELD – IS A FREE-TEXT FIELD WITHOUT A LENGTH CONSTRAINT SO IF THEY WANTED TO FILL THE DATABASE THEY COULD DO IT THERE ANYWAY.”

Someone else: “Won’t it waste space if we allow a variable-length string in the title?”

Me: “OH MY GOD YES A TERRIFYING LOSS OF ABOUT 3 BYTES ON A RECORD THAT IS A MINIMUM OF 1024 BYTES LONG AND OFTEN OVER A MEGABYTE, YOU ARE SO RIGHT.”

Someone else: “Yes but every other system has a length constraint for titles.”

Me: “YES AND I SUPPOSE IF EVERYONE ELSE WAS JUMPING OFF A BRIDGE YOU’D DO IT TOO.”

etc

Computer programmers are subject to some kind of strange mental degeneration in which they rate the potential waste of 0.00001% of the capacity of a modern hard disk as more important than the ability to enter titles longer than 32 characters in length.

[Update: I've re-written this post to take into account the information that Javier Eguiluz posted in the comments.]

[Update: Jacob Coby points me to Google Trends, which offers the visuals for the numbers that I quote below.]

TIOBE only tracks computer languages, not frameworks. I’m interested in how Symfony compares with the other PHP MVC frameworks. Borrowing the search idea from TIOBE, I just ran these searches:

symfony

codeigniter

cakephp

drupal

The results (how many hits on Google):

Symfony – 6,270,000 (3,900,000 for ‘php’ and ’symfony’ together)

CodeIgniter – 748,000

Cake – 4,540,000

Drupal – 28,500,000

A comparison: Ruby On Rails: 12,600,000

Meanwhile, WordPress blows away everything else: 295,000,000

My guess is that WordPress has retarded the growth of PHP MVC frameworks. The 80/20 rule applies here with some force. WordPress meets the needs of most people who need a website. PHP allows for self-contained software, such as WordPress, which is something the world of Ruby has not seen. Ruby on the web has largely meant Ruby On Rails, which one has to be a programmer to setup and use. Designers, intelligent people who are not programmers, all such people can default to WordPress.

From the point of view of a computer programmer, the code in WordPress is fairly awful. But designers love WordPress, and it needs to be given credit for successfully creating a package that designers feel comfortable with. No designer would know how to set up a Ruby On Rails site, but most web designers know how to set up a WordPress site. And for all its limitations and flaws, it must be acknowledged as the dominant platform written in PHP. Compared to WordPress, all the MVC PHP frameworks are just a footnote.

I’m going to repeat these searches every 3 months, and see how these ranks change over time.

An impressive effort: 

I was looking for a nice blogging solution for symfony, and all I found was a very simple plugin and a lot of people encouraging me to build my own blog. Even though it is a nice exercise, my philosophy is to not reinvent the wheel. Wordpress is surely the best free blogging tool available, so I preferred to spend time integrating it into my symfony application than to create yet another sfVeryEasyBlogPlugin.Integrating Wordpress into symfony can be done in three steps :

• integrating the blog into the application and its layout
• merging the authentification system
• integrating the blogging information into the symfony application

To be able to use WordPress inside a Symfony project, with an integrated login system, amounts to being able to extend WordPress with the infinite range allowed by Symfony – and that amounts to a major expansion of WordPress. The potential is great.

Darren Hoyt releases version 3.0 of the Mimbo theme.

I keep waiting for the right project to use this theme. It is a fantastic magazine format theme for WordPress.

Last week, Chris Clarke and I were talking about a site that had 250 WordPress plugins installed. The site was unmanageably slow. Some of the plugins needed to be removed.

We then discussed what a reasonable upper limit was. WordPress offers no mechanism for policing conflicts between plugins – if there is a conflict, you must figure it out yourself. And each plugin can potentially slow the site down. Chris is a fan of clean and minimal overhead, so he said he wanted to limit the site to just 3 plugins.

Just now I stumbled across “Our Favorite WordPress Plugins“, a post by Sarah Lewis. She clearly knows what she is doing when it comes to WordPress. I was surprised to see her list 20 plugins, 14 of which are highlighted as “favorites”. The list is worth checking out.

I used to work at Category4, and yesterday they released a new WordPress theme. Any of you who are big supporters of Barack Obama (as we are) should give it a look.

Matt Mullenweg has been critical of the PHP core team for abandoning PHP 4. Sam Ruby calls him out and says with open source projects there is no “Us” versus “Them” since you can freely join “Them” whenever you want. Matt replies:

What I think is missing is an understanding of what made PHP 4 such a killer update to 3, where 5 didn’t compel as many people. I also think there is a deeper discussion around language usability from a casual web coder’s point of view. As this comment say there can be a decreasing marginal utility. Every language doesn’t have to do everything. That’s what I was hoping to get people talking about, and it worked.

And Sam replies:

Those that contribute to PHP apparently feel the most pain concerning support of multiple versions. Yes, you can argue that they brought this upon themselves; but it is worth noting that at this point you are along for the ride. When I’m in similar circumstances, I tend to consider the karma implications of cursing the driver.

Read the whole thing, it’s worth it.