Wordpress expert.
1918 stories
·
0 followers

WordPress 4.8.2 Patches Eight Security Vulnerabilities

1 Share

WordPress 4.8.2 is available for download and users are encouraged to update as soon as possible. This release patches eight security vulnerabilities and has six maintenance related fixes. Hardening was also added to WordPress core to prevent plugins and themes from accidentally causing a vulnerability through $wpdb->prepare() which can create unexpected and unsafe queries leading to potential SQL injection (SQLi).

To see a full list of changes, check out the release notes. Auto updates are rolling out to sites that support them but if you’d like to update manually, you can browse to Dashboard – Updates and click the Update Now button.

Read the whole story
Share this story
Delete

WordPress Abandons React due to Patents Clause, Gutenberg to be Rewritten with a Different Library

1 Share
photo credit: Lalesh Aldarwish

This evening Matt Mullenweg announced on his blog that WordPress has decided to move away from React due to its BSD + Patents clause licensing. Gutenberg engineers will be rewriting the new editor to use another JavaScript framework and Automattic plans to rewrite Calypso as well:

We had a many-thousand word announcement talking about how great React is and how we’re officially adopting it for WordPress, and encouraging plugins to do the same. I’ve been sitting on that post, hoping that the patent issue would be resolved in a way we were comfortable passing down to our users.

That post won’t be published, and instead I’m here to say that the Gutenberg team is going to take a step back and rewrite Gutenberg using a different library. It will likely delay Gutenberg at least a few weeks, and may push the release into next year.

Mullenweg clarified that Automattic has been happy with React and that the company’s general counsel didn’t think they would ever run into the patent issue. He also commended Facebook on being “one of the better open source contributors out there” and for making their intentions clear. Ultimately, Mullenweg decided that he wasn’t comfortable with the larger WordPress community inheriting the patents clause:

Automattic will also use whatever we choose for Gutenberg to rewrite Calypso — that will take a lot longer, and Automattic still has no issue with the patents clause, but the long-term consistency with core is worth more than a short-term hit to Automattic’s business from a rewrite. Core WordPress updates go out to over a quarter of all websites, having them all inherit the patents clause isn’t something I’m comfortable with.

After the Apache Software Foundation added Facebook’s BSD+Patents license to its Category X list of disallowed licenses, many open source project leaders and developers petitioned Facebook to consider re-licensing React, as many React-based projects are now having to be rewritten. Facebook decided it wasn’t budging on the patents clause and opted to continue protecting its own interests, fully recognizing that it may lose some React community members.

In the past Mullenweg has been outspoken about how Automattic was betting on React. Many in the community considered WordPress adopting React to be a foregone conclusion, given that both Calypso and Jetpack’s new admin interface were built on it, as well as WordPress’ new Gutenberg editor. In making the costly decision to rewrite Gutenberg and Automattic’s products in another library, Mullenweg has demonstrated he is willing to lead the WordPress project in a direction where the community can feel confident about continuing to use and extend the software.

“The decision on which library to use going forward will be another post; it’ll be primarily a technical decision,” Mullenweg said. “We’ll look for something with most of the benefits of React, but without the baggage of a patents clause that’s confusing and threatening to many people. Thank you to everyone who took time to share their thoughts and give feedback on these issues thus far — we’re always listening.”

Gutenberg could certainly use the extra time and may gain a new crop of contributors, given that the learning curve for the new library isn’t likely to be as steep as learning React.

At the end of May, WordPress core contributors had narrowed their considerations for a new JavaScript framework to React and Vue. It appears that Vue is still a strong contender. After a commenter on Mullenweg’s post suggested switching to Vue, he replied that it has been frequently suggested and that the team has met with Evan You, Vue’s lead developer.

When I interviewed Evan You in June, he said he didn’t have enough perspective on WordPress core to make an unbiased recommendation but offered feedback on some technical issues being discussed at the time. He also clarified some common misconceptions about Vue, which WordPress’ React proponents had been using as leverage in their arguments against adopting it.

Mullenweg also confirmed in the comments of his post that Preact is another library under consideration. Preact.js is a lightweight 3kB alternative to React that uses the same API but is MIT-licensed. Some are already speculating about Preact being the front-runner for the replacement, as Gutenberg already has a branch devoted to trying it.

Also, Mullenweg’s comment that the decision “will likely delay Gutenberg at least a few weeks, and may push the release into next year,” seems to only be feasible if the team rewrites the project using Preact.

Public reactions to the news that WordPress is shifting away from React have so far been overwhelmingly positive. Many are thankful and relieved that Mullenweg made the tough decision to change course and select another library after investing so heavily in React.

The discussion regarding the new framework continues behind closed doors and is not open to the public, although a pull request for using Preact in Gutenberg is open on the project’s GitHub repo and some community discussion regarding the library selection is happening there.

Read the whole story
Share this story
Delete

How Wapuu Created A Cultural Center for WordPress

1 Share

The first time I went to a WordCamp I knew absolutely no one there and that made me a bit nervous, to say the least. I didn’t really know what to expect. I’d been to a few really big tradeshows and some educational conferences, and expected some hybrid of that, which isn’t too far off, but what I didn’t expect was the community.

I’ve been to a lot of WordCamps since that first one and while the basic format has stayed the same, one change I’ve loved is how Wapuu, the mascot for WordPress has become a part of pretty much every WordCamp. Every WordCamp has its own unique Wapuu that reflects that city. That allows people,  like me to collect the different Wapuu pins and stickers. Most people at a WordCamp are first-time WordCamp attendees, and I consistently hear from them that they’re excited about Wapuu.

Recently I heard someone say, “I’m not sure what a Wapuu is, but I want more.”  And I love that. Mascots, after all, are an easy way to build an identity around a common item, culture or community. Wapuu acts to improve community onboarding.

Most first-timers at a WordCamps and Meetups are there for a specific reason. They want to solve a problem with their site or learn something about WordPress. That’s fine, but if, like me, they find themselves a part of the community, then they are more likely to come back, get better at WordPress, do better work, and give back to the community. If a cute sticker or pin is what it takes, that’s awesome.

To get a better sense of what’s exciting about Wapuu and what so special about it I spoke with James Tryon and Vincent Re of Easily Amused who made the excellent Wapuu archive and store Wapuu Field Guide & Trading Post. They also designed many Wapuus for recent WordCamps as well as the Women Who WP Wapuu that was shown on a t-shirt in a picture of Automattic employee Julia Amosova in a Wall Street Journal article about remote work.

Spreading Wapuu

Wapuu originated when Matt Mullenweg went to Japan and was asked why WordPress didn’t have a mascot. He challenged the local community to make a GPL-licensed design. The original Wapuu hugging a blue WordPress logo design was born and the files were uploaded to Github for all to share.

Original Wapuu concepts.

The first few variations on Wapuu I saw were actually for companies. As soon as I saw those, I knew I wanted one for the company I was working for at the time, Pods. Wapuu is infectious and the GPL makes playing with the design permissible and encouraged.

Re points out that Wapuu “puts a friendly little face to something that could scare people away who don’t like crowds. The WordPress community and general Wapuu fans are working together, creating more and more versions, of a whole new species.”

Tryon added that especially with kids camps it helps to engage users. Ultimately, “building loyalty [so that] they are not going to want to use other CMS.”

Wapuu In All Forms

I asked Re and Tryon what made them first realize that Wapuu was something special and worth investing in. Tryon admitted that when he first saw Wapuu he didn’t like it. This was back when “Wapuu sightings were very few and far between. So rare no one knew what Wapuus was.” By the third time he saw it Tryon got interested and even dressed as Wapuu cosplaying as Pikachu as a fun way to answer the question about their similarity.

Re told me that he got excited by Wapuu when he saw how diverse the designs were.

“I love diversity in everything. I also liked how Wapuu seemed like just another thing, in the WordPress community, that brings people together in some shape or form,” he said.

A Home For Wapuu

Wapuu has always had an online presence. From the source fields on Github, and the Japanese WordPress organization’s archive to Michelle Schulp’s Wapuu archive. Schulp’s archive of her Wapuu designs, which include the Torque Wapuu, was the first place I saw fun spins on the original concept.

The Wapuu Trading Post & Field Guide is a searchable collection of Wapuus. Currently, they have several hundred in the archive but are still looking for more. The goal of the site is to support the WordPress community and to have an interactive archive for all things wapuu. We want to know the backstory behind each one, show off all associated swag, and create a place to trade swag or acquire swag. And one of the coolest features of Wapu.us is the ability to track events. You can track all events you attended, spoke at, and sponsored.

It’s a fun site. But I think it’s more than that. Wapuu is so important for bringing this community together. The little guy helps gives us an identity, and shared identity is essential to strengthening a community. I really do think that when #wpdrama happens, a cute mascot reminds us how much we need each other.

Our community is generally laid back and fun, so it’s nice to have a visual representation of that. Wapuu Trading Post & Field Guide is a sponsorship driven

Community Onboarding

I wanted to end with a story about the power of Wapuu. At some WordCamp last year, I can’t remember which one, Marc from ServerPress told me to put his DesktopServer Wapuu on my computer. I showed him I already had one. He told me to put one on the other side. Marc is someone I go to for business advice and try and always listen to, I jokingly said that was why I was listening to him.

Over the next few months, I got really into bottom Wapuus. By WordCamp US I had a nice collection of Wapuus on the bottom of my computer. I showed it to Torque’s editor Marie, and she took a picture of me with all of the bottom Wapuus and tweeted it. Matt Mullenweg, co-founder of WordPress retweeted it during WordCamp US, which was a really cool moment.

Wapuus are fun and a cool thing to collect. For someone as socially awkward as I am, they are an easy conversation starter. I try and have extra Wapuu pins in my bag to trade. You never know where a silly conversation about a Wapuu will lead I guess, and that’s exactly the point.

Josh is a WordPress developer and educator. He is Founder/ Lead Developer/ Space Astronaut Grade 3 for Caldera Labs, makers of awesome WordPress tools including Caldera Forms — a drag and drop, responsive WordPress form builder. He teaches WordPress development at Caldera Learn.

The post How Wapuu Created A Cultural Center for WordPress appeared first on Torque.

Read the whole story
Share this story
Delete

Dealer.com Sales says "It used to be cooler"

1 Share

From Dealer.com Sales(Current Employee)&dash Rating 3 out of 5— 1 of 1 found this helpful — Mon, 28 Aug 2017

Pros
For folks in Burlington, it's a solid place to land a job. Good pay, perks and people. Lots of bright and talented individuals that make great friends in and out of the office. Open work stations and environment. If you like tennis, there's a full court that is always open. Free parking too!

Cons
It used to 'be cool' to work at DDC, until they painted over those exact wors with some new corporate slogan. Lots of good people recently cut that helped build the company and the culture it was founded on. After two acquisitions, we were all placed in a sandbox together with some of our direct competitors and told to play nicely. It's been an interesting integration process to say the least!

Advice to Senior Management
Bring back some real excitement and motivation to the company! Mark Bonfigli (original CEO) and Dean Evans (CMO) used to bring the energy to a company meeting, we'd make the walls shake but that left with their departure. It's like we were all blowing up a HUGE team balloon but then management lost hold of it and it quietly deflated as founders departed and we were left to deal with the after-party comedown. Management needs to step up and take over and get everyone to blow up that same team balloon in a concerted effort again.

Add a Comment

Read the whole story
Share this story
Delete

Dealer.com Project Manager says "Hit or miss, but mostly miss"

1 Share

From Dealer.com Project Manager(Past Employee - 2,017)&dash Rating 3 out of 5 — Sun, 27 Aug 2017

Pros
Dealer.com does great work in the community - from promoting local artists, locally sourcing food, and sponsoring community events, Dealer has been a great promoter of Vermont's economy & community. However, they just laid off the director of CSR, so who knows how long that will last.

Cons
As far as a place to work. Dealer.com is a fantastic fit for entry level bros who want to talk about cool cars, golf, and compare how entitled they are. For adult professionals who value working and living in the real world, this place is a garbage heap. Management does not value the hard work that people put in, or recognize those who go above and beyond. If you aren't prepared to drink the ddc koolaid and applaud & cheer at company wide meetings where executives walk through the door to blasting rock "music" and yelling "CRUSHING IT," you won't advance here, period. Additionally, morale is just about completely depleted, and closing the cafe and skimping out on the few employee perks we had hasn't helped.

Advice to Senior Management
Why bother? They won't listen unless you stroke their egos. Honesty is lost on this company, better to get out while there are still some jobs to be got in Burlington.

Add a Comment

Read the whole story
Share this story
Delete

Core Team Explores Idea to Automatically Upgrade Sites Running WordPress 3.7 to 3.8

1 Share

WordPress 3.7 ‘Basie’ was released on October 24, 2013 and introduced automatic updates for minor releases to the masses. Although it’s not labeled as such, WordPress 3.7 has effectively acted as a LTS version or Long-term support. Security updates and crucial bug fixes have been ported back to previous branches up to 3.7.

In this week’s WordPress developer chat, Aaron Jorbin, WordPress core developer, asked if it’s time to stop back porting fixes to 3.7-4.0 and instead, update those sites directly to 4.1.

According to version statistics on WordPress.org, 0.4% of tracked sites are using WordPress 3.7. “I would like to see a published proposal outlining reasons, usage data, and any tradeoffs/considerations and leave a bit of time for feedback before definitely doing this,” Joe McGill, Core contributor said.

“It’s unclear to me what are the things that must happen and what are the things that should happen before we take this step.”

Developers noted that WordPress automatically updates minor versions and that if protections are not built-in to automatically upgrading major versions, it could cause users to lose trust in the system.

“We need to make sure all users with outdated installs get warned one way or the other. Then if they decide to turn updates off…,” Andrew Ozz, Core developer said.

After further discussion, the team agreed that upgrading sites from 3.7 to 3.8 would be a good stepping stone towards getting those sites up to 4.1. “It can also be done in the API so that we only do a small percentage at first and then stop and analyze and then increase the percentage,” Jorbin said.

A proposal will be crafted by members of the core team and published on the Make WordPress Core site for further discussion.

Read the whole story
Share this story
Delete
Next Page of Stories