Independent Publishing.

The site’s design is beginning to feel stale again. I’m popping in at least once a day, just to check that everything is A-OK, and now I’m starting to get too used to how things look around here. The current theme, the Editör, was introduced a little over a year, and one year seems to be the expiration date for most of the designs I’ve used on this site.

There is an almost infinite amount of WordPress themes available, both free and premium. And, man, have I looked at a lot of them to find the right look, feel, and feature set. I was close to shelling out $50 for a theme that probably would have worked without too much tweaking, but decided I couldn’t rationalize spending that much money now on something like that. So, in the end, I’ve resolved to trying a basic, but clean, open source theme called Independent Publisher.

Independent Publisher is a good staring point for a theme, but it has a few shortcomings, most of them related to navigation. But it’s nothing a few tweaks can fix. And since it’s all open source, maybe I can contribute something back to the original project. I’ve already had one pull request approved, so things are moving along.

The plan is to make enough changes to the CSS so that my highly customized A Picture a Day and A Book a Month sections look all right, then activate the theme. That means that many features, like the use of my very own wp-days-ago WordPress plugin, will disappear – but it won’t be anything you can’t live without. The actual content will still be here, and I’m aiming to gradually add everything that goes missing again over time.

Update: And we’re live! A lot of missing features, and some minor bugs. But that’s to be expected after only four or so hours of work. I’m way past my usual bedtime, so it’s time to head off to sleep. If you notice any major issues, please let me know.

HTTP Public Key Pinning & You.

With my COMODO-signed SSL certificate about to expire, I took the plunge and configured all my domains with certificates from Let’s Encrypt. I’ve tested it for a while on vbox-host and it works well. The only downside is that it has to be renewed every third month, and that’s not an automated process. At least it’s not out of the box, but I’m sure it’s possible to set something up with a script and a Cron job – I’ve just not been down that avenue yet.

To be honest, I’m still a wee bit skeptical about a system where two parties rely on a implicitly trusted third party – in this case Let’s Encrypt – to communicate securely. As I pointed out in the post I wrote about Let’s Encrypt last year, you can’t be entirely sure that no one is playing around with the private root key, making their own certificates for your domains. With their own certificates for your domains, signed with the private root key from Let’s Encrypt1, someone could perform a man-in-the-middle attack without anyone noticing.

But there is a technique slowly being adopted by modern browsers that can, if not make it impossible to perform a man-in-the-middle attack against a website, at least make it a lot harder: HTTP Public Key Pinning, or, as it’s more commonly know as; certificate pinning.

Continue reading "HTTP Public Key Pinning & You."

A Short Evening With Ghost.

I’ve been playing around with Ghost this evening, and reached the sober conclusion that it’s not for me. At least not yet. If you’re planning to launch a brand new blog, and you like simplicity and a platform that is very far from being feature bloated, I’d strongly recommend Ghost. But if you’re like me; currently running a WordPress site with 2,000+ (i.e. a shitload) of posts and pages that you want to convert to the Ghost platform, you might want to sit on the fence for a while.

Here are a few good reasons why, most of them related to the process of moving your content from WordPress to Ghost:

There’s no automatic update process

If you’re used to WordPress, you’re also used to the luxury that it’s updating automatically now, fixing critical security vulnerabilities and bugs without you having to hold its hand. Ghost doesn’t do that, you have to manually update the core code yourself. In a world where there is just a matter of time before someone finds a gaping security hole in anything connected to the internet and uses it to butt rape everyone, automatic updates are essential.

Continue reading "A Short Evening With Ghost."

Ghost Writing.

During its 16-ish years long life, this site has been powered by a few different content management systems. First, it was Greymatter, then a simple one I wrote myself in PHP, called Bugger as an homage to Blogger, and for the last 7 years, WordPress has been in control.

WordPress is great for blogging, and it can be used for a lot of other things as well. It can, for instance, be turned into a complete e-commerce platform without too much effort. A lot of options and features can often lead to a piece of software becoming bloated and confusing, but thanks to its plugin architecture, WordPress has not fallen into that particular trap. For me, the only real drawback with WordPress is that it’s written in PHP. It’s not that PHP is bad per se. Contrary to what you usually hear, it is possible to write beautiful code in that programming language – but it’s also incredibly easy to write crappy code.

The problem with WordPress being written in PHP is that when I modify themes, play around with plugins, and write site features like A Picture A Day, PHP is the natural path to take. Being fluent in PHP is great, but it’s not something that helps me build knowledge I can use professionally. The programming language is more or less dead and forgotten in my line of work, these days it’s all about JavaScript – both on the client and server side.

Just a couple of days ago, I came across a blogging platform that might enable me to continue to feed you people with average quality writing, and the same time make me more comfortable with JavaScript: Ghost.

Continue reading "Ghost Writing."

wp-days-ago v3.2.

This plugin is no longer supported. You’re still free to use it of course, but I will not fix bugs or reply to support forum threads. There are other plugins that provide the same functionality that you might want to try instead, like Meks Time Ago and The Time Ago.

My WordPress plugin, wp-days-ago, has been updated to version 3.2. The plugin displays the number of years, months, days, hours and minutes since a post or a page was published or modified, or a comment was published, in the same format as Facebook, Twitter etc. Examples are “Just now” (less than a minute ago), “47 minutes ago” (less than an hour ago), “3 hours ago” (less than a day ago), “Yesterday”, “3 days ago”, “One week ago”, “3 months ago”, “3 months, 4 days ago”, “2 years, 13 days ago” and so on. It’s also possible to configure wp-days-ago to fall back to displaying the actual date and time when a post or page was published when a certain number of seconds after publishing time has been reached.

Cache plugins, like W3 Total Cache and WP Super Cache, are supported through the use of AJAX. This means that the plugin will show correct information even if the page is cached.

Changelog from 3.1.1 to 3.2 (many of these changes have been done in minor releases between 3.1.1 and 3.2, but the releases has not been announced on this site, only on the plugins page in the WordPress plugin repository) :

  • New feature: The plugin can now also be used to show posts/pages modified dates, and comments published dates.
  • New feature: Added support for not displaying the “ago” appender for translations that do not use it (for instance German).
  • Added Ukranian translation (thanks to Alexander Avramenko).
  • Added Kurdish (Central Kurdish) translation.
  • Added German translation (thanks to WordPress.org user ezkay).

If you already have wp-days-ago installed you will be notified about an update when you log into the WordPress administration console. If you don’t have it installed you can download it from the WordPress plugin repository or from the WordPress plugin manager.