WordPress – Factory Joe

Feature request: OAuth in WordPress

In the past couple days, there’s been a bit of a dust-up about some changes coming to WordPress in 2.6 — namely disabling ATOM and XML-RPC APIs by default.

The argument is that this will make WordPress more secure out of the box — but the question is at what cost? And, is there a better solution to this problem rather than disabling features and functionality (even if only a small subset of users currently make use of these APIs) if the changes end up being short-sighted?

This topic hit the wp-xmlrpc mailing list where the conversation quickly devolved into spattering about SSL and other security related topics.

Allan Odgaard (creator TextMate, as far as I can tell!) even proposed inventing another authorization protocol.

Sigh.

There are a number of reasons why WordPress should adopt OAuth — and not just because we’re going to require it for DiSo.

Heck, Stephen Paul Weber already got OAuth + AtomPub working for WordPress, and has completed a basic OAuth plugin for WordPress. The pieces are nearly in place, not to mention the fact that OAuth will pretty much be essential if WordPress is going to adopt OpenID at some point down the road. It’s also going to be quite useful if folks want to post from, say, a Google Gadget or OpenSocial application (or similar) to a WordPress blog if the XML-RPC APIs are going to be off by default (given Google’s wholesale embrace of OAuth).

Now, fortunately, folks within Automattic are supportive of OAuth, including Matt and Lloyd.

There are plenty of benefits to going down this path, not to mention the ability to scope third party applications to certain permissions — like letting Facebook see your private posts but not edit or create new ones — or authorizing desktop applications to post new entries or upload photos or videos without having to remember your username and password (instead you’d type in your blog address — and it would discover the authorization endpoints using XRDS-Simple — Eran has more on discovery: Magic, People vs. Machines).

Anyway, WordPress and OAuth are natural complements, and with popular support and momentum behind the protocol, it’s tragic to see needless reinvention when so many modern applications have the same problem of delegated authorization.

I see this is a tremendous opportunity for both WordPress and OAuth and am looking forward to discussing this opportunity — at least consideration for WordPress 2.7 — and tonight’s meetup — for which I’m now late! Doh!

The Existential DiSo Interview

The Existential DiSo Interview from Chris Messina on Vimeo.

Here’s what I asked myself:

how are you?

we’re going to talk about diso today? is that right?

what is diso?

you say it’s a social network, so how would it work with wordpress?

how is this different from myspace or facebook?

so who’s involved in this project?

so what comes next?

how is this different than opensocial?

what’s going to be the big win for diso?

so do you see this model applying in any other domain on the web?

what kind of support do you need?

are you talking to any of the bigger social networks? like facebook or myspace?

so who cares?

how will you draw customers away from myspace or facebook?

any last thoughts?

The problem with open source design

I’ve probably said it before, and will say it again, and I’m also sure that I’m not the first, or the last to make this point, but I have yet to see an example of an open source design process that has worked.

Indeed, I’d go so far as to wager that “open source design” is an oxymoron. Design is far too personal, and too subjective, to be given over to the whims and outrageous fancies of anyone with eyeballs in their head.

Call me elitist in this one aspect, but with all due respect to code artistes, it’s quite clear whether a function computes or not; the same quantifiable measures simply do not exist for design and that critical lack of objective review means that design is a form of Art, and its execution should be treated as such.
Continue reading “The problem with open source design”

WP-Imagefit proportionally resizes images to fit your blog template

I’m happy to announce the release of my second ever WordPress plugin called WP-Imagefit. (My first, which I’ve neglected for sometime, is called WP-Microformatted-Blogroll).

WP-Imagefit is extremely simple and serves one purpose: to get images in blog posts to fit inside the columns that contain them. In fact, this plugin is used on this blog, so if you see ever images load wider than the column and then quickly snap to fit the container’s width, it’s this plugin that’s doing that.

I originally discovered this trick thanks to Oliver Boermans‘ NetNewsWire Ollicle Reflex style. Working together, he extracted the resizing code into a jQuery plugin called jquery.imagefit.js and made it available to me for use in my EasyReader NetNewsWire theme.

I had hacked it to work for my blog theme but decided that I should turn it into a WordPress plugin so I could use it elsewhere (and given that CSS’s max-width attribute not only wasn’t cross-browser, but also shrunk images horizontally, I needed a better solution). So, there you have it.

Go ahead and download it. Installation and setup is standard as long as you have an hAtom-compliant theme like K2 or Sandbox.

I have a WordPress.org project page setup, the source is available (released under GPL), and if you want something to look at it, here’s the official homepage.

Feedback/feature requests/patches certainly appreciated and encouraged!

MarsEdit 2.0 is out!

I’ve been involved for many months in the MarsEdit beta list, even before Ranchero (Brent Simmons) sold it to Red Sweater Software (Daniel Jalkut). Today, after months of long work, Daniel has finally released MarsEdit 2.0.

Besides an exhaustive UI overhaul, MarsEdit now supports Flickr account access through its new Media Manager, support for the WordPress ~~ATOM~~ XML-RPC protocol for adding categories and custom code macros among other things.

Brent’s written up the release, as well as TUAW. For $30, it’s a pretty solid deal for a great piece of software.

WordPressMU: Making a smart platform choice

I recently engaged in an interesting discussion with a client about their choice of platform technology for their website and community build-out. Their current website is built in .NET and they’re getting to the point where things are about to start getting set in stone in terms of scaling and overall architecture and it kinda freaked me out that they’d continue down this path using a platform that I think offers little when it comes to organic community-building or much in the way of “doing web things right”.

I decided I’d write up my arguments for switching platforms in the hopes that I might test my thinking and in the process persuade our client to move to a more community-forward platform.

Continue reading “WordPressMU: Making a smart platform choice”

My default WordPress setup: 17 must-have plugins

WordPress is my favorite blogging platform and has been for a long time. It gets the basics right and never overwhelmed me as I grew up in my blogging experience. However, like Firefox, WordPress is also eminently extensible and makes it easy to both get more out of the platform the longer you’re on it and the more plugins you add to customize your experience.

Recently I took a look at the numerous WordPress blogs I maintain and decided to extract some of the best plugins I use across them. They range from spam management to reporting and stats to authentication and better overall functionality. Here we go:

Akismet: the best comment spam protection this side of dodge. It fortunately comes pre-installed, though you’ll still need an API key from WordPress.com.
Clutter-Free: a simple plugin for customizing the WordPress composing interface. If you never turn off comments or worry about editing the slug, this is a handy plugin to keep things nice and tidy.
Comment Timeout: I just started using this one recently when it turned out that 90% of my comment spam was showing up on older posts. This one’s a life saver.
Diagnosis: this is a really useful plugin for finding out information about the server that you’re hosted on. Essential for debugging compatibility problems (like which version of PHP you’re on).
FeedBurner FeedSmith: Steve Smith originally wrote this plugin to make it easy to use FeedBurner for syndicating your blog and now FeedBurner has taken over its maintenance. Super easy to use and super useful.
Maintenance Mode: whenever I need to upgrade WordPress, I always flip the switch on this plugin giving my visitors a pleasant down-time message. It doesn’t come with LOLCats out of the box, but you can customize it to be if you’re feeling adventurous.
Share This: Alex King creates incredibly useful plugins and this is one of them. If you want to make it easy for your visitors to share your posts on bookmarking or social network sites, this is the one plugin you need.
TanTanNoodles Simple Spam Filter: Matt is skeptical about this plugin, but I find it useful. Essentially you can blacklist certain words and this plugin will delete any comments found to contain those words, as well as pre-filter comments as they’re being submitted. Whether it’s redundant to Akismet or not isn’t important to me — I need all the anti-spam kung fu I can get!
Trackback Validator: this plugin is part of a research program out of Rice University. I don’t know how well it works, but I certainly have very little trackback spam since installing it!
Subscribe To Comments: unless you’re a co.mments or coComment user, it’s often a pain to stay on top of comments you’ve left on other blogs. Subscribe To Comments adds a checkbox below your comment box to allow your readers to subscribe to comment followups via email.
WordPress.com Stats: like Akismet, this is another Automattic product. If you have a WordPress.com account, this plugin will gather visitor stats on your blog and integrate them with your WordPress.com dashboard.
WordPress Database Backup: this one is also pre-installed by default and is recommended as part of the routine for upgrading WordPress. Every time you increment your install, you should do a backup with this plugin.
WordPress Mobile Edition: Alex comes through with another hugely useful plugin for converting your site to be mobile-phone friendly. I’m currently working on a skin for the iPhone, but for everything else, this one works wonders. Highly recommended.
WordPress Reports: If the WordPress.com stats aren’t enough for you, Joe Tan has written an awesome plugin that merges your FeedBurner and Google Analytics stats into a very readable page of infographics.
WordPress OpenID (+): of course if I’m going to be running multiple WordPress blogs, I’m not going to want to remember multiple usernames and passwords across them. Instead, I use OpenID. Will Norris‘ work on Alan Castonguay original plugin fixes some bugs and update the JanRain library to avoid a number of compatibility errors.
WP-Cache: if you get any kind of traffic whatsoever, this plugin is a lifesaver, especially in spikes from Digg and elsewhere. Turn it off while testing but otherwise, leave it running.
WP-ContactForm: Akismet Edition: I used Chip Cuccio‘s WP-ContactForm for some time but found that it was a bit too restrictive with its spam fighting tactics. I switched to this version, which uses Akismet rather than regex rules and have found that it’s a better balance for me.

So there you go. That’s the list that I use for every WordPress blog that I start. I should ask: how many of these do you use? What’s your favorite list of WordPress must-adds?

Oh, and bonus! I start every theme I work on with Sandbox. It’s extremely flexible, fully classed (including native support for microformats) and now there’s a contest for best skins on until the end of the summer. Definitely a must-have for any new blog I work on.

Alex King releases Twitter Tools beta for WordPress

Alex King has released a WordPress plugin that links your WordPress blog to your Twitter account, allowing you to pull your “tweets” into your blog or post directly to Twitter from WordPress. Among other features is a sidebar widget for latest tweets and a forthcoming digest mode.

IconBuffet and Shopify add support for OpenID

Two more announcements for OpenID adoption — but this time on the consuming side (as opposed to my originally incorrect report about WordPress.com — for now, they’re only serving as an identity provider).

The first is Shopify, a great Rails-based custom store application. As Alex points out, these guys really get it right — and make it super easy to create compelling marketplaces. And now, it’s super easy to log in with OpenID.

Meanwhile, IconBuffet has gone through a major overhaul, becoming something of a social network for … icon enthusiasts! (Sweet!) One of the more existing aspects of the relaunch (at least for me) is their use of OpenID: you can either create a new account with an existing OpenID (say, your WordPress.com blog URL) or you associate your existing account with an OpenID. Either way, they too’ve made it really easy to get going with OpenID.

I imagine that these won’t be the last of the increasing deployments of OpenID in the medium- to long-tail (read: not Google or IBM, but small business community). What’s so existing about these recent additions is their proximity to commerce — and how folks like Shopify could eventually weave a web service that allows you to check out — entirely by way of logging in to your OpenID provider. If you choose a good OpenID provider, you can start to see how the CardSpace metaphor makes sense — just like when you go out to eat and depending on whether it’s a business meal or a personal expense, you’ll use a different credit card to pay.

The same thing is true for OpenID — where you can have as many OpenIDs as you like and you can pick among them for different uses or purposes. It’s only a matter of time before I go to check out at IconBuffet, I login with my WordPress.com OpenID and I’m able to use credits that I’ve purchased on WordPress.com to pay for my icons — with no need to reach for the credit card, to fill in my address info or any of that ever again!

Now, if that doesn’t sound exciting, you might want to check your pulse. 😉

WordPress.com adds support for OpenID

I think I might have jumped the gun on this one. Ok, I did. It seems that for now, WordPress.com is only an identity provider and not a consumer, meaning that you can use your WordPress.com blog address as an OpenID but you can’t yet log into WordPress.com with your OpenID. My bad.

In talking to Matt last Friday at the Adaptive Path party, I asked him when OpenID was coming to WordPress.com — the hosted blogging service — and he replied “Monday”.

Well, a day late but hardly a dollar short, WordPress.com has added ~~bi-directional~~ support for OpenID.

What this means is that you can ~~both sign in to WordPress.com using your existing OpenIDs (making WordPress.com a “consumer”) as well as~~ use your WordPress.com URL (for example, https://factoryjoe.wordpress.com) as an OpenID elsewhere, making WordPress.com an iDP or “identity provider”.

The FAQ entry is pretty descriptive and I’d recommend you take a look at it. WordPress.com now joins a growing array of service providers offering support for this grassroots-driven authentication protocol.

No word on when OpenID will hit core of the WordPress project, but there are already two great efforts driven first by Alan Castonguay and more recently Will Norris — which point to a positive future between the two open source initiatives.