Sephy’s Platzish

I’ve taken the first step in getting a theme out there for y’all to view - and I’m still quite a long way from having anything concrete. Why? That’s because I am taking the time to read the documentation on how to go about making a theme. I started this afternoon by printing a couple of articles out from the Codex - Theme Development and Designing Themes for Public Release.

As I was reading through the first article as I was working, I started getting bombarded by terms that made no sense. For example, the WordPress Loop (which is explained in another article or two) and the word concomitant (which, incidentally, is a correctly-spelt word in Windows Live Writer, while swear words aren’t - makes no sense to me!). I’m all for expanding language, but when using the word concurrent would suffice, why not use that one?

Anyway, I then read the article about designing themes, and one of the most interesting bits of advice was couched in a long blockquote section (which was on the first printed page, as I had printed it in WLW - which turned out really stunning because of the font it’s printed in ). The advice was something so simple, that if you think about it, this makes total sense, and even if you don’t think about it, you should see the sense.

That advice is - lay out your theme on paper first, and do it away from the computer. After getting that down solid, then you can start dealing with writing the code for it, and by solid, he means that you should have the layout decided on, along with the main colors of the site. Fortunately, I have a bit of an idea in my mind, but now I need to get those onto paper - and decide on some base colors to go with.

However, you know what? I know it’s going to be a quite challenging project to start with, but I’m looking forward to the challenge.

Just a note - if you’re looking for the week in walks, they’ll be up tomorrow, pictures and all. However, WordPress 2.5’s release is more recent news, and an issue that I believe is worth pushing my normal schedule back a day for.

I bit the bullet and installed WordPress 2.5 on my testing blog, and I’ve been playing with it for a few hours now, and my impression is that the number of things I don’t like far outweigh the number of things I do like. Before I get to my critique, however, I have a couple of important questions.

First, why was this released on a Saturday? Every other major release of software - free or not - has happened on a weekday. To have something as seemingly major as WordPress 2.5 released on Saturday suggests to me that the folks at Automattic almost wanted this release to be as low-key as possible, as most of the “major” web writers usually go at a more relaxed pace on the weekend.

The next question I have is pointed at everyone who is raving over the new interface - what specifically about it makes this particular version superior to the old interface? All I’ve seen are generalities. Something tells me that a lot of this is related to a disease known as “fanboyism” (which I know doesn’t exist, but is noted by the almost-fanatical praise heaped by certain people whenever something comes from one place, no matter how poor it is), and that is never a good thing as it allows hype to take over real substance.

The last question I have, and this is something that I’ll keep coming back to throughout my discussion of dislikes, is about this supposed research that they did. Who exactly did they ask for input? It seems like they’ve asked some quite inept people to get their suggestions when it comes to getting an opinion on the current dashboard’s so-called downfalls.

I’ll be reasonable, however, and let you in on the couple of things that I do like -

Things I like

First, is that in the Theme editor (under Presentation Design -> Theme Editor), they’ve split up the template and style files into their own groups. Actually, I’m surprised they didn’t try to prettify that and manage to totally screw it up in the process. Sure that’s a dumbed-down option that they did, but it’s quite useful when you consider that currently, all the files are listed in one big list.

Another thing that I like is the addition of a link to edit a newly-published post. Also, the fact that they did make the size of the fonts smaller wasn’t a bad idea either.

And that’s about where this ends.

Things I don’t like

Where do I start with this? There are a lot more things that I don’t like about the new admin panel, but let’s start with the most obvious one -

New-look menus

Instead of sticking with the normal set of menus, they decided to split the main toolbar into two parts - with the connections between them being loose at the best. Thankfully, it’s easy to hack the admin-header.php file to get the Plugins, Options Settings, and Users down with the rest of the menu items, it’s something that shouldn’t have to have been done in the first place (not to mention that cForms and Polls are now to the left of these other sections). Also, the dashboard is an integral part of the WordPress admin panel - why is the link to that relegated to a teeny-weeny link in the upper left that almost blends into the background?

Widget redesign

Pardon my French, but what the fuck were they thinking when they thought this one up? Actually, what the fuck were they smoking and/or drinking at the time? I’d like to have a sample.

Since I’ve been using WordPress, the Widget page has been a straight-forward drag-and-drop affair where you could take the available widgets (at the bottom of the page) and drag them up to either sidebar. You could also have multiple text widgets at your disposal, and if you wanted to take one away for a short while, all you had to do was drag it out of the sidebar and it’d be saved.

Now? Well, now you can only work on one sidebar at a time, and those saved text widgets you had off of the sidebar before you upgraded? Gone. Hope you saved the code to them.

Oh, by the way, if you remove a text widget from a sidebar - you can say goodbye to whatever text was in there before. It’s not saved. It was something important? Sorry, but it’s not OK to take text widgets away anymore; game over, you lose.

The other thing that is completely ass-backward is that they show you all available widgets, including those you already have activated. How useless is that?

Like whitespace?

If you’re a fan of completely wasted space on a webpage, then you’ll love a lot of the pages in WordPress 2.5! Why? Well, on most of them, there’s a maximum width of just less than 1000 pixels. It wouldn’t be so bad if it was centred on the page, but infinite wisdom was used to put it all aligned to the left. Fortunately, if you’re using Stylish, you can create a new style for your URL and put this in between the curly braces -

.wrap, .updated, .error {
max-width: 100% !important;
}
.narrow {
width: 100% !important;
}

That will fix one of the few things you can actually fix on your own.

Categories are dead. Long live tags.

Or that’s what they want you to believe when you look at the write screen. Instead of the current setup of having categories at the top of the right hand column, easily accessible, they put them at the bottom of the write screen (where you can’t move the elements anymore, like you used to), under tags. The message here is clear - categories are less important than tags.

Gaping security hole

One of the more ballyhooed new features in this new version is the ability to automatically upgrade plugins from your plugin page. On my site, I had tried out a different plugin that allowed me to do just that, but it didn’t work because of server permissions that there are.

However, WordPress have made a great decision to usurp any server’s security when it comes to running zip files by including its own unzipping program in the WordPress install - that’s got to be part of the reason why the zip file is 30% larger than it was previously. By doing this, anyone running a plugin has the potential of opening themselves up to a major problem with their server by upgrading to a new version of a plugin that has a malicious file in it.

The chances of this happening are slim, but it is not outside of the possible realm of things that can happen. Fortunately, there is a way to fix this and to break the plugin upgrade function - set the permissions of the wp-content/plugins folder to 555, thus making it read only, and forcing an error on the update page.

Lazy time

The last item I have on my list of dislikes is that they’ve changed the way you select your timezone - it used to be that you just typed in a number, say, -6 for Central Standard Time, like you would on a forum run by SMF. However, apparently in these supposed interviews, they discovered that people had a hard time typing in a simple combination of a plus or minus sign and a number between 0 and 14. It’s been replaced with a drop-down box with selections for timezones, with minor half-hour intervals.

Overall initial verdict

If I had to give a grade to their efforts in regards to what they did, I would give them a grade of about 60/100, or just barely a D-minus in school grading terms. The biggest thing that they lose points for is the rule of “don’t fix something that ain’t broke”. The Admin interface in previous iterations of WordPress worked perfectly, and were, after a bit of a learning curve, very intuitive.

However, doing patently stupid things like splitting the options panel into two distinct menus, making the dashboard into the least important thing in the dashboard (by the way, where can you see the stats for your blog? the stats sub-panel under the dashboard has gone missing.), and making everything fixed width only goes to hurt the cause further.

Unfortunately, it seems that the folks who are at the head of WordPress are only more concerned with glorifying their latest release, but don’t be surprised if there are urgent updates to 2.5 coming out as soon as a week from now, as it seems that they’ve gotten creative with the roadmap, making up nearly 30% of the overall progress in their planning within a week or two.

As far as my site is concerned, I’m going to stick with 2.3.x series WordPress releases for at least the near future. Maybe if someone comes out with an admin theme that looks like the old version, and maybe fix the widget issue (come on, they seriously fucked up there).

What do you all think about this release? More importantly, do you know anyone who was interviewed to help them out? I’m sure that there are a lot of people out there who would love to know how they came to the conclusion that this was “needed”.

I don’t know where it went wrong with what I did when I posted my first attempt at editing a theme, but what happened was something that, to this day, still confounds me quite a bit. Just to recap the story up to here, I had found a theme that I liked for my blog, but after finding some major flaws with it (i.e. “F–K THIS” written out in the header, the CSS file being lumped together in one big chunk), I changed themes to this one. However, I then wanted to revisit the theme and see if I could improve upon it. The final result wound up being my first foray into theme tweaking.

However, I made a critical error in that post - I took the initiative to find the actual site of the person who created the theme, and linked to his post that announced the original release of it. I made sure to give the credit where it was due, because a lot of the hard work was done already, and I thought that the original creator would not have issues with having a theme redone (with all original links left intact in the theme’s files - even though they go to sites which aren’t the same as when the theme was made originally).

Clearly, I was wrong.

I published the post at 11.44PM, and got a comment shortly afterward, but about 6 hours after publishing, I got this notification of a new comment -

That was followed, almost immediately after, by an email about a new contact form that I received, with a similar message -

Now, after receiving these messages, I dutifully did what I was asked by him to do - removed the download link. I would have thought that it was enough to just do that, but apparently he didn’t like my only doing that - he wanted the whole thing scrapped, so about 12 hours after the first comment was dropped, I received this comment -

The hilarious thing about all of this is that he claims to hold copyright over that particular theme, but a quick inspection of the theme’s files yields nothing in the way of a license, or even a copyright notice in the CSS file (which is the standard place for doing things like that). Even themes released with a license are released under the GPL license, which allows you to modify the work, so long as you keep record of the originator of the work, which I had done. After receiving the mails and contact forms, it was time to do a bit of a mea culpa, by sending an email with a profuse apology for any infringements:

Any even-handed person probably would have taken note of the fact that I hadn’t done this before, and been slightly lenient about it, even possibly allowing the download to be available again. Again, I was wrong. This was the reply that I received to my email:

It was at this point that I started to do some searching into his supposed claims over copyright and everything to do with him, and this brought up an interesting revelation. Let me share the line I used when I found this bit of information out -

[1/13/2008 8:13:51 PM] Sephy says: hmm…i was assuming that he had dangly bits, apparently i’m wrong…M1l0 IllVIl has the right to contact and demand Participant to remove any non-suitable display or use of her work at any time (without reasons or explanations necessary).

That line was culled from her page with all the disclaimers she holds, which also has this hilarious bit of text, which would mean anyone who has downloaded one of her themes and changed even one thing would be in violation of these disclaimers -

Participant also agrees not to alter, disassemble, decompile, reverse engineer, or otherwise modify the Downloaded Material.

By that same logic, anybody who uses one of themes at all without asking her permission would fall afoul of this line -

ANY USE OR PARTIAL USE OF THE IMAGES; ILLUSTRATIONS; SENTENCES OR LOGOS OF M1L0I11IVII WORKS WITHOUT PERMISSION IS STRICTLY PROHIBITED

After that, Snoskred said that I should go ahead and re-release the theme without any of the supposedly copyrighted things - images, sentences, etc. In other words, release the theme as my own original work. There were a few other revelations that were discovered in searching her site. I did a little bit of digging into her site and found a post about a forum that this person had created. Now, for someone who had such a fit over one person modifying one of her themes, I was shocked to find this tidbit in the post -

post your modified m1l0 themes with screenshots

That sounds like a completely different story to what she was complaining about to me. In fact, if you look at the thread in which the themes are posted, one person asked if he could post his themes for others to use. The most hilarious thing is that the reply from her to his post was saying that his way of showing off the edited themes was the way it was intended! Anyone smell the irony?

Along with what I’d done already, I’d sought the input of someone who has done quite a bit of theme modification, and basically, they told me that if they were asked to take something down, they would. It was with that bit of information that I decided that maybe, the best way to handle this was to let her go on her way and let this go away as it was something that I didn’t need to deal with. That doesn’t mean that I had started to draft a reply back to her in response to her second email. This is what it looked like after I had stopped working on it -

But, the story doesn’t end there.

A couple of days later, she sent me another email that was very different to the other emails, which made the whole situation even more strange, as this was a mail that was actually halfway polite. This is what she sent -

For sure, it’s an interesting query; however, if you think about it taking and modifying a theme (with, as I noted in my reply to her, none of the acknowledgements changed), and try to correlate it to someone scraping your blog’s content, it doesn’t make any sense.

As it is, my plans for the near term when it comes to WordPress themes is that I’m going to take some time and read the information that is available on the WordPress codex in relation to writing your own themes. I have some ideas for my own. I might just start out with the sandbox theme to start with, just to get my bearings as to what is involved in a theme.

I got a message from Snoskred not too long ago asking if I could see a certain page - it was a page that I had recognized from a while ago as having been something that I’d seen when trying to download a plugin for WordPress one time. If you’re curious, the page is visible by clicking here. However, I wouldn’t bother because it’s just a page advertising some bogus bollocks that this guy has a direct interest in.

The big thing isn’t the fact that she was asking me about this page, it was the reasoning behind her asking. I’ll got into it a bit more, but if you’re short for time, you can read Snoskred’s post about it on the Aussie Bloggers Forums.

Basically, one of the plugins that is used on blogs that she sets up is one called Different Posts Per Page. The function of it is pretty obvious - it allows you to set the number of posts you want to appear on archive pages, along with the number you want on the front page. Up until the most recent update, it would install perfectly fine. However, the latest version of the plugin now has a registration procedure, which is completely ridiculous.

So, who is this guy?

The author of this particular plugin is a gentleman in Nepal who specializes in writing WordPress plugins which, to be completely honest, are some of the most annoying out there - for example, one that creates, as he says, an “Attention Grabbing Unblockable Popup in Wordpress”. The hilarious thing is that he claims that this plugin will have these “instant benefits” -

• More blog subscribers
• More RSS feeds subscriptions
• Direct people to special offers
• Provide effective updates
• Increase sales
• Increase Leads

Personally? If it were me who had to face this popup on my window that is “unblockable”, my first instinct would be to close the tab and not bother. I suspect that there are a lot of people who would fall in that same boat. By the way, it’s in Javascript, so if you’re running NoScript, then you won’t see the popup.

Anyway, a few months ago, I was searching for a plugin that would do what DPPP does, and that was about the only one that I had found. The problem at the time was that I searched using Google, and wound up at his page for the plugin. As you can see at the bottom of the page, there is a huge DOWNLOAD NOW link, and at the time I first even tried to download it, I got redirected. Thanks to that redirection, there is an email account which has gotten emails from this guy somewhere around twice a week; it’s not consistent, but if it were my main account, I’d find it quite annoying.

In fact, when I went through this arduous process, and wound up at the page listed at the top, I sent this message to Snoskred on Skype -

i hate to take you away from your focus, but the link that i was given to get the plugin, it’s a fucking ad! - http://www.maxblogpress.com/oto/index.php?p=dppp

Then the next, as it might seem, knife was stuck into my back - I found that it was available on the WordPress Plugin Directory. When I found that out, I emailed the bloke who did this. This is what I wrote

Dear sir,

I am extremely displeased at the amount of red tape that I was forced to go through in order to download a plugin that isn’t even hosted on your server. In fact, if I had known that it was listed on the WP plugin page, I would have never bothered giving you my email address, signing up for a newsletter I’m not interested in receiving, and wasting my valuable time scrolling through a page of worthless junk that I’m not interested in buying, just to be directed to a download hosted on WordPress’s servers.

Regards,
Sephyroth

Oddly enough, he never replied to me. The story would have ended there with me finding it on the WordPress site, but things changed.

A new release

About a month ago, a new version of this plugin was released, version 1.7. With it came a sign that maybe Pawan didn’t like people being able to use his plugin like any other plugin out there (aside from Akismet and wordpress.com stats, which require a WordPress API key to work, and for which there is a purpose for doing that) without him getting some cut of the action.

For anyone wanting to download and use the plugin, you wouldn’t know anything was unusual until you would install it on WordPress and activate it. At that point, you’re told that you are now required to register to use this plugin. This time, however, you don’t have a choice as to the email address you subject to the onslaught of spam - it’s the address listed as the admin for the site!

As with any of this guy’s other products, in order to complete this process, you have to visit that ad page linked at the top of the page.

If you read the documentation for this product, which is nearly non-existent (simply because any of the functions you’d expect in a readme are just links to his site!), you would find this as the changes for the most recent version. Most people would consider the addition of a registration requirement important enough to mention, but here’s what you get -

= Version 1.7 (02-21-2008) =
* Updated: Some minor improvements.

Not much information there, eh?

Also, none of the information pages that show how to use this plugin mention a single thing about registration - basically what this guy is doing is bait and switch.

What you can do

If you’re a user of the Different Posts Per Page plugin, the simplest thing that you can do is not upgrade your version to the latest. Also, you can take a read of a thread on the WordPress Support forums for a couple of alternatives, including a database edit that you can do - however, that is something you should only do if you know what you are doing - if you make only one wrong move, you can kill your blog!

If you don’t use the plugin, and were intending to - don’t use it. Not surprisingly, old versions are not available for downloading from the WordPress repository, so unless you do have a copy of an old version kicking around, you’re SOL (unless you have connections, and I’m sure some will materialize ).

If you don’t fall into either of those categories, then there are a couple of things you can do - first, and this is something that I don’t usually recommend, but this guy’s antics are beyond unreasonable that he needs to hear the community’s input on the situation, you can leave him a comment on the page for comments, and let him know what you think. Also, feel free to write a post about this; I don’t use the plugin, but hearing the crap that he’s doing spurred me to write this post.

Lastly, if you’re so inclined, use the power of social networking sites to get the word out about these actions.

 This is one of those simple how-tos for WordPress, but I was asked on how it worked, so here ya go.

Why would you want to do this?

Sometimes you have that post you want to publish, say on a testing blog, that you don’t want all and sundry to read. Of course, you might also have a post on your blog that you only want your close friends to see, and not the whole world. Either way, it is useful to know how it works so that if you need to use it, you have an understanding.

Setting a password

As usual, for the purposes of this demo, I’ll be using my test blog which has the slow TinyMCE editor which lags behind my typing. It’s fun to type the letters then see them about 20 seconds later, but I digress. When you’re writing a post and want to put in a password, all you have to do is look to the right of the editor for the Post Password box in the right-hand column of options.

To set the password, all you need to do is type it in.

From there, just publish the post like normal. When you and your visitors go to your blog, they will see this -

How this works for the user

In the last shot, you’ll see that I have included the next post, which is also password-protected. I did this for a reason - it has a different password to the first post. I’ll explain that a little bit later. However, to get the post to show, all you and those you’ve given the password to will need to do is just put in the password and click submit. If you use Firefox, you may be asked to save the password; I’d just go with Not Now. And now, you can see the protected post -

Now, we reach the sticky wicket and the time when I should advise anyone who is averse to technical explanations to tune out for a moment.

You’ll notice that the second post has gone back to protected status. There is a simple reason for this - cookies. When you have a protected post and a user enters the password for that post, that password gets stored as a cookie for ten days. This means that any protected post with that password will be visible by anyone who knows the password for one of the posts.

If you use multiple passwords, however, you can only see the posts protected by one password because the cookie that is set has the same name, but the value changes to match the last password you put into the form. If you’re making a lot of protected posts, I personally think that it’s unlikely that you’ll be making separate posts for separate groups of people thus requiring separate passwords, so you’re probably fine using one password for all protected posts.

This ends the technical explanation for those who had tuned out.

The simple explanation is that if you have two posts with two separate passwords, visitors will only be able to see one post at a time, even if they know the passwords to both. If they have the same password, visitors will be able to see both posts if the know the password.

I should also mention that if you have a password-protected post, this is what readers will see in the RSS feed -

There is no excerpt because this is a protected post.

Other things to note

I did a little bit of testing to see what did and what didn’t work with regards to the password protection. Simply put, if you protect a post, all that will be seen is the prompt. After entering the password, the post acts like normal. If there’s a more tag in there, you will have to click to read more of the post. Also, if you read the site’s feed using something like IE7’s built-in feed reader, you will be able to see unlocked posts in the RSS feed. Other online or offline readers will require you to visit the site to see the post.  Also, if the reader accepts it (like Firefox livemarks), the excerpt will show if you have unlocked the post.

All in all, password protecting a post in WordPress isn’t that hard, but if you choose to do it, you should be sure that you trust those you give the password out to, depending on the content you put in the locked posts. As always, if you have something you’d like explained, feel free to drop me a line, and I’ll go through it and learn how to do it, then write a post about it.