Encryption, The Best Feature of iOS8

With today’s launch of iOS8, Apple has begun to encrypt all your things. As detailed in the new “privacy” section on apple.com, all iCloud data is now encrypted end-to-end. On Apple’s servers, in transit and presumably on your device. In other words, it’s technically impossible for Apple to comply with government or legal surveillance requests. And more importantly to the average law-abiding-citizen, a phone thief will not be able to access the data on your phone, through any means, without your passcode or finger print.

In my opinion, this definitively ends the Google vs. Apple war, period. At least until Google can change their business model such that it’s not dependant on collecting your personal information to target you with ads, etc.

Good show Apple, good show.

Stop Abusing WordPress Shortcodes

Above is an eight and a half minute video from the developer of the Avada WordPress theme. The video demonstrates how to configure pages within the theme using shortcodes. Jump around the video a bit to get feel for the “workflow.”

WordPress’ shortcode API is designed to be simple and power. It allows WordPress theme and plugin developers enable short snippets to text, for embedding dynamic content. For example, [gallery id="123" size="medium"] to display WordPress native galleries.

Somewhere in the past few years, commercial theme developers have started infecting theme marketplaces with these crazy “shortcode generators.” It turns out that (intentionally or otherwise), WordPress’ shortcode generate is powerful enough to enable very HTML-like features. Theme developers have been using this to create their own psuedo-HTML…

IT HAS TO STOP

Once you set up a page with 10kb of “shortcodes” you’re defeating the purpose. Here are a couple of examples for the Avada documentation Homepage 1, Homepage 18, etc.

I think I understand the problem that these theme developers are trying to solve. They’re trying to make complex layouts editable via the WordPress admin tool. In theory shortcode generators simplify this problem for non-developers and regular users. Unfortunately there are many many problems with this type of shortcode abuse.

  1. It does not work for end-users.
    WordPress’ WYSIWYG editor is designed to behave like a Windows Office application, something people are familiar with. It’d designed for writing and formatting text. Not editing psuedo-HTML. I absolutely guarantee someone who’s content creation experience revolves consists of Microsoft Word, or other blogging platforms, will be scared shitless by a shortcode generator. They won’t know what to do.
  2. It does not work for designers.
    Shortcode generators aren’t visual or interactive enough for most graphic designers I know. It’s too much work. They won’t use it.
  3. It does not for developers.
    Any front-end developer worth their salt will puke their guts upon seeing the massive pikes of garbage these shortcode generators spew. They might use it, but they won’t like it.
  4. It interferes the visual editor.
    If you accidentally bold a shortcode, add a space or linebreak somewhere you shouldn’t, etc. you’re hooped. The shortcode breaks and your entire page layout is f’d.
  5. It is not maintainable.
    If you need to update the copy it can be nearly impossible to find. I usually end up doing a cmd+f and that feels so wrong. Added page content can be even harder. Since these shortcodes end up in unformatted and unstructured blocks of text, they are actually harder to edit and update than a static HTML file.

Solutions?

As a developer there I have a few different ideas on how to solve the problem.

  1. Ignore WordPress’ WYSIWYG editor.
    Most of the time, the pages that these types of themes end up generating are pretty looking sales pages or other static content. When the content is static, or virtually there’s no need to give your the end-user access to the copy. Sure, you may have sold your client on WordPress as a great solution to update your website and you my feel the pressure to give them access to absolutely everything from the WordPress admin. But giving them a pile of shortcode shit to work with is worse than not given them access to any content.
  2. Use custom meta boxes.
    I’ve successfully developed themes where you place the content in custom meta boxes. The open source ‘Custom Metaboxes and Fields for WordPress‘ framework allows developers to add all types of content to WordPress’ custom meta boxes, even WYSWYG editors. This allows you as the developer to control exactly where page content appears in the HTML, while giving your client the ability to edit the content on a whim.

Thanks for reading.

 

The Best Way to Synchronize WordPress Uploads

One of the most annoying things about setting up a dev environment for an existing WordPress site is syncing the content. Pulling down the database is trivial, even a large site will have a relatively small database dump. I often use the WordPress Duplicator plugin. But a site with years of photos and other uploads can have gigabits of files and it’s not really ideal to have to pull those all down from the site.

Today I came across a solution that made me feel stupid for not having thought of it. Iain Poulson posted 5 Ways to Sychronise WordPress  Uploads Across Environments, IMHO #4 is the only one you really need to use:

RewriteEngine On

RewriteBase /wp-content/uploads/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) http://yourlivesite.com/wp-content/uploads/$1 [L,P]

 

So for any file requested within wp-content/uploads/, that does not exist, it will serve the image from http://yourlivesite.com.

The only minor downside with this approach is the lack of offline. If you lose access to an internet connection, you lose access to the live site files, obviously.