Matt: On React and WordPress
Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would “increase the amount of time and money we have to spend fighting meritless lawsuits.”
I’m not judging Facebook or saying they’re wrong, it’s not my place. They have decided it’s right for them — it’s their work and they can decide to license it however they wish. I appreciate that they’ve made their intentions going forward clear.
A few years ago, Automattic used React as the basis for the ground-up rewrite of WordPress.com we called Calypso, I believe it’s one of the larger React-based open source projects. As our general counsel wrote, we made the decision that we’d never run into the patent issue. That is still true today as it was then, and overall, we’ve been really happy with React. More recently, the WordPress community started to use React for Gutenberg, the largest core project we’ve taken on in many years. People’s experience with React and the size of the React community — including Calypso — was a factor in trying out React for Gutenberg, and that made React the new de facto standard for WordPress and the tens of thousands of plugins written for WordPress.
We had a many-thousand word announcement talking about how great React is and how we’re officially adopting it for WordPress, and encouraging plugins to do the same. I’ve been sitting on that post, hoping that the patent issue would be resolved in a way we were comfortable passing down to our users.
That post won’t be published, and instead I’m here to say that the Gutenberg team is going to take a step back and rewrite Gutenberg using a different library. It will likely delay Gutenberg at least a few weeks, and may push the release into next year.
Automattic will also use whatever we choose for Gutenberg to rewrite Calypso — that will take a lot longer, and Automattic still has no issue with the patents clause, but the long-term consistency with core is worth more than a short-term hit to Automattic’s business from a rewrite. Core WordPress updates go out to over a quarter of all websites, having them all inherit the patents clause isn’t something I’m comfortable with.
I think Facebook’s clause is actually clearer than many other approaches companies could take, and Facebook has been one of the better open source contributors out there. But we have a lot of problems to tackle, and convincing the world that Facebook’s patent clause is fine isn’t ours to take on. It’s their fight.
The decision on which library to use going forward will be another post; it’ll be primarily a technical decision. We’ll look for something with most of the benefits of React, but without the baggage of a patents clause that’s confusing and threatening to many people. Thank you to everyone who took time to share their thoughts and give feedback on these issues thus far — we’re always listening.
WPTavern: First WordCamp Dublin Set for October 14-15
photo credit: Ireland.com
Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers across their teams to help get these new camps off the ground in Ireland.
WordCamp Dublin will be held at DCU Business School and ticket sales will be capped at 250. In truly affordable WordCamp tradition, tickets are only €35 and include access to two tracks of speakers on both camp days, catered lunch, and an after party on Saturday night in Dublin City Centre.
“Given it’s our first WordCamp Dublin it’s difficult to select a venue when we’ve no idea about how many people would like to attend,” co-organizer Colm Troy said. “But demand so far has been great so if you want a ticket I’d recommend getting one sooner rather than later.”
Most of the camp’s five organizers are also part of the Dublin WordPress meetup, which is fairly active with 25-30 people attending regularly. They meet the first Thursday of every month and host a local speaker to teach attendees something new. WordPress developers generally gravitate towards the more technical talks, while WordPress users are more interested in talks about improving and promoting their websites.
WordCamp Dublin will feature one track with advanced WordPress, coding, and development topics and a second track that covers aspects of running a business, growing website traffic, podcasting, and other related topics.
“The Dublin WordPress community, based on what I’ve seen and experienced elsewhere (Buenos Aires, Paris, Vienna, UK, Italy), is pretty unusual,” co-organizer Rodolfo Melogli said. In addition to co-organizing the local WordPress meetup, Melogli also organizes the Dublin E-commerce and WooCommerce Meetups.
“We have complete beginners, who after years of using other CMSs have finally decided to start using WordPress,” Melogli said. “We have passionate bloggers, who have been exploiting the SEO and content management features of WordPress since the very beginning. Then, we’ve got successful themers, popular plugin developers and experienced WordPress freelancers. Making sure everyone is catered for at each WordPress meetup and at the upcoming WordCamp is our biggest challenge and main priority.
“The beautiful thing about the WordPress community, and especially in Dublin, is that you can have a successful theme seller sitting beside a complete beginner. And they both have things to share.”
Organizers have just announced the full lineup of speakers for the WordCamp and co-organizer Colm Troy said the team was “blown away by the quality and quantity of excellent speaking applications” they received.
The camp’s designers have created a new “blocky” style wapuu for the occasion to accompany the event’s modular design theme. They were aiming for a Lego-like wapuu while incorporating the cosmopolitan landmark “Spire of Dublin.”
“We have a couple of ideas floating around that will definitely add a unique Irish aspect to WordCamp Dublin but it’s too early to let the cat out of the bag on those yet,” Troy said. “In terms of what people can expect, Dublin and Ireland in general has a well earned reputation as one of the most welcoming places in the world. In many ways, our welcoming spirit is closely aligned with the ethos of the WordPress community and I think it’s going to be a really special weekend for attendees regardless of whether they’re new to WordPress or WordCamp veterans.”
WPTavern: GitHub Partners with Facebook to Release Atom-IDE
“The start of this journey includes smarter context-aware auto-completion as well as a host of code navigation features such as an outline view, go to definition, find all references as well as other useful functions such as hover-to-reveal information, errors and warnings (diagnostics) and document formatting,” Atom engineer Damien Guard said.
Atom, which was open sourced in 2014, is relatively new to the world of text editors, but its directory lists more than 6,700 packages to extend its functionality. WordPress developers have created more than a dozen packages that support actions and filters, WP-CLI commands, documentation, and snippets for third-party plugins.
Those who have adopted Atom appreciate its extendability, but the most common complaint from the Atom community is that the code editor is noticeably slower than many others. This has been a frequent topic of discussion for several years and its creators admit that performance isn’t one of its strongest features. However, sometimes extreme performance issues can be caused by a package that a user has installed.
Atom partnered with Facebook’s Nuclide project developers to develop the new Atom IDE UI package that uses Atom’s atom-languageclient library in displaying features supported by the language server protocol. Users who want to get started with Atom-IDE will need to install the Atom IDE UI package as well as an IDE language support package (i.e. ide-php).
Using Atom-IDE currently requires Atom Beta 1.21+. In the future the team plans to add support for more languages, which will most likely happen through outside package contributions.
“With the help of our community, we plan to expand the number of languages that Atom-IDE can support and make it possible for you to run and edit applications, making Atom-IDE a true IDE,” Damien Guard said. “We hope to see future language support for the great languages out there including Rust, Go, Python, etc.”
WPTavern: Display Widgets Plugin Permanently Removed from WordPress.org Due to Malicious Code
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users.
Wordfence has been warning its customers about the plugin during the past several months and published a timeline tracking how Display Widgets was removed from WordPress.org on four separate occasions. According to their independent investigation, the plugin included a backdoor that allowed the plugin author to publish spam content to the sites where Display Widgets is installed. It also prevented logged-in users from being able to see the content.
Pagely banned the Display Widgets plugin from its hosting platform this week:
For our customer’s safety, we have banned the plugin from our customer sites…The plugin will remained banned on our network until a time that we see someone has taken responsibility for the plugin and the future of patching its code.
Display Widgets had recently changed hands, as it was acquired from the team that created Formidable Forms. The previous owners have issued a warning about the plugin on Twitter, advising users to remove it from their sites.
We don’t have a way of contacting users of our old Display Widgets plugin. But if you are using it you should uninstall immediately.
— Formidable Forms (@FormidableForms) September 12, 2017
It is not yet confirmed whether the plugin was acquired solely for the purpose of distributing malware, but its new owners have been fairly persistent about getting it added back to WordPress.org after each of its violations.
Display Widgets Users Advised to Update to Version 2.7 or Remove the Plugin
Users have no way of finding out that they are running malicious code unless they hear about from their host, security company, or some other third party. They do not receive a notice in the WordPress admin about the plugin having been removed from the directory. Since Display Widgets was a fairly popular plugin, there are likely many sites that still have it active and those website owners are probably unaware of the spam content they are publishing.
Yesterday the plugin team issued a notice that Display Widgets 2.7 is a clean version that restores the plugin to version 2.0.5 before the malicious code was added:
We will be leaving this version deploying updates, however at this time we will NOT be allowing for its adoption. The second owner has effectively destroyed any trust a person might have in the plugin.
Note: You CANNOT visit the page or download it as a new plugin for a reason. This plugin is done. It’s not supported, it’s not worked on, nothing. So if you have it, upgrade. Otherwise, find something else to use.
Display Widgets is now likely to end up in the graveyard of abandoned plugins, but there are many other options for adding conditional widget display to WordPress sites. Jetpack’s widget visibility module, Widget Options by Phpbits Creative Studio, Custom Sidebars by WPMU Dev, and Content Aware Sidebars are a few popular alternatives on WordPress.org.
The plugin team does not currently disclose why certain plugins have been closed or removed from WordPress.org, but they are working on providing better communication for users. One meta trac ticket requests that closed plugins have a public page instead of disappearing completely. In another related ticket, plugin team member Mika Epstein has proposed that when plugins are closed or disabled, there should be a dropdown for WordPress.org admins to select a reason why. She suggested the following as available options:
- Security Issue
- Author Request
- Guideline Violation
- Licensing/Trademark violations
- Merged into Core
The issue with Display Widgets was fairly public as users posted about their investigations on the WordPress.org support forums and various companies issued warnings about it. However, many plugins are disabled without the public knowing why. Even a short explanation like the proposed examples above would be a major improvement over leaving WordPress.org plugin users in the dark. It would assist site owners in knowing whether they need to prioritize looking for an alternative or simply wait until the situation is resolved.
HeroPress: Making My Own Normal
As long as I can remember being normal was my only goal in life. If only I could be normal, then everything would be alright. There was not a lot wrong in my life when I was a kid, growing up in a small dutch town. I had a normal family with 2 parents (a mum and a dad) and a younger sister. My life was pretty normal. The problem was: It didn’t feel normal; I didn’t feel normal. You see, everybody was going through life living by certain rules and I lived my life not knowing those rules. Nobody told me, but apparently they told everybody else.
When I was 35 I got diagnosed with Asperger syndrome. I cannot tell you how relieved I was after receiving such a clear diagnoses. All those years working so hard to fit in there was an explanation why I didn’t. Why I couldn’t. That was a big deal. It was not that I wouldn’t that I didn’t try hard enough or was to lazy. There was something different about me why I couldn’t. Not understanding the rules of life? Being clumsy and inappropriate in social situation? Being obsessed about some things and totally not interested in others? It was all part of the package.
Getting the right diagnosis changed everything and at the same time it didn’t change anything.
The problems I had to face were still the same. The way to handle them just got more clear. And there was help. I started reading books, I started therapy and I started working with a coach to find a way to integrate this new knowledge into my life. I started looking at what I needed (what??) and finding ways to take care of myself. I really thought this was it. I found the keys, I could learn the rules and finally be a normal person.
And then I got fired.
Having a job was a big part of being normal in my head. Getting fired ruined my chances of ever getting there. I was working as an assistant manager in the local library. I liked my job, and the people I worked with and they liked me. I loved going to work. But the library had to cut their expenses and I was one of the people that got fired. It happens but I was completely shocked.
My experiences with jobs were not good (to put it mildly). There wasn’t one I kept longer than 2 years. You can do the math; I had a lot of jobs since I started working. Some were fun most were not. I got fired many of times. Getting fired was not a new thing. Liking a job and not wanting to get fired and getting fired anyway was what upset me the most. So I decided to start my own company.
Looking back it was a ridiculous plan but strangely enough, it worked out. I started helping people with their Social Media and building website with WordPress.
I learned WordPress for fun. I wasn’t interested in computers or tech stuff. I was just a little obsessed with making a website for the domain name my boyfriend gave me for my birthday a few years earlier. I had nothing to say but was totally fascinated by what you can do with a website. It was like magic to me. Some written code turned into a beautiful page, or an ugly one. I wanted to know all about that. Building things with HTML and CSS was easy. Code is logic (and poetry of course;-)). It does what you tell it to do. If it doesn’t you did something wrong. Never a discussion about it.
I shied away from people. It was too confusing for me now that I found something that was so easy and logical.
I could make money without seeing other people, it felt like heaven.
For a while. This is really what makes this whole thing so disturbing. I want to be alone, but also want to be around other people. I appear to be good with people. A lot of people like me (who knew?!). They have no idea how confusing it is not knowing what the underlying rule set is others are acting by. It’s like interacting with someone from a totally different culture speaking a different language but both of you don’t know that. I got really good at guessing things through the years, but that didn’t make it any less uncomfortable. I also got really scared. Because not all people are understanding and friendly when you try to explain.
And Then WordCamp
In 2011 I went to my first WordPress meetup. I was shocked! These people did what I did and actually knew what they were doing and talked about it. I was blown away with all this new knowledge and information. I needed to know more and learn more. So I went back into my WordPress cave and studied, practiced and learned more.
WordCamp Europe happened for the first time in 2013 in The Netherlands. I signed up as a volunteer. I visited WordCamp NL the year before. As a visitor I didn’t know how to meet new people. That was a lonely experience. I loved the knowledge that was shared but I knew I had to find a way to talk to those people. I figured being a volunteer would give me something to do and a reason to talk to people. And it did.
I met new people, I was shy, I was scared, I acted totally inappropriate and I was exhausted for a week after the event but I did it. The people were nice. Some seem to like me and I had fun. This was a totally new experience. If only this could normal.
I attended more WordCamps, always as a volunteer, that was my safe place.
My confidence grew. The number of people I knew grew. The amount of fun I had grew. And never ever did I feel not normal. As my confidence grew I got more visible and things got even better. It’s an upward spiral. This year I held my first talk, at WordCamp London. I was MC at WordCamp EU in Paris en I am on the organising team for WordCamp EU 2018 (BIG things!).
Did these experiences end my quest to becoming “normal”?
When I turned 40 I decided to quit the quest. I was done trying to be normal. Not because I became normal but I broadened my worldview. There are more sorts of normal than I could ever imagine. It took me a while ( and a lot of redirections) to find the one that fits me best.
WPTavern: WordPress.org Adds New Support Rep Role for Plugin Pages
WordPress.org introduced a new feature for plugin pages this week that highlights official support representatives. Plugin authors can now find the UI for adding support reps under the Advanced View on the plugin page. Unlike the contributors and developers role, individual support reps do not have commit access and do not appear on the plugin details page.
The new “support rep” role is especially useful for larger plugins that have a support team managing the forum. It includes the ability to mark forum topics as resolved or sticky. Previously, only plugin authors were able to do this, which made it difficult for support teams to fully manage forum topics. Support reps will now have their interactions highlighted in the forum:
Adding these official indicators to support reps’ replies puts them in context within the thread and lends more authority to their answers. It is a small addition that will allow plugin shops to provide better support to their users. The feature is already active on WordPress.org and available for any plugin author to use.