Science is King

I’m a scientist.

I don’t have a degree from Stanford or Carnegie Mellon… But I’m a scientist.

I hypothesize, test and prove.

If the result doesn’t meet my supposition, I accept that and move on.

Science required known, provable facts. Or in computer science, constants.

To prove, you need to test. To test, you need constants. You need to know with 100% certainty that the factors in your experiment are known and 100% objectively provable.

Obama isn’t an American, while a supposition, cannot be proven as fact. There are records showing otherwise.

That men are pigs, while an okay assumption, does not rely on provable facts. Any proof relies on subjective experience.

That WordPress is the best CMS on the planet? While it may control ~20% of the web, assumes that 20% thinks its the right choice and avoids supporting evidence toward other CMSes.

I can get more explicit about suppositions assumed as fact, but you get the idea.

Work with what you know. Make assumptions but allow yourself to be wrong. Data is the only thing that matters.

WordPress Plugin: Easy Graphs

Everyone likes data visualizations so I wrote a plugin that will make the quick and secure creation of Pie Charts, Bar Charts and Line Charts easy. The answer is: Easy Graphs.

Easy graphs is very simple to use. It’s a shortcode – [easy_graphs]

Not just like that. The shortcode also requires one parameter “data”. This parameter is a comma separated list of number values “1,2,3,4,5,6,7″.

You can also add a “type” parameter. The “type” can be “line”, “bar” or “pie”. “bar” is the default.

For a Bar graph, you can optionally pass additional parameters: width, height, and color.

Example: [easy_graphs height="200" type="bar" data="30,70,65"]
[easy_graphs height="200" type="bar" data="30,70,65"]

By default, width and height are populated from your media embed sizes that are set in your Settings > Media menu inside WordPress. Color should be a hex color code.

For a line graph, the options are similar: color1, color2, height and width.

If you will: [easy_graphs height="200" type="line" data="200,150,175,260"]
[easy_graphs height="200" type="line" data="200,150,175,260"]

In this case, color1 is the “fill” color and color2 is the line color. Both should be hex.

For Pie charts, there are some additional limitations but fewer parameters: color1, color2 and diameter.

Try this: [easy_graphs diameter="150" data="40,60" type="pie"]
[easy_graphs diameter="350" data="40,60" type="pie"]

Diameter should be an integer represented in pixels. Color1 and color2 are the fill colors of the pie slices. The limitation is the pie chart, at this time, can only take 2 values. I’ll work on that.

On the roadmap are other things. Make the pie chart take more values than just 2. Maybe include other graph types. Labels so the data can be more easily understood.

What would you add to this?

Download Easy Graphs

Eliminate Unused WordPress Plugins

Consider this post a public service announcement.

It’s a common misconception that if a plugin is deactivated in WordPress, that you are immune from performance or security issues.

On it’s face, this is not true, and you are risking the internet with this mentality!

Take last year’s Timthumb debacle, for instance. Many themes include Timthumb for dynamic resizing of images. Sometimes plugins do. When those themes or plugins are not activated, you are correct in assuming WordPress is not loading them. What you are failing to see is that their existence on the filesystem provides a vector of attack for someone wanting to exploit a system-level exploit.

Not to say Timthumb is insecure. Old versions are. I still don’t like it for other reasons, like performance. Simply using it as an example.

But if you decide to not use a plugin or a theme, delete the damn thing so it’s presence doesn’t even exist. In the case of Timthumb, the security flaw wasn’t a WordPress exploit. It was a “PHP directly interacting with the system” exploit and it would be there anywhere else regardless of CMS. It could exist on a static site.

And it’s not just your site at risk. Fuck your site. What if that flaw in whatever flawed code existed woke up a botnet? Then everyone is at risk. I’m at risk. You and your silly site are at risk. Joe the plumber’s site is at risk. Thoretically.

So be responsible. Delete unused code from your site. Remove themes you don’t use. Delete plugins you don’t use.

And when I say delete, I mean, permanently delete. Don’t just deactivate.

The Internet thanks you.

Update: This is not a verdict on any plugin or theme. To my knowledge, most are perfectly fine. Just clarifying that this is a “just in case” precaution.