New Adventures with 10up

It’s such a weird feeling.

Since I began this blog in 2004, I’ve been able to say I was truly hired exactly one time.

That day was Jan 9, 2013.

In 2004, I was employed by Northrop Grumman. In 2006, I left NG to pursue the startup world, I took up residence at b5media as the CTO who never got the title. I did this on a contract basis. I worked for myself for a very long time, got hired in 2013, left that job in 2014 and went back to working for myself. I just realized, over time, that I wanted something different.

I’ve avoided agencies, though quite a few have wanted me. These usually boiled down to what I term as “web development sweat shops”… Usually in the political space. They ramp up for campaign season – presidential and mid-term. They have a bunch of sales people in suits driving deals with campaigns – federal, state and local – to build websites and promote whatever brand of ideology they adhere to and the developers are overworked, have no seat at the table, and generally are expected to perform and work at 200% or risk getting fired.

I’m not that guy, so I’ve avoided agencies.

Unrelated note: Republicans have the deepest pockets. They spare no expense and question no cost. Democrats are far stingier. Though I fall on the left politically, I’m a capitalist who wants to make money as long as my name isn’t on it. Sometimes leaving ideology behind is worth it economically. Redistribution of wealth to my pocket, as it were.

I have, however, encountered a number of agencies who do not work in the way I abhor. One, in particular, is 10up.

For the past month, I’ve been working full-time with 10up on a contract basis. I’ve been blown away by their drive and collaboration from top to bottom. I have gotten to sample the goods and ensure they meet my high expectations of “work”. I have been respected and valued, and that is how they treat their entire team.

We have seamlessly worked together to ensure that, in a distributed company, I could deliver on my commitments of chemistry, communication and charm (the last not being a real thing, but I needed 3 C’s to be a better alliterative writer).

Prior to this engagement, I recognized 10up as a high-level WordPress agency. They only do WordPress, unless there’s a supplemental solution that engages the WordPress ecosystem. They give back to the WordPress community. In fact, they actively participate.

But I really knew very little about the nuts and bolts and the extent of their work. Now I do and I’m proud to call myself a 10upper as of tomorrow morning.

Thank you, Jake Goldman and team for the opportunity and the last month of fun, work and amazing innovation. I’m looking forward to doing more.

Something that caught me early on was an engagement between 10up and the company I helped start, WP Engine. It happened in San Francisco this past Christmas season and you may have heard about it… GIF the Halls.

It so happens that I will be working on the team that pulled that engineering feat off. I refer to it as the DARPA of 10up. The team tasked with creating crazy stuff that nobody has tried. GIF the Halls was a crazy project my team did. It tied WordPress with cameras for video greeting messages at the holidays. As a photographer, that’s right up my alley.

Can’t wait to try new crazy stuff. Onward!

Adding a Time Start to WordPress Media Embeds

Ever have those times that you’d like to share a piece of media but have it start at a particular time? I did recently, and figured I’d share my solution.

It turns out, WordPress does not support this feature out of the box (though you could argue, theoretically, that it should).

Ever have those times that you’d like to share a piece of media but have it start at a particular time? I did recently, and figured I’d share my solution.

It turns out, WordPress does not support this feature out of the box (though you could argue, theoretically, that it should).

We just remembered the 50 year anniversary of the Selma march which was nicknamed Bloody Sundy as 600 civil rights marchers were attacked viciously by law enforcement in 1965. It seems appropriate to sample the MLK “I have a dream speech for this demo.

Now of course, it’s all a great speech worth listening to, but what if I want to start the audio at the place we all know?

Boom, just like that. The nuts and bolts of this are tied up in this code:

Simply, I filter the shortcode attributes for the audio and video shortcodes adding a new argument – “start”. This is in seconds.

The second adds a little snippet of Javascript after each embed that moves the internal time pointer to the appropriate spot in the supplied media.

Caveat: This will not work for media that is simply cut and paste. While WordPress will translate appropriate media URLs into embeds, it does not pass anything more than the required `src` argument.

Full source code, as a WordPress plugin, can be found on Github. (Pull requests encouraged)

If I Had to do it All Again

As I sit here tonight, at a bar, typing on the WordPress app (which will undoubtedly make my fingers cramp typing long form), I’m thinking about my life. What has made me a man, a developer, a friend, and lover (I can even get in Oxford commas on the app!)

In exactly five hundred and fifty six days, I will be 40. FORTY!

I don’t look like an old man.

I don’t (usually) feel like an old man.

I don’t even behave like an old man.

Note: what follows may sound like I’m saying “Get off my lawn!”

Where were we? Oh yes, FORTY.

I just finished my first week on a new job. I’ve been doing WordPress stuff since 2004. I was learning PHP in 2000. I was developing coding chops in 1987 on an Apple IIc!

I’ve been married. Divorced. Had a kid. Owned a house. Chased the rabbit hole that is the American Dream™.

I’ve loved and I’ve lost. I’ve had dear friends pass away from cancer and heart attacks. I’ve watched national tragedy and personal tragedy, and even suffered my own.

My perspective has evolved. Sometimes willingly, sometimes not.

Take weekends and evenings. You may be single. You may not be. It doesn’t matter. Don’t work at all hours of the day and night. You’ll be less productive, because you’ll be less rested. You’ll also be better socially adjusted.

Get up early. Don’t sleep in until 11am. Your body wasn’t meant to do this. Don’t force it to. It will rebel. Related to this, and the last point, get to bed before midnight.

The man who cooks is the man who gets the woman. I’m happily involved, but my girlfriend and I both love to cook. And you know what? It got me ahead when I was single. No woman wants your idea for dinner at your place to be frozen dinners or delivery (there’s a time and place for delivery!).

Find passion that you aren’t aware of. Later in my adult life, I bought a camera and started learning how to shoot… How to visualize and see a photo. Do something, try something. Get outside your comfort zone and challenge yourself. Volunteer!

Always learn. When I started on WordPress, I was hungry. I was curious. I started learning the ins and outs. I admit that in more recent years, I’ve allowed myself to get comfortable. I’m working on some other interesting things that will stretch me even more. If you’re in tech, you have no choice but to move forward. If you don’t learn, you’ll be left behind.

Don’t take the world literally. Seriously, stop. I’m looking at you, political nerds. Stop parsing everything that politicians do. They do it because it’s politics and all the crazy is a vast, orchestrated act to get you worked up and supply them with power. Live your life. Change what you can and accept what you can’t.

Read. Everything. I’m not a book guy, but if you are, have at them. Spend less time on Facebook and Reddit and more time on sites with content that is written at a college level with an informed, intellectual audience. Read The Atlantic, Ars Technica and the huge variety of other excellent sources. Stretch your intellect.

You’re not right. At least some of the time. Give grace to others, even if you “know” you’re right.

That’s it! Or at least all I can think of after 14h of work and several beers. My hands aren’t even cramped!

Update: The dress is white and gold, you morons.

Weekly Blog Post Challenge

Back in 2004, I, like many other people in the WordPress community began blogging. We didn’t, I don’t think, get into WordPress because we wanted to write code or build a career. We got into it because we wanted to write. Our natural talent and curiosity took over, however, and we began writing code.

At some point, I broke this blog apart into other blogs… a personal blog, a photoblog, a sports blog, etc. All of these are spread around and in various forms of repair or disrepair.

I have nearly 1k posts here, down from 2k a few years ago when I did a purge. But I’ve only written 12 since January of 2013. TWELVE. Sadly, life takes over and work takes over and, at least for me, the artificial silos of “this blog is for professional writing, this one is for personal writing” and so on has kept me from deciding… I want to write again.

As Twitter became ubiquitous, most of my professional interactions began happening over there. Instead of my photoblog, I’ve leaned more on Flickr and Instagram. All of this has left my blogging in a sad state of disrepair.

My friends and colleagues, Brad Williams and Dre Armeda, have realized that they really want to get back to what they love doing and that’s writing more. Brad has committed to writing 100 posts in 2018 (a goal that is ludicrous for me).

Dre has begun a Facebook group (feel free to join if you plan on joining us in this exercise!) where members can encourage each other and share their content. Not everyone is committing to 100 posts. For me, I’m committing to one post per week.

I suppose now is a good time to explain that the invite to join me in this exercise does not mean you have to write about WordPress, or for that matter, any topic whatsoever. If you want to pick a topic (law, science, dating, oncology!!!), feel free. Or talk about any multitude of topics. But the exercise is more about the therapeutic exercise of writing and not so much about what you’re writing about. And it’s to give you (and me!) peers to keep us going forward.

This does count as the first post of this new commitment. I’ll have another one next week.

As part of this whole reboot, personally, I plan to consolidate my various blogs into this one. Since my online name is technosailor, it seems appropriate that technosailor.com should be the hub for everything else.

I’ll also be building a new theme that will accommodate all of this merged content and, frankly, WordPress has come far enough since I was blogging regularly, that it’s completely likely I can leverage new forms of content that I didn’t have access to before.

Anyways, I’m off track. Please do join me in this experiment. It will be fun!

Looking for a Top Notch WordPress/PHP Developer

If you’re in Baltimore and are a developer, or if you are in Baltimore and know someone who is a developer… Heck, if you’re in DC and are a developer or know a developer, we need you. (You can be to work in under an hour on the MARC train).

Some of you know what I do and who I do it for. I work for a company that has consistently been rated in the top 3 companies to work for. We’re fun and relaxed and our content producers focus on publishing in the financial industry.

Dogs are regularly in the office. We wear shorts and sandals to work. It’s an a-political group – as in office politics. Everyone works well together from the execs down to customer service.

We believe in “Fail cheap and quick” as a lean startup sort of mentality and everyone is empowered to just try stuff if it makes sense.

What *I* do is build awesome web technology to support the business. Plenty of WordPress but now we’re building out huge APIs for reporting and consumer-facing tools. And that’s not WordPress. That’s Laravel and MVC, if you’re curious.

We are looking to add another developer with real chops. PHP, JS, REST APIs, SQL for now with NoSQL as a viable thing for the future. We largely operate on Rackspace and Amazon EC2.

I’d love to hear from you or your developer friend. Send me your resume and cover letter but let me see your github as well!

abrazell@agorafinancial.com

Two-Factor Authentication: What it is and Why You Should be Using it Now

Not too long ago, WordPress sites around the world started getting attacked with automated botnet traffic trying to brute force admin passwords.

The other day, the official
Twitter account of the Associated Press was hacked
.

Last year, Wired reporter Mat Honan was hacked when his Amazon account was compromised. That compromise allowed an attacker to access his Apple ID which gave him access to Mat’s Google account which, in turn, let the attacker into Twitter.

Email, in my opinion, is the gateway to identity theft. It’s bad if your Twitter or website are hacked. You get things like the AP hack. It’s bad, if an attacker gains access to your website and defaces it, or does something else. But as terrible as these things can be (and expensive), identity theft is something that is quite a bit more dangerous.

Here’s a scenario. Somehow, someway I gain access to your Gmail account. It could be that you have a pretty easy password, or you use the same password everywhere, or it can be from some other nefarious means. But I get access to your Gmail.

You might say, “well it’s only email and there’s nothing all that important there.”

But you’d be wrong. If I have access to your email, I have access to everything else. Can’t remember your Amazon password? That’s fine. I can perform a password reset, and gain access by clicking on a password reset link. Then delete it so you never even know it was there. Once into Amazon, using your saved billing information, I can run up your credit card info.

I might even be able to get into your bank, although that’s become significantly more challenging in recent years because of two-factor authentication (which I will get into momentarily).

I could potentially access credit records. Or, depending on the state or locality you are in, your driving and criminal records. And if there is something incriminating in your inbox, I might be able to blackmail you.

Granted, all of this stuff is extremely illegal, but I could still do it if I have access to your email account.

Side Point: Web services that use an email address as the login name are inadvertently dangerous. If I know your email address, I know your login. Then all I have to do is know your password. Whereas not having an email address as a login means I have to figure out BOTH your password AND your username.

Fortunately, Google has two-factor authentication. Amazon, Apple, Microsoft, and Facebook all have two-factor authentication as well. Banks, including Bank of America, all have two-factor authentication.

Two-factor authentication is your saving grace and you need to enable it on every account you have.

What is two-factor authentication?

The easiest way to explain what two-factor authentication is with the phrase, “Something you have, something you know”. You need BOTH things for authentication to happen.

You see this with some biometric systems. Enter a pin (something you know) and scan your thumbprint (something you have).

With banking sites, you enter a password (something you know) and you might identify a unique image (something you have).

You see this with SSH on Linux systems with ssh keys. You provide the server you are logging into with your public key (something you have) and in the “handshake” of authentication, it matches against your private key (something you know).

Google, Facebook and the other services providing two-factor authentication require you to enter your password (something you know) and then they’ll send a pin to your phone (something you have) that you have to also enter in.

It’s a pain in the ass, and certainly I hope technology reduces the friction that two-factor offers to the authentication process, but it’s incredibly important that you have two-factor authentication wherever you can.

Go re-read Mat’s nightmare and you will understand how vastly important that two-factor is. It’s a nightmare. It’s scary. It should be a come to Jesus moment for anyone that operates on the internet.

I will let you use the power of the internet to figure out how specifically to do this for various services, but this wouldn’t be my blog if I didn’t also suggest a plugin for WordPress (.org, not .com) to enable two-factor. I highly endorse the Duo Two-Factor Authentication plugin. I use it on several of my sites.

Hopefully, by enabling this stuff, we can not only stem off a vast amount of hacking attempts, but also become smarter about how we use the internet, protect our privacy and security and, even, in some cases… safety.

Be safe out there!

Bonus: More on 2FA from my friend Mika Epstein (@Ipstenu).

WordPress Hacking and Cleanup

There’s a brute force attack underway on a global scale. Massive. The attack vector? Keep attempting user/pass combos in an automated way until a breakin happens.

If your WordPress site gets hacked, I am available for cleanup and an audit.

Aaron@technosailor.com

It absolutely will cost you a minor fortune. That’s the way it goes. Don’t complain or whine, just get your credit card out.

It would be cheaper to have a strong password and install a plugin that limits failed login attempts though.

But if you don’t, rest assured I can help you despite you having to postpone a vacation in St. Thomas.

Do the right thing.

TUTORIAL: Developing Locally on WordPress with Remote Database Over SSH

Today, I went about setting up a local WordPress install for some development I am doing at work. The problem that existed is that I didn’t want to bring the database from the existing development server site into my local MySQL instance. It’s far too big. I figured this could be done via an SSH tunnel and so, I set abut trying to figure it out. The situation worked flawlessly and so, for your sake (and for myself for the future), I give you the steps.

Setting up the SSH Tunnel

I run a local MySQL server and that runs on the standard MySQL port 3306. So as these things go, I can’t bind anything else to port 3306 locally. I have to use an alternate port number. I chose 5555, but you can use whatever you want.

The command to run in a Terminal window is:

ssh -N -L 5555:127.0.0.1:3306 remoteuser@remotedomain.com -vv

A little bit about what this means.

the -N flag means that when connecting via SSH, we are not going to execute any commands. This is necessary for tunnelling as, we literally, will not execute any commands on the remote server. Therefore, we won’t get a command prompt.

the -L flag tells SSH that we are going to port forward. The following portion, 5555:127.0.0.1:3306 combined with the -L flag means, literally, forward all traffic on localhost (127.0.0.1) connecting on port 5555 to the remote server’s port 3306 (standard MySQL listening port).

The remote server and ssh connection is handled by remoteuser@remotedomain.com. This seems obvious, but just in case. You may be prompted to enter your SSH password.

The final part can be omitted, but I like to keep it there so I know what’s happening. The -vv flag tells the SSH daemon to be extra verbose about what is happening with the connection. It’s sort of a good way to debug if you need to, and to know that the port forwarding is actually taking place.

Configuring WordPress to use the Tunnel

Now that we have a successful SSH tunnel, you have to configure WordPress to use it. In the wp-config.php file, simply modify the DB_HOST constant to read:

1
define( 'DB_HOST', '127.0.0.1:5555' );

You need to add two more variables, though, to override WordPress’ existing siteurl and home options to allow you to work with the localhost domain, instead of redirecting to the remotedomain.com that is configured in WordPress.

1
2
3
define( 'WP_HOME', 'http://localhost' );

define( 'WP_SITEURL', 'http://localhost' );

BOOM!

With these configurations in place, loading up WordPress should now load in the database content from the remote host and you can get to work on local development. Word to the wise… don’t close the terminal window with the tunnel or the tunnel will be severed. If you have to minimize it so it’s not annoying you, go for it… just don’t close it.

Contest: 3 free copies of the WordPress Bible [UPDATE]

Today marked the drop of WordPress 3.5 and I want to celebrate.

Tomorrow, I’m going to give away three autographed copies of the WordPress Bible. You have to be on Twitter. I apologize to those who have chosen to abandon Twitter, or have chosen not to participate, but it is the defacto communications medium of the 21st century and how I operate.

The book is a mix of advanced and beginner content. Therefore, I will do trivia. Trivia will have a beginner round, an advanced round and an intermediate round. All WordPress oriented. The winner is in my sole discretion and you will be required to provide your mailing address if you are selected.

WordPress core contributors are not allowed to participate in the beginner or intermediate round. If your name is on “the list” of 3.5 contributors, you cannot win those rounds. You can, however, participate in the advanced round.

The beginner round will consist of questions surrounding theme and plugin management with possible questions around usability and interface.

The advanced round (the only round open to core contributors) will be based on WordPress APIs, hooks and advanced WordPress development.

The intermediate round will mix both but the developer-oriented questions will be more common and basic and user questions will be more difficult.

You must hashtag your answers with #wpbibletrivia. Failure to do so disqualifies you for an answer.

The first answer I see that is correct is a correct answer. My judgement solely.

There will be 10 questions per round so pay attention.

The beginner round begins at 11am Central Time.

Share this on Facebook, Twitter or whatever your social media channel of choice is. The questions will be asked on my Twitter feed: @technosailor.

Good luck!

Update

The winners of the trivia contest were David Peralty for the beginner round, Kim Parsell for the intermediate round and Kailey Lampert for the Advance round. Well done, everyone!