Category: Technology

Categories
Technology

Wordform kickoff

The Wordform project has officially kicked off, though I’ve been doing some work in this, off and on, this past month. I had planned on waiting for the formal release of WordPress 1.3, as a baseline for Wordform, but I’ve decided to go ahead with development. It could be some time before 1.3 releases, and I’m anxious to try out my ideas.

I created a site for the development process, which will be used for testing, and to document the progress. As I make each change to the original WordPress, I want to document why I’m making the change, as well as provide the new or altered code. I would dearly love non-tech user input, so will try my best not to get too techy.

I appreciate the good work of the WordPress developers, providing such a nice baseline with which to work. I could see possibilities in their source, and this is what inspired me to do a little experimentation of my own; that and the fact that WordPress is GPL, as will Wordform be, in turn.

Since I am diverging from WordPress at this point, I won’t be able to provide as much help or support for this product, as I have in the past. I won’t be able to give the developers such a hard time, either, but that might be considered a perk. However, as you can read at the Wordform weblog, I am converting my ‘floating cloud’ design from this site into a WordPress 1.3 template/theme, including all the comment features I’ve currently enabled–for those of you moving on to WordPress 1.3 and who like what I’ve done with comments.

Categories
Technology Weblogging

Start at the beginning

Wordform is a project to create a new weblogging tool that incorporates some ideas I’ve had for a tool for a couple of years now. It’s based on WordPress, an open source, GPL PHP/MySQL application; inheriting some functionality, while extending the product in new directions.

This site serves as the test site for Wordform development, as well as the beginnings of tool documentation. I will be documenting each change, before I make the change, describing the purpose and planned behavior; after with the code.

Stay tuned…

Categories
Technology Weblogging

First change

The first changes being made to the initial snapshot of the WordPress 1.3a code is to incorporate the ‘floating cloud’ design currently being used at Burningbird into a 1.3 theme. While I’m at it, I’m also moving the default pages down into the themes directory, to minimize the number of files at the root directory of the installation.

While I’m making the changes, pages and links may break from time to time. When finished, this effort should also be usable as a template/theme for WordPress 1.3a, and will incorporate, among other things: live comment preview, post-comment editing, and comment spell checkings.

Categories
Technology Weblogging

Second change

A vulnerability was discovered with WordPress 1.2.1 and 1.3a, as detailed here and in a forum thread for WordPress, here. This was caused by the fact that an important system variable, siteurl is modified in wp-login.php if the application detects that the URI used to access wp-login.php has changed from what’s stored in the database.

As detailed in both of the above locations, there is usually more than one way to access a specific file, and accessing the file using different variations of URL results in a change to this value that could cause problems with the site. At a minimum, it could result in unnecessary updates to the database.

The current WordPress release was modified to lessen the amount of destructiveness of this vulnerability, but it hasn’t eliminated the problem completely. To fix the remaining vulnerability, I’ve removed the code that updates this value in the database from wp-login.php (though I’ve left the option in the database for now). Unfortunately, this leaves the original problem that served as reason for this code, which is to make it easier to move your WordPress weblog if you need to. Without this code, moving your weblog to another directory can make the administrative pages impossible to access. When I removed the vulnerability, I added back this problem.

To fix this original problem, I added SITEURL as a new parameter to the wp-config.php file, now renamed wf-config.php to differentiate it from the WordPress file. Now, when the WordPress weblog is moved, you can use a text editor to change this value:

define (’SITEURL’, ‘http://wordform.org’);

I also modified the code in the functions.php file that loads siteurl from the database, setting the cached values to that of SITEURL from the wf-config.php file.

if (’siteurl’ == $option->option_name) {
$option->option_value = preg_replace(’|/+$|’, ‘’, SITEURL);
}

This is an interim fix, while the rest of the code is adjusted not to depend on this as an option loaded from the database. Once I’m sure this is so, I’ll remove the option from the database.

Categories
Technology

When open source is like bad sex

Recovered from the Wayback Machine.

Earlier, in response to designer demands for programmers to be more responsive to users, I wrote a post titled Open Source is Like Sex. In it I said that the users need to think about being less passive–to meet the techs half way.

Of course, when the users say, “Come on honey, I’m ready to rock and roll”, it would help if the developers don’t respond with, “Not now, I’m not in the mood.”

This new writing is related to the earlier post about the vulnerability found in WordPress 1.2.1 and 1.3 that would allow anyone to change a person’s siteurl value just by entering a bad URL into a browser. This can render a site unreadable, and even unusable; luckily though, it was a relatively easy hole to plug.

That WordPress, like all software, has bugs is nothing new and no big deal. There is no such thing as ‘perfect’ software, and you can spend the next twenty years jumping from weblogging tool to weblogging tool and still manage to stub your nose or your toes hopping into bed with each new hope of the moment. Perfection isn’t going to happen and the most that you can hope for is reliability, and that the tool doesn’t actively get in your way when you’re trying to write.

In their relationship with developers, users can meet them half way by understanding that shit happens. They can help with testing, by reporting the bugs, and by maintaining a sense of humor when things don’t quite go right. And yes, being grateful for the software, especially when it’s ‘free’. However, the developers also have a responsibility back to the user: to fix bugs, as soon as possible; to let users know about potential problems; and above all, to be respectful of the application’s users and their concerns.

That’s why I am disappointed about the events surrounding the siteurl bug – not because of the bug, but because of what happened before and after. It was best summed up by what one of the WordPress support forum moderators, podz said, “When decisions are made, we will no doubt be told.”

And that about sums up the entire communication about this whole problem.

You know, if I had even a tiny fraction of the enthusiastic users that WordPress has, with any of my ideas and efforts, I’d damn near cry in delight. Ask any developer and they’ll tell you the same thing: sure you can write code for yourself, but its more fun when others want to use it.

If users shouldn’t take developers for granted, the reverse should also be true: we should never take those who use our software for granted. Sometimes ‘free’ software developers forget that they truly are being paid for their time and their efforts; users are paying them with interest, with gratitude, and with trust.