Category: Technology

Categories
Technology Weblogging

From WordPress to Wordform

I feel a strong urge to work on code, I’m not sure why. Perhaps it’s because code is something I can wrap my hands around…and throttle the heck out of it.

Note if you’re not a tech, much of the following is still going to be of interest if you use or plan to use WordPress. Including some gotchas.

Since I’m basing Wordform as a fork of 1.3, I’ve been looking carefully through the 1.3 code changes in the CVS repository. That’s the beauty of open source projects that post their files in a publicly accessible directory – you can reverse engineer the code, while it’s still being developed. And since I’m used to deducing functionality from code in process (which is how I wrote most of those 14 or so computer books I was involved in), I can see the directions the tool is taking. I’m finding some interesting stuff out for those of you using WordPress or moving to WordPress 1.3.

For instance, it looks like by default ,Wordpress does not provide a link in the sidebar for RSS 1.0 or Atom; it only provides links to RSS 2.0. I can’t help thinking a better option would be to provide all the links to the popular syndication feeds, and then let the people delete as needed. It’s easier for non-techs to remove an option, than it is to add an option.

It does have Atom, as well as RSS 2.0 and .92 as options in the header for autodiscovery. I would think that it’s time to drop .92 and put RSS 1.0 in, instead. But that’s just me.

Of course, you’ve probably heard about the new WordPress split of the original index.php page into multiple pages consisting of wp-footer.php, wp-sidebar.php, and so on. There’s an interesting caveat to this, in that the application looks for a user-defined page, such as sidebar.php. Only if this isn’t found, is the wp-sidebar.php page used, instead.

This is a good design decision. By doing this, when you update your WP files, you’re not overwriting your customized work. But my goodness there is a lot of files, now. I would think a better approach would be to put the default WordPress sidebar, footer, etc into a separate sub-directory–to beging to clean out the home directory. This is going to be even more critical if people choose to have different category and archive and individual pages.

There’s also a new template/theme system. I know that people can use functions to hide and show pieces of data based on a single page request versus multiple, and so on – but this isn’t intuitive for the non-tech. It would seem that the WP developers agree with me, because the new template system now defaults in favor of category, archive, date, and author individual pages and so on in the template directory if they exist–rather than feed all requests through index.php

In other words, if you’re using a custom template, such as I am at Kitchen, which is based on Gemini, and you create separate pages for individual, category, and so on entries, the system now defaults to these without you having to screw around in .htaccess.

So, for Burningbird now, I have a category.php, archives.php, individual.php, insert.php, and fulltext.php custom pages. I could create a template theme directory, call it ‘burningbird’ and drop these files into it (after first updating to 1.3 code), and I would no longer have to worry about adjusting the .htaccess entries for these items, like I do now.

Better, if I decide to impulsively switch to another theme and style, I could do so just by dropping that themes/template files on to my server, push a button on the admin page, and off I go with a completely different look and set of pages, with no code changes.

Yes, yes, you’re nodding your heads at this. You like this. Trust me, you do.

There is a slight, teeny performance hit by doing redirection in code rather than in the .htaccess. But I believe it would be negligible. Agree? Disagree?

The blog header file, which you’re not supposed to touch, has been cleaned up enormously. Now I just have to find all the bits of the code that are no longer in the file, because I have modified it.

Ouch, though! The developers are splitting DIV open and close tags across files – opening in one file, closing in another. This is going to bite people in the butt when the start to customize the pages to their look and feel.

The main index page is, of course, cleaned up considerably since much of the content for it has been split off. A basic page would have:

-Include the blog header file (for all the data query and redirection, should not change)
-Include the header file (for CSS and autolinks and that sort of thing – HEAD stuff)
-The actual post loop is kept in index.php
-Include comments template file
-A call to a function to do the NEXT and PREVIOUS post links
-Include the footer file, which includes the sidebar

The NEXT and PREVIOUS link thing is when you have more than 20 posts (or whatever count you set, in admin I believe), from a category list or archive or search, you get the next and previous links that allow you to ‘page’ through the results. Yes, this is very tasty, you’ll want this.

The comments code isn’t much changed, though I read at the 1.3 wiki about using a weighted means throttle to keep from being crapflooded with hundreds of comment spam. Hmm, will have to see. I like mine, and it works nicely. As for the rest of the code, I’ll be replacing much in the comments because I support per-post moderation, and the WordPress developers just won’t buy into this. This was one major architectural difference between the WP team and myself.

Moving on, looks like they’ve worked on and hopefully fixed the trackback and pingback problems.

In the admin files, they’ve done a lot of splitting here, too. From the wiki, it looks like 1.3 may be opening up for administrative customizations. Curious how this will work. They have removed the geo stuff from the administrative pages, and it’s being moved to a plug-in. Now this is a goodness. Most people don’t use the geo stuff, and cluttering up the admin pages with stuff that could be a plug-in is an improvement.

Still nothing on that mysterious Dashboard page. Will this end up being a placeholder for future expansion? Something dropped in at the last moment, to have people going ‘ooo’ and ‘aaaah’?

Over into the wp-includes, the engine of the tool, I found the following CVS check in comment attached to a file: Don’t forget to strip. So, don’t forget to strip when you use WordPress.

There’s a lot of clean-up in the code, and I’m really pleased to see functions that are going to be deprecated commented with the fact. What deprecated means is that the function isn’t going to be used in future versions, and is just included now so that people have at least one release in order to adjust to the function being dropped. With this, hopefully your 1.2 customizations won’t break in 1.3 (though they will in 1.4 if you don’t clean your own code up).

There’s a new class called ‘retrospam_mgr’, which I assume is focused on ‘death to all spam’ efforts.

All in all, there’s a goodly amount of cleanup and separation of data access from processing, and processing from presentation – a good three-tier split in the code. This will make it really easy to modify the code.

I am going to yank that damn convert_smilies function. Smilies are evil.

Going over to the hackers archive, I can see that there’s discussion about allowing person to replace the comment checking functionality with their own, which is a good idea – for technologists. But then, I could create a function to do my automatic moderation on posts over a week old, and you could just plop the code into your installation, and get the same functionality without having to touch code. So the idea is a win/win. I wonder if they’ll go this route.

There’s a new ’static’ page option in 1.3, which allows you to create pages such as an about page and so on that fall outside of the normal chronological flow. I used my insert post status for this, and to me, this makes more sense. In other words, don’t duplicate the same form, provide more statuses.

Anyway, this shows in the version of 1.3 we’re using at Kitchen, but doesn’t work in the version of code we have (which is a couple of weeks old).

A great deal of discussion about multiple blog support and how this is necessary for it to be considered a true CMS. I am curious – why do people think that a CMS is a multiple blog setup? There are things one can do by author and by category that could support much of the CMS functionality. So, why do people want multiple blogs, and how would they use them? I know how I used them, but I don’t think this is the same as how other people use them.

Ut ohthere’s the enclosure thing. For non-technical people, podcasting.

The two options listed, if I’m reading the mailing list entries correctly, are to provide a field, just like with trackback, that adds the enclosure to the RSS feed. Or to skim the HTML and pull out links to media automatically. (See options in thread). It looks like the decision was to automatically wrap all URLs within the post as enclosures in RSS.

Hmmm. Can’t be reading that right. I’ll have to grab the nightly and test this one, and write about it individually. This one makes no sense.

I would still need my modifications, including my anti-spam mods, my individual comment moderation, my post statuses, full text, comment editing, like comment preview, and full page preview for the editor.

For new stuff – well, I want to take a shot at adding in some more meta capability, including the Poetry Finder. I’ve always felt that the only want something like this could work, is if it gets added on to other tools. This will give me a chance to find out. The key is, being able to add sophisticated meta data such as what would be needed for Poetry Finder, but allow a person to specify their own vocabulary and map it to the data. Or choose not to have it at all.

However, you all don’t care about what I plan to do, only when I’ve done it. In the meantime, I hope this little code review of WP 1.3 has been of interest.

This thread at the support forum points to a hint at Matt’s about Magpie code for the Dashboard of 1.3.

So we all go Kubrick for design, and Magpie for aggregation in the Dashboard, and RSS 2.0 with enclosures.

Lot’s of developer decisions being made – any user feedback to any of this?

Categories
Technology

Open Source is like sex

Open source is a lot like sex: everything works so much better when all the participants aren’t passive.

I’ve worked on a variety of projects in the last twenty years that ranged in size from the second largest computer system in the world, to small applications used by only a few people. In this time I’ve learned that the biggest mistake you can make as a developer is to not listen to what your customers want.

However, the second biggest mistake you can make is to give your customers everything they ask for.

Marius Coomans, from a new weblog he shares with Jonathon Delacour, and which I assume is live since Marius pinged me this morning, refers to a post written by Jeffrey Veen a while back, which starts with:

Open source content management software sucks. It sucks really badly. The only things worse is every commercial CMS I’ve used. But it really doesn’t have to be that way.

Marius added the following comment:

Also interesting are the 104 comments to Jeff’s post from all the usual suspects. To me, it re-confirms that a lack of product management is a major hurdle for most open source projects. Unless an open source project simply mimics another system, it will fail either because software developers are not good judges of which features should or should not be included, while in larger projects, “too many cooks spoil the broth”.

And unlike Shelley, we don’t all have the luxury of being able to build-in the features we think we need.

(I have to say before I address either Veen’s comments, or Marius’ that I don’t agree with lumping weblogs into the same category of software as something like Blue Martini or Vignette. Doing so is like putting watermelons and cherries into the same bin and selling them as strawberries, because they all happen to have something red about them. Enterprise portal systems, large community systems, and weblogs share some similar characteristics, true; but the purpose and requirements for each differs so drastically, as to make comparison meaningless. Yes, you can use Blue Martini to write a weblog. And you can use WordPress to provide CMS capability for Boeing. However, both would be acts of a mad man,)

Focusing purely on weblogs, I’ll address Veen’s recommendations, one by one; then I’ll return to Marius comment:

Make it easy to install. Focusing on open source, the weblog tools that I’ve installed are WordPress, b2evolution, Textpattern, Nucleus, and both Blosxom and pBlosxom.

The tools for the most part were easy to install. Grab a file, unzip it, put the application where you want on your server, make sure you have a database already created, or have root permission to be able to create the database on the fly, tweak a couple of directory file permissions, and run an installation script. It’s very straightforward.

Now, let’s look at the sub-components of the installation, and see where a non-tech would run into problems.

Place the application files on the server. Most weblogs run on Linux. This is become a de facto environment, though I know there is still a lot of support for Windows products. When a software installation program talks about placing the application files into the directory where the application will reside, there is an assumption that people understand how the Linux file system works. If they don’t, this could start the worry and tension that makes the installation more difficult seeming then it is.

However, tool developers have to make some assumptions about the end users ability or the installation documents will read as follows: You need to place these files into the directory where you’ll want the application to run. If you’re server is using the Linux operating system, here’s how the file system works….

In other words, most tool developers, and rightfully so, assume that the person using their product has a minimum knowledge about how the Linux file/directory system works, including permissions, structure, and the tools to move files back and forth, such as FTP. This isn’t an excessive burden on the user–this is the part where the end user has to actively participate in the process (open source or not), by taking some time to understand some fundamentals about the environment in which they’re going to operate. Though the fundamentals are technical in nature, the understanding doesn’t require a technologist’s background: only willingness on the part of the user to make this effort.

If a weblogger wants to run their own weblogging software, this means they want to run outside the box, even if its only a tiny bit outside the box. They are, then, going to have to assume responsibility to gain a minimum amount of knowledge about their environment in order to install software and operate the software safely.

I’ve provided writings in the past, focused at the non-technologists, as has several others, about how these fundamental aspects of the environment work. In some cases, the writing has helped individuals; in others, the feedback I get is, “It’s all too complicated, and I don’t want to have to deal with it.”

Well, that’s about like lying like a lump and thinking of England during sex, isn’t it? You can’t blame your partner in the process if the act isn’t as fun as it could be, if you’re not willing to meet halfway in the effort involved.

Veen writes on this requirement:

Ask me a few questions, and then you go set up the database tables and write the conf.php or whatever. Set constraints for yourself as you design this experience: 10 minutes from download to running, never send a user to the command line, never force open a text editor. It will be hard, but you’re good at solving hard problems, and this is time very well spent.

Here are some facts of life for Mr. Veen, who assumes that open source developers could do all of this if they only tried.

First, as to writing configuration files or changing file permissions. Because of safety protocols, a tool run from a web browser cannot write to a directory unless you change the permissions of that directory first. If it could, there wouldn’t be a non-hacked site left within weblogging.

Most tools give you a choice: either change the directory permissions, or copy the following text (which they provide) into a file, name it so, and upload it using FTP to this location. This will never change! To try and work around this is to defeat the very security of the server you’re running on.

If you don’t want to take the time to figure out how to use an FTP tool, use the FTP tool’s file and directory permission changing features, and/or how to open a text editor and copy some text, perhaps you really should either look at using Blogger, Typepad, or hire someone.

Create a database first, and have the database information handy. As for the database, most of these can be created by the tools during installation, if the system is configured to allow databases to be created from the command line (which is how applications work). Most hosts disable this as a safety precaution, and ask that you use whatever control panel you’re given to create the database. So tools account for this and for the most part ask that you create the empty database first, and then the tool will create the tables and populate then with whatever data is needed. Again, this is a safety measure to keep your system from being exploited and hacked.

Bluntly, To meet Veen’s requirements would require a system that is, to all intents and purposes, completely open to any 17 year old with a malicious bent.

(Going higher, into the realm of the larger enterprise portal systems and large community systems, these should never be installed and configured by anyone less that a system administrator or someone else proficient in the underlying technology. These are large, complex, multi-purpose tools that are meant to separate the end user from the technology, yes; but they aren’t meant, for the most part, to be installed, run, and maintained by the same neophyte users. Different purposes. Different tools. Different requirements.)

Make it easy to get started. What do you mean, get started? This is different things to different people. Some people would say that they want to immediately be able to configure their profile; others want to write a post right away; and still others want to look at designs and templates and configure the look and feel of their system right away.

Most weblogging tools provide tabs or links to each of these separate areas, and let the person click through to the area and do as they wish. WordPress, when it installs, takes you to the login screen so you can login, and then takes you to the Write page, which has a form you use to write the post. The form has a space for a title, a selection of one or more categories, and then the larger space for the actual post itself. Below this is the buttons to save or publish the post, and a space to put in trackback entries.

Now, I will grant Veen that this interface brings in jargon that may intimidate the new user. For instance, what is “trackback”. However, if you click on the link to the label for this field, it takes you to a bit of documentation about trackbacks (which, unfortunately, hasn’t been documented yet in the WordPress software).

Most weblogging software, in fact, usually open with this same type of functionality, more or less. Then it’s a matter of writing something in the title, and in the text box and then pushing the button to publish the material.

Now, by default, most weblogging tools use a built-in formatting process that handles the default white space. If you want to insert special formatting characters, such as italics and bolding, you have to either use the HTML for this, or use whatever formatting tags the tools provides. But you know, if you open Word and look at how it manages italics and bolding, and then compare this to something like WordPress, you’ll find that the two operate almost exactly the same. So I am puzzled as to why Veen and others would have such trouble with this.

(As anyone who writes ‘outside the box’ with Word can tell you – it takes time to learn how to use the more sophisticated functionality in this application, as with most applications.)

This is where the activity on the part of the user comes in: if you don’t like how the default user interface of a tool operates, do you provide feedback to the tool developers? For instance, with WordPress there is a Requests and Feedback support forum for you to put in feature requests, or to provide criticism of the product. And the same applies to most of the other tools I’ve used.

I do believe that from comments associated with this requirement, that Veen is specifically addressing larger-scale CMS systems with this issue. It’s true, most of these are extremely complex to figure out how to use right out of the box. However, a rule of thumb for software, open source or not, is that the more complex the needs, the more time it takes to ramp up to speed on using the software, and the more time you need to put into reading the documentation before you use it.

So this is a second requirement on the part of the user – read the documentation. Which leads us to…

Write task-based documentation first. You’ll not get disagreement out of me on this one. I agree with this completely. In fact, most problems with applications, open source or not, could be prevented with well written and easily accessible documentation.

In fact, in some projects I’ve been on, the user documentation was written first, as part of the requirements. Needless to say, these systems also were some of the most efficiently developed and had the least problems after installation – all because the project built in time for documentation, first.

But let’s take a look at documentation in the open source world.

Those who provide documentation for open source technology rarely get commended for their efforts when the documentation is present and well organized and easily accessible. Usually the only time they get any feedback is when people say, ‘the documentation sucks”. Do users know how demoralizing this can be for technical writers?

The developer of open source software gets all sorts of kudos for providing code. They get jobs at C/Net, or get brought to the US to work at Six Apart. They’re tipped for their software, and patted on the back. Heck they even get oodles of VC money.

However, the open source documentation people rarely get a thank you from the developers, much less the users. Most people don’t know their names, and any tips they get will probably be enough to buy them a pack of chewing gum; they rarely get job offers because they documented the code.

They rarely get cooperation from the developers, either. In fact, if the documentors ask that the open source team give them a heads up on what to expect for a tool release, or how something works, they’re told, “We don’t have time to deal with this now. We’re writing code.”

This applies to every piece of open source software I have used or seen, except for some of the languages such as Perl and PHP and Python–and even they aren’t as complete as they could be (as witness hundreds of books on same).

I agree with Veen that the documentation should exist to cover all the tasks. I also ask if when he’s seen this in an open source application, whether he’s made an attempt to thank the person or persons who created the documentation. Or has the only time he’s mentioned documentation is to say it sucks.

Well, let me respond back with saying: it sucks to write open source documentation. And that’s probably why the documentation, which Veen considers so critical, doesn’t exist or only exists sporadically.

Separate the administration of the CMS from the editing and managing of content. I would say that Veen is really targeting the larger systems now, the true CMS, not weblogs. And again, from my knowledge of these systems, and their purpose, the creation of roles is to ensure that the tool is not screwed up by someone having permissions they don’t have. There is a reason to separate tasks and roles, and it’s usually to protect the users, not punish them.

I am curious about his statement:

Remember: 98 percent of your audience will be using the CMS to manage their Web sites, not manage the system. Yet most systems are optimized for the other 2 percent.

I would have to see specifics in order to understand what Veen means by ’system’ as compared to ’site’. However, in most cases of larger-purpose CMS, the system is the site, and web pages that don’t have the proper infrastructure in place to support them, don’t work.

Users of a public web site should never – never – be presented with a way to log into the CMS.

Now this is just plain silly. To say what should never exist or not is to assume that Veen can speak for all users in all circumstances, and he should never–never– do this.

In my WordPress powered installation at Burningbird, I’ve removed the line from the template that allows a person to log into the weblog. However, at the Kitchen, I’ve left this in because the system is open to all, and it makes it easy for each person to find the entry into the administrative pages.

By including this link by default, it makes it very easy for a user to decide if they want this and to remove it if they don’t. By not including it by default, then the user has to discover if this functionality exists, and then how to embed it in the template, and then how is it used.

In other words, including this in the template, as long as it’s easy to remove, is probably more user friendly than not having it.

Now, one approach I am looking at with my adaption of WordPress to Wordform is to provide a function that embeds the Login and Registration into the sidebar only if this is turned on in the administrative pages. With this, the user wouldn’t have to touch the template if they don’t want to.

However, this then requires the processing of a function call in PHP everytime the page is accessed. Though the overhead is trivial, it is overhead. I have to balance the ease to the end user (and the difficulty in removing the links), with the impact on the overall page performance. This is a case where the developer has to balance what they know of the technology and performance against what the end user wants, and make a decision about whether to meeting this requirement is truly of benefit to the end user in the long term.

These decisions don’t, unfortunately, show in an application wants it’s released–leading to people like Mr. Veen saying, (paraphrasing): open source sucks because they don’t listen to the end users.

Stop it with the jargon already. Yeah, we open source people do use jargon, such as the term ‘trackback’ mentioned earlier. And we need to learn to either provide links to definitions of the jargon, or to minimize its use when dealing with the neophyte user. Not the non-technologists, the new user. (Most non-tech webloggers know what a trackback is now.)

However, as one person commented in Veen’s post, you have to use some kind of term when referencing objects, and sometimes this term is unfamiliar to the end user.

I could use “sending a link from your weblog to another weblog, either when you write something that is tangentially to the topic, or that references the weblog entry itself, or both” instead of ‘trackback’, but this is going to make my writing quite tedious over time.

However, pushing back at the open source folks, they use jargon too much at times, and almost as a way of pushing the end user to the outside, rather than inviting them in. And I agree that this is self-defeating an arrogant.

I think in this case the end user is going to have to learn to start pushing back, by asking the developers to define terms they, the users, don’t understand. If they do this enough, the developers will probably learn how to communicate more effectively with the end users. But if the end user doesn’t make an effort to provide feedback, we’ll never know when we’ve resorted to the technical, too much. This is another case where the users can’t be passive when it comes to being the recipient, in this case of communication.

Returning to Veen again, then, if he doesn’t understand what a portlet is, he should ask. And make a statement to the developer that it would help to have a glossary of these terms with easy access, and focused at the end users and not other developers.

Why do you insist Web sites have “columns”

What does Veen suggest, then, as the default standard? Because he sees himself as the arbiter of style design, should we then follow his standards when it comes to default designs?

He mentions that he doesn’t use columns, (we assume other than his weblog, which uses columns) but most commercial store fronts use columns. Most weblog users use columns, or want columns.

However, I agree, and a hundred percent with him when he talks about design too heavily baked into the guts of the application, making it very difficult to modify. I found this with applications like Blue Martini and OsCommerce. In fact, this is the biggest complaint I’ve had with larger commercial or open source ‘one size fits all’ applications.

Not with most weblog tools, though. Weblog tools, for the most part now, use CSS and don’t use HTML tables, and have a very open template architecture. True, you have to learn the tags or function calls, but the design itself is usually fairly easy to modify–if you understand HTML and CSS.

But can the tools work beyond the person having to learn HTML and CSS? I imagine they could but there will be a cost: the more you box the capability, the harder it will be to work outside the box. In other words, if you design the application so that the user doesn’t have to touch HTML and CSS, you sacrifice how easy it is for the user to customize the site to what they want. In other words, you bake the design in, which is what Veen is bemoaning.

Bottom Line

Bottom line, Veen wants open source CMS developers to be more responsive to users, but throughout his essay, he never talks about the responsibilities of the users. Open source developers (and documenters) can’t place their heads against the screen and determine what people want and don’t want. They’re dependent on feedback, positive as well as negative, in addition to bug reporting and suggestions for enhancements in the future.

And that positive feedback is a real kicker – if the only time a developer or documenter hears from the users is when something isn’t working, eventually the people, most of whom do the effort for free, are going to get tired of working in such a ‘bad energy’ space and move on to something else–like indulging in political punditry.

Bottom line, there wasn’t anything in Veen’s ‘requirements’ that a tool developer could extract any real, useful requirement from, because those stated were too broad, and one couldn’t even determine which type of CMS, and what audience, each requirement was derived from. It becomes, then, nothing more than a rant.

Back to you Marius

Returning to Marius’ comment:

To me, it re-confirms that a lack of product management is a major hurdle for most open source projects. Unless an open source project simply mimics another system, it will fail either because software developers are not good judges of which features should or should not be included, while in larger projects, “too many cooks spoil the broth”.

And unlike Shelley, we don’t all have the luxury of being able to build-in the features we think we need.

To me, much of what Veen discusses does demonstrate a lack of formal product management; however, in the case of his requirements, I assume that much of what is missing is that the users aren’t participating equally and actively in the development process. This could very well be the fault of the developers, and if the developer is so arrogant as to disregard the users, then the software users should consider alternative software. The developer then will either adapt, or lose all their clients, and hopefully learn from the process.

However, from what I’ve seen in weblogging the last almost four years, end users themselves have to share the responsibility when it comes to lack of communication, primarily because they see themselves as only passive recipients of the software; they balk at being more actively drawn into understanding the concepts of the technology, and the constraints placed on the tool environment. “I just want to write”, they say. I can understand this and sympathize. I would also suggest using Blogger, Typepad, Bloghorn, JournURL, Live Journal, or other hosted tool. Or go with a host that installs and maintains your weblogging tool, such TextDrive, which will install and manage your Textpattern or WordPress weblog.

(In most cases, though, you still have to use either packaged templates, or learn the basics of page design to have your own custom look.)

If you want to ‘just write’ in your own hosted environment, and have your own custom look, you have to spend some time understanding this environment (or hire someone who does)–you can’t have your chocolate bar and eat it, too.

As for me having the ability to modify the WordPress application and fork into my new project, Wordform–yup, it is handy having the background to be able to do this. And when I release it for others to use (if they want to, considering that I’m just doing this for fun and to answer those critics who tell me “if you don’t like the way [fill in the blank works] write your own tool”) I hope to get lots of feedback, positive and negative, from the users, as well as feature requests and suggestions. I hope other developers, and documenters, and theme creators, might also want to contribute to the application, though I’m not actively recruiting same.

In the end though, just as with WordPress and every other open source application there is, we’ll have to balance which requests are ‘nice to have’ and which are critical to the working of the tool. We’ll have to assess the impact to the code (and how difficult it could be to maintain) of new user ‘requirements’, especially when the ‘requirements’ contradict each other. We’ll try to document how the tool works, but will need feedback from the users when the documentation is good in addition to when it ’sucks’–people are kind of funny that way.

We’ll have to assume that those installing the tool know enough about the environment to install it safely, without we developers having to create tools that leave possible security openings big enough to drive small cars through. Yes we’ll have to have a good understanding of the audience of the tool and what they need; but then the audience will have to make sure they’re using the right tool for the job.

In other words, we’re all in this bed together. If you, the end user, are not getting satisfaction, perhaps your partner isn’t the one to blame.

Categories
Technology Weblogging

It’s called Wordform

When developers talk about creating a software fork, what we mean is that we’re going to take a cut of the code of the original and then develop from that point on in a separate and usually no longer compatible branch.

Firefox is an example of a fork of the original Mozilla project that was so successful, it became the official browser of the project (which is why you still also have a Mozilla browser [or did, haven’t checked recently].)

Why do forks occur? Sometimes it’s personality clashes; other times it’s because the developers of the forked version have a difference vision of where the product can go. Many times the developers who create the fork are part of the original team, but not always, particularly with open source.

Can forks hurt a project? Not usually. WordPress itself is based on a fork from the weblogging tool, b2. Another weblogging tool, b2evolution, is a second fork from the original product, being developed and maintained in parallel.

If anything, a fork can help the original development team because those who are pushing for a certain direction can go off and do their thing, leaving the developers alone.

As I wrote previously, the reason I decided to finally fork is when I realized that merging my customizations into WordPress was going to become harder and harder over time, and I’m not willing to give them up. Still, I hope to keep the plug-in and theme architecture compatible so the two environments can share objects of each.

My forked version of WordPress is going to be called, Wordform. From linguistics, a “wordform” is the smallest unit of speech or writing that can stand on its own, and has a distinctive meaning. Now, if that doesn’t sound like weblogging, I don’t know what does. The name also has the added benefit of paying homage to it’s parent, WordPress.

I’m not going to set up a weblogging tool empire, and look for gold or glory. The code will be available for download, will be GPL, and I’ll be enhancing and fixing bugs. But the effort is going to be very casual.

I’m doing this project for fun, but it’s also an answer to all those people who have said to me in the past, “Well, if you don’t like (fill in the blank) why don’t you create your own weblogging tool.” So I am.

Categories
Internet

ICANN: Enabling the stalker

You’ve had a weblog for a couple of years. You started out with a Blogspot weblog, but have since started your own domain.

You write about politics, but also about your life and interests, just like most webloggers. You’re aware of not giving away much about yourself, so you don’t talk about work or the private, intimate details of your life.

A couple of months ago, you bitched about having to get up so early because you had to be at work. Last week you talked about how early the sun is setting now and it’s almost dark when you get home. It’s full dark when your husband gets home.

Last weekend you and the hubby splurged on a new eMac. You worry about the expenditure because you also bought one of those new Panasoic TVs that project color on the wall behind the TV. You joke how you’re a sucker for all new gadgets that come out.

You’ve made halloween costumes for your kids — look, here’s photos of them. Aren’t they cute? Little Jim is eight and Barbara eleven now, they’re growing so fast. You think about taking them trick or treating, but you don’t know the neighborhood, you haven’t met any of your neighbors. How, when everyone works during the day, and have other activities on the weekend.

Oh, and you’re going to vote for Kerry.

Now, what’s so personal about any of this, and how can it enable a stalker. Shelley, you’re paranoid

Here’s what I know

From your information I know that you’re married, with two young kids. I know that both you and your husband work and are gone during the day. I know about what time you leave for work, and about what time you get home. I also know your husband is home later, which leaves you and the kiddies alone for a time.

You’re not the only one that’s gone during the day — most of your neighbors are, also. And just think, you have a house full of wonderful, and expensive, electronics.

You don’t have a man-eating dog named Bruno protecting the place as you never talk about him.

But then, you have these two cute little kids, and my that’s a pretty little girl, isn’t she?

Still…

Of course none of this matters because no one knows where you live. Except…

Except that you have a domain name, and a whois on that domain not only provides your name, but chances are your address and phone number, too.

Let’s face it, an online existence is full of exposure no matter how careful you are. However, it’s made even more precarious when stalking is actually enabled by an organization such as ICANN.

How ICANN Enables Stalking

ICANN is the Internet Corporation for Assigned Names and Numbers, and is the organization responsible for DNS, or the Domain Name System. Anytime you access a site by a name rather than an IP address, you do so through DNS, under the auspices of ICANN.

When you register a domain, at something like Dotster, which is one of my registrars, you’re working with an ICANN accredited registrar, who then ensures your domain name is connected with two different name servers — one as primary, the other as backup. These nameservers, then, are the servers that provide the actual domain name/IP address mapping. For example, this site is using nameservers provide by the hosting company, Hosting Matters.

All of this works remarkably well, and for much of the criticism of ICANN, we have seen it manage an explosive grown in online presence and activity. However, where ICANN fails, and fails absolutely miserably, is in maintaining the privacy of domain holders.

If you go out to the ICANN FAQ, one of the items on it is a response to the question, Will my name and contact information become publicly available?:

Information about who is responsible for domain names is publicly available to allow rapid resolution of technical problems and to permit enforcement of consumer protection, trademark, and other laws. The registrar will make this information available to the public on a “Whois” site. It is however possible to register a domain in the name of a third party, as long as they agree to accept responsibility — ask your registrar for further details.

In other words, to have a domain name, you have to provide contact information. If you do, anyone can use the Whois database and look this up. Anyone. If you try to obscure your contact information, you risk losing your domain.

Why do this? In a nutshell? Intellectual Property rights.

ICANN states that the reason they do this is for resolution of technical difficulties, but is rarely used as such. It’s also used against those who abuse their ISP’s domains or perhaps spam people, but having this information doesn’t do a bit of good. If you don’t get the response you want just by emailing the person responsible for a domain, it’s very unlikely you’ll do any better if you call them, or visit them. Those who have trapped email addresses from comment spammers and contacted the ISPs have discovered this for themselves.

As for illegal activities, well we all know how secure the Internet is from government agencies. Not.

No the main reason for this is so that people can legally go after those who violate their intellectual property rights, either by using a trademarked term at their site; or using copyrighted material such as photos, text, music, and other media in their pages.

That’s it–the reason most of us are exposed to stalkers of one form or another is so that Disney can protect it’s damn Mouse.

Recently a Whois task force was created to address domain names, Intellectual Property issue, and privacy. In July of this year, Robin Gross of IP Justice sent a letter to ICANN saying that ICANN threatens civil rights. In the letter, Gross wrote:

ICANN’s Whois database of personal information (including name, telephone number, home address, and email address) on millions of individuals who register domain names raises a number of significant civil liberties implications. Over-zealous intellectual property holders use the data to threaten and harass people who often have a lawful right to engage in the online activity but lack the resources to defend themselves. Law enforcement agents access the information in the course of investigations, skirting constitutional protections such as due process of law. Although originally collected for “technical purposes”, the Whois database of personal information has become a virtual honey-pot for abuse, irresistible to those seeking identifying information for any reason.

ICANN’s current policies regarding the Whois database of personal information threaten a number of fundamental freedoms, such as freedom of expression, the right to anonymity, freedom of association, and individual privacy rights. Although setting Internet governance policy, ICANN, a private corporation, makes rules that governments would not be legally permitted to make. Many national constitutions and international treaties guarantee freedom of expression and privacy rights to the public that ICANN’s Whois database policies routinely violate. Since ICANN is a private corporation, and not a government, it is immune from the procedural due process guarantees and other civil liberties protections enshrined in most national constitutions and international treaties.

ICANN forces Registrars to violate privacy laws by publishing registrants’ personal information without their consent. And it undermines fundamental freedom of expression and association guarantees by prohibiting anonymous website publishing. To have any legitimacy, ICANN’s policies for management of the Whois database should, at a minimum, measure up to the standards agreed to in international treaties and national courts dealing with freedom of expression and ensuring consumer privacy protections.

You can follow more on Whois Privacy at this ICANN page. If you look at the summary report from the task force’s effort, you’ll see a lot of analogies with cars and bikes and how ICANN needs to change, but change is best in small steps.Which goes to show that the task force has, to all intents and purposes, not listened to the people who sent letters such as Mr. Gross from IP Justice.

As it stands now, the full Whois privacy statement given to registrars to use can be seen at the ICANN site and includes requirements such as having to provide a postal address, complete phone number information, all of which has to be updated yearly (I’m currently overdue for all my domains — I’m thinking of setting the mailing address to Disney’s home headquarters.)

When you do, unless you specifically tell them how to remove you from the lists, you’ll get letters from people trying to intimidate you into registering all variations of your domain (such as yourdomain.us, yourdomain.org, and so on) or you’ll lose your site ‘identity — not to mention the ocmpanies trying to steal you away from your current registrar.

Even Google, which provides phone number and addresses for people if you search on a name and a city, has an easy to use Phonebook removal page to remove yourself from Google’s Phonebook. ICANN needs something as easy.

(Note to many of you I know — you’re still in the Google Phonebook. In fact, to demonstrate the dangers of this, I came close today to calling several of you, to breath heavily into the phone; except for some odd reason, I was pretty sure many of you would enjoy this, and that’s too kink for me. Regardless, may I suggest you search on the head of household name and city or state and if you see yourself, remove yourself?)

What can you do

Some of us can do more to kick ICANN in the butt about privacy more than others. And hopefully will, and quickly. For the rest of us, you have a couple of options.

First, you can register with a Registrar that’s willing to provide you with a contact for your domain. What this means then is that this contact information will show up in the record during a Whois lookup, not yours. It’s legal, because if they get contacted about your account, because bad you has copied someone’s Mouse picture, they’ll pass that contact on to you, without revealing your name or other information. This is the securest, safest approach to take.

(I’ve started a page at the Wiki to collect URLs for registrars who provide this type of service. If you know of any, and don’t see them on the list, please add them.)

Failing that, you could consider getting a post office box and using this for your address, but this exposes your name and phone number. Of course, many of us put our names with our sites — but not all.

Summary

What never fails to amaze me is how the US is leaning towards re-electing the current President largely because of his handling of security against terrorists. We’ve spent billions on this — enough to have provided adequate health care coverage for every person living here. We’ve given up our freedoms, and antagonized other countries. We’ve even invaded another country.

Yet we’ll get weblogs and post photos of our kids on Flickr, start weblogs for our kids, get domain names with our address and contact information, and tell everyone every last bit of our day to day itineary.

Not only that, but we post photos of our home — inside and out– and also provide loving detail of all the nice new gadgets we’ve bought, not to mention our software and music libraries.

We tell everyone where we’re going to be, and when; especially when we’re going to be out of town, and our homes empty. And we think nothing of announcing a general meetup with anyone in an area who wants to come.

I think our priorities are a little off.

Some more safety tips:

  • In addition to using a registrar who will hide your contact information, you should get with your family and establish a security politicy for online activities. This includes monitoring who your kids chat with, as well as talking about what will and will not be featured on weblogs.
  • I love to see pictures of people’s kids online, but this is not a good idea, unless you are weblogging anonymously.
  • Tell people about your trips — after you’ve returned. No need to talk about it before hand. If you want to meet up with people in your destination city, choose from among the people you know already and contact them directly.
  • Don’t give out daily routine information, about the road you travel, and the hours you work. And don’t blare out for all to hear about your home being empty, or your kid all alone.
  • Do not every mention your kids school, or show pictures of your home or other importatant locations in such a way that the addresses can be derived.
  • If you have grandkids, sure post photos of them. And talk about their recent visit — but don’t tell people ahead of time on your weblog that your grandkids are coming to visit this coming weekend.
  • If you’re a pretty young woman (or boy) and you want to post your address and phone number and semi-naked photos of yourself everywhere, please don’t come crying to us when you get stalked — use some common sense.

Use some common sense. That’s the key. We don’t have to be paranoid as much as we should be aware.

I’m one to talk, as my domains are currently wide open. However, now that I have the bucks, I’m in the process of moving my domains to a registrar who will protect my information. Until then, my address is there for all to see. That’s great: send me birthday cards in a couple of weeks, or roses now. Better yet, make that orchids–I love exotic flowers.

After all, I can trust all of you. Right?

Categories
Technology

Submission dues (or is that dux or ducks?)

Recovered from the Wayback Machine.

I threw caution to the wind and submitted my carefully crafted session proposal to O’Reilly for ETech. I thought about posting it here, but is that bad luck, or poor taste?

Regardless, I will tease you and tell you that is is very complementary to what Sir Tim really wants but doesn’t know it yet. He looks for a revolution and Great Things and a crescendo of meaning; the rest of us just want to find things.

Silly things.