Back on WordPress.org (again)

It wasn’t too long ago that I moved to WordPress.org after an almost three-year absence, and then quickly moved back to WordPress.com. I had a lot going on and just wasn’t ready to take the plunge. Now, I am ready to take the plunge, and here I am, again.

I could re-hash all of the reason for why I want to be self-hosted on WordPress.org vs. staying on WordPress.com, but you should really just read the original post linked to above. Nothing has really changed except for the plugins used and how I’m hosted.

Rather than being hosted on DreamHost’s standard shared hosting service, I’m now on DreamPress, their managed WordPress hosting service. Think of it as a special server which only hosts WordPress and is therefore designed to serve every aspect of it as quickly and perfectly as possible. That is a severely watered down explanation of it, but I figured you could get all of the juicy details from the link. :)

Plugin-wise, I’m starting out with Jetpack for tons of features, Akismet for anti-spam, VaultPress for backups, Google XML Sitemaps for sitemaps, and a few different plugins for security which I won’t be disclosing this time around. ;)

Big thanks to Mike Schroder and Mika Epstein for both occasionally encouraging me to go back to being self-hosted and for essentially creating DreamPress, Zandy Ring for making sure that everything was moved properly, and Kathryn Presner, Caroline Moore, Lance Willett, and Ian Stewart for being totally cool with me occasionally ambushing them with theme questions.

Here’s to many more years self-hosted on WordPress.org, filled with the usual combination of fun, mistakes, and self-education.

Disclosing a Security Vulnerability

Some of you are coming here from a site where this blog was apparently featured as an example of how to exploit a security vulnerability. I won’t link to it, because what that individual did was irresponsible, but it gives me the opportunity to hopefully educate some people.

There are many ways to disclose a security vulnerability, but the only right way and the only responsible way is to do it privately. If you publicly disclose a security vulnerability, you have made the world aware of both its existence and how to exploit it, endangering thousands (perhaps millions) of unsuspecting users. You are not the hero when you publicly disclose a security vulnerability, you’re the villain.

Many developers and companies have multiple ways to contact them privately. If you have found a security vulnerability, contact the developer or company privately via their official security report system or any private contact method you can find. If you can’t find one, contact them publicly and ask them to get in touch with you because you have found a security vulnerability. Any good developer or company will reply immediately via a private channel. Once you have privately disclosed the vulnerability, give them a few days to resolve the issue while it’s still known only to you, and feel free to publicly disclose it once the security vulnerability has been removed.

Be responsible by disclosing security vulnerabilities privately, not publicly.

The Future of the VFX Industry

Today is apparently Future Day, a day on which we’re supposed to spend some time contemplating the future. Well, nothing makes me contemplate the future more than movies, especially movies with plenty of visual effects.

Just take a moment to imagine your favorite film without visual effects. Suddenly, films like Life of Pi don’t look very inspiring without their visual effects.

lifeofpi

Despite many of our films being largely composed of visual effects shots, the visual effects industry is still paid by the studios for the job as a whole before production even begins, not for how many hours it may take to create (and repeatedly revise, if necessary) the sets, characters, and sometimes whole worlds that they create for the film. Picture for a moment, a massive hand-build set. The Director probably won’t tear down the set, re-build it, and re-shoot the scenes just because he changed his mind, as the set builders and most of the rest of the crew are paid hourly, and what seems like such a simple decision could vastly impact the film’s budget. If that set were digital, the director could easily change his mind and have everything re-done (even have the actors digitally re-positioned within the new set if necessary) free of charge and as often as he wants to, simply because the visual effects studio was paid maybe $10 million for the job as a whole, not hourly. $10 million seems like a lot of a money, but for a visual effects studio which may find itself re-building the same shot hundreds of times for an indecisive director, it’s more likely that they’ll either have to layoff staff or go into debt just to finish the film.

This is a reality that Rhythm and Hues Studios faced last year when they declared bankruptcy just two weeks after winning their second Academy Award for Life of Pi, and they aren’t the only one. Every year, more visual effects studios are shutting their doors because movie studios don’t pay to the scale of the projects. Below is the short documentary Life After Pi, which covers the problem in-depth, particularly the fate of Rhythm and Hues Studios.

As you think about the future today, think about how films with visual effects have shaped your ideas of the future, think about how the future of the VFX industry is in jeopardy if the movie studios aren’t pressured to change, and then take action. Also, if you’re near Hollywood tomorrow, join the march at the Academy Awards to show your support.

Hide Comments and Trolls with Shutup.css

We have always figured that internet trolls were sadistic psychopaths, but now we have data proving that “people who engage in trolling are characterized by personality traits that fall in the so-called Dark Tetrad: Machiavellianism (willingness to manipulate and deceive others), narcissism (egotism and self-obsession), psychopathy (the lack of remorse and empathy), and sadism (pleasure in the suffering of others).”

There are a number of sites which I love to visit for the articles, but loathe to scroll because their commentator communities are often filled with trolls and other stupidity. To keep my sanity, I have been using Shutup.css to hide comments everywhere, and I highly recommend it. Shutup.css is a custom stylesheet and browser extension which hides all known comment areas, and the extension adds a whitelist feature so you can still read comments on sites where the community doesn’t give you an aneurism.

If you’re tired of trolls or general stupidity on your favorite sites, give Shutup.css a try today!

Simperium: Real-time Syncing from Automattic

simperium300Earlier, I had mentioned Automattic’s two great acquisitions of 2013, Cloudup and Simplenote. Part of the Simplenote acquisition was the data layer behind it, Simperium.

Simperium is technical magic. It’s a data layer which, as simplified as I can make it, provides real-time syncing. If you were to open the Simplenote app on your phone right next to the app on your computer (or the web app), you could type on one device and see the letters appear instantly on the other screen in real-time. Simperium isn’t limited to just text, and you can tie it into any application or service you’re developing. I won’t get into the technical aspects of Simperium, because I wouldn’t do it justice, but please watch the video embedded below for more details.

Without Simperium, Simplenote wouldn’t be what it is today, and I’m sure you’ll be seeing Simperium as the backbone of more top applications and services in the years to come.

Firefox and Videos without Flash

firefox300I really want to love Firefox again, I really do. It’s open source, the add-on library is massive, and (because it’s open source) it’s really easy to get involved. I had used Firefox for everything for quite a long time, but then I got tired of Flash, and that’s when Firefox fell apart for me.

You see, it’s 2014, and videos online are a very popular thing. Probably 20% of the pages you view on a daily basis have a video embedded somewhere. Most of these videos are H.264-encoded MP4s, fewer are WebM (either VP8 or VP9), and even fewer are OGG (seriously, try to find an embedded OGG video outside of Wikipedia). To get an idea for the magnitude of this situation, YouTube (the largest online library of embed-able videos in existence) still has not finished transcoding their entire library (all currently available as H.264-encoded MP4s) to WebM, and Vimeo (the second largest) only uses H.264-encoded MP4s with no plans to transcode their library to WebM or OGG.

Well, can you guess what Firefox on a Mac still doesn’t support? If you guessed H.264-encoded MP4s, you’re right! You also get a lesser prize if you guessed VP9-encoded WebMs, which really aren’t all that popular yet.

If you really want to view the most popular online embedded video format with Firefox on a Mac, you will need to install Flash. Firefox on Windows and Linux has supported H.264-encoded MP4s natively without Flash for quite some time, but not Firefox on a Mac. The people behind Firefox on a Mac don’t want to support H.264-encoded MP4s natively without Flash, because H.264 is a proprietary codec, meaning it’s not open source.

Well, I ask you, what is Flash then? Flash is proprietary software, it’s not open source either. Firefox’s solution to viewing the most popular video format online is to install proprietary software, which brings me to a very important question. If I need to install proprietary software to view the most popular video format online, why don’t I simply use a proprietary browser (like Safari or Chrome) instead of Firefox and continue to not use Flash?

Really, Firefox, what is the point if not to spread the value of open source software by making the web a better place through a free and open source browser which simply offers the best possible web experience to the average user? If you do not provide the ability to view the most popular video format online without the help of proprietary software, you have made the web a worse place for your users and damaged your efforts to promote open source software by promoted a piece of proprietary software as the only solution to a problem which almost every single one of your users will face.

Now, to be fair to Firefox and anyone reading this article searching for a solution, you can install Greasemonkey and ViewTube to view videos on the video sites themselves (YouTube, Vimeo, etc) without the need for Flash, but due to the limitations of these types of scripts, it will not work for videos embedded elsewhere, like the Vimeo video embedded below. This is not a solution, as more videos are consumed via embeds elsewhere than on the video sites themselves. The solution is to bring native H.264-encoded MP4 support to Firefox so that users no longer need to rely on proprietary software to view the most popular video format online.

(Note: The content of the above video from The Sunday Times: Culture is not related to this rant, except for the fact that it’s an amazing embed-able H.264-encoded MP4 video that you still can’t view on Firefox without the help of Flash.)

Your move, Firefox.