The Desktop App

wpappThere’s a new desktop app for WordPress blogs, this time from the good folks at Automattic, the people behind I know many of you have heard me say that and WordPress are two entirely separate entities, so let me clear this up right now. You can use this app with both and self-hosted WordPress(.org) blogs! Despite the app’s name, you can connect your self-hosted WordPress blog to with Jetpack and it’s Manage module, allowing you to work with your self-hosted WordPress blog in both and the app.

The new desktop app is mostly a wrapper for Calypso, the new interface packed full of the latest web technology. Calypso is where the real fun lies, conceived as an answer to “What if we rebuilt WordPress from scratch today?” It’s fast, responsive, and open source, with real-time notifications, the ability to work with multiple sites through the same interface, and a thoroughly re-built editor.

The desktop app brings Calypso to you in a browser-free app, free of occasionally troublesome browser extensions and poor support of the latest web technologies from certain browsers I dare not name, leveraging the processing power and local storage of your computer. It’s a whole new way to experience WordPress, packed into one convenient application.

Try the new Desktop App today, or even just Calypso at itself, you won’t be disappointed. 🙂

WordPress Security and Auto-Updates

autoupdatesWordPress 4.3.1 was released six days ago and included three security fixes. If you haven’t done anything silly to disable auto-updates, you would have been automatically updated within an hour of the announcement (and in some cases even before the announcement). If you have disabled auto-updates, your site was publicly at risk until you manually updated, and if you still haven’t updated, you had better do so now.

Auto-updates are not only crucial, they are almost quite literally the least you can do to protect your site. When a security update is announced, along with the vulnerabilities being made public, you could trust your site to update itself quickly and efficiently with no effort on your part, or you could disable all of that and keep your site vulnerable until you got around to doing it yourself. Sure, there is a very slim possibility that a feature of a plugin on your site may momentarily break until its developer fixes it, but such a thing is insignificant compared to recovering a hacked site, or losing an unrecoverable hacked site, just because you decided to let it live with publicly known vulnerabilities.

This doesn’t just extend to WordPress core. Plugins and themes get occasional security updates too. While WordPress doesn’t automatically update those by default, you can make it do so by modifying wp-config.php, using a plugin, or a service like Jetpack Manage. Just like with WordPress core, the updates will be applied within an hour of the release. And, if you’re worried about losing theme modifications, make sure that you’re using a child theme or a plugin like Jetpack Custom CSS so that you can modify your theme in a way that still allows you to safely update the parent theme.

When it comes to securing WordPress, there’s a lot you can do, but allowing auto-updates to function is by far the best way to keep your site secure, and almost quite literally the least you can do. Enjoy the freedom and security that auto-updates afford to you and your site.

WordPress 4.3 Released

si600WordPress 4.3 has been released! This release introduces menu and site icon controls to the customizer, formatting shortcuts to the editor, stronger password enforcement, and more.

246 volunteers contributed to this release, lead by Konstantin Obenland. At the time of writing this, WordPress 4.3 has been out for a bit over 2 hours and has already been downloaded 373,399 times!

All users can now safely update from Dashboard -> Updates or download and update manually, though you should probably backup first just in case, unless you’re already using VaultPress, which you really should be.

WordPress 4.2.4 Released

wordpress600WordPress 4.2.4 has been released. This is a critical security release, addressing 6 security vulnerabilities, as well as 4 bugs (including a few you may have run into during the last security fix).

A huge thanks to the folks who kept us all safe by responsibly disclosing the security vulnerabilities.

If you have not done anything silly to disable automatic updates, you were already updated hours ago. If you did do something silly to disable automatic updates, then your site has been vulnerable to 6 now publicly known security vulnerabilities for at least the past 10 hours, so you should really update manually right now, and then turn your automatic updates back on.

As always, if you run into any trouble, please let us know!

Small Twitter Victory

twvictoryWhile my tiny corner of the world is being loomed over by the type of room-shaking thunderstorms it rarely experiences, I did find a tiny ray of sunlight. MacManX on Twitter is finally mine, after spending the last five years trying to wrestle it from the clutches of a long-abandoned tech news account. I don’t know why it’s so important to me, but it always bothered my that it was just sitting there unused and unloved, while I had to use MacManXcom instead. Well, now it’s mine. Time to find some sort of tiny victory horn to blast, but probably no one will hear it over this thunder.

Changing usernames on Twitter is shockingly easy, it’s actually just another settings field. You type in a new username, it instantly displays if it’s available, and you save your settings. Your Tweets are transferred over, your Followers are transferred over, everything is transferred over. I was very impressed. The only negative point is that there is no way to redirect the old username. You have officially given it up for someone else to have, which I suppose is perfectly fair. One minute to change the username, one hour to find and change any links and integrations that are within my power to change, and another hour to take a black marker to my business cards (way too many business cards). A nearly five-year struggle was over in two hours.

Going Webmail-Only

webmail600Last week, I mentioned that I was de-prioritizing email in my life. So far, it’s been great, and I’ve had some amazing success avoiding email in general by only using webmail. Webmail is harder to get to than launching an app, which means I don’t use it as often. Most importantly, webmail is simple and only offers essential features.

I spent the last four years changing email apps to find one that simplified email, rather than further complicating an already complex system. To be honest, Sparrow was the perfect email app, but it has mostly stopped working since Google acquired it two years ago. Airmail began life as its spiritual successor, but they keep adding features that are useless to me. It’s become the perfect example of software bloat. I’ve also tried Apple’s Mail app, Thunderbird, Postbox, Mail Pilot, and a few others I have generally forgotten, all resulting in similar feature exhaustion.

All I want to do is read and send email, but every app assumes that I want to do more, so much more. My ideal email app puts those two features up front and hides the rest unless I specifically enable them. Much to my surprise, my ideal email app is webmail. I have tried webmail from ProtonMail, iCloud, and Gmail. Their webmail does a great job of clearly presenting email’s core features. They hide the extra features behind settings, make them less visually prominent, and even omit some of the less-used extras.

Webmail’s simplicity allows me to focus on my email, and that’s exactly what I want from an email app. I’m sure a new Sparrow will show up some day, but until then, I’ll always have webmail.

De-prioritizing Email

downemailMany years ago, when the internet only made this sound, I opened my first email account at Excite (and yes, it still works). Back then, I thought that email was both the most efficient and the most polite way to contact someone. Unlike sending a letter, you had the possibility of an immediate response. Unlike calling someone, you knew that they would only log in to it when they were ready to. Email was never an interruption.

That last bit has been lost to us. Email is now an interruption to our daily lives, even more so than phone calls, because it’s just so much more popular. We get email notifications on our computers, our phones, our watches, and even in front of our faces. No matter what you’re doing, something is going to let you know that someone wants you to read an email right now. I have spent the last several years under the oppressive rule of email notifications, but no longer.

Starting this week, I have de-prioritized email. Since I only check my physical mailbox for mail once a day, I’m only going to check my email twice a day. Emailed notifications are switched off everywhere, work communication is primarily via Slack, and anyone else who needs me immediately can call or send a text (preferably via Signal).

How am I going to avoid the addictive lure of my email applications? I got rid of them and have switched to webmail only (more on that later). In short, my email is now harder to get to, so it’s no longer a distraction. How will this turn out? So far, I feel more free than I ever have. There are less things clamoring for my attention throughout the day, and I only read my email when I’m ready to, which means I just have more time to do more important things throughout the day. Beyond that, only time will tell.

Automattic: The WooThemes Awakens

woomatticThere has been an acquisition. Have you felt it? Automattic has acquired WooThemes, a leading developer of WordPress eCommerce solutions. The acquisition was announced just a few minutes ago, and I’m very excited that we’ll have a hand in continuing to grow this powerhouse of eCommerce tools alongside 55 new colleagues.

If you’re already a user of WooThemes products, don’t worry, it’s going to be business as usual. We’re joining forces to continue building this great eCommerce solution so we can grow WordPress to power more than just 23% of the web.

We’re moving onwards and upwards, and if you want to be a part of that journey too, we’re always hiring.

WordPress 4.2 Released

pressthisWordPress 4.2 has been released! This release introduces a fully redesigned Press This, easier theme switching in the Customizer, support for new embeds from Tumblr and Kickstarter, expanded support for native Chinese, Japanese, and Korean characters, musical and mathematical symbols, hieroglyphs, and Emoji. Of course, those are just the highlights. There’s much more to WordPress 4.2.

283 volunteers contributed to this release, lead by Drew Jaynes. At the time of writing this, WordPress 4.2 has been out for less than 4 hours and has already been downloaded 452,492 times!

All users can now safely update from Dashboard -> Updates or download and update manually, though you should probably backup first just in case, unless you’re already using VaultPress, which you really should be.


Likes and Self-Censorship

likeA friend recently asked me about transferring Likes between platforms, which got me thinking about what Likes mean to me. Upon applying a little more thought than my typical “Yay, someone liked my post!” I came to the conclusion that they were useless to me, perhaps even detrimental to my writing.

Likes are an artificial construct we rely on as proof that an audience exists and is happy with the content we shared. I don’t need Likes to prove I have an audience, I have Stats for that, and Likes do little to prove that the audience is happy with the shared content. The simple action of pushing a button hardly qualifies as reader engagement, completely reading the post isn’t even required. The Like button is also only present on the site itself, it’s not present in subscription emails or RSS feeds. There is no proof that those who pushed the button actually liked the content or that there aren’t more out there who just didn’t bother to push the button.

Likes as an artificial construct of an audience are also seen as an artificial construct of self-worth, leading to self-censorship. I have always believed that the writer should write what the writer wants to, and let the audience grow around it. Likes are the antithesis of that. Once you begin to believe Likes are your only proof of audience satisfaction, you have lost the battle over your own creativity. Self-censorship sets in, and you begin to force yourself to adapt to please an audience which probably doesn’t exist in the form you understand it.

I have removed the Like buttons here after this little revelation of mine. I’ll continue to write what I feel like writing without being misguided by the Like button. I’m interested to see how this little experiment goes, and I’ll always have my Stats if I need proof that people read what I write. As for you kind folks, if you like what I write, please feel free to share it, Like/Favorite/+1 it on your social network of choice, or let me know in the comments. I may no longer have a Like button here, but I do appreciate a kind word from time to time.