Thirty-Two

Essays, Food, Personal

My thirty-second birthday has arrived after a whirlwind year, probably my most challenging and rewarding. It went faster than any year I can remember, absolutely flew by. Luckily it was capped at the holidays with a precious few weeks of downtime in Houston. Now I’m back to work in Cape Town and just finished a lovely day of great food, wine, and conversation with colleagues who are here for a meetup starting tomorrow.

Since I started tracking, 2015 was the first year that I traveled fewer miles than the year before, clocking in at 398k, down 27k. (398,553 miles, 111 cities, 20 countries.) In 2016 I’m going to try and get that even lower. It was also one of my best years for blogging on this site, with the most posts (252) I’ve made since 2008, and the most words (24,605) since 2005. (If anyone is curious, I wrote about 60k words over the same time period in Automattic’s internal P2s.) In a weird omission, though, it’s the first year since this site started in 2002 that I didn’t post a single gallery of photos. I’ve developed a mental block around processing and posting the fancier pictures, even as I carry hundreds of gigabytes of them around the planet several times over. Hopefully this is something I can get past in 2016.

I ran 163 miles in 2015, more than I did the year before, and I think that trend will continue. Last year I talked about habits and small actions, and a daily todo list with some small items to nourish the mind, soul, and body has become central to my routine. I dyed my hair (grey) just for fun and also to show the rest of Automattic they could too, how you look doesn’t matter one iota. My restaurant quest has continued, and I’ve now been to 38% of the current top 50 list.

More so than before, I really don’t know what’s around the corner. While there is a lot in motion, there is even more still being defined and started. There’s freedom in the groove, to reference Joshua Redman’s great album, and I’m getting a lot more comfortable with ambiguity and the faster pace of life in general. More than ever, I consider myself incredibly lucky, so it’s exciting to make the most of the opportunity that the volatility, love, loss, glory, failure, inspirations, and setbacks that 2016 will bring.

All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42.

Cool Touch Interface

Personal, Video, ,

While reading Michael Arrington’s essay Why Desktop Touch Screens Don’t Really Work Well For Humans I came across this video, which I thought was pretty cool.

Hopefully this whets your appetite for whatever comes out of Apple tomorrow. Should be an interesting day for WordPress.com as well: whenever Apple does a major announcement we blow past all our previous traffic records. The current one-day record is 63.5 million pageviews.

Love and Hate

Spam

One of my favorite funny graphics from the on-hiatus Creating Passionate Users was this one from the entry Be brave or go home. Because on this entry on my blog a few days ago the part of the blogosphere that makes money from ad-embedded themes has been viciously attacking me personally. Attempted assassinations are never fun, at least for the person on the receiving end, but overall I’m happy for a few reasons:

  • Some of the paid links in themes are to the same URLs I see in Akismet, so I know that there is at least some overlap between the people financing these themes and attacking our blogs, and any way we can fight them is good.
  • I know that this is something the majority of the WordPress community has voted for.
  • I am hopeful we’ll stop seeing threads like this in the support forum. “I installed the ecologici theme found here [link to wordpress.net] I customized it, no problems. I went to add my scripts to the footer and found this code…”
  • The attacks sting less when it’s from people who have significant financial interests in seeing sponsored themes continue. They’re just trying to protect their money.
  • That they’re making so much noise is an indication we’re doing something meaningful.
  • The attacks sting less when they’re from people with questionable personal practices. [1]

Still, there is a lot of hard work ahead.

[1] For example one attack post from “Franky” on a blog called Wisdump (didn’t that used to be run by the awesome Paul Scrivens?) I noticed it was loading a little slow, then I saw pingomatic.com in my address bar. I looked at his source and saw he had embedded a 1×1 pixel iframe loading the ping page for Ping-O-Matic on every one of his pages. I must admit this is clever, it utilizes the distributed network of everyone who visits your site to attack Ping-O-Matic and spam the ping servers, and of course IP blocking is useless because it’s coming from the regular folks on your site. But it is also extremely skeevy. (And I believe a little bit of JS on the ping page should fix that right up.)

Thirty-Four

Personal

I am very thankful and grateful to have made it through the past year, which was a really special one personally and professionally. I learned to open myself up more to relationships, continued aspiring to be clear and direct with yellow arrows, and worked alongside some incredible people to tackle the biggest and hardest problems, whether it was getting plugin and theme support on WP.com or the start and growth of Gutenberg.

I read a lot more books, traveled 337k miles between 91 cities, spent more time in Texas, kept my health in a good balance with weight training, running, and a better diet including several months of 16/8 intermittent fasting, while still getting in some excellent meals with friends and loved ones (up to 58% of top 50 list). As I’m solidly in my mid-thirties now, and I want to continue to live by: all things in moderation. I consider what I do with WordPress and Automattic my life’s work, and hope to continue it as long as I’m useful. Some days I pinch myself.

Thank you to all of you on this journey with me. I am imperfect but trying my darndest, and I’m lucky to have friends and colleagues doing the same.

All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42.

AJAX and CSRF

Press, WordPress, , ,

When working on some new AJAX features for bbPress and WordPress we’ve noticed that AJAX requests don’t seem to send HTTP_REFERER values. We check referrers as one level of protection against cross-site-scripting, or XSS, so when they’re not set we aren’t able to use that value. How are most people using AJAX protecting against XSS? It seems the same things we’re doing to make things easily accesible in a dynamic fashion are also opening new vectors for attack.

Ning to BuddyPress

Personal

JJJ at BuddyPress has some Helpful Resources for Ning Users. I’ve seen smaller startups rush to fill the space left by Ning’s announcement they’re getting out of their free tier, but honestly if a company with $120,000,000 in funding can’t figure that business out, I wouldn’t hitch my horse to a company with $5-6M. It’s better to get a $10/mo hosting account you know will be around forever and install BuddyPress and have complete and total control over your network, from the domain to the source code.

Facebook McAfee

Facebook, Food, Open Source, Personal

Facebook is offering its users a 6-month free trial of McAfee and promoting it heavily, and even forcing people to run a scan before they can reactivate a hacked account. They’re “not aware of another free Internet service that takes this much responsibility for helping people keep their accounts secure.” (Didn’t Google promote McAfee through Google Pack at one point?) I think this is a laudable step, more security is intrinsically good, but I have to suspect this is more about revenue than security. They will probably make many millions of dollars from their users installing or buying McAfee as a result of this.

Modern versions of Windows include free tools like Defender which are just as good and appear to have less of a performance impact on the computer. But if they really wanted to have a long-term impact on desktop as a vector for attack on web services I’m surprised they didn’t start, sponsor, or promote an Open Source equivalent of McAfee. This seems like a space very well-suited to address with an OS tool in the digital commons, much like a Windows anti-spyware equivalent of SpamAssassin, with self-updating rules and a completely transparent process.

Dubai Timelapse

Essays, Video, WordPress

A month or so ago I got a tilt-shift lens (Nikon PC-E Micro Nikkor 45mm f/2.8D ED) and one of the first things I wanted to try was interval shooting to make a stop-motion like tilt-shifted video like these awesome ones from Australia photographer Keith Loutit. Haven’t quite figured out how to make them look that cool yet but here’s one of the first efforts, taken from the Burj Al Arab looking down at its car entrance at night. Watch how the lights come in and out of focus, and how fast the cars are at the intersection. The video is available in full HD if your computer can handle it just toggle it in the top-right and go full-screen.

Big thanks to Michael Pick of WordPress.tv fame for doing all the video magic here.

Out of Commission

Asides

I’m going to be a bit slow or absent on blogging and email for a few days because I’ve injured my left hand and my thumb is in a splint which makes it pretty tough to type. (One-handed mostly.) There is a ton I want to write about, but the doctor said pushing it too hard might aggrevate the injury, so it’ll mostly have to wait. To keep things interesting around here I’ll send a WP.com invite to whoever comes up with the best story about how I did it.