Symphonious

It's amazing the amount of work that can be required to get from something that is perfectly wonderful for internal use to something that's ready to be distributed to the public. For quite some time, we've been using a custom made WordPress plugin to allow us to edit blog posts with EditLive! It's used on three blogs within Ephox, two blogs on this server and I'm pretty sure Rob's using it too so it gets quite a workout. It's stable, feature packed and all-round wonderful.

The only draw back of it was that a different license key is required on different servers and so each server needed a slightly different config file in the plugin. Not too difficult, but annoying when you've got improvements that you want to roll out. Tonight I set out to fix that by providing an options page in the admin interface to enter the license and have it stored in the database. Got it working pretty easily and everything was good.

Of course, now that we could do that the plugin was feature complete and basically ready for public distribution should we want to.

Except I should add a simple way to turn on debugging in case people have problems.

And it would be good to fix it so that it loaded the editor when the "Use Visual Editor" setting was checked instead of requiring it to be unchecked (to get rid of TinyMCE which is barbarically hard coded into WordPress).

And things load faster if you specify the config file as text instead of making the editor go and download it in a separate request.

Probably should fix the product branding and generally make things look a bit more professional. Oops, still missed a bit there.

Oh and it doesn't get the width of the editor quite right (actually that's still not right…. there we go).

Oh and that change should make it possible to avoid the original editor flashing up before it is replaced… Awesome.

It's taken me all night - and this was a product that was just a few minor tweaks away from being releasable. I still haven't got any docs on installing it or using it, not to mention there's no packaged up version ready for download - you need an account to check it out of Subversion at the moment. This is why XP has the concept of "Done Done".

UPDATE: If you're interested in getting your hands on this fabulous WordPress plugin, please drop me a line either in the comments or via email. I'm interested in talking to people about what they'd want in the plugin and determining if there is enough demand for us to release it.

Every so often I want to play around with something new on my blog without trashing the public site. I have a local instance of WordPress that I do most of my playing around on but it generally doesn't have the some database configuration as symphonious.net so I can't be sure that things I develop there will work here.

It is however simple to completely clone a WordPress instance to a new URL - but I never remember precisely how, so this is a note to myself so that next time I'll remember.

1. Copy over the WordPress files to the new location.
2. Use WordPress Database Backup to dump the database - or you could use mysqldump.
3. Reload the database content into the test database and adjust the wp-config.php file if needed.
4. update wp_options set option_value='%TEST_SITE_URL%' where option_name like 'siteurl';

Step 4 is the bit I forget the details of - it lets you log in to your WordPress admin page instead of just being redirected back to the original blog. From there you can adjust the public URL in the options page and whatever other things you want to do.

So everyone knows Google has a vast amount of data about you and that Google tracking cookie that basically never expires. Now they own Double Click, completely with it's own tracking cookie that tracks you on pretty much every site on the internet.

Essentially, Google now know what you search for, which links you follow and now between Google AdSense and Double Click, they probably know everything you do on that site pretty much regardless of which site you pick.

Basically, they know everything you do online. Your ISP would probably have a more complete picture of where you go on the web, but Google has that for pretty much everyone on the web, not just the subscribers of one ISP.

Google now owns the internet.

We took delivery of a brand new, shiny Dell preloaded with Vista today and I set about setting it up as a pairing station. Sadly, in the first 30 minutes I'd crashed Vista to the point of having to hard reset the entire machine.

Finding anything in the control panels is a nightmare, not just because it's impossible to guess where things will be, but because it takes so many more clicks to get there now. Worse still, when you finally do get there, you wind up looking at the old XP dialog. What's the point of all the fancy graphics and categorization if when it comes down to it I'm still confronted by an ugly, confusing dialog with a million tabs and settings coming out it's ears?

Oh and I finally have a true understanding of the Apple "cancel or allow" ad. Damn that dialog is annoying - and so frequent.

If you've recently upgraded to PHP 5.2.1 (which is included in an upgrade to Debian Etch, the new Debian stable distribution), use WordPress, use the secure admin plugin and are now just seeing a blank page when you view your blog, I have a solution.

Quick Fix

For those who don't care why this is broken and what I've done to fix it, you probably just want to download the updated plugin which works on my server, with my very brief testing. If you see any problems let me know, but be warned that it is very much untested and could destroy everything - make sure you have a good backup and try it on a friends blog first. I strongly suggest you wait until Haris takes a look at this and comments on whether it covers all the original functionality or not - I could easily have missed something critical. I'm also not sure if this works on versions of WordPress before 2.1.3.

Technical Details

The root of the problem is that 5.2.1 somehow broke the ob_start(callback) function - it looks as if when the callback function is called, global variables aren't available. For the secure admin plugin, this means that nearly all the wordpress libraries and functionality aren't available to the callback function. Lacking those supporting libraries the callback function generates an error, but the error message is lost along with the rest of the content when the function terminates so there's error messages shown anywhere.

Given that I don't understand the ob_start functions, what they used to do, what they do now and was driven mad by not having error messages logged - I looked for an alternate solution to the problem that doesn't use ob_start at all.

It turns out that at least for my blog, if the get_option('siteurl') method returned https URLs instead of http URLs, everything would point to HTTPS and I wouldn't get any warnings about part of the content being unencrypted. As best I can tell, that's all the ob_start stuff did, though it appears to be more selective about which URLs it filters (which I should note, means it doesn't cover plugins like my EditLive! plugin which the new version does). You can conditionally filter the siteurl value using the standard filter hooks for options and if the current request for the page used HTTPS, convert to using HTTPS, otherwise pass it through unchanged. There may be other options that need to be filtered, but siteurl is all that I've found so far.

Since I haven't added a check for whether or not we're actually on an admin page, the filter may actually "fix" the URLs for the actual blog itself if it can be accessed over either HTTP or HTTPS. I'm not sure about that though, because my current server setup doesn't serve the entire blog over HTTPS.

For those that want to see the exact changes, you can grab the patch against the latest version (0.2 (24)) of secure admin from Haris.tv.

I'd love to hear any and all feedback, particularly if I've missed something.