Skip links

Performancing

Main navigation

Blog

Should There Be A WordPress Plugin Validation Team

Vladimir Prelovac, author of many excellent WordPress plugins recently published his thoughts on where he sees WordPress headed in the future. Not only that, he also provides a critique on how things are currently being handled by the WordPress team as it relates to the WordPress core. While I agree with some of the points Vladimir has made, there is one thing that was mentioned that I hinted to back in January on another post (Uninstalling Conundrum Part 2) and that is, a plugin validation team.

I admire the PHPbb3 team for executing this concept brilliantly. Here is what they do. First, for any modification to be added to their mod database, it has to go through a minor code audit. This audit is used to look for security flaws as well as bugs inside of the code. This means that users can feel safe knowing that the mods they download from the database are free of security vulnerabilities and are safe to use on their own forum. Despite the fact that the validation process can be a time consuming one, the benefits far outweigh the negative aspects of the process.

I would like to see something like what the PHPbb team does for their mods, done for WordPress plugins and the plugin repository. Vladimir’s take on this issue is that a team is needed to validate WordPress plugins as a means of security because of the potential dangers in having a plugin author account becoming compromised. My opinion on the matter is the same today as it was in January:

So what I’m proposing is that, the WordPress team should get together along with the community and develop a series of coding guidelines. These are the guidelines that third party plugins would have to abide by, in order to be housed within the official WordPress plugin database. This is the only way WordPress would be able to somewhat control the quality of plugins that are coded and released to the public. Granted, you’re not going to solve the problem completely as people will still be able to code plugins for WordPress and release them via their own website, but then, end users of WordPress should think twice about those particular plugins and realize that the only safe route to go should be through the official source of plugins that being the WordPress.org plugin database.

So while Vladimir covers security, my reasoning is more along the lines of quality assurance/control. Based on a comment made my Matt himself, there are a few things that they do automatically to ensure that nothing malicious is entered into the repository. However, Matt appears to be in agreement now, that a team of volunteers will be needed to validate plugin code and also keep an eye on plugin changesets.

Even though I love WordPress and there are many of us out there, who is going to review plugin code for hours on end as a means of contributing to the project? Is this something you would be interested in doing? What about the proposed restrictions to the plugin repository. Do you feel as if that is needed to ensure that the plugins that are hosted their are of top notch quality and free from security vulnerabilities?

Perfcast Episode 3 – Patriot Edition

The third episode of Perfcast is now available. Despite having a terrible cold and an even worst sounding voice, I managed to get through the show. My apologies if the scratchy voice is annoying to listen to. With that said, we covered some nifty topics this week and are looking forward to your feedback.

STORIES THAT WERE DISCUSSED
How Portable Is Your Blog
Transforming Your Blog Into A Really Big Business
All Bloggers Are Not Alike
Here’s How Affiliate Marketing Works
BloggingTips Blog Directory Returns
WordPress 2.6.2 Released

LISTENER FEEDBACK – No Emails This Week

PREVIOUS EPISODE COMMENTS – David meant no disrespect to those living in natural disaster prone areas such as hurricane zones.

Thanked Brian2k7 for giving us the scientific 101 explanation on whether to use commenters or commenter’s

Each week, David and I like to look at the jobs available in blogging and related industries. We cover jobs that catch our eye, and hopefully don’t pay too poorly. We will feature one of these jobs on each episode of Perfcast.

BLOGGING JOB OF THE WEEK – Travel Writers for Trazzler.com (http://austin.craigslist.org/wri/834049491.html) – $1000/m part time – Found via Freelance Writing Jobs

BLOGGING CHALLENGE ENTRIES FROM THE PREVIOUS WEEK:
Last weeks challenge was to create link bait. This week, we only have two challenge entries.
Jeff Chandler – http://performancing.com/wordpress/transform-wordpress-12-plugins
David Peralty – My Link bait is written, edited, and ready to go, but it won’t be published until the design For CollegeCrunch.org ready. I will let you know how it goes when we launch it and promote it.

BLOGGING CHALLENGE – The challenge this week is to write a review. The review can be about anything you want except the Not Safe For Work category.

The blogging challenge is provided as a means of challenging yourself with a specific duty each week. David and I will be participating in each challenge and will be highlighting various entries from the previous challenge. To have your entry viewed by David and I, leave a comment with a link to your entry on this blog post. You may be the entry we review on the next episode.

LENGTH OF EPISODE – 1 Hour and 8 Minutes

NEXT EPISODE – Thursday September 18th, 2008 at 7 P.M. EST

ITUNES – Click here to subscribe to the show via iTunes

DOWNLOAD THE SHOW: PerfcastEpisode3.mp3

LISTEN TO EPISODE 3 OF PERFCAST:

Patriot Edition Of Perfcast

Don’t forget to join David and I tonight at 7P.M. EST for Perfcast, the live podcast all about blogging where we discuss the weeks news and have a bit of fun while were at it. Today just so happens to be September 11th which according to the calendars that I have seen at work, is now considered Patriot day.

In the United States, Patriot Day occurs on September 11 of each year, designated in memory of the nearly three thousand who died in the September 11, 2001, attacks. Most Americans refer to the day as “Nine-Eleven (9/11),” “September 11th,” “Nine-one-one,” or some variation thereof.

U.S. House of Representatives Joint Resolution 71 was approved by a vote of 407-0 on October 25, 2001. It requested that the President designate September 11 of each year as “Patriot Day.” President George W. Bush signed the resolution into law on December 18, 2001 (as Public Law 107-89). It is a discretionary day of remembrance.
Taken from good ole Wikipedia

My personal condolences go out to those who have lost a loved one due to the tragedies that took place on this day in 2001.

To participate in the show, please refer to this post (How To Participate In Perfcast Live) which covers all of the details. We hope to hear from you!

Photo taken by marada under Creative Commons

Cream Of The Crop Blogs About Blogging

When I open up my FeedReader, it is not that uncommon to come across over 1,000 items or more that need to be read. I don’t have the time to read all of those items which is why I either share the link in my link blog to come back to later and to share with others or, I’ll write a blurb about the post and publish it on a blog. At any rate, I figure that the list of blogs I am subscribed to that deals with blogging would make for a good resource of links for your own feedreader. Thus, here is the list of blogs about blogging that I am subscribed to.

Advertise Space – Blog Advertising – Although the blog hasn’t been updated since August, I found it to be a good read as it deals specifically with the blog advertising niche.

Alister Cameron – Blogologist – Alister Cameron does an excellent job discussing all aspects of blogging, especially marketing and optimizing blogs.

Blog Marketing Strategies by Social Marketing Expert Jack Humphrey – I think jack’s blog title speaks for itself.

Blog Perfume – Great site which features the cool Feed analysis tool. Also known for pointing out good WordPress resources.

Bloggers Blog: Blogging The Blogosphere– This site has a title which would be hard to say five times fast but it covers trends and news as it pertains to blogging. Just check out the categories listed on the left hand side of the site to get a gist.

BloggerTalks – Headed up by Thord Daniel Hedengren, this site features exclusive and usually detailed interviews with individuals who are becoming successful on the internet. People who have been interviewed on the site thus far include: Natali Del Conte, Ryan Caldwell, Duncan Riley and Sarah Perez.

Blogging (Google News Subscription) – This is simply my subscription to the keyword of blogging as it shows up in Google.

Blogging Basics 101 – For those of you who still enjoy using Blogging as your platform of choice, this blog is for you and it relates specifically to the Blogger crowd. With all of the attention aimed towards WordPress, these types of sites are getting harder to come by.

Blogging Tips – What can I say? Kevin Muldoon has a history of success and Blogging Tips is no exception. Every day of the week there are new tips, reviews, or conversation pieces published onto the site. Of course, some of that success can be attributed to the sites other contributors.

Blogosphere News (Published News Items) – Splashpress has their own Digg like social site that serves more as a central repository of what is going on within the Splashpress network than anything else. If I miss something on one of the other Splashpress owned sites, I usually catch it here.

BlogSecurity – BlogSecurity is an important subject and what better domain to have in order to discuss the topic? This blog is known for covering security vulnerabilities for WordPress as they are discovered.

BlogWell – Another blog which focuses on providing tips, ideas, and explanations that are easy to understand and written in plain English.

Business Blogs: How to Build a Better Blog – As the blog title says, this blog is all about the business of blogging and creating a better business blog.

BuzzMyBlog This blog is written by someone who is currently trying to become self employed through blogging. A feat that many would love to accomplish but few will ever reach. The blog discusses social media, blogging topics and a few personal things mixed in. Bonus points for having the same first name as me.

Chris Garret On New Media – Do I really need to describe who this man is? He has written for Performancing before and is a master of the trade.

Contest Blogger – One look at this blog and you’ll see that there are a ton of things to be won. Seems like every day introduces hundreds of new blogging contests. This is the grand daddy of all blogging contest blogs. Be sure to read their content to make sure you don’t screw yourself when participating in a contest.

Conversations – This blog is written by Mike Sansone who is as social as they come. He writes about all aspects of conversation and the role it plays in the blogosphere. His mantra is “Blogs are Conversation Stations“. Sounds good to me!

CopyBlogger – With over 40,000 RSS subscribers, Copyblogger continues to be one of the major resources for all bloggers. The site covers topics such as copywriting, traffic, social media, etc.

Daily Blog Tips – Another awesome resource site with tips, monetization techniques and overall, a nice community.

Dosh Dosh – Truly the definition of Quality versus Quantity. Dosh Dosh is a blog offering internet marketing and blogging tips, alongside social media strategies. Best consumed by bloggers, entrepreneurs, web publishers, marketers, freelancers and small business owners. Not updated often but it is updated consistently. Each post leaves people begging for more.

OnlineMarketingBlog – Online Marketing Blog provides daily insights, resources and information on a range of internet marketing strategies and tactics.

Quick Online Tips – Quick Online Tips is a popular blog regularly publishing Technology news, smart blogging tips, new media, web 2.0 services, useful computer software, advertising and how to make money online

Shoemoney – Skills To Pay The Bills – One of the webs top internet marketers. No explanation needed.

Skelliewag – Skelliewag.org is for current and future movers and shakers of the web: people who understand that content is King, Queen and the entire royal family.

Social Media Trader – Socialmediatrader.com offers a regular selection of in-depth articles, statistical analysis, simple to digest guides, and original and unique resources.

Techonofriends – Technofriends is a Technology Blog by an avid blogger and technology enthusiast.

The Blog Medic – Keep your blog healthy, alive and kicking with some simple tips from a corporate blogger. Although not updated often, the site contains useful information.

The Edublogger – A blog that helps educational bloggers with emerging technologies in education!

The Reader Appreciation Project – The Reader Appreciation Project is aimed at showing readers that they are one of the most important assets a blogger can have.

Write To Done – Write To Done is about, at its core: the craft and the art of writing.

For your convenience, I’ve included a link to an OPML file that you can place into your feed reader which will subscribe to all of the blogs mentioned in this post. If you know of any blogs which you find to be a valuable source of information as they pertain to blogging, be sure to share them in the comments.

(Blogging tips and discussions OPML File)

How Portable Is Your Blog?

Photo taken by foxypar4 illustrating Coming And Going and has been filed under the Creative Commons license.

Ever stop to wonder how portable your blog is? I mean, you are using WordPress today but do you think you’ll be using WordPressa a year or two from now? What if you started on Drupal and then want to move to WordPress? This is the situation that Performancing is in and I find it rather archaic that many of these publishing systems or content management systems do little in the way of allowing users to export data. The closest I’ve been able to get with Drupal is by using what is called (Views) to create an RSS view for the past 2,500 posts. This doesn’t help me at all when there are thousands of posts from 2005-2008 published on the site. As I searched high and low on the Drupal module site looking for ways to export the content into at least an XML file, I came up empty handed. Considering XML has been around for awhile and it is 2008, I find it to be a joke that Drupal along with other publishing systems do not support the exporting of important content out of the box. Important content being tags, post meta data, post content and comments.

eXtended RSS:

Although not perfect, WordPress provides not only a myriad of different ways to import your content into their system, but it provides you with a way to export your data into an open format. This open format is called WXR or eXtended RSS. When you export your content from WordPress, this XML file will contain your categories, tags, pages, comments, custom fields, categories, and most importantly, your content. This allows you to easily migrate your WordPress content from one WordPress installation into another or, moving between a self hosted WordPress installation into a WordPress.com account. Why can’t Drupal or other systems support this type of functionality? WXR from what I know is an open format because it is based off of XML. I realize that just about every content management system does their own thing, but how nice would it be if they all supported an open format like XML or eXtended RSS.

Based on my research of the various CMS’s that exist, the only one I have seen that supports eXtended RSS is WordPress. Just about every other system out their is portable if you count the fact that they support MySQL. However, in 2008, why must we continue to subject ourselves to hiring MySQL database gurus in order to migrate content from one system to another. Couple this with the fact that most of these systems are open source, why can’t these systems provide an easy way to import or export important data into them and let the end user decide which system they want to use instead of having people become locked into a specific system. Although some will argue that you are not locked in considering if the database that contains your content is MySQL based, you could hire a database guru to migrate your content. I just find that to be unacceptable.

Perhaps there is hope though. Browsing around the Habari Project wiki, I came across a page that contained information regarding potential projects for the Google Summer of Code. Thanksfully, Import/Export appeared to be one of the projects:

Many tools permit one to import from their prior tool, but very few provide any kind of export functionality. The Habari project believes strongly that your data is more important than the tool you use to publish it. To that end, the Habari project would like to initiate a cross-platform export format so that end users can move between publishing solutions with greater ease.

Now, if we could only get every other CMS Development team to acheieve this level of thought, end users would be much better off. No word yet on the progress of the project but I find it enlightening that the Habari team is at least acknowledging the need for such a system.

Conclusion:

I think in a perfect world, all of these open source projects such as Habari, WordPress.org, Drupal, etc, would get together and work with each other to make sure that each system could import the data that is exported from each other. Seems to me as if the XML file format provides an excellent open platform for this to be based on. I’m not sure if EGO has any thing to do with this not being a reality yet or if the perfect world is simply too complex for this to happen. Every system does things their own way which is why the initial format should be an open standard instead of something created in-house. What an aggrevating experience it is to see the Drupal forum have an entire section dedicated to migrating to Drupal but not have a forum dedicated to migrating from Drupal.

Your Thoughts:

Please share your thoughts and opinions on this subject within the comments. Let me know if you are sick of being burned by content management systems not providing an easy means of exporting your important content.

WordPress 2.6.2 Released

WordPress 2.6.2 was released due to a weakness that has been discovered in something known as mt_rand(). WordPress 2.6.2 is a critical release for those of you who allow open registration on your blog. Here is the reason why:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

Along with this critical fix, 2.6.2 is an interim release and therefor contains a few other bug fixes as well such as images that were always inserted into a post at full size, RSS widget linking if there isn’t a link, and the inability to control where a user redirects to when they log in. You can view the rest of the bug fixes here (Fixed Bugs In 2.6.2).

I have already upgraded my blog without a problem!

Show off your Identi.ca (Laconica) feed with a) WP plug-in or b) raw PHP/MagPie solution

  • Solutions: Use the ‘dingshow’ WordPress plug-in or Publish Laconica (identi.ca) dents with PHP/MagPie solution.
  • Purpose: If you like to show off your identi.ca or any other Laconica microblogging feed on your site.
  • Features include working author links, @ links, general links and working #hashtag links.

PHP/MagPie: Download ‘DingShow’ a.k.a. ‘DentShow’

filzo.de/dingshow_plainphp.tar.gz

“Ding” is kind of a translation of “dent” to German. The meaning is “thing” or “something”.

MagPie had to be patched on my server. Solution and description is here:

@filzo Patched #MagPie here: http://is.gd/2fEV (Scroll to “Technische Notiz zu MagpieRSS”) Description etag bug: http://is.gd/2fF6

To show off your identi.ca/Laconica feed simply edit the last line of the index.php.

The Author of this PHP/MagPie solution for identi.ca/Laconica is:

Philipp Czora
Identi.ca: @filzo
Web: filzo.de

The idea to create the raw PHP solution was forcefully pushed at him after he developed the dingshow-plugin for WordPress 🙂

Thanks and a big hat tip to Philip!

Google Trends: The Big Picture

Here is yet another way of visualizaing the data presented by Google Trends for Websites. It’s called BigPicture and is a mashup of data which represents recently searched items, sites that are losing traffic and sites that are gaining traffic. Simply hover your mouse cursor over the lines in the graph to see emphasis placed on their line to view the domain name. To add your domain to the graph, simply type it into the search box. Naturally, I submitted Performancing.com. Based on the results between July of 2007 through July 2008, we have peaked at or over 10,000 visitors but have leveled off since then.

Brightly colored lines were recently searched by other visitors to this site.

Red lines indicate sites which are losing traffic. Blue lines are gaining.

Of course, the sites with lines at the top of the graph include Yahoo, MSN.com, Live.com, Microsoft.com, and Wikipedia.com. One thing I didn’t see was Google.com. Even if I went to the Google Trends website itself, I couldn’t do a trend search for Google. Did they design it that way or is there another reason?

Performancing © 2005–2025 Splashpress Media. Contact us for Premium Link Building, Blogging, & Design services.