Quercus really is great stuff; it allows nitwits like me to develop crappy PHP-applications and to deploy them on Google’s App Engine. But when you combine the limitations of Quercus’ PHP implementation with those of GAE, you’re going to have to code around some problems you wouldn’t be facing when developing a “normal” PHP webapp.
One example based on my limited experience (while writing a scanner service to detect “foreign” objects in websites for my future wp-privacy plugin): I had a CSV-file that had to be downloaded & parsed. Normally you would fopen the remote file and than use fgetcsv retrieve all data line per line. Or, if you’d prefer, you could fetch the file with mighty CURL and parse it using str_getcsv. But those approaches don’t work when in Quercus on GAE; fopening remote files doesn’t work (blame GAE) and while you can Curl the CSV into a variable, there’s no str_getcsv in Quercus (yet).
So I did what any self-respecting non-developer would do; I cried for help on StackOverflow. Some of the advice I got there involved obscure tricks like using data-uri’s, fopening php://memory or using SplTempFileObject, but none of those solutions produced anything but errors. So no built-in CSV-parsing for me, but (simple) “manual” parsing of the CSV in a string. Not a huge problem by any measure, but I’m sure there’s a whole lot more limitations, if only for all those functions that rely on file handles. But at least we’re having fun, no? 😉
donottrack
WP YouTu.be Lyte: a minor release & some meandering thoughts
Yesterday I pushed WP YouTube Lyte 0.7.3 out the gates. The main trigger for that new release was a bug report about the plugin not behaving as expected when using the youtu.be-links that you get when clicking the “share”-button on YouTube. Being from that TLD mysself I could not but fix this; the new version recognizes and parses both httpv://youtube.com/watch?v=videoid and httpv://youtu.be/videoid links in posts, pages and widgets. Other features: Slovenian translation (thanks Mitja Mihelič @arnes.si) and a small change to the donottrack-inclusion to make it work over https (hat tip; Chris @ campino2k.de).
Speaking of donottrack: I’ve finally started rewriting that privacy-enhancing plugin. It might … No, it WILL take some time, but expect a whitelist-based approach where you’ll be able to get a report of all inclusions of external content (images, css, javascript, …) in your site and where you can just tick a checkbox per domain you want to allow. All other current and future domains that rogue plugins try to smuggle in after you configured, will be stopped. Next to document.write’s I hope to be able to catch innerHTML and DOM methods like insertBefore and appendChild. If you’re a javascript DOM magician, I could sure use your help on those!
Not sure where I’ll be going with WP YouTube Lyte, it feels pretty complete to me. Stuff that might be added at a later stage;
- update of the player GUI to match the style of the new darker YouTube embeds
- support for the embedded YouTube playlists player
- catching the end of video playing and killing it (well, removing it from the DOM, gently yet firmly)
- adding translations (you’re welcome to participate, if you’re not familiar with GetText I can put all strings up in a Google spreadsheet)
Do comment below or contact me if you have other feature requests though! And thanks for all the downloads (36.000 and counting)!!
And as is traditional of WP YouTube Lyte announcements, here’s a small video to celebrate the new release; Intergalactic Lovers, a Belgian band, playing “Delay” live.
Why your WordPress blog needs DoNotTrack
So what’s with all that nagging about tracking and that DoNotTrack plugin, you might wonder? Well, it’s pretty simple actually.
- Some very popular WordPress plugins include 3rd party tracking, sometimes even without properly disclosing, often without means to disable this behavior
- 3rd party tracking has privacy implications: all your visitors are tracked by the 3rd party, in general for behavioral marketing purposes (depending on what data is captured, tracking might even be illegal in some countries)
- 3rd party tracking has a performance impact: every visit to your blog will include between 2 and 5 extra requests for the 3rd party tracking to succeed, effectively delaying full page rendering
It is my conviction that blog owners should be able to install and use WordPress plugins without having to worry about undisclosed tracking and that plugins should provide a way to disable such 3rd party tracking if included.
As this is not the case yet, we have to resort to (messy) solutions to stop unwanted tracking from happening. And that’s exactly what DoNotTrack does. It’s a small javascript-hack in a WordPress-plugin to stop 3rd party tracking introduced by some of the most popular plugins.
Some details from the readme.txt:
- What works:
- It stops images or javascript being loaded form quantcast & media6degrees if these are added using document.write
- It sets a2a_config.no_3p to true for addtoany not to execute the 3rd party tracking
- What does not work (yet): Tracking code added using innerHTML or appendChild/insertBefore is not yet intercepted (but I’m working a solution for that)
- What else might be added:
- a widget which explains tracking for your visitors, with a link to this bookmarklet to opt out of many tracking/ advertising services at once
- other known opt-out code to disable tracking for all visitors of your blog
- support for the DNT-header as seen in Firefox4
- How you can help:
- Provide me with links to plugins that include browser-based tracking + domain where the tracking is done.
- Provide me with known opt-out code (javascript) to disable tracking services on a site.
- Tell plugin writers you’re not happy with 3rd party tracking!
- Tell your visitors about tracking & privacy, link to e.g. http://www.privacychoice.org/
And remember: if you host your WordPress blog yourself, you and nobody else should be able to decide who tracks your users!
Quantcast spyware puts selfhosted WordPress blogs in Automattic network
A quick update about the WordPress.com Stats plugin secretive inclusion of Quantcast tracking:
- Automattic’s CEO proudly blogged about the huge leap Quantcast sees in the usage of sites in the Automattic network as from November and confirms self-hosted wordpress blogs are now considered part of Automattic’s network:
the bump you see in November is when we started tracking Polldaddy, ID, Gravatar, and WordPress.com Stats users in addition to WordPress.com visitors
- A German law-firm that seems to specialize in internet, law and privacy wrote about Automattic’s Quantcast tracking, claiming that using the Stats plugin migth put you at risk of legal action. I’m not a lawyer, but privacy laws in Germany (and Europe as a whole) are a lot stricter, so self-hosted bloggers should be careful when installing plugins that include tracking.
- My little DoNotTrack plugin got downloaded quite a few times this last month. Maybe I should iron out the quirks, make it a bit more generic and see if I can get it listed on the wordpress.org plugins repository?
Coding for the New Year
Just a quickie before diving into 2011;
- I’m having great fun with jQuery and a templating plugin called jQote2. Not getting into specifics or examples yet, but if you’re into jQuery jQote2 is well worth checking out!
- I’ve created a small plugin, DoNotTrack, to stop the Quantcast tracking that e.g. the WordPress.com Stats plugin introduces. You can download it here to give it a try. If time & my brain permit, this plugin could become a general solution to stop any unwanted tracking by other plugins on your blog.
- There’s a new version of WP YouTube Lyte with some small fixes & tested on WordPress 3.1 RC. We’re rapidly approaching 10.000 downloads, a great way to start a new year!
And this is how I feel about 2011:
Have a great New Year!