Blog

WordPress Plugins You Should Be Using in 2017

5 minute read

The WordPress ecosystem has matured quite a bit since the last time I spent much time with it around 2011-2012. The paid themes and premium plugins specifically are light years ahead of where we were 5 years ago. A light weight website is easy to set up with WordPress, cheap to host, and you really have a lot more control over it than what you get with a Squarespace or Wix site.

Here’s my go-to plugin protocol for any generic WordPress install that you actually care about:

1. Akismet Anti-Spam

The obligatory spam blocker for WordPress. Created by Automattic, the same company behind WordPress, Akismet is offered at a “Pay whatever you want” rate. This could be anywhere from zero dollars up to more than zero dollars. It’s up to you.

2. Child Theme Configurator

If you’re planning on doing any sort of theme editing on top of a custom theme that you’ve chosen, save yourself a lot of time and headache by installing Child Theme Configurator and creating a child theme before you just go start hacking away at your chosen theme.

Creating a child theme will allow you to keep updating the parent theme, [hopefully] without loosing any of the changes that you made. With the vibrancy of the WordPress ecosystem that’s alive now adays, and assuming you’ve chosen a theme that is actively being worked on count on theme updates being released on a fairly regular basis – at least once a month.

If you edit a theme and you haven’t created a child theme, installing updates to the theme will stomp all over your changes and it won’t be fun.

3. Free & Simple Contact Form Plugin – Pirateforms

There are a lot of free plugins to create forms, I like Pirateforms mostly because it’s compatible with my theme choice. It uses wordpress shortcodes so you can drop a form in on any page you want.

The thing I do like about Pirateforms is that the content of the forms is stored in the WordPress Admin for easy processing, in addition to sending the form content via email.

4. Jetpack by WordPress.com

The ubiquitous Kitchen Sink of the WordPress world – Constantly being pushed to upgrade by Automattic is not my favorite part about this plugin.

Jetpack lets you write your posts in markdown which is reason enough on its own to use. Note: _markdown support is not spectacular even when using Jetpack, but at least it’s there_ to some extent

Other features that are included for better or worse are Portfolios & Testimonials (which many themes will leverage), showing Related posts, adding sharing buttons to posts, generating sitemaps, and improved loading of images by scaling them down to size where it can.

5. Simple 301 Redirects

“Cool URIs Don’t Change”, but your thinking & information architecture sure will. It’s worth pointing out that while 301 redirects are in most cases the best way to redirect, this type of redirect is permanent, so don’t go throwing them around willy-nilly. You’ll also be pulling your hair out if you create one of these and try and update it quickly, because most web browsers will cache the Permanent Redirect and simply deliver you to where the new page was set up at – ignoring any changes you may have made after establishing the Permanent Redirect.

If you want even more control over URI management, check out Permalink Manager Lite which has a lot more features that you may or may not be interested in.

6. Updraft Plus

This is by far the most impressive plug in I’ve found for wordpress. Automatically schedule backups of your content, database, plugins, themes and send it to whatever cloud storage service is your favorite, such as Drop Box or Google Drive, Amazon S3, FTP, or even to Microsoft 👀

The paid version of Updraft plus gives you even more control over backup schedules and they have some impressive services that they offer at the paid tier to allow you to manage multiple WordPress installs – upgrading and backing them up from a single control panel. If you need to manage several WordPress installs this seems like a great way to go (although I can’t say I’m using this feature – the free version is enough for my purposes).

 

Ben’s Virtues, Core Values, and Patience

3 Minute Read

Ben Franklin has a solid set of virtues that just about anyone can apply, even today. 

He used the card on the right to focus on each value once a week for 13 weeks, thus cycling through the entire list 4 times a year.

Ben’s Virtues are:

  1. Temperance. Eat not to dullness; drink not to elevation.
  2. Silence. Speak not but what may benefit others or yourself; avoid trifling conversation.
  3. Order. Let all your things have their places; let each part of your business have its time.
  4. Resolution. Resolve to perform what you ought; perform without fail what you resolve.
  5. Frugality. Make no expense but to do good to others or yourself; i.e., waste nothing.
  6. Industry. Lose no time; be always employ’d in something useful; cut off all unnecessary actions.
  7. Sincerity. Use no hurtful deceit; think innocently and justly, and, if you speak, speak accordingly.
  8. Justice. Wrong none by doing injuries, or omitting the benefits that are your duty.
  9. Moderation. Avoid extremes; forbear resenting injuries so much as you think they deserve.
  10. Cleanliness. Tolerate no uncleanliness in body, cloaths, or habitation.
  11. Tranquillity. Be not disturbed at trifles, or at accidents common or unavoidable.
  12. Chastity. Rarely use venery but for health or offspring, never to dullness, weakness, or the injury of your own or another’s peace or reputation.
  13. Humility. Imitate Jesus and Socrates.

There’s an outdated and thus terrible app in the App Store by the name of Ben’s Virtues, and while it will crash and not work, I love the concept of reproducing this chart on your smartphone for daily recording.


Taylor Pearson recently published an essay titled How to Discover Your Values and Use Them to Make Better Decisions. I spent some time this morning going through his exercise. I’d recommend taking the time to do it yourself.

If you take the time to go through that exercise, or at least read through his essay (admittedly, like most of his excellent content, it’s too long), you’ll realize that this list of values that you come up with at the end is intended to be iterated on. It’s not a final list. You’ll adjust it as things change and you gain a better understanding of where you’re at and what’s important to you.

I wound up inculding “Patience” as one my core values… and wrote as the description “Always wait calmly for what you want. Getting worked up over delays is not helpful”.

I jumped over to check Slack, and noticed that someone still had not completed a 2-minute task that an hour earlier I indicated as urgent. I started getting worked up. Then I looked down at this thing I had wrote on the page called “Patience“.

I’m thinking perhaps I should add another core value, called “Impatience: Always get pissed at the person who takes too long to do a simple task” – It’s probably more accurate!

How is a passphrase better than a password?

3 minute read

Security at the expense of usability comes at the expense of security.1

This week, Facebook CEO Mark Zuckerberg had his Twitter and Pinterest accounts hacked. The conventional wisdom is that this stems from a 2012 LinkedIn breach where approximately 6.5 million passwords were stolen2.

Although in this case, a weak password wasn’t necessarily the cause of the incident, it illustrates that the current state of application security is extremely vulnerable.

There are promising advances being made by companies such as Yubikey. However, there is a really easy way to improve your own password security: Use a unique passphrase for each one of your accounts instead.

What is a passphrase?

A passphrase is a sequence of words, including punctuation or special characters as necessary. You could use this sentence as your passphrase. However, you’re better off crafting your own unique passphrases that you will remember easily.

How is a passphrase better?

Password Entropy3 is a measurement of how hard it is to guess your password. If your password consists of one common word, a symbol, and a number, you’re on the order of 14 bits of entropy. Let’s say you’re much smarter than that (which you are) and you’ve decided to use some common sub5titutonS, a special character, and a number… You’ve got yourself up to ~28 bits of entropy.

Your 28 bits of entropy will take 228 attempts to crack. That means 268,435,456 attempts, at most. Assuming 1000 tries per second, I’ll crack your password in a little more than 3 days.

This is where our human brains fail us, because we’re not very good exponential thinkers. What happens if we add some more words?

Simply selecting 4 common words, such as “correct horse battery staple” gets us to 44 bits of entropy, which will take approximately 557 years to crack.

A passphrase can be even longer than 4 common words: “the swallow flies from the barn at half past midnight”. We would now need to brute-force a combination of 10 common words, making this passphrase on the order of 110 bits of entropy. Given 1000 tries per second it will take 9.5 trillion x 4.3 billion years to crack.

That’s probably overkill.

The xkcd Passphrase Generator

Most of the geeks in the audience will recognize I’ve merely explained some of the math behind xkcd#9364.

I googled around for the best way to generate such a passphrase, and although there are several such generators around, my favorite is by OptionFactory. Use the xkcd correct horse battery staple password generator.

I use the OptionFactory tool to get inspiration and usually change tenses of words or make other adjustments to their recommendations in order to make the phrase more mnemonic.

Happy trails! And change your passwords.

\/\/


Notes

1 AviD’s Rule of Usability

2 More on the 2012 LinkedIn Hack. If you are still using your LinkedIn password from 2012 on other sites, there is a serious chance that you could be exposed and should change your password… to a passphrase… with due haste.

3 Entropy as a measurement of password strength. If you really want to geek out you can dive much deeper into the [Information Theory of Entropy](https://en.wikipedia.org/wiki/Entropy_(information_theory)

4 This excellent stack exchange post takes a deep dive into the math behind entropy, specifically related to xkcd#936

Nothing in Nepal is Up To Code

Or, how the United States are Nerfed™

Here is a shot of the roof of our hotel where we lived from March-May, 2016.

Roof of Hotel Yeti in Manang, Nepal

You’ll notice on the edge of the roof there are no guard rails to protect the surplus population from a tumble down three stories. The black hoses running this way and that — what may appear to the naked eye to be trip wires — are in fact the convoluted hosing required for a solar shower to work properly. The large water tanks interspersed on the rooftop and solar panels are of similar purpose.

Snowy Steps on the roof of Hotel Yeti in Manang, Nepal

This snowy staircase is poised on top of a sloped metal roof with a three story drop on the one side. On the other side, (just barely visible to the right) you’ll notice a one-step staircase down from the blue metal roof to the relative safety of the concrete roof. But don’t let that fool you, the one step in between roofs is scheduled at a 25° angle and covered in snow. It goes without saying that a walk way such as this should not have any means to prevent a mis-step.

Of course it’s worth navigating all this extravagant danger before your first cup of coffee in the morning to capture the morning light from our vantage point atop the fabulous Hotel Yeti in Manang, Nepal.

Sunrise over Hotel Yeti in Manang, Nepal
Chongkor View Point in Manang, Nepal shot from roof of Hotel Yeti

Resuming Operations May 10, 2016

FOR IMMEDIATE RELEASE
Kathmandu, Nepal

US Presidential Race “Interesting Enough” to Return from Nepal Early

After 10 weeks of travels in Nepal with little-to-no internet connection and a considerable helping of fear & loathing, Donald Trump has won the Republican race for President.
I’ve taken this development as a sign that it is time to come down from the mountain. We already had the best half of the Clinton administration…


 

Manang, Nepal, Gangapurna Lake, & Annapurna III

Global Search Begins

Today we embark on a global search to identify the next generation of transformative commercial products or services.

We will use the power of experimentation to create, test, and validate new products and services at a pace paralleled by the startup industry — and we’re thrilled to begin taking pre-orders this month!

This global challenge has already begun in Kathmandu and will continue to move west over the next several days. To submit your idea for a new product or service, click here.

While our challenge is more conceptual at this stage, there are no specific themes or industry segments constraining us. However, we have already developed IP in the following segments: niche real estate, co-working, retail/ecommerce, technical recruiting, boutique adventure racing, and voluntourism.


I am returning to the United States. You can expect to receive regular correspondence from me beginning May 10.

Grinch Smile