Posts by Sherman Bausch

Sherman Bausch

Sherman Bausch’s first taste of programming came in 1987 when monochrome monitors and 5.25” floppy disks were all the rage. But it wasn’t until 1997, ten years later, that Sherman discovered his passion for development. After working for a Fortune 500 company as a Technical Analyst working with Microsoft web and database technologies, Sherman spent nearly ten years as the Technology Director at Hennepin Avenue United Methodist Church – a job that required him to become a one-man web shop and expand his technical knowledge into PHP. In 2012, Sherman joined The Nerdery as a Developer where he specializes in WordPress architecture, themes and plugins.

Apache Configuration for Testing WordPress REST API on Secured Sites

WordPress Icon

It’s not uncommon to encounter a few roadblocks during a project and the typical next-step might involve doing a quick Google search for the answer. Unfortunately there are occasions in which we are on own with a unique problem. In this case we had to roll up our sleeves and discover the answer that works. We hope this helps the next person looking for this answer.

“I spent a bit of time reading documentation and testing and getting increasingly frustrated.”

I ran into an interesting problem this week. I have a staging site in active development that needs to remain behind a firewall, but we plan to use the WordPress REST API to serve content from the site to iOS and Android Apps. Unfortunately, for the API to work Read more

Filed under Tech Tips

For security’s sake update WordPress to version 3.8.2

On April 8, 2014 WordPress released a security update to version 3.8.2. The announcement that accompanied the release states “this is an important security release for all previous versions and we strongly encourage you to update your sites immediately.”

WP 3.8.2 addresses two potentially serious security vulnerabilities, includes three security hardening changes, and addresses nine “other bugs.” Most notably the following security issues are addressed:

  • Potential authentication cookie forgery. CVE-2014-0166. (Very serious vulnerability!)
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.

  • Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.

  • Fix a low-impact SQL injection by trusted users.

  • Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Additionally: JetPack – the wordpress.com feature-rich plugin suite – was updated to version 2.9.3 to address similar issues.

If your site is currently operating a WordPress version below 3.8.2 or Jetpack version below 2.9.3, you may be at risk and should consider upgrading as soon as possible. 

Filed under Tech News, Technology

NerdSourced: Favorite GIT Commands

Image by Liz DenysWith 300+ developers at the Nerdery there are bound to be some opinions on how we do our work. We engage such a variety of clients, industries, disciplines and use-cases it’s sometimes hard to gather these opinions and say “Here at the Nerdery we (insert consensus opinion here).”

There are things some that are common enough that we can dig in and get a sense of how we are doing what we do. Source Control – specifically GIT – is one of those things. So I asked a few questions…

What is your favorite GIT command?

The response rate to my question was low; it’s the first time I’ve asked, people are busy, and, well, I’m done making excuses. In spite of that there was a clear winner in the “Favorite” category.

git log (insert some log arguments here)

“git log –all –graph –oneline –decorate” – one example by Richard Aber because “It’s Pretty”

We also received a few more complicated implementations:

“git log –graph –pretty=format:”%Cred%h%Creset -%C(bold cyan)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset“ –abbrev-commit” – by Scott Carpenter

And my favorite, similar to Scott’s

“git log –graph –pretty=format:‘%C(yellow bold)%h%Creset %s %C(green bold)(%cr)%Creset %an <%ae>’” – by Anthony Ticknor because “Fancy git logs help make the bone-chilling winters of Minnesota bearable.”

In addition to “git log” we heard about “git stash / stash pop” and “git bisect” among others. For a quick hit-list of GIT commands I recommend visiting overapis.com/git. It’s a fantastic resource for GIT commands.
Read more

Filed under Dear Developer

The Moment I Realized Testing and QA Are Entirely Different Things

I’ve been a web developer for many years and I didn’t really know what “QA” was before I came to the Nerdery. I did a little browser testing sometimes during the later stages of development or after my project was live. More often than not I either didn’t have the time or wasn’t being paid enough to do specific “Quality Assurance” on the sites I built. In all honesty, the result was obvious.

When I sent my first project to QA at the Nerdery I was nervous and excited. I felt very thorough clicking through the site trying to see what they would find; I’d checked the site on a bunch of browsers; I read the Test Plan – we call them “TPS” reports – and felt like my bases were covered. By that time I’d heard tales of the tenacity of our Quality Assurance department but I was confident I’d done my diligence. Then the first “Ticket” came in…

113 Tickets Later and my notion of professional web development was changed forever. It was humbling and exhilarating to read the “Tickets” that were submitted. They were insightful, comprehensive, user-focused insights into the project I was sure I’d nailed. They saw things I didn’t and brought them to my attention with detailed precision. They evaluated every part of the website whether I thought it was relevant or not and reported exactly what someone – not me – would experience. They took the time to test and retest until everything – EVERYTHING – was correct.

Through this process it was evident that our QA Engineers had a deep understanding and enduring passion for “assuring” extraordinary user experiences on the web. Their patience, attention, and creativity were a perfect reflection of the planning and design effort put forth at the beginning of the project. The result was obvious.

In our industry we elevate the designers, user experience teams, and the developers as the artists and engineers in the interactive space, and we should because we are those things. But after design and development wind down a whole new group is there to make sure everything is done, done well, and done right. 113 tickets later and I was a raving fan of our Nerdery QA team. They are the ones that are the truly indispensable artists and engineers in the interactive space.

Filed under Tech Tips, Technology

Is Your Website Discriminating Against People With Bad Eyes or Old Eyes?

Sherman with a magnifying glassIt’s been exciting to watch the production of this week’s webinar from a desk next to my friend and colleague Aaron – he’s one of my life heroes (though that’s another story). Through conversations with him and listening when Bree Compton (QA Accessibility Engineer) has stopped by I’ve been privileged to spend time “behind the scenes” as they’ve gotten ready to present this week’s webinar. Is it too clever to say it’s been eye opening?

Talking about accessibility sometimes feels a little like a food drive; something that we do occasionally, annually, or when we’re sure we need it. Something we do, quite frankly, to say we’ve done it. Certainly there are people like Aaron and Bree who’ll raise the topic early and often, but in an industry as large as ours, their voices are too far apart to have the impact they deserve.

But there’s a larger conversation that should happen around accessibility beyond the scope we normally talk about; heralded by more than just the front-line advocates and direct beneficiaries; if only because the audience for accessible websites is far bigger than we as developers consider. Take me, for example. I was born with fully-formed cataracts. In 1975 the solution to that problem was to remove the lenses in my eyes. I’ve worn contacts since I was 2 months old, and although I’m “high functioning” – people don’t know I have this condition right away – the standards advocated by developers like Aaron and Bree have a direct, positive impact on how I see the web.

I’m not alone. Both myself and an aging population means there are millions upon millions of people connecting with your site differently than you might expect.

My Web isn’t as wide as Your Web

Google Browser Size

browsersize.googlelabs.com (going away soon) will show you how your site looks on different screen sizes.

Chances are, my screen doesn’t look like your screen. As monitors get bigger, designers and developers look to take advantage of the new width to pack more and more into each screen, and most folks enjoy 1900, 2400 or 3000+ pixel-wide desktops. Me, I just appreciate that everything on my display is a little bigger. If your site is much wider than 1000px, chances are I’m scrolling laterally to see everything, or else zooming out to see the design. I do a lot of zooming. Read more

Filed under Web Culture

Git Commands That Are Worth The Time

Prior to my start as a developer at the Nerdery it had been over a decade since I’d used any sort of source or version control software (don’t judge). When I started here I learned that source control was an integral part of our development process and needed to get back up to speed. After nine months of constant use I finally feel like I’m really “getting it” thanks to some patient mentoring and lots of trial and error. Along the way I’ve picked up a few things that I wish I had learned / understood / heard going in that have since made my daily use of source control – GIT in particular – a lot smoother.

1. Eliminate one step.

There are a lot of you who might say that this first tip has a limited value, but it saves me nine keystrokes every time I commit a change. Based on XKCD’s “Is it worth the time” chart it’s a great investment.

I get tired of typing my username and password every time I do a “git pull” and / or “git push”. Thankfully my colleague Aaron Canon showed me a quick way to make it 50% easier.

Instead of getting a repo this way:

git clone https://github.com/AWESOME.Repo .

I can add my username to the repo URL:

git clone https://sbausch@github.com/AWESOME.Repo .

Now any time I do a Push or Pull request all I’m prompted for is my password. This works for github as well as corporate or custom git installations. Just remember not to do this anywhere someone else might need to work.

2. Stash and Pop

When I’m working on projects with a team of people there end up being times when someone comes over to collaborate. This usually requires I stop what I’m doing and get their code from the repo.

When I first started in git I would commit my changes in whatever state they were in and do a “git pull” to see their code; time consuming and often requiring me to deal with conflicts or errors from incomplete code. Then I learned…

git stash

This simply takes everything I haven’t committed yet and sets it aside. Then I do a “pull” to get the most current repo without my changes. I can collaborate at will. Once that’s done I type

git stash pop

This brings all my changes back to where they were; ready to commit and push at will. I’ve read that there are times when I will get a conflict that needs resolving when doing a stash but I have yet to see it. Overall this simple process has saved me tons of effort within development teams.

3. Add All The Things

After adding tons of content in WordPress, adding plugins, or building out a theme I sometimes end up with lots of files to add before committing. I’m embarrassed to say I did them one at a time before my colleague, Thomas McMahon, showed me this

git add .

Just like that, all untracked files are added and ready for a commit. By The Way: this isn’t always very smart. But there are times when it makes sense. Practice responsible “Add” and your git life will move much quicker.

Pro GitNote: I won’t lie; My 3rd item was actually about Rebasing. I make sure that all my repos have it. But as I sat down to write I find that my explanations are a lot like the so may on the web – wordy and confusing. I’ve started reading Pro Git though so i hope to understand it soon.

One More Thing:

A great deal of “knowing” is simply knowing where to look. For source control questions I’m constantly referring to the following resources.

So Git Going (sorry). And I hope these three simple tips will save you – the new Git user – all the time I lost before I learned them.

Filed under Tech Tips

Popular Recommendations Service Outbrain Was Hacked – Check Your Settings

outbrain1The popular content recommendation service Outbrain (outbrain.com) was hacked this morning, affecting sites as large as the Washington Post as well as sites on the WordPress VIP Hosting Service. If your site uses Outbrain, please take a moment to disable the service until the “All Clear” has been given from the vendor.

Outbrain is a service that provides websites with related content from across the web via a Javascript implementation. The service indexes your site and provides links via a script loads from outbrain.com. This morning’s hack allowed links provided by Outbrain to redirect to an offshore website.

Again, if a site you own or manage was affected by this hack, simply removing the service will resolve the issue. WordPress core files and services have not been effected.

Since the hack was first discovered this morning, the folks at Outbrain have addressed the system problem and are working to bring everything back online. You can check their twitter feed for the very latest updates.

Filed under Tech News, Tech Tips