Month: August 2019 | The Blog Pros

August 30, 2019

Need some help with secure attribute access

So I've successfully written a metaclass that gives python the functionality of private attributes in classes.

Q: But what about inst.__private?
A:

>>> class A(object):
    __slots__ = ['__private']

    def __new__(cls):
        inst = object.__new__(cls)
        inst.__private = 10
        return inst

    def showprivate(inst):
        return inst.__private

>>> inst = A()
>>> inst.showprivate()
10
>>> inst._A__private = 20 # security through obscurity never works
>>> inst.showprivate() # sorry not private
20

With my metaclass, private attributes are inaccessible outside native and super-native namespaces:

class A(object, metaclass=privatetype):
    __slots__ = ['A']
    __private__ = ['B'] # NOTE: __slots__ is enforced for security regardless of local definition

    def __new__(cls): # native
        inst = object.__new__(cls)
        inst.B = 10 # can only be accessed here
        return inst

class B(A):
    # NOTE: __slots__ = ['B'] is not allowed
    __private__ = A.__private__ # inheritance would add insecurity
    # ^ with this we can restrict specific private attributes to superclasses

    def method(inst):
        return inst.B # or here (including further subclasses)

# NOTE: you can not add methods after class creation and expect to access private attributes.

So how does it work?
The answer is frame validation, to make sure we're in a native namespace before looking up private attributes from an external dictionary.

Since the code for this is currently written in python,
it's currently exploitable by accessing __closure__[1].cell_contents of either B.__getattribute__ or B.__setattr__ (both are the same function).
This will give you access to a mappingproxy (read-only dict) of ['attr'](inst, *val) functions,
the functions return either static values, or the result of a member_descriptor (__get__/__set__) call.

What's __closure__[0].cell_contents?
It's a frozenset (read-only set) containing native code objects the function uses to validate frame f_code objects with.
This would only be useful to a hacker if they could modify it, allowing them to add "native" functions to classes to manipulate private attributes.

So there's 2 things I want to ask here before I show the code for the metaclass.

1: is it possible to restrict access to the mappingproxy to close the final backdoor and prevent external access to manipulating private attributes??

2: I'm having an issue with super-native functions where calling a super-native while supplying the class/instance operates on super-class private attributes...

To explain this a bit further:

class A(object, metaclass=privatetype):
    __private__ = ['B']

    B = {'A':10, 'B':20} # static

    def __new__(cls):
        inst = object.__new__(cls)

        for k,v in inst.B.items():
            print( '%s = %s'%(k,v) )

        return inst

class B(A):
    __private__ = A.__private__

    B = {'A':30, 'B':40, 'C':50} # static

    def __new__(cls):
        return A.__new__(cls)

When we call inst = B() the result prints this: (hash order ignored)

A = 10
B = 20

This is because we're calling A.__new__ which has the private context of class A instead of B as expected

How can I use the context of class B without compromising security??

For the metaclass code, keep in mind this isn't final, so it's still a bit messy:

from sys import _getframe, _functools import reduce
class _c(object): __slots__=['_a']; _m=lambda i: None
mappingproxy = _c.__dict__.__class__; method = _c()._m.__class__; del _c # yeeted

getstatic = lambda value: lambda inst, *val: None if val else value # getset for static items
newtype = type.__new__
class privatetype(type):
    def __new__( typ, name, bases, NS ):
        # won't be so hacky in C
        def __getsetattr__(inst,attr,*val):
            # return typical methods from super-class (extended security for preventing access here)
            if attr == '__setattr__': return None if val else super(cls,inst).__setattr__
            if attr == '__getattribute__': return None if val else super(cls,inst).__getattribute__
            try:
                f = _getframe(1)
                return privateattrs[attr](inst,*val) if f.f_code in nativecodes else( # getset private attribute
                    super(cls,inst).__setattr__(attr,*val) if val else super(cls,inst).__getattribute__(attr) ) # normal attribute
            finally: del f
        NS['__getattribute__'] = NS['__setattr__'] = __getsetattr__
        oldslots = NS.get('__slots__',frozenset()) # backup

        # check for subclass globalization of private attributes
        superprivateslots = reduce(frozenset.union, (frozenset(getattr(cls,'__private__', frozenset())) for cls in bases))
        for attr in oldslots:
            if attr in superprivateslots:
                raise AttributeError("can't make private attribute '%s' public."%attr)

        # remove private static attributes from NS
        nativecodes = { None, __getsetattr__.__code__ }; addnativecode = nativecodes.add
        privateattrs = {}
        privateslots = set(NS.get('__private__', set()))
        for privateattr in privateslots:
            if privateattr in NS: # make static
                item = NS.pop(privateattr)
                privateattrs[privateattr] = getsetstatic(item)
                addnativecode(getattr(item, '__code__', None)) # private methods are native too

        # create private members
        NS['__slots__'] = frozenset(oldslots).union(frozenset(privateslots.difference(privateattrs))) # exclude static
        cls = newtype(typ, name, bases, NS)

        # remove remaining private items and add super-natives
        for attr in dir(cls): # dir() to get ALL public items, not just cls.__dict__ local items
            item = getattr(cls,attr)
            if isinstance(item, staticmethod): item = item.__func__
            if isinstance(item, property):
                for a in ('fget','fset','fdel'): addnativecode(getattr(getattr(item,a), '__code__', None))
            else: addnativecode(getattr(item, '__code__', None))
            if attr in privateslots:
                delattr(cls, attr)
                privateattrs[attr] = method(lambda dsc, inst,*val: dsc.__set__(inst,*val) if val else dsc.__get__(inst), item) # getset method

        # freeze to prevent modification (won't be so easy to access once written in C)
        nativecodes = frozenset(nativecodes)
        privateattrs = mappingproxy(privateattrs) # not sure why this isn't builtin
        # note that private mutable objects can still be modified

        cls.__slots__ = oldslots
        return cls

No I will not follow PEP8, I'm sorry if you're offended.

August 30, 2019

7 Best WordPress Invoice Plugins Compared (2019)

Are you looking for the best invoicing plugins for WordPress? An invoicing plugin can make it easy to automatically generate invoices, collect orders, and manage your finances.

As a business owner, there’s a lot to manage and manual invoices can take up significant amount of your time. Your invoices may look different each time, which isn’t very professional.

Using a professional invoicing software allows you to automate all invoicing and payment processes, so you can focus on growing your business.

In this article, we will share some of the best WordPress invoices plugin for various needs.

Choosing the Best Invoicing Plugins for WordPress

There are several WordPress plugins that you can use to create online invoices and collect payments from your customers. All these WordPress invoice plugins offer different features which makes it difficult for beginners to choose the right invoice plugin for their business.

The key features that you should look for in a good WordPress invoicing plugin are:

One-time and recurring payment collection
Partial payment options
Automatic tax deduction and tax reporting
Single dashboard to manage all invoices and taxes
Credit card and other payment gateways
Payment scheduling and late fee option

It would be a bit difficult to find a solution that caters to all your invoicing needs. You’ll need to review the features and find a solution that suits your invoicing and payment requirements.

That being said, let’s take a look at our top picks for the best invoicing plugins for WordPress.

1. WPForms

WPForms is the most business friendly WordPress form plugin. It comes with a drag and drop builder which allows you to easily create any type of form including user registration forms, newsletter signup form, request a quote form, donation form, payment collection form, etc.

With WPForms, you can easily generate an online order form which gives you the option to automatically send an invoice to the customer. You and your customers also get an instant email notification upon completion of the payment.

WPForms integrates with PayPal and Stripe to collect payments. This allows you to easily accept credit card payments without using a shopping cart plugin or eCommerce software.

While WPForms is not as robust as some other WordPress invoice plugins below, it has all the essentials features that you’ll need, and it will save you money because it can serve multiple purposes such as help you build contact forms, request a quote lead forms, collect feedback via surveys, etc.

You can use our WPForms coupon to get an additional 50% off.

2. FreshBooks

FreshBooks is popular accounting software for small businesses. It allows you to create professional invoices in a few clicks. You can fully customize the invoice by adding your business logo and personalized note.

It has an automated system to send reminders to customers for the overdue payments. FreshBooks also charges your clients’ credit card securely for recurring payments and sends notifications to you and your customers.

You can add your work hours and expenses in the invoices to display a proper breakdown of the payment. It also offers tax collection, preferred currency selection, discount codes, and pre-payment option.

Freshbooks is a SaaS invoicing platform that works with all best website builders including WordPress. It is the most robust invoice software in the list, but their pricing is a bit more expensive since they charge you based on the number of billable clients.

3. WP Invoicing

WP Invoicing is a feature-rich WordPress invoicing plugin. It runs on your WordPress site and can help you create and send invoices to customers.

It can also automatically manage taxes in the invoices. This helps you save time while automating the process for you and your customers.

The plugin supports multiple payment gateways like PayPal, Stripe, Authorize.net, and more. It can also be used to set up recurring payments and automatically generate invoices for each payment.

While the base WP Invoicing plugin is free, you will have to pay for individual extensions, or you can buy a bundle membership which is a much better deal.

4. Sliced Invoices

Sliced Invoices is a professional WordPress invoicing plugin. It has multiple pre-built templates and designs to generates invoices quickly. You can also create custom invoices with your logo and text, so you can send quotes directly to customers.

It comes with a reporting system to manage all your invoices and quotes in one place. Sliced Invoices is translation ready which would enables you to send invoices in your customers’ language. It also includes extensions for PDF invoices, recurring payments, deposit invoices, and more.

Slide Invoices is a free plugin, but you will have to pay for individual extensions, or you can buy a bundle membership which is a much better deal.

5. Sprout Invoices

Sprout Invoices is a full-fledged invoicing plugin for WordPress sites. It can estimate the cost of your services and generate detailed invoices for customers automatically.

The plugin integrates with 300+ apps for payments, invoice designs, workflows, and more. It has a powerful payment scheduling system to set terms for customers like payment amount, due date, late fees, etc.

6. WooCommerce PDF Invoices

WooCommerce PDF Invoices is a WooCommerce extension to send a PDF invoice with every order confirmation email. It has a ready-made template for the PDF invoices, and you can also create your own custom invoice templates.

It manages a sequence number for the invoices, so that you can keep track of all the payments. The customers can download invoices from their account page on your eCommerce website. You can also connect a printer with the plugin to print invoices as soon as the customers confirm the order. If you run an online store using WooCommerce, then this plugin can be the answer to your invoicing needs.

This plugin does not work with other WordPress eCommerce plugins, but most other solutions have their own invoice extensions.

7. WP-Invoice

WP-Invoice is a free WordPress invoicing plugin. It’s perfect for digital agencies, general contractors, web developers, and any business that needs to send invoices to their customers.

It allows you to create the invoice within your WordPress dashboard. Once you generate the invoice, your customer will receive an email, and they can follow the link to make payments easily. You can also fully customize the email notification. WP-Invoice is a little limited in terms of features, but it can be an easy to use solution for many small businesses.

We hope this article helped you find the best invoicing plugins for WordPress. You may also want to check out our expert pick of the best WordPress plugins, best email marketing services, and best business phone services for small businesses.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 7 Best WordPress Invoice Plugins Compared (2019) appeared first on WPBeginner.

August 30, 2019

95% Off: Get the Facebook Ads and Facebook Marketing Course for only $9.99

Over the last decade, there were hundreds of social media channels introduced on the market. Some have stood the test of time, while others never caught on. Despite the introduction of different social channels, Facebook still remains to be the biggest social media platform to date. In fact, this behemoth social media platform has over […]

The post 95% Off: Get the Facebook Ads and Facebook Marketing Course for only $9.99 appeared first on designrfix.com.

August 30, 2019

Survey Reveals Rapid Growth in Kubernetes Usage, Security Still a Concern

Do you have the keys to unlock DevOps security?

The rapid adoption of container technology, DevOps practices and principals, microservices application architectures, and the rise of Kubernetes as the de facto standard for container orchestration are the key drivers of modern digital transformation. Whether an application is built in the cloud, on-premises, or in hybrid environments using container technologies, or it's being ported to a containerized infrastructure, containerization has clear advantages in terms of scalability, portability, and continuous development and improvement.

In a medium article, Tinder's Engineering Team recently announced their move to Kubernetes to solve scale and stability challenges. Twitter is another company that has announced their own migration from Mesos to Kubernetes. New York Times, Reddit, Airbnb, and Pintrest are just a few more examples.

August 30, 2019

Top 3 Takeaways from the State of DevOps 2019 Report

Here's what the numbers tell us

The 2019 Accelerate State of DevOps report was published last week. This report is produced by DevOps Research and Assessment (DORA) team, which recently joined Google Cloud. They have collected data for over 6 years and surveyed over 31,000 professionals to gain insight into industry practices and associated business outcomes.

You may also enjoy: The State of DevOps

This is such an exciting report for us to read-not just because our product serves DevOps engineers, but because we ourselves are DevOps practitioners and love to see the detailed research and how we compare to our peers. There's a lot to process in this report, but here are some of the things we found most interesting.

August 30, 2019

8 Benefits of Unit Testing

Originally published Jan. 18, 2017

If there were ever a time to compartmentalize...

As we write a lot about Agile, CI, and TDD, we had to mention unit testing. This time, we will talk about what unit testing is, why it is part of Agile methodology, and the main benefits of using it.

August 30, 2019

TechTalks With Tom Smith: Kubernetes’ Additional Considerations

Research analyst Tom Smith

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What have I failed to ask that you think we need to consider with regards to K8s?" Here’s what we learned.

You may also enjoy: How to Get Started on The Path to Kubernetes Expertise

Cloud

Think about which cloud to use, what your target is, and where do you want to run it. There are pros and cons with every choice. Think about a hybrid multi-cloud and a platform that helps with that. It is not easy but it’s good to stay flexible and a platform will help.
Is the cloud changing certain aspects of market dynamics where you have one popular player? There isn’t really a competitor to K8s. Is that good or not? Will there be vendors supporting beyond the mega-cloud. Who can provide first-class support for F500 beyond the large public cloud providers?
What deployment options do developers have to run their containerized app on a K8s? You can deploy K8s on your laptop, or in a data center if you own or lease and then deploy your app. But you manage both the app and the administration of the K8s infrastructure itself. Oh, the hardware as well. Alternatively, deploy K8s on a cloud provider (example on a bunch of AWS EC2 instances) so you don’t have to manage the hardware, but you still manage the K8s infrastructure. An even better option is to forget the complexities of managing K8s infrastructure or the hardware, and simply deploy your containerized applications on a managed K8s service like Amazon EKS or Azure K8s Service. Well, the choice may be influenced by the requirements of your app and business.

Evolution

What’s next after K8s? Serverless.
Focus on how all of these movements are tied in with ML and cloud adoption. ML will change how people think about DevOps and code writing. How to take deep learning and ML to revolutionize how DevOps is approached.
What’s going to happen next? What does the world look like after K8s? It has raised the bar. Platforms like Heroku were hard to get right. Now you can use K8s to accomplish more quickly. The new wave of platforms solves very specific problems. K8s is providing tools to iterate with less effort and more confidence to be more productive. K8s enables greater collaboration.

Details

Before jumping into K8s, evaluate if it’s the right solution and whether or not the organization is ready for it. This involves testing and architectural design decisions. Careful investigation is needed to determine if it’s the right fit. K8s allows apps to write once and deploy anywhere. Figure out how that fits into your use cases.
While K8s is capable you need to make sure you don’t limit yourself to looking at one level of the problem. Look at multiple levels.
Should you use a managed K8s solution like GKE? It depends on your needs and the kinds of applications you are building. GKE has a fairly infrequent release cycle so if you want the latest and greatest features you cannot get them on GKE. K8s 1.15 has been out for a while and GKE is still on 1.13. The cycles are getting longer. It has moved from weeks to several months. GKE is better than AWS but it’s still a significant investment in time to manage.
Power comes at the cost of complexity. It might not be a fit for every project. The only way to manage is to automate. Look for ways to automate yourself out of a job. Stay agile. K8s grows fast in an organization. Be ready to govern that. Don’t forget about best practice for day two operations.
Think about the operator of the cluster and how you design to take advantage of the things K8s offers. DevOps and CI/CD is important to stand up locally and on K8s.
Due to how complicated it is to set up K8s, compared to other container orchestration tools, I recommend deploying K8s using something like AKS. It can be time-consuming figuring out all of the plumbing to make K8s work on your machine properly. Obviously, setting it up from scratch is a worthwhile exercise but if you plan on using this in production, it’s better to rely on your cloud provider. If you are just interested in just making sure your containers work, K8s is overkill, something like Docker Swarm will suit better.
There are several benefits of deploying K8s Operators: 1) Accessibility (vendors publishing them to the common K8s marketplaces). 2) Automation of complex tasks. 3) Operators are a K8s feature and run across different K8s distributions with little or no changes required. 4) They can also diagnose and monitor K8s applications to assist with trouble-shooting and performing root-cause analysis.
When it comes to deploying K8s in production, look into Admission Controllers. By implementing policy via webhooks, you can minimize outages, accelerate development, and prevent security and compliance risk. The intent-based API in K8s offers a truly transformative way to manage your environment and should not be overlooked!

Other

There’s another opportunity to make K8s more approachable for people who come from different backgrounds. Explain containers in simple terms to people from a virtualized environment, or traditional IT who still need to learn what containers are. There’s an opportunity for the K8s community to reach a broader range of IT professionals.
People, other than DevOps, shouldn’t care about/worry about K8s.
I think the K8s community is a resource that really can’t be overvalued. K8s is certainly not the first open-source orchestration tool, but it’s got a vibrant and quickly growing community. This is really what’s powering the continued development of K8s as it continues to turn out new features. The community is also a great way for platform engineers to give back – and build their own open-source reputations – and can be a great way to attract new team members.
Teams want to use something that they can control. As our systems get more decoupled, teams are moving away from monolithic, closed source "black-box" solutions because OSS technologies provide a self-service ecosystem that developers and operators can easily use and put in production.
Here's a webinar on data locality with Spark and Presto workloads for faster performance and better data access in K8s.

Here’s who shared their insights:

August 30, 2019

Styling Links with Real Underlines

Before we come to how to style underlines, we should answer the question: should we underline?

In graphic design, underlines are generally seen as unsophisticated. There are nicer ways to draw emphasis, to establish hierarchy, and to demarcate titles.

That’s clear in this advice from Butterick’s "Practical Typography":

If you feel the urge to underline, use bold or italic instead. In special situations, like headings, you can also consider using all caps, small caps, or changing the point size. Not convinced? I invite you to find a book, newspaper, or magazine that underlines text. That look is mostly associated with supermarket tabloids.

But the web is different. Hyperlinks are the defining feature of the internet; and from the internet’s inception, they have been underlined. It’s a universally understood convention. The meaning is crystal clear — an underline means a link.

However, plenty of popular websites have ditched underlines: The New York Times, New York Magazine, The Washington Post, Bloomberg, Amazon, Apple, GitHub, Twitter, Wikipedia. When they removed underlines from their search results page in 2014, Google lead designer Jon Wiley argued that it created a cleaner look. Notably though, the majority of these sites have kept slight variances on the traditional lurid blue color (#0000EE) that’s been the browser default since the beginning of the web. While this provides a visual cue for the majority of users, it may not be enough to pass WCAG accessibility compliance.

Color is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.
— WCAG 2.1

WCAG do not strictly mandate using underlines for links, but it does recommend them. Color blind users need to be able to discern a link. You could differentiate them in other ways, such as with a bold font-weight. Or you could keep this long-established visual affordance. But if we’re going to use underlines, we want them to look nice. Marcin Wichary, a designer at Medium, described the perfect underline as:

[...] visible, but unobtrusive — allowing people to realize what’s clickable, but without drawing too much attention to itself. It should be positioned at just the right distance from the text, sitting comfortably behind it for when descenders want to occupy the same space.

Achieving this has traditionally required CSS tricks.

The hacks we’ve had

This is one trick all developers will be familiar with: border-bottom. By emulating an underline using border-bottom, we gain control over color and thickness. These pseudo-underlines have one problem: an overly large distance from the text. They are underneath the descenders of the letters. You could potentially solve this issue by using line-height, but that comes with its own issues. A similar technique utilises box-shadow. Marcin Wichary pioneered the most sophisticated technique, using background-image to simulate an underline. They were useful hacks but are thankfully no longer needed.

Styling real underlines

Finally we can demarcate links without sacrificing style thanks to two new CSS properties.

text-underline-offset controls the position of the underline.
text-decoration-thickness controls the thickness of underlines, as well as overlines, and line-throughs.

According to the WebKit blog:

You can also specify from-font to both of these properties which will pull the relevant metric from the used font file itself.

UX agency Clearleft make bold use of (pseudo) underlines, calling clear attention to links with colorful styling. Here’s one example of a faux underline:

a {
  text-decoration: none;
  border-bottom: #EA215A 0.125em solid;
}

Notice that this fake underline is clearly below the descender of the letter "y":

Here’s the same paragraph, using DevTools to apply the same styling to a real underline using the new CSS properties:

a {
  text-decoration-color: #EA215A;
  text-decoration-thickness: .125em;
  text-underline-offset: 1.5px;
}

You’ll notice I’m using the em unit in my example code. The spec strongly encourages using it rather than pixels so that the thickness scales with the font.

These properties have already shipped in Safari and are coming in Firefox 70.

With the move to Chromium for Microsoft’s Edge browser, we will finally have cross browser support for the text-decoration-style property, which offers the options: solid (the default), double, dotted, dashed, and wavy. When combined, these new properties open up a whole range of possibilities.

Perhaps the biggest upgrade for underlines on the web, however, has come without developers needing to do anything. In the bad old days, descenders were unceremoniously sliced through by underlines, which was far from elegant. Developers used to hack around this shortcoming by applying a text-shadow that matched the background color. text-decoration-skip-ink brought a better way to make space for descenders.

The default value of auto (left) and a value of none (right)

Handily, it’s set as the new default value for underlines; meaning the look of underlines has improved while most web developers remain unaware that this property exists. Should you want an underline to cross over glyphs, you can set this property to none.

The post Styling Links with Real Underlines appeared first on CSS-Tricks.

August 30, 2019

Working with Attributes on DOM Elements

The DOM is just a little weird about some things, and the way you deal with attributes is no exception. There are a number of ways to deal with the attributes on elements. By attributes, I mean things like the id in <div id="cool"></div>. Sometimes you need to set them. Sometimes you need to get them. Sometimes you get fancy helpers. Sometimes you don't.

For this article, I'll assume el is a DOM element in your JavaScript. Let's say you've done something like const el = document.querySelector("#cool"); and matched <div id="cool"> or whatever.

Some attributes are also attributes of the DOM object itself, so iff you need to set an id or title, you can do:

el.id; // "cool"
el.title = "my title";
el.title; // "my title";

Others that work like that are lang, align, and all the big events, like onclick.

Then there are attributes that work similarly to that but are nested deeper. The style attribute is like that. If you log el.style you'll see a ton of CSS style declarations. You can get and set them easily:

el.style.color = "red";
module.style.backgroundColor = "black";

You can get computed colors this way too. If you do module.style.color hoping to get the color of an element out of the gate, you probably won't get it. For that, you'd have to do:

let style = window.getComputedStyle(el);
style.color; // whatever in CSS won out

But not all attributes are like first-class attributes like that.

el['aria-hidden'] = true; // nope

That "works" in that it sets that as a property, but it doesn't set it in the DOM the proper way. Instead, you'll have to use the generic setter and getter functions that work for all attributes, like:

el.setAttribute("aria-hidden", true);
el.getAttribute("aria-hidden");

Some attributes have fancy helpers. The most fancy is classList for class attributes. On an element like:

<div class="module big"></div>

You'd have:

el.classList.value; // "module big"
el.classList.length; // 2
el.classList.add("cool"); // adds the class "cool", so "module big cool"
el.classList.remove("big"); // removes "big", so "module cool"
el.classList.toggle("big"); // adds "big" back, because it was missing (goes back and forth)
el.classList.contains("module"); // true

There's even more, and classList itself behaves like an array so you can forEach it and such. That's a pretty strong reason to use classes, as the DOM API around them is so handy.

Another attribute type that has a somewhat fancy help is data-*. Say you've got:

<div data-active="true" data-placement="top right" data-extra-words="hi">test</div>

You've got dataset:

el.dataset;
/*
{
  active: "true",
  "placement", "top right"
*/

el.dataset.active; // "true"
el.dataset.extraWords; // "hi", note the conversion to camelCase

el.dataset.active = "false"; // setters work like this

The post Working with Attributes on DOM Elements appeared first on CSS-Tricks.

August 30, 2019

Why is WordPress Free? Who Pays For It? How Much Does It Cost?

Millennia ago, a cool compassionate dude took a few loaves of bread and fish and multiplied them to feed thousands of hungry folks. Or so the myth/belief goes, depending on how you view it.

Almost 2 thousand years later, humans would invent technology that would pretty much allow the same: Code.

So, “what does this have to do with WordPress?” you may wonder.

A lot, actually! We’ll come back to this in a bit.

Is WordPress Really Free?

This is a question many who are looking to create their first website ask.

And the answer is YES.

WordPress is a free and open-source software (FOSS) that you can use, modify, and redistribute as you wish.

Note: By WordPress here, I mean WordPress.org, the self-hosted, free, open-source platform. Not WordPress.com, it’s a related but totally different commercial cousin. You can read more about their differences here.

“But I Still Have to Spend Money to Use It, Right?”

Also YES.

While WordPress, the software, is free, using it to create a live website does incur some costs.

This isn’t a limitation of WordPress as such. All websites hosted online work this way, whether you use WordPress to build them or not.

You need to rent resources on a web host to serve your WordPress site to the world.

WordPress hosting costs as little as $4/month to 1000s of dollars depending on your site’s needs. Most website owners settle for something in between, striking the perfect balance between value and cost.

Note: If all you want to do is try WordPress out, just to experiment or learn, you can do it without spending any money by installing WordPress locally on your PC.

But Why is WordPress Free?

This is easier to grasp by reading the license.txt file included with every WordPress download.

“This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.”

What Exactly Does “Free Software” Mean Though?

To understand this, we have to go back in history and take a look at the origin of free software movement (FSM). It’s a social movement with a goal to guarantee certain freedoms to software makers and users alike.

It’s inspired heavily by the traditions and philosophies of the 1970s hacker and academia culture, which encouraged sharing knowledge and DIY.

FSM was founded in 1983 by Richard Stallman by launching the GNU Project at MIT. It was (and still is) a mass-collaboration, free-software movement, the likes of which humanity had never seen before.

Its turning point came in 1985 when Stallman established the Free Software Foundation (FSF) to support FSM. A few years later, in 1989, Stallman wrote the GNU General Public License (GPL or GNU GPL) for use with programs released under the GNU Project.

But Why Free?

Code isn’t like tangible goods. For instance, if you have an apple, and I take it from you, I now have an apple and you don’t have one. However, if you have software and you share it with me, we both have the software now.

In a way, code is an intangible thing like knowledge or ideas. You don’t lose your knowledge or ideas if you share them with others. On the contrary, it only makes them even more widespread. Free software is meant to do the same.

Another ethical argument put forward by FOSS advocates is that since the software can be copied and distributed at scale with minimal resources, the super high profit margins make it unjustifiable beyond a certain point.

Most of the richest companies in the world today are software companies. Many of them use FOSS tools in their daily work, while still keeping their core software locked. And they keep getting richer and richer.

These two arguments are essentially the main reason why FSM activists want code to be free.

On GPL and Free Software

GPL has gone undergone two major revisions since its inception in 1989 (v2 in 1991 and v3 in 2007). But its core philosophy has remained the same. It’s defined by its adherence to 4 Fundamental Freedoms that are considered essential to any “free software”:

Freedom 0: Run the software for any purpose.
Freedom 1: Study how the software works through open access to its source code, and change it to do what you want.
Freedom 2: Redistribute copies of the software to anyone without any restrictions.
Freedom 3: Modify the software, and redistribute the modified software to anyone.

WordPress.org lists these freedoms as their philosophy too.

One core tenet of GPLv2 license is that if you make any modifications to the software licensed under it, the modified code MUST also be licensed under GPLv2, and released along with build & install instructions.

Note: As per FSF’s definition, not all open-source software is “free software” (free as in freedom, not free as in beer). But all “free software” is by definition open source.

Some prominent software licensed under the GPL include:

Linux Kernel — powers the Linux OS, which in turn powers most web servers
MediaWiki — the wiki software on which Wikipedia runs
Android OS (major parts of it) — the most used mobile OS in the world, uses the Linux kernel
WordPress — powers more than 33% of all the websites

With these stats, I’m not exaggerating when I say that free, open-source software has changed the world.

WordPress as a Free Software

WordPress was born out of the same philosophy as FSM. It was created in 2003 by Mike Little and Matt Mullenweg.

They started it by forking a popular-but-abandoned blogging platform called b2/cafelog.

You may find this hard to believe, but the most popular blogging platform today was itself conceived in a blog post by Matt, and its co-founder Mike, was the first one to comment in support of it.

"Fortunately, b2/cafelog is GPL, which means that I could use the existing codebase to create a fork, integrating all the cool stuff that Michel would be working on right now if only he was around. The work would never be lost, as if I fell of the face of the planet a year from now, whatever code I made would be free to the world, and if someone else wanted to pick it up they could. I’ve decided that this the course of action I’d like to go in, now all I need is a name. What should it do? Well, it would be nice to have the flexibility of MovableType, the parsing of TextPattern, the hackability of b2, and the ease of setup of Blogger. Someday, right?"

– Posted on January 24, 2003, by Matt Mullenweg on his b2/cafelog blog.

"Matt,
If you’re serious about forking b2 I would be interested in contributing. I’m sure there are one or two others in the community who would be too. Perhaps a post to the B2 forum, suggesting a fork would be a good starting point."

– Comment by Mike Little on Matt’s post

They could fork b2/cafelog because it was released under the GPLv2 license, so anyone was free to do with it as they wished. As such, WordPress was also released under the same GPLv2 license (and still is to this day).

The WordPress founders established The WordPress Foundation in 2010 as a charitable organization to further the mission of open source, GPL software.

It’s also a way to distance themselves from it to avoid conflicts of interest since they also have a commercial service running in parallel called WordPress.com.

Today, WordPress is updated continuously and maintained by The WordPress Foundation and thousands of contributors from all walks of life.

What About WordPress Themes and Plugins?

As per GPLv2 license, all derivative works, such as plugins or themes of WordPress, should inherit the license too.

Drupal (another popular CMS platform), which uses the same GPL license as WordPress, has a well-drafted Licensing FAQs page that explains what a “derivate work” means clearly.

However, in practice, this is much harder to enforce. There’s some legal gray area when it comes to what’s derivative work or not. According to WordPress.org’s licensing page: “we feel strongly that plugins and themes are derivative work and thus inherit the GPL license.”

How Do People Who Make WordPress Make Money Then?

This is a question that has been troubling many FOSS developers for decades.

How does one make money while providing the code they work on for free?

The simple answer is that you don’t make money by selling the code alone. There are many other ways to do so.

WordPress contributors and developers can follow any of the business models of open-source software. They can use their knowledge and expertise to serve as consultants and/or provide support. Or perhaps, they can build custom applications on top of WordPress for clients ready to pay for their professional services.

Some WordPress developers also make money by creating valuable themes and plugins. These can be completely free (supported by voluntary donations or crowdfunding), free with restricted features (paid premium add-ons), or totally pay-to-use.

A few of these developers have gone on to found successful multi-million dollar enterprises. Some even offer hosting solutions optimized for WordPress.

Automattic Inc., a company started by WordPress founder Matt, is the perfect example of this. It’s notable for its WordPress.com platform, which provides an easy way for everyone to build a website without worrying about hosting and other tech-heavy stuff.

WPMU DEV, the company whose blog you’re currently reading, is another example of a successful business built around WordPress. If you’re looking for more inspirations, here’s a list of some of the most successful WordPress businesses.

Hello, WordPress!

WordPress marches on as the most popular platform to build websites. Whether you want to build a simple personal blog or a complex website selling thousands of products, WordPress can do it all with ease.

There are 54,000+ free plugins listed on WordPress.org’s repo alone, some of which are exceptionally excellent. As our commitment to the free software movement’s mission, we’ve released free versions of our most popular pro plugins on WordPress.org.

You can also find many beautiful free themes for WordPress and build any kind of website in minutes. And if you want to go even further, WPMU DEV offers top-notch premium plugins and supercharged hosting, not to mention our stellar 24/7 support.

If you’re using WordPress in any way, take pride in knowing that the spirit of the free software movement lives on through you!

August 30, 2019

Calculating the Shortest Route With a HERE API and Vue.js

Which path is the fastest? Let's build a Vue.js app to find out.

When it comes to routing, knowing how to get from point A to point B in the most efficient manner isn't exactly the only use-case. When it comes to modern applications or use-cases, a lot more can be and should be accomplished.

Let's take the scenario of a package delivery service. When it comes to a delivery driver, they fill up their truck at the warehouse and have to navigate to every address that exists on a package in their truck before returning the truck to the warehouse. The driver can't just pick random packages from the truck and deliver them randomly because that would be very inefficient. Instead, each delivery should be carefully planned to optimize how many packages can be delivered and the quickest.

August 30, 2019

Code Review for Software Quality

Software code review plays an important role in software quality. The code review can happen in multiple stages, by multiple people, on multiple deliverables. Each one of them focuses on specific areas of software.

Reviewing code for software quality can be stressful!

You may also like: Code Review

Peer Code Reviews

Peer review is mainly between two people. Developer and another teammate.

August 30, 2019

Learn How to Use PHP to Create Microservices

Software is always evolving from the programming languages and frameworks to the architectures of the apps we create. Because of the ever-changing nature of software, companies are always experimenting with ideas to improve software longevity, such as the latest update of the microservice architecture in PHP. Traditionally, web apps are created as monoliths (a single code base, running in the same process), which are generally harder to maintain, as you need to re-deploy the entire app for every change you make unlike with a microservice.

Today, we will learn how to build a microservices architecture in PHP.

August 30, 2019

Where I Think “Agile” is Headed — Part Four: What Does “Agile” Mean?

I started this series asking where “Agile” was headed. (I didn't like what I saw at the Agile 2019 conference.) Part One was about the 4 big problems I see. Part Two was why we need managers. Part Three was about how people want a recipe. This part is about what “Agile” or “agile” means.

I understand that people want what they perceive as the value “Agile” will bring them. Let's return to the Manifesto for Agile Software Development, what I call the “Agile Manifesto.”

August 30, 2019

WordPress vs. Blogger – How To Choose Which Is Best For You

Most people would think a fight between WordPress and Blogger is just plain unfair… But you might be surprised at just how close it is. In fact, what if I told you that Blogger actually manages to steal a couple of rounds? Stick around to see how the fight goes down.

While pretty much anybody can set up a website or blog in 2019, it does come with its challenges.

One of the most challenging aspects usually occurs before you write or publish a single word…

I’m talking about choosing which platform to use.

Although there are many fantastic and unique blogging options out there… all with their own advantages (Gator, Tumblr, Squarespace, Medium, Ghost, etc.).

Today we’re pegging two of the heavyweights of the blogosphere against each other.

WordPress(.org) Vs. Blogger

The idea being that after these two blogging heavyweights go head to head, you’ll hopefully have a better sense of which platform is the best choice for you.

Now to start with, I’m going to assume most of you are familiar with WordPress, but for those who haven’t been introduced to Blogger (or had no idea it still existed!)…

Blogger is a platform owned by Google that lets anyone start their own blog or website for free in a couple of clicks.

The good thing about Blogger’s association with Google is that your website or blog is hosted by the conglomerate and everything is taken care of for you.

However, as you’ll soon find out, as good as this association may be, it does come with its drawbacks.

In any case, if you’ve finished listening to the referee’s instructions…touch gloves, and…

Ding ding!

Round 1: Cost To Set Up

Okay, this first round might be a tad unfair, but you did this to yourself WP…

Blogger has the upper hand clearly because it’s a completely free platform. There is an option to connect your own domain (domains can cost around $10), but it’s entirely up to you.

The only downside is if you don’t register your own domain, your default URL will always be: “http://(websitename).blogspot.com/”

But as mentioned, the option for a custom domain name is there if you want it.

As for WordPress, although the software itself is free to use there are some costs involved.

You’ll need to set your site up with a domain name, which as mentioned could cost you around $10. And you’ll also need hosting which can cost anywhere from $50 – $500+ per year.

As well as this, although they aren’t always needed, premium WordPress plugins and themes also come at a cost.

But if you’re just starting out the free themes and plugins available will usually be enough.

Of course, what you’re willing to spend will depend on the type of blog or website you’re setting up.

With all that said, I’m going to have to declare the winner of round 1…

Winner Of Round 1: Blogger!

Round 2: Managing Your Website and Publishing Content

Once you’ve got your blog set up, it’s time to have a look around and start posting.

For this round, we’ll look at the functionality of each platform and how easy it is to publish a simple page and adjust a few settings.

Starting with Blogger:

Although visitors only ever get to see the front end of your website, the real action happens behind the curtain.

It all starts with the dashboard:

You’ll also notice a number of different menu items which will enable you to customize your blog or website:

If you head to the settings section, you can change the title and description of your blog:

You can also play around with other settings such as changing the URL, as well as adding blog authors and adjusting the privacy settings of your blog (below).

Change the permissions and authors of your blog

It’s also simple to publish pages and posts on your website. This could be evergreen pages like an about page or a contact page.

On that note, let’s see how easy it is to whip up a simple “about page.”

Start by clicking pages on the sidebar menu. Next click “new page” to create your page.

The Blogger interface is much what you’d expect from this kind of platform. Simply enter your content using the WYSIWYG editor.

You can also see a preview your page before you publish it, which gives you an idea of how the page is going to look when it goes live.

Once you’re ready click publish and your page will be out there in all its glory.

When it comes to publishing posts, it’s pretty much the same process. You can also manage your pages and posts from your dashboard:

After drafting or publishing you can manage posts here

Okay now let’s see how WordPress stacks up…

Once you’ve installed WordPress you’ll be greeted with the following dashboard, where you can manage your website and create content.

Creating posts and pages in WordPress is similar to the way it’s done in Blogger, the big difference being there are a lot more settings and options available to you.

For example, in Blogger you only have the option of labeling your posts… whereas WordPress lets you add tags and categories to your posts so they can be grouped into appropriate sections and digested by the right audience.

When it comes to the actual editor, you’ll find that the layouts and functionality of these to be relatively similar.

However, WordPress recently introduced the new Gutenberg editor. Although there are options to switch back to the classic style of editing.

Like Blogger, you can create a draft post, preview it, and then hit publish when it’s ready to go live.

Changes to the title and tagline of your site also happens in the settings like it does in Blogger. However, WordPress does offer some additional settings.

For instance, WordPress allows you to grant users different levels of access to your website.

So you might create an account which only allows a user to create new posts, as opposed to making changes to how the site looks and operates.

WordPress gives you various user settings

Okay, I think this round we have a clear winner…

Winner Of Round 2: WordPress!

Round 3: Security

Because Blogger was bought by Google back in 2003 your website is hosted on Google and covered by their security blanket.

This essentially means you don’t have to worry about managing server resources, creating backups, and your blog’s security.

And although Google isn’t going anywhere anytime soon, the company does have a history of axing underperforming platforms (ahem Google+).

Of course, when it comes to WordPress YOU are solely responsible for the security of your website.

There are plenty of great WordPress plugins for security and backing up…

But if the user fails to stay on top of things and continue to update, what’s the point?

Hmmm, this is a hard round to call…

But I’m going to have to give it to:

Winner Of Round 3: Blogger!

That could have gone either way, but I gave it to Blogger – mainly because big brother Google was involved…

Round 4: Customization

Now it’s WordPress’ turn to have an unfair advantage… you did this to yourself, Blogger.

Because when it comes to customization and variety of options, WordPress certainly floors Blogger.

Not only this, things that are relatively simple in WordPress somehow become frustratingly complicated in Blogger.

For example, if you’re looking to create a website with multiple pages and a separate blog section, it’s way easier to do on WordPress.

adjust the reading settings on WordPress

But WordPress really stamps its authority when it comes to themes and plugins.

Although Blogger’s theme selection is decent (and free) and you can access some third party templates if needed…

It’s nothing compared to the THOUSANDS of designs and themes you can choose from with WordPress.

You also have an endless selection of free and premium themes which can be added to your site to give it a makeover and more functionality.

Try some paid WordPress themes — ThemeForest has tons of great themes to choose from.

And then you have over 50,000 plugins to choose from… all with their own unique ways to help your website or blog perform at its peak.

Take advantage of the free themes WordPress has on offer

Whether it’s a plugin to help optimize the images on your blog, or an email pop-up plugin to help capture leads on your website…

You’ll find it all in the WordPress plugin directory, as well as in off-site market places like CodeCanyon.

Or download some paid themes if that works better

No surprises this round…

Winner Of Round 4: WordPress!

It’s 2-2 going into the final round!

Who’s going to take it out?

Let’s find out:

Round 5: Support And Community

When it comes to the amount of support available to users Blogger appears to be much more limited.

You do have access to documentation and a blog forum. However, in terms of direct support, it’s certainly not extensive.

The Blogger forums can be a great resource

WordPress, on the other hand, has a more active support network.

Like Blogger, there’s plenty of documentation and community forums … as well as an internet relay chat (IRC) chat room, where you can seek help from experienced WordPress experts.

In terms of a user community, again and unfortunately, Blogger cannot compete with WordPress.

In fact, Blogger’s community doesn’t extend much further than its help forums and documentation…

Whereas the WordPress community is always active with WordCamp events and meetups constantly being held around the world.

There are also huge amounts of blogs, articles, tutorials and new developments coming out of the WordPress community everyday.

On that note, I think we know who takes this round, and the fight…

Winner Of Round 5: WordPress!

Was that closer than you were expecting?

Blogger put up a good fight, but it was always facing an uphill battle.

Having said that, just because WordPress won this particular fight, it’s not to say that Blogger doesn’t have its place.

Which Platform Should You Choose?

If you just want a basic blog that serves its purpose, and you’re not worried about extensive features, plugins, or a cutting edge design – Blogger could be the solution for you.

It’s also free and comes with no start-up costs.

On the other hand, if a blog is the first step on your way to conquering the world, then maybe WordPress is the one for you.

In order to grow your website or blog, you’re going to need access to the extra plugins and themes WordPress has on offer.

This is especially relevant if your blog or website is going to be used as part of a business venture.

Yes, it may set you back a bit of cash.

Yes, it requires a little more effort to set up and there is a learning curve.

But the sheer amount of customization and flexibility available to you is comprehensive and will enable you to create an amazing statement piece.

In our opinion, WordPress scores the TKO.

We’ll leave it up to you to decide who wins in your world.

August 30, 2019

How to Create a Seating Layout Using Essential JS 2 Maps Control

Seats open for booking with our booking simulator

The primary goal of the Essential JS 2 Maps control is to render SVG shapes using GeoJSON data. Using this control, you can render various maps along with simple geographical features. In addition, you can also render custom shapes to simulate concepts like travel seat selection, sports stadium seating, construction plans, and much more. In this blog, I will walk you through the step-by-step procedure to simulate a bus seat selection concept by rendering custom shapes and applying other EJ 2 Maps control features.

You may also like: Enriching GeoJSON Data to Render a Map of Smart City IoT Sonsors

The following GIF image shows the final output of this blog, where the bus seats can be selected by clicking on the shapes and the selected seats are displayed at the right.

August 30, 2019

What Developers Should Know from Gamescom 2019

Your one-stop-shop for all things Gamescon 2019

Gamescom 2019 in Cologne, Germany, has come to an end; although it only lasted a week (August 20-24), there were some significant announcements packed into that short time frame. In this article, we will take a look at four of the more prominent reveals and announcements — Nvidia's RTX momentum, Sega and Google Stadia's disappointments, and Nintendo and Microsoft's continued synergy — that set the tone for the gaming world in 2019 and 2020.

Despite its focus video game, Gamescom 2019 included many announcements that will affect the development community into 2020.

August 30, 2019

Big Data: Fighting Against Traumatic Brain Injuries

Measure, predict, prevent: fighting brain injury with the power of big data

Big Data is continuing to transform human life, and its impact on healthcare has been nothing short of revolutionary. Although big data in healthcare is experiencing a massive boom, some areas of medicine are benefiting from it the most. Healthcare providers are exploring the potential of Big Data playing a bigger role in the treatment of Traumatic Brain Injuries (TBI).

It’s estimated that 2.8 million people in the United States sustain TBI annually. Out of this total, 50,000 die as a result, and 282,000 are hospitalized; hospitals are seeking new ways to fight this problem.