Will the use of HipHop VM (HHVM) help with making your wordpress site faster? unlikely

Been a while since I last heard about facebook’s HipHop PHP optimizer project. First time I have heard of it it was a compiler from PHP to C, something I have already ran into with another interpreted language – TCL/TK, and is mainly beneficial for projects that once the interpreted code (Iie PHP code) is stable and shipped there is no need to modify it. In other words you lose the ability to modify your code on a whim that is the reason why most sites today use interpreted languages.

I was actually surprised to learn that the main reason facebook was unhappy with the compiler is that the deployment of a compiled code was resource intensive and since facebook is pushing a new update once a day they started to look into other alternatives to compiling their code into machine code.

The approach they are trying now is to write their own PHP interpreter (and a web server dedicated to running it) which will use JIT (Just In Time) technology to compile PHP code into native code and execute it. As JIT proved to be a very efficient technology when applied to optimizin javascript which like PHP is an interpreted language, I find it easy to believe that it executes PHP code faster then the conventional interpreter.

But if it is faster, how come it will not make your site faster? To understand this you need to keep in mind how facebook’s scale and how it works works.

Facebook had at some point 180k servers A 1% optimization will allow them to save 1800 servers and the cost of their electricity and maintenance. My estimate based on pricing by web hosting companies is that this might amount to saving 100k$ each month. So facebook is more likely doing this optimization to reduce cost and not to improve side speed, but for lesser sites a %1 optimization will not be enough to avoid the need of upgrading your hosting plan and even if there was a cost benefit it is unlikely that for most sites the savings will be worth the amount of time that will need to be invested in changing to use HHMV and testing your site on it, especially since it is not a fully mature product yet (just because it works for facebook doesn’t mean it works everywhere)

The other thing to take into account is that by its nature facebook can do a very limited caching as essentially all the visitors are logged in users. They can still keep information in memory in a similar way to how the object caching in wordpress works, but they still need a PHP logic to bring it all together, while wordpress sites can use full page caching plugins like the W3TC plugin which produce HTML pages that serving them bypasses entirely the need to interpret the PHP code and therefor improvements in PHP interpreting is of very little importance to those sites.

It is not that HHMV is totally useless outside of facebook, just that its impact will be much bigger on bigger and more complex sites then most wordpress sites tend to be. The nice thing about it is that it is open source and therefor the can adopt the PHP JIT techniques from HHVM into the core PHP interpreter.

The importance of the priority when using the wordpress authenticate filter

have wasted two days wondering that had gone wrong with my plugin that is doing a small extra authentication because I didn’t feel like diving deep into code to figure it out, but once I did I got the answer really fast – the authentication filter has some unexpected weirdness that is unlike almost all other wordpress filters.

It is supposed to return a valid user but the initial value passed into it from the wp_authenticate function is NULL, and not as you might a valid user or error. The actual user validation is done by a core filter with a priority of 20. There is also another core filter with priority 99 that is denying login to users that were marked as spammers.

bottom line: if you want to implement a different authentication user/password scheme you need to hook your function on a priority which is less then 20. If you want to just enhance the core authentication use priority 21-98, and if you prefer to let wordpress reject network spammers before your function is called use priority of 100 and above.

The idiotic change in fancybox license emphesizes why developers should leave licensing to lawyers

fancybox is a jquery based lightbox alternative. Its version 1.0 was distributed under a very permissive MIT license, but for version 2.0 the developers apparently decided to try to monetize their success and changed the license to Creative Commons Attribution-NonCommercial 3.0, which basically doesn’t allow usage for commercial purposes.

I am all for people getting payed for their work especially when it is so successful, but was the license change the smart thing to do? I think no

  • while the wordpress world shows that you can make tons of money from offering GPL software, with several themes and plugin developers doing nice amount of money from their work, it is strange to see someone trying to go against the tide.
  • Noncommercial  – is meaningless term, as almost no one put the effort to make a nice site without expecting to monetize it in some way. It might be direct as a shop site or running ads, or less direct as a site to build reputation. This is basically a problem with most CC licenses as they are not intended to be used for code, this is something in which a lawyer’s advice might have prevented.
  • How are they going to discover that anyone had broken the license terms, and if they do, they are unlikely to have the money to sue people all over the world.
  • What incentive is there to not pirate the code? Pirating is very easy and they don’t offer any additional service like support, therefor only people that would have been willing to “donate” in the first place will be willing to pay for the license. It might even be that they might have been willing to donate more then the request price.
  • It is easy to circumvent the license by placing the JS file on a different domain which is truly non commercial and use it in the main domain.

We can’t know how many users this change had cost to the developers, but by the look of the site I assume the monetization scheme didn’t work too well for them. Maybe it is time to change the license to something less restrictive.

Every user that had loaded any page of your site is your user

I found that I am annoyed with the way wordpress classifies users, there are administrators, editors,authors, contributors and subscribers. This classification is based entirely on what can the user access on the wordpress admin, but most people that use you site don’t have an account and therefor they are not classified at all, which is a big mental mistake.

Users without an account can be

  • casual readers – access your site at random intervals
  • follower – reads every new post or checks you site every week
  • commenter – leaves a comment
  • rss subscriber – follows update in rss
  • email notification subscriber
  • news letter subscriber
  • discussion follower – following comment updates via RSS or email.

And maybe there are more types. This kind of profiling your users should help you in monetizing your site while keeping all your users as happy as ossible.

For example, some sites don’t show ads to logged in users, treating them more as partners then source of income, but maybe it will be wise to treat commenter the same way?

wordpress.com requires its registered user to login to be able to comment

When I try to comment on sites hosted on wordpress.com and I use my main email address I get a notice that says something like “The email being used is already registered with us, please login to your account”.

I guess that the idea is to try and prevent people from impersonating another commenters, but the implementation is an awkward one as it assume that everyone is an impersonator until proven innocent and add yet another step, for anyone not currently logged in to wordpress.com, in sending a comment. I wonder how many people just abort the comment at that stage, I know I have done it at least once.
It is also strange that you have to identify against wordpress.com when there are other identity providers like google, facebook and twitter which can also be used to verify the email address.

And all of this is because the idea behind the gravatar service, which is now fully integrated into wordress.com, is naive – you should not identify people by something which is a very public information like their email address period.

What could they have done better? This should have been an opt-in kind of service.I don’t think the chance of anybody trying to impersonate me is higher then zero and I am willing to take the risk in order to have easier life. In addition the best way to verify an email address is by actually sending an email to it and asking for an action to be made. Maybe something like “we detected that you are commenting on xxxxx, if it isn’t you, you can remove the comment by clicking the link yyyyy”. Sure there is a risk of spamming the email address that way, but it might be effective enough to reduce the impersonating attempts to zero.

great day for the users of the web: yahoo and google had smacked the adware maker babylon

It was reported that google will not renew its agreement with babylon, a report that sent babylon stock in the Israeli stock exchange to nose dived 70%. This came about a week after yahoo sent a message to babylon that it is extremely unsatisfied with the way babylon products behave.

Not sure what is babylon? babylon used to be the developer of a translation software which you actually had to pay in order to use. But at some point the people of babylon had discovered that the dark side has much better cookies and more money to offer then in the honest translation software business and they started to use their familiar and mostly love brand name to hijack browsers during their software install, and switch the search engine settings so that searches will go through babylon’s search engine which is just a proxy to google or yahoo search engines.
They made money out of these scheme because google and yahoo pays for each referal to there engines.

Since babylon made money from each search going through them, they made every effort to prevent the user from changing his search engine settings even after babylon was installed. If hijacking browser settings by itself is very annoying,making it so hard to uninstall made babylon be more of a virus developers then a legit software company.

Nothing is new here and one has to wonder why did it take google so much time to do something about it.

will conduit be the next one to be smacked?

John Scalzi on comments on website

It is nice to see that other people agree with my stand on comments, especially a web seleb like Scalzi

In a general sense, though, I think it’s well past time for sites (and personal blogs) to seriously think about whether they need to have comment threads at all. What is the benefit? What is the expense? Blogs have comments because other blogs have comments, and the blog software allows comments to happen, and I suspect everyone just defaults to having comments on.

read the (much much longer) rest

WordPress’s fetch_feed API supports fetching more then one feed at a time

http://core.trac.wordpress.org/ticket/22140

Apparently several RSS feeds can be fetched “at once” by using the fetch_feed API, but core developer not excited to advertise this possibility  (and I agree because I never heard anyone complain about the lack of such a feature)

The only use case for using wpml plugin for multi lingual wordpress sites is when you need control of the translation process

The CEO of OnTheGoSystems, the company behind the multilingual wordpress translation plugin WPML, gave a presentation in wordcamp jerusalem 2013.

The presentation started by showing leading Israeli site which have great content in hebrew but are much less impresive or even plain bad in english or russian.

For the english example he used the leading israeli news portal ynet.co.il which has full content in hebrew and a simpler site in english. For the russian example he used the site of the airline arkia in hebrew and their russian site.

I wasn’t the only one that were underwhelemed by those examples for “poorly translated” sites. Ynet is mainly about israeli news so why would they even bother with an english site? tourists or buisnessman located in israel might want to know about the major political/buisness/cultural events but are they really interested in the israeli equivalent of “american idol”? Same goes for arkia, their main costumers are israeli and whatever service they give to russian speakers is related to israel  (the phone numbers in the site are local israeli numbers), and how many russian speaking israeli are there that can’t use the hebrew or the english site?

In ideal world all content would have been translated in to all languages, but in the real world translation cost money and there is no point in spending money for translating into languages from which you don’t make money. It is never enough to translate the site only when it is launched, and you always need to keep spending time and money for translating every new content.

And if the reason for not having full translation to all the languages is money related conscious decision, then why would you even start considering a solution which has the basic assumption that all content should be translated? Better to just set up a site per language and manage the translation according to the amount of effort you decided to dedicate to that language.

The presentation highlighted something that WPML seems to do well, it gives you an up to date status of the translation and makes it easy to see what parts of the site are translated and what are not. This is something you can’t automatically achieve when each language has its own site. For sites that have to have reasonable up to date content in several languages (even if not all of the content) it might be a valid solution.