Yeah, that’s a slightly clickbait-y title, but these are scary times. Schools are cutting programs, scaling way back and in some extreme instances, closing altogether. It’s hard to go a full week without seeing an article in the news about the impending death of higher education.
Is higher ed dying? No, I don’t think so. Is it sick? Yes, I believe so.
I recently read this news story about big companies like Google, Apple and Netflix no longer requiring college degrees for its employees. This quote jumped out at me:
Apple CEO Tim Cook recently said that about half of Apple’s US employment last year included people who did not have four-year degrees. Cook reasoned that many colleges do not teach the skills business leaders need most in their workforce, such as coding.
That’s worrying, but not surprising. It’s challenging to quickly pivot at enterprises are large as a university. Apple can decide tomorrow to stop making X and instead make Y. That’s a much harder thing to do for us.
I’ve been thinking about this a lot lately as we go through the college search process with our oldest child. I’ve been focusing like never before on outcomes and cost, and what kind of experience my son will have. I wonder what the experience will be like 5 years after that for my younger son. Expect a large number of posts in the coming months about my experiences of this search process. I know how the sausage is made, so I’ve been both surprised and downright shocked at what some schools are doing to reach potential students. That’s a (series of) post(s) for another day.
I watched this video last week, and while I disagree with some of what Patrick Bet-David is saying in it, some of makes a lot of sense, especially the parts about speed, memory and technology changing so fast that some programs are out of date before they even start. Have a watch and let me know what, if anything, jumps out at you and what parts you think are applicable.
We’re a few weeks into the world of WordPress 5 and Gutenberg, and the hysteria has quieted down a bit. Maybe it was the holidays, but now that the new year is here and folks are back to work and school, I’ve seen an uptick in reports of sites breaking when they are updated to WP 5.
Specifically, I’ve had a few client sites where the customer has updated WordPress to version 5 without telling me and lo and behold, their sites decided to break.
I’m sure many agencies haven’t had enough time to go through all their client sites to ensure everything is going to be OK, but every time my clients log into their site, they are seeing that “Update to WordPress 5” nag alert bar, and so they do it.
I don’t want them to. Not yet. So I asked on Twitter if there was a way to disable that notification, specifically.
Has anyone made a plugin that hides the “update to 5.0” banners in WordPress? I don’t want my clients to update it and break everything.
Jay Hill jumped into the replies and developed a nice, small plugin that will hide that WordPress 5.0 upgrade nag.
You can find the plugin at Github. Thanks, Jay! This is a nice, quick thing to add to sites until we’re ready to update them. If you don’t want to add the plugin, you can probably just add the couple of lines to your functions.php file.
We should probably have a talk eventually about plugins and themes abusing the notification and alert system, but that’s a conversation for another time.
It’s a new year, and time for some resolutions. If you’re struggling with what changes to make, I think this is a good time to suggest using a strong passwords and a password manager. I blog about this every newyear, and people continue to use weak and just plain bad passwords. With more and more news reports about hacks, bad security and new breaches every day, you need to protect yourself.
Every year, SplashData puts out a list of the top 100 worst passwords. Let’s have a quick look at the top 10 worst passwords used last year:
Those are really bad. According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.
So what can you do?
Use Stronger Passwords
The best passwords use a combination of letters (both cases), numbers and special characters. I’d recommend using a tool to generate strong passwords. I use RandomKeyGen.com to generate passwords for sites as I use and as well as when I create user accounts. That site will generate all sorts of passwords and keys for you, ranging from shorter passwords that are strong and memorable all the way to crazy “fort knox” passwords, like this:
That is a nice, strong password. Yes, it’s long, and hard to remember, but do you want an easy password that’s trivial for some bot network to crack? No, didn’t think so. Wolfram Alpha says that if you had a computer making 100,000 guesses a second, it would guess your password in 1.178×10^19 years. That’s a long time. Like age of the universe long.
Use a Password Manager
Screenshot of 1Password
I find the challenge is remembering long, complicated passwords. I can barely remember what I had for breakfast. To make life easier, I use an app, 1Password, that syncs my passwords across multiple machines and my phone.
If you asked me for my banking or Facebook password, I couldn’t tell you what it is. They’re both 30 character strings of numbers, upper and lower case letters, and special characters. 1Password will also generate passwords if you need. LastPass and KeePass are also apps in this space.
Some of these tools are free or very inexpensive. I think it’s worth it to keep your info just a little more secure than using a password like 123456.
I’ve been following all the drama surrounding the release of WordPress 5.0, and the arrival of its new editing experience, Gutenberg.
I’m going to be completely honest. Until last night, I had never used Gutenberg. It’s true.
I’ve used page builders before, and have used the “classic” editor for nearly 10 years without major issue. Thanks to custom meta fields, I’ve always been able to gather, format, categorize and work with content of many different kinds without major issue. I didn’t really need a new editor, to be honest and I feel most pagebuilders make pages a mess of shortcodes and other cruft.
But after many months in development, WordPress 5 has been set free into the world, and more importantly, it’s new Gutenberg editor, whether we wanted it or not.
WordPress 5 is here.
Why is this being released now?
Why was this release targeted and pushed out in the 4th quarter of year, without major accessibility testing, and on the day before the WordCamp US conference? These are not small questions.
For example, releasing WordPress 5.0 right before the big WordCamp US conference starting tomorrow was absolutely silly. The release day was a travel day for most of the top people in the WordPress community. Releasing WordPress 5.0 a day before WordCamp US was simply rude to the WordPress community.
So is releasing a major version of software that powers 32%+ of the Internet in the month of December during the holidays when many people are trying to focus on family. This update is going to break millions of websites, and force millions of developers to upgrade millions of websites. The number of human working hours that are going to go into supporting this update can’t even be quantified.
Somewhere in the rumors, complaints and conspiracies is the truth as to why this all being pushed out now. We may never get the full truth or reasoning, which is frustrating.
WordPress is not a small open source project. It’s massive, and with that size you’re going to have to have to wrangle many different voices. There are users, the teams who actually write the code, plugin and theme developers, and so on. There are investors in Automattic (who have put in over $300 million into the company.) Lots of people have staked their entire careers and livelihoods on this software. That’s a lot of pushing and pulling, but that’s happens when your software is everywhere.
In the end, WordPress grand poobah Matt Mullenweg has won and released WordPress 5, whether we were all ready or not. I fear he’s burnt a ton of political capital in getting it out. He dabbed on his haters, but at what cost?
If you don’t want to use Gutenberg, or don’t understand Gutenberg, install the “classic editor” and update your site to version 5.
The “classic editor” is now a plugin and is the same editor as we’ve always had in WordPress. If you do that, you can continue on using WordPress as you always have and you’re good to go.
Feeling frisky on a Google Hangout last night, I updated my site live with some friends watching and giving some advice.
After installing the classic plugin, I upgraded to version 5.
And nothing felt different.
I activated the classic plugin.
I edited a post. If you have the plugin activated, you’ll see a choice now to edit that particular post in the “block editor”.
Quick aside: when working in the admin area, you’ll see something called “block editor.” That’s what Gutenberg is called inside WordPress. This is something that will lead to even more confusion as people who aren’t super in the weeds like many of us will be looking for something called Gutenberg in their editor. When they don’t see it, they will get upset.
Here’s what the posts screen looks like for a particular post:
I wrote this caption three times, but if you go back into the editor to add alt text to the image, this goes away.
You can switch between them, but please be aware you’re going to get errors. How do I know? I got a ton of them.
Compared to most WordPress installations, I don’t have a million plugins running. This is a blog. I’ve got Yoast SEO, caching, sitemaps, WP-Optimize, and a plugin that backs up the site every night to Amazon S3. I’m not exactly pushing the technology to the limit here.
What I do have here is a large archive of posts stretching back to 2008. Ten years of posts created in WordPress from version 2.5 or something. I’m sure my database is full of out of date stuff in it. Since I updated last night, I’ve been getting a very large amount of errors.
I edited a post as a test and switched from the “classic” editor to the “block” editor. Error.
I edited a post using the “block” editor. I added in a few content blocks and saved a draft. Error message on the screen.
I made more changes, and previewed my post. No changes were shown. Error.
I published the changes to my post as a fun “test in production” test, and received error messages on the screen that the post did not save. I tried saving, error. Again. Error again. Viewing the post showed the changes were live.
After starting this post with the classic editor, I thought I’d switch to the block editor. I had to reload several times to get the block editor. To be honest, as I write this, I’m nervous that it’s going to lose this entire post. It’d serve me right.
When the editor did finally switch, I got this error. This is a PHP error, not a Gutenberg error. I’m guessing a plugin conflict somewhere.
What’s frustrating about adding an image in Gutenberg/block editor is that you don’t use teh standard WordPress image upload and management tools. Once you upload your image, you have to re-select it, click the pencil icon, and then you can add your alt text. There has to be a better way to do this. Sorry for the long caption.
It’s been a real struggle to get basic functionality to work, and I’m lucky I’m not using plugins like ACF to further complicate the situation.
To be honest, the whole situation has bummed me out. If you are starting a new site from scratch, maybe Gutenberg will be awesome for you. If you have hundreds (like this site) or thousands of posts and pages in your site, this is going to be a major issue, I fear.
I’m going to put this in bold text:
If you manage a WordPress site in any capacity, I would strongly recommend you do not update to WordPress 5.
If you manage a website using WordPress, sit tight wait for the next update, which should be coming in a few weeks. Hopefully by then, we’ll see bug fixes and performance improvements with Gutenberg. This block editor is like typing in molasses. It’s slow and gross.
Giving it some time will also allow the amazing folks at WPCampus to complete their accessibility audit of Gutenberg. I know many of you work in higher education and nonprofits, and this is critical information for you to know before you roll this out to your campuses. The good news is that their fundraising appeal has been met. Disclosure: I was a donor to this campaign and I’ve spoken at the WPCampus conference (which was awesome.)
Waiting out this initial push will also give you time to ensure plugin and theme developers have enough time to get their code working with the changes in version 5 and Gutenberg.
I like the idea of the page editor, and there’s some parts of the new block editor that are really well done. There’s a ton of potential, but it’s not here yet. Not all the say.
While I see a lot of people claiming this is the future of WordPress, my perspective is it is actually just WordPress’s somewhat boring present. I haven’t seen anything innovative in WordPress 5.0 that I haven’t seen in other page builders, themes, or plugins. WordPress 5.0 and Gutenberg is kind of boring in its simplicity.
There are also hundreds of reference and developer pages that haven’t been updated yet to reflect what’s new in 5.0. This will cause more delays as developers try to figure out the documentation.
The Codex and the Developer site are quite different from each other. It's unfortunate that the Codex isn't apparently worth keeping up to date, because the Developer site is just glorified, generated code references.
I’ve come to the end of the post now. I’m nervous for it to publish. If you’re reading this in your email, RSS reader, or via social media, it actually worked and this post published. Good luck, everyone.
Post-publishing update: I can’t find a few key areas in the block editor. I can’t find category selection, excerpt, and my tags weren’t saved.
Oh yeah, I also got another error. It looks like this:
I love to optimize my sites as much as I can, and I use tools like GTMetrix to test them to see where I can eek out more performance. Google launched a new site this week, Web.dev, but it looks at more than just performance.
Web.dev, a site launched this week, will audit your site for not only performance, but also SEO and accessibility. Other tools do not offer this comprehensive a look at your site.
Web.dev looks at five distinct areas of your site. First is performance. A fast site is a happy site, and your visitors appreciate things loading as quickly possible.
Second is PWA, or progressive web apps. This is a relatively new area of site development and I don’t think many sites will score high here. This site scored a 58, as you can see below. It’s good they are getting developers and site managers aware of PWAs.
Third is what Google calls “best practices.” This will review if your site is being served over HTTPS, if you are sizing your images correctly, and so on. It also looks if you’re serving over HTTP/2, which I am a big proponent of.
While not a comprehensive SEO audit, the service will give you guidance as to things you can address on your site in terms of search engines.
Finally, the tool checks for common accessibility issues. This is important, and something the vast majority of sites are not paying attention to.
What Web.Dev Reports Are Like
Here’s a look at the report for this site. I know I’d do well in performance and SEO, and I was right. Where I struggle is with best practices and accessibility. It’s an eye-opening report, to be sure.
After the initial scoreboard, Web.dev ranks, in order of importance, what issues to address in each of the areas. For me, the most critical are accessibility.
What I like about this tool is you can log in with your Google account and track your progress over time for your sites. You can also download a report version that goes into more detail about your progress across the areas.
For this site, it showed in detail what it’s testing against in each of the five areas. For accessibility, this is especially helpful so I know where I need to pay attention to.
Here is my full report, so you can see the level of detail the tool goes into. While not in the on-screen report, the downloadable version went as far as to tell me that the version of jQuery I’m running has potential security issues. That’s helpful!
Is the tool perfect? No, but it’s a work in progress. For example, the tool was reporting that several of my stylesheets on this site and the Gas Mark 8 site weren’t being served over HTTP/2 when I know they are, and Chrome’s inspector confirms they are.
I hope Google continues to support and develop this tool. I think it’s a nice complement to existing site testing services like GTMetrix and WebPageTest.
The 7th edition of Higher Ed Experts’ Higher Ed Analytics Conference is seeking presentations for the 2019 edition. If you are doing interesting work with analytics at your institution, you should think about submitting a presentation.
HEE’s conferences are interesting in that these aren’t hour sessions, instead the conference features twelve 10-minute sessions. I like this format as it really forces you to get to your topic, data, and take-aways quickly.
The conference is scheduled for Wednesday, February 13, 2019 and the call for proposals closes on Wednesday, November 28, 2018. If your proposal is accepted, you will receive a free registration for the conference that you can use to attend with your entire team.
I’ve blogged before about the importance of making sure you’re serving your content over HTTPS. Not only is Chrome now marketing sites not served over HTTPS as “non secure” in the browser, they are giving increased weight to HTTPS sites in search results. It’s never been easier to serve your sites securely, but the actual secure certificate is only part of the equation here. We need to talk about protocols like SSL and TLS as well.
Server software like Apache and Nginx would previously serve secure content over the SSL (secure sockets layer) protocol. This is the case for the web as well as email. SSL was succeeded by TLS (transport layer security). The problem is that the various SSL protocols have been found to be insecure. A few years ago SSL 3.0 was found to be attackable thanks to the POODLE attack. At this point, it’s best to have moved your servers off SSL and been using the TLS protocols.
Run Some Tests!
If that’s greek to you (and most of it is to me as well), don’t worry. If you have server or IT admins that take care of your servers, chances are they’re on it and have been on TLS for several years now.
You can use Qualys’ SSL Server Test site to what protocols your server is using and make sure you’re up to do date with everything. You can see my report here. I use Let’s Encrypt for my certificate. Take a second and check out that A+. Feels good.
The SSL Server Test will also tell you what TLS and SSL protocols you’re running. You shouldn’t be running any SSL ones, because you will see the test dock you very heavily. Here’s an example:
You should be serving your website content over TLS 1.2 at this point. Why? Here’s more detail from GlobalSign:
As a best practice, you should configure your servers to support the latest protocol versions to ensure you are using only the strongest algorithms and ciphers, but equally as important is to disable the older versions. Continuing to support old versions of the protocols can leave you vulnerable to downgrade attacks, where hackers force connections to your server to use older versions of the protocols that have known exploits. This can leave your encrypted connections (whether between a site visitor and your web server, machine to machine, etc.) open to man-in-the-middle and other types of attacks.
Earlier this summer, TLS 1.3 was ratified and released. If you are able to upgrade to it, you should. If you don’t want to run a full SSL test, you can run just a check of what TLS protocols you are serving. Here’s a TLS Test from CDN77. Here’s my results below. This site is coming to you over TLS 1.3. Again, feels good!
I’ve been blogging for a decade here all about technology, the web, marketing and more. Something I’ve never done until now is a movie review. There’s a first time for everything, right? Let’s talk about the movie Searching.
Here’s a quick synopsis from Rotten Tomatoes:
After David Kim (John Cho)’s 16-year-old daughter goes missing, a local investigation is opened and a detective is assigned to the case. But 37 hours later and without a single lead, David decides to search the one place no one has looked yet, where all secrets are kept today: his daughter’s laptop. In a hyper-modern thriller told via the technology devices we use every day to communicate, David must trace his daughter’s digital footprints before she disappears forever.
Movies have been trying to show characters using technology to varying success for ever. On one hand, you have films like the Matrix Reloaded. It showed a character using real tools like Nmap exploits to hack a network. On the other, there’s terrible portrayals. Look at films like Swordfish or Hackers, which are just laughable in their use of technology.
What if you’re technology savvy and you see bad use of technology? In my case, I disconnect from the story. Searching was not one of those films.
Searching gets the technology right. From going through the correct steps to reset a password, to tracking online payments. From live streaming and vlogging. The technology here is correct. Because of that, I was engaged from the get go.
It’s more than technology. A good movie needs a good story to resonate and capture the viewer. As a parent, the thought of losing a child is my worst fear. This fact brings a ton of tension to the story. After the film, I really thought about what I would do if I was in this parent’s shoes and I could not find my child.
John Cho stars as the father looking for his daughter, and it was interesting to watch him fumble at times with the tech, or be unsure of how some sites work.
It was much like I think I’d react if I had to open my son’s phone and try to find what apps he connected with people on and what they do. Again, reality is a key here.
The film is worth seeing in a theater. If it has already left your local multiplex, check it on when it comes to digital and streaming in a few months.