Credits page for WordPress 3.3

The WordPress 3.3 credits page was updated today, for likely the final time. In five months, there were nearly 1,200 individual changes to WordPress (and counting).

The credits page lists every individual who contributed to the latest release. A few stood out for their contributions, not just of high quantity, but of tremendous quality: Dominik Schilling (ocean90), Cristi Burcă (scribu), and Sergey Biryukov. The three are listed as contributing developers to 3.3. The core team — including guest committers Jon Cave (duck_) and Daryl Koopersmith — worked with these three daily, and they had a collective hand in nearly every major task this release.*

There were also three individuals added to the ‘Recent Rockstars’ group for their recent contributions to core development. This release we chose Chelsea Otakan (chexee), Helen Hou-Sandi, and John Blackbourn (johnbillion). All together, the six contributing  developers and rockstars we’ve recognized contributed more than a fourth of all Trac comments and two-fifths of all props.

If you want to see the full list, click the WordPress icon in the 3.3 toolbar and head on over to the credits page, or wait for the release post (coming soon!). Maybe I’ll also experiment with a word cloud again as I’ve done in the past.

In WordPress 3.4, we plan to recognize first-time contributors on the page, so if want to see your name in lights on the credits page, contribute to WordPress.

* Fun fact: Average age of the five mentioned in this paragraph: 23.

WordPress 3.3 Field Guide for Developers

Last night, WordPress 3.3 Release Candidate 2 was released. As written in the release post, I think we’re really close to a final release.

In preparation for that, I went on a tear yesterday and contributed to six posts for developers on our main development blog. The posts were a mixture of tutorials and API documentation what’s new and what’s changed in 3.3:

  • Admin Bar API changes in 3.3. An overview of what changes might break your plugin, how we’ve tweaked the terminology and APIs for 3.3, the new Groups concept, and how to move and modify menu items.
  • What to watch for: Javascript and Editor changes. There were quite a bit of changes here. jQuery was updated to 1.7.1, the current version. The full jQuery UI is now included, and was updated to 1.8.16, also the current version. And then there’s an example for wp_editor(). The QuickTags API (the HTML editor toolbar buttons) was rewritten, and we’ve improved both wp_localize_script() and wp_enqueue_script().
  • New API: is_main_query(). I introduced this function and WP_Query method during my ‘You Don’t Know Query’ talk in WordCamp Portland in September.
  • Do not include wp-admin/includes/template.php to get add_meta_box(). I’m not even sure where to start with this one. When developing 3.3, we found that some plugins were doing something wrong when trying to call add_meta_box(). (Really, really wrong.) So consider this post a protip.
  • The admin_user_info_links filter is gone. This needed to happen since we combined the admin bar with the admin header. Not too many plugins were using it. This comes after we dropped favorite actions in 3.2 as the UI continues to be refined.
  • Help and screen API changes. This post goes through the process of adding new help tabs, as well as how to use the screen object to determine the context of the current page. I spent a lot of time fleshing out WP_Screen in 3.3, so it was nice to see it all summed up in just a few hundred words.

WordPress 3.3 — coming soon to a site near you.

“Case Study on How WordPress Won the Crown”

Case Study on How WordPress Won The Crown from WPTavern. I think the good (and long) read here is the comment thread, rather than the case study. (Links not endorsements?) In response to another comment, I pointed out a number of high quality plugins that bring a lot of power to WordPress, including document management and editing workflow tools.

When Did You Last Blog? A Fresh Start

You know it’s bad when the most influential people in your life have all ganged up on you.

My best friend Ben Balter wrote a script called When Did Nacin Last Blog (don’t worry, it’s on Github).

My girlfriend planted the “When did you last blog?” question at WordCamp Richmond last month.

My own father called me in October while I was in Seattle to quiz me on when my last blog post was (“April 16,” I knew off the top of my head), after which he pointed out I was also in Seattle then.

My boss recently sent me a friendly reminder letting me know it’s been 229 days since my last post. I wouldn’t be surprised if Matt used Ben’s tool.

It’s not that I don’t post to blogs. In the last 233 days, I’ve posted 19 times to the WordPress development P2, 16 times to our translators blog, and three times to the WordPress Blog.

And it’s not that I don’t write. I use Twitter as a microblogging tool to share links and ideas. And since April 16, I’ve posted more than 2,600 comments on the WordPress bug tracker, and opened 81 tickets. (Exactly one-third remain open.)

I think the problem is two-fold. I don’t make time to blog, even though posting to a personal blog might as well be a job responsibility for me. I truly love blogging and web publishing, it’s just that after spending 60 hours a week on building, testing, and using web publishing software, I typically want to take a break. Second, I find other ways to publish most of the content I would publish, whether it’s on our bug tracker or on Twitter.

I’d like to change both of those things. So I’ve done some things to prepare for a change in routine.

I’ve switched to the Twenty Eleven theme using the one-column layout. I probably prefer Twenty Ten visually, but Twenty Eleven supports a number of post formats that I hope to leverage while microblogging. I have a feeling I’ll continue to tinker with this blog’s appearance — I’ve liked the designs and blogging styles of a few good friends.

Just a month ago, I finally acquired the nacin.com domain, which I’ve wanted for many years. Until this weekend, the site resided at andrewnacin.com, but given that nacin is my identity both online and in real life (I’m called Nacin more than Andy or Andrew), it was symbolically important to me. (Thanks Pete Mall for being my proxy for negotiations.)

I have been keeping a list of potential essays to write, and started to draft a number of future posts. With the final release of WordPress 3.3 is just around the corner, there are a number of tutorials for cool new APIs I could probably cover. There’s a lot more I can write about — in the last nine months, I’ve worked on both coasts to get open source in newsrooms and government agencies. I’ve attended meetups in New York, Seattle, and of course D.C. I’ve evangelized WordPress at nine WordCamps, a PHP conference, and a BBQ festival.

I’ll also be posting links, quotes, and ideas that would normally go straight to Twitter. Lots of WordPress, yes, but you’ll likely see an infusion of non-WordPress things I find interesting, particularly in the areas and intersections of technology, open source, journalism, and politics (based on some of my recent tweets). I last blogged 233 days ago. It’s time this has changed.

WordCamp Seattle

I’m here at WordCamp Seattle, and wanted to post my slides and a few other notes. I’m giving two talks today, one in the development track on best practices for plugin development (“Y U NO CODE WELL”), and an Ignite talk on contributing to the WordPress community.

First, during my development talk, I was asked for five tips on writing secure code. In return, I pulled up a recent email I wrote where I provided 10 tips:

Never trust the user. You need to assume that all user input is insecure, and that all output is unescaped. The primary points are:

  1. Always escape attributes, URLs, and text on output.
  2. Always sanitize, scrub and validate input.
  3. Always prepare database queries.
  4. Never trust the user.
  5. Never output anything that is unsanitized or unescaped.
  6. Never store anything that is unsanitized.
  7. Know the difference between authority and intention.
  8. Never trust the user.
  9. Always use the many helper functions — we make it easy to write secure code.
  10. Never trust the user.

Best Practices for Plugin Development

http://www.slideshare.net/andrewnacin/best-practices-in-plugin-development-wordcamp-seattle

Ignite Talk: Ask Not What WordPress Can Do For You

http://www.slideshare.net/andrewnacin/ask-not-what-wordpress-can-do-for-you-ignite-wordcamp-seattle