Migrating from Bitwarden…

… to Bitwarden.

Yes, you read that right. I’m taking some time and migrating from my family Bitwarden account to a new, single, shared single account. Why? Because the UI for having a shared organization/family is obnoxious, difficult to explain to non-technical people, and ultimately useless for our (collective) use-case.

Linux on the Desktop

Inspired by a post by Kev:

Kev, one in a recent list of people I know leaving the Linux desktop.

GitHub (née Microsoft) buys NPM

Weird timeline we’re in, eh? While we all sit and hope for the best with COVID-19 taking an unprepared humanity to task, Microsoft (through GitHub) is making an interesting move.

I have to say, it’s an interesting proposition. Microsoft wants to improve and control the popular NPM (Node Package Manager) repository. This is where JavaScript developers go to download modules for Node.js so that they can build their applications. Microsoft will now own this repository.

Honestly, I’m a little torn. On one hand, I dislike the increasing creep of JavaScript “applications” that are run on Node/Electron because they’re not usually well optimized and eat resources like crazy. On the other hand, Node’s repository has been notorious for squatters, malicious files being uploaded into popular modules and even the transfer or takeover of popular modules by hostile entities without any notification. Some sort of corporate curation and regulation (not to mention proper infrastructure and funding) will help.

Ultimately it seems like just another piece of the Open Source pie being consumed by corporations. While NPM is a handy tool for development in Node, I’m sure this change of ownership will prompt an exodus, as the GitHub acquisition did before it.

When it does, we’ll all be the better for it. More diverse sources allow for less single points of failure or control. I wouldn’t be surprised if the popular distributed git-forge idea spawns into a distributed NPM-analog.

Update: It was pointed out to me that there is, in fact, an alternate package repo tool/project tool: Yarn. I’m not a Node developer, but I am extremely happy that it exists and can be a stand-in for NPM.

Mastodon Icons!

It took some doing, but I finally have a Mastodon icon for my social media menu. It may not seem like it’s important, but I’m really nit-picky about this crap.

A picture of the social media icons on my site (menu and footer).
Yay!

Turns out it took a bit of doing. I installed Add Fediverse Icons to Jetpack, then (thanks to the developer of that plugin) I added this snippet he wrote for me:

add_filter( 'walker_nav_menu_start_el', 'my_apply_icon', 100, 4 );
function my_apply_icon( $item_output, $item, $depth, $args ) {
	$social_icons = array(
		'Diaspora'   => 'diaspora',
		'Friendica'  => 'friendica',
		'GNU Social' => 'gnu-social',
		'Mastodon'   => 'mastodon',
		'PeerTube'   => 'peertube',
		'Pixelfed'   => 'pixelfed',
	);

	if ( 'social' === $args->theme_location ) {
		foreach ( $social_icons as $attr => $value ) {
			if ( false !== stripos( $item_output, $attr ) ) {
                                $item_output = preg_replace( '@<svg(.*?)</svg>@', '', $item_output );
				$item_output = str_ireplace(
					$args->link_after,
					'</span>' . jetpack_social_menu_get_svg( array( 'icon' => esc_attr( $value ) ) ),
					$item_output
				);
			}
		}
	}

	return $item_output;
}

This added the icon to successfully to my menu. However, it was giant. I noticed in the web inspector in Firefox, that the bounding box for the SVG was huge. I changed it to be 24 pixels tall like so:

.icon.icon-mastodon {
  height: 24px;
}

Finally, things are good!

Edit: I keep all my CSS edits in Git.

Plugin Vulnerability

If you’re one of the 200,000+ users/clients of the ThemeGrill plugin, you should update yesterday.

Plugin vulnerabilities are not a new thing. The only novel thing about this one is the number of affected sites. It’d be like Askimet having a major remote control exploit. You can mitigate these issues by making sure your plugins are up-to-date. WordPress is not particularly hard to manage. There are lots of plugins and services that make it brainless (shoutout: Jetpack). So, this should be a non-issue.

While we’re talking about plugin vulnerabilities, you should go visit Marko Saric’s guide on securing your WordPress install. Lots of good advice in there. I personally like using Jetpack (with Askimet and Vaultpress), but there are lots of free tools that you can use to secure yourself.