Category Archives: General

Toptal WordPress “Talent” Pool Needs a Spring Cleaning

Legend has it that you can “Hire the Top 3% of Developers” over at Toptal, and I’ve actually been a member there since early 2015. I remember the onboarding process was quite serious.

Recently, I’ve been helping out screening a full-time WordPress developer for a large project involving BuddyPress, Gravity Forms and Woocommerce. I hop on very short technical calls that usually last under 15 minutes where I talk a bit about WordPress and ask some simple questions. This lets me get a feeling of whether they are competent or not.

Over the course of the last week I spoke to 4 “talented” candidates who had more than 10 years of experience with WordPress. Two of the interviews lasted for 5 minutes, the other two about 10 minutes. I asked the following questions to try and get a conversation going:

  1. Can you show me some code you’re written?
  2. What do you like about WordPress development? What don’t you like?
  3. What’s the difference between sanitizing and escaping in WordPress? What vulnerabilities are prevented?
  4. Can you properly escape the following query $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '%{$_POST['s']}%'" )?
  5. What is fragment caching and how would you implement it in WordPress?

None of the interviewees were able to sanitize the query properly, one took the liberty of trying to look up the WPDB class documentation and still failed to properly combine $wpdb->prepare and $wpdb->esc_like.

These “highly experienced” WordPress developers wanted a $120k/yr. salary (I’m sure Toptal takes a cut as well) and were unable to answer the most basic day-to-day WordPress development questions during a technical interview.

Toptal, are you sure you’re vetting these people correctly? Look at what Codeable are doing.

</rant>



Nagios and `service restart`

Have you tried turning it off and on again?

This is usually the goto solution for failing/frozen services. Something’s wrong let’s just restart whatever. It gets as absurd as running a restart cronjob every hour or two! Of course restarting helps, but it’s not the best solution. It’s often better to find out what’s wrong to begin with, why the thing that is supposed to work is not working anymore.

Continue reading



Linux `cal` utility in landscape mode

The cal utility in Linux does not, unfortunately allow one to output the calendar in landscape mode (4 columns or more). The default cal -y output mode will display 3 columns. Here’s a hack-around:

  • Download the latest release of util-linux
  • Extract and edit the misc-utils/cal.c file.
  • Find the yearly function.
  • Add a cal_month m4 variable, which will hold the fourth column.
  • A little lower find m3.next = NULL and change it to m3.next = m4;, add m4.next = NULL;.
  • Inside the for loop change the 3 to a 4 in the month += ... clause.
  • And make
  • If all went well the output of ./cal -y should yield four columns instead of three.

You can probably make cal output 2, 5 or 6 columns in a similar fashion. Crazy hack, eh?

Update 4th September, 2014: I have sent in a patch to the `util-linux` library with a new feature – landscape mode. `-l` and `–landscape` flags will stretch the year output as much as two times. Pull request can be accessed on their GitHub upstream mirror: https://github.com/karelzak/util-linux/pull/117



Headless Google Drive Uploads

Uploading files to Google Drive from the command line without any fancy agents, exotic libraries, dependencies should be simple. And here’s how it’s done…

First of all we need an Access Token for the Google Drive account we’re uploading to. This can be attained in many different ways. I’ve written a simple bash script to get Google API authentication and access tokens, which can be found here. Note: due to a bug somewhere, Google doesn’t seem to like drive scopes, so I’m using the all-enveloping https://docs.google.com/feeds for now.

Once you have you Access Token, calling the Google Drive API is simple using mere cURL. Multipart uploads allow you to inject metadata along with your file data in one request.

In short, you make a PUT or POST request to https://www.googleapis.com/upload/drive/v2/files/?uploadType=multipart, with an Authorization: Bearer $ACCESS_TOKEN header, and a Content-Type: multipart/related; boundary=$BOUNDARY content type.

The payload should look like so:

--randomboundary
Content-Type: application/json; charset=UTF-8

{ "title": "My document", "parents": [ { "id": "xxxxxxxxx" } ] }

--randomboundary
Content-Type: application/text

DATA HERE, KTHNX!

--randomboundary

The whole script can be found here: https://github.com/soulseekah/bash-utils/blob/master/google-drive-upload/upload.sh. As you can see, we feed the whole file from stdin along with the necessary boundaries.

The “parents” argument “id” should be set to the ID of a folder in Google Drive. If left empty, the file will be uploaded to the root folder. You can get the ID from the URL in your Google Drive when visiting a folder. A list of mime-types for the file can be found in this stackoverflow answer.

Hope this helps folks out there that want to upload files to Google Drive from the command line.



Differential Backups using Git Bundles

There are a lot of self-hosted file and data backup solutions out there, most of which are clunky to set up and configure correctly. Many simply tar your whole directory and let you download a huge archive. Others will store snapshots “in the cloud”.

I like minimal, self-contained solutions. One excellent tool is, of course, rsync, which offers incremental file transfers, which is pretty neat, and saves space by only saving changed files from last checkpoint. This type of backup is usually referred to as incremental backsup. For your media collection or user file uploads this is great. But space can be saved even more if most of the changes are inside the files. This is where differential backup comes in. rsync doesn’t do differential backups. Moreover, there seems to be no straightforward access to history, diffs, etc.

Differential Backups using Git

“history”? “diffs”? Sounds like version control…

Continue reading



WordCamp Russia 2013

I took part in WordCamp Russia 2013 this year, which was organized by my brother (with huge help from a handful of volunteers and the WordPress Foundation). This was the first ever WordCamp in Russia.

My talk was on testing automation in custom WordPress code, which covered some basics of unit tests using PHPUnit, system tests using CasperJS.

The talk is in Russian, but English subtitiles are available. Also slides and code. To view all other talks visit https://wordpress.tv/event/wordcamp-russia-2013/.

Konstantin wrote about the event in much detail.



My very own standing desk

Today I finally got my custom-made standing desk installed. It’s a 2-in-1 actually, with surfaces for both standing and sitting modes. It’s quite compact, occupies far less space than my older workspaces. But enough talk, here are some pictures instead:

This slideshow requires JavaScript.

I’ll post an update in a week or so with how it feels to work upright. Haven’t had the chance to wrap my head around the experience in such little time, but I feel that my typing speed and accuracy have increased a bit. And a sense of utter freedom of movement – I can now kick, punch (both the air and the wall around the desk) and stretch anytime and even jog in place while I wait for compilation, downloads/uploads, chat responses, etc. or simply pause to think.

Have you tried using a standing desk? What benefits did you discover?



A new, much better home for my code

I have been having trouble with my former low-end VPS provider after two years of quite stable service. They decided to move data centers, and my OpenVZ box ended up being corrupted during the move. I have been looking to move for quite a while now. First of all I started using Arch Linux a while ago, and have been enjoying effortless rolling updates and upgrades every day. My former server was running Ubuntu 10.04 for 2 years, and due to fear of breaking it during updates (yes, it happens more often than one might think) I was stuck with some pretty old libraries, and although I managed to compile PHP and ngnix every six months or so to stay up to date, other newer packages required newer libraries, which in turn required a new kernel, etc.

So I was looking for a VPS provider with Arch images. Amazon AWS is quite expensive, although Arch Linux AMI images are available from Uplink Labs. But besides that, I’ve also been looking to switch to XEN virtualization, to have guaranteed memory, the power of swap and other advantages over OpenVZ and Virtuozzo offered by many companies.

After having tried out several alternatives on the low-end market, it’s been nothing but headaches, for the past month. So I decided to go for a safe, proven and mainstream provider – Linode. Fit my criteria of carrying Arch images (1.8% of deployments are Arch on Linode), XEN virtualization, quite low-end and budget-friendly, 2TB of data transfer, and promised effortless upgrades. The only downside was their lack of support for PayPal payments (very probably justified). So I had to get a prepaid virtual card.

So, as of a couple of days ago, the new home for my dozen of sites, and repositories is a blazingly fast XEN Arch Linux box at Linode. I’m quite sure I wont’ be disappointed.

What have you tried? What do you use now?



tail -f | event

Monitoring log files for specific keywords and firing off an event turns out to be quite simple to accomplish in bash with a `while` loop.

#!/bin/bash

tail -f $1 | while read line; do
    line=`echo -n "$line" | grep -i "$2"`
    if [ -n "$line" ]; then
        # mate-notify-send -t 0 "$2 has been logged"
        echo "$2 has been logged" | mail -s ...
    fi
done

Something I’ve been using quite a bit lately expecting keywords to show up in various local and remote logs (ssh ... "tail -f ..."). What log event monitoring tools do you use?

Also, since this is the second time I decided to share a bash snippet quickie and have received some improvement feedback on my first one I’ve created yet another “bash-utils” repository. Feel free to chime in.



Monitor Directory for Changes

Here’s a simple script that I setup for my development WSGI server to reload itself once changes in source code are detected:

#!/bin/bash

while true; do
    A=`find $1 -printf '%t' | md5sum`;
    sleep 1
    B=`find $1 -printf '%t' | md5sum`;
    if [ "$A" != "$B" ]; then
        echo "Detected change, doing: $2"
        eval $2
    fi
done

It’s very simple (a poor-man’s replacement for inotify) and doesn’t do anything complicated. Usage ./monitor.sh application "my-reload-services.sh". You can filter out unwanted stuff like maybe *.swp files by referring to the man find pages.

What do you use to monitor for changes? How can the above script be improved?