WordPress 4.7 “Vaughan” Released

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

WordPress (WP) has released version 4.7 of their blogging and content management software. It has been codenamed in honor of the legendary jazz vocalist Sarah “Sassy” Vaughan. Here are some of the new features:

Twenty Seventeen

As always, new version, new theme…

WordPress 4.7's default theme: Twenty Seventeen. Twenty Seventeen focuses on business sites and features a customizable front page with multiple sections. Personalize it with widgets, navigation, social menus, a logo, custom colors, and more. Our default theme for 2017 works great in many languages, on any device, and for a wide range of users.
WordPress 4.7’s default theme: Twenty Seventeen

Theme Starter Content

When you setup a new theme with no content, the theme can provide some starter content to show off it’s capabilities.

Edit Shortcuts

New icons appear in the Customizer to show what content can be changed in real-time within the live preview.

Video Headers

Video headers can be added to themes with a video selector that shows up in the Customizer.

Blank Pages During Menu Creation

If you don’t have content for your site yet but know how you want your menu structured, the menu editor now allows creating blank pages on the fly while setting up the menu.

Custom CSS

Custom CSS can be added through the Customizer (note that such file-editing features are often disabled on most hosts as they often are the source of exploits and malware).

PDF Thumbnail Previews

PDFs that are uploaded now generate image previews just like images:

Image showing a PDF file with an image preview in the media library.

Dashboard in your language

The admin can now have it’s own per-user language set.

REST API Content Endpoints

Endpoints for posts, comments, terms, users, meta, and settings are provided by default in this version as they continue to build in the API components.

Post Type Templates for All

Post type templates are now available for all custom post types.

Custom Bulk Actions

One of the most-often requested features is now available in this version. In the past, adding custom bulk actions required a lot of hacking and going around the existing code. Now there are built-in functions to assist with adding custom actions that can be applied to many posts at once.

WP_Hook

The code that runs the actions and hooks has been rewritten, fixed a number of bugs, and added a few new capabilities.

Settings Registration API

The register_setting() function has been updated to include type, description, and REST API visibility.

Customizer Changesets

A new post status (customize_changeset) that is created when something is changed in the Customizer prior to being published. [More Information]

 

Google Chrome 55 Released

Google Chrome Browser Logo: Blue gradient circle with a thick white outline and a larger circle behind it with red, yellow, and green trisection coloring from top to bottom left.

Google has released version 55 of the Chrome web browser (based on the open-source Chromium browser) a few days early (was supposed to be released on the 6th). There was over $70,000 paid out to security experts, developers, and white-hat hackers for finding over 25 different security-related issues with the browser.

Noteworthy features:

async & wait functions

ES2016’s async and await function flags will be fully supported and allows making function calls that do not delay the main browser thread (asynchronous). Note that because IE does not support this (though can be mimicked using a settimeout polyfill; Edge has this feature behind an experimental flag) it will be awhile before it can be used cleanly. Babel (the ES6->ES5 JavaScript transpiler Node.js module) transpiles these for browsers that do not support it using the settimeout polyfill.

Pointer Events

Pointer Events API will be fully supported and allow capturing mouse and touch move, over, and leave/out events combined into a single event.

Persistent Storage

Persistent Storage will be supported. Note that pretty much all browsers support localStorage, but it is simply up to the browser when to remove the data. For instance, when hard drive space runs out, storage data gets wiped automatically to free up space. Persistent Storage provides a mechanism that allows the developer to request their data be kept unless clearing out all non-persistent data still does not free up enough storage space. It identifies whether or not their request was accepted or the browser is simply only accepting non-persistent storage.

Chrome 55 is expected to use significantly less memory. Chrome was the first browser to support per-tab processes – but has always been at the cost of using a fair bit more memory than other browsers. Now they have a goal to, eventually, reduce the memory usage enough that Chrome can be used easily on a computer with just 1GB of memory. Version 55 is the first step toward that goal as it both uses a fair bit less memory and has a rewritten garbage collector.

PHP 7.1 Released

PHP (PHP: Hypertext Preprocessor) Logo

PHP version 7.1 was released with a few new features and corrections. Nothing massive (like the major performance increase of version 7) was added so don’t expect hosts to make any major steps to support it.

Nullable Types

Function & method return types can have a question mark (?) placed in front of it to identify that the return value can be either what was identified or a null value. If something other than those values are returned an error is issued.

Void Return Type

Identifying a void return value will only allow nothing to be returned from the function or method. Any other type returned will issue an error.

Iterable Pseudo-Type

A new function or method argument type (or return type) identifier of “iterable” requires an array or object that implements the Traversable interface. If a variable that is not of those types is passed to the function or method an error is issued.

Class Constant Visibility

Class constants can not have a public, private, or protected identifier just like properties.

Square Bracket Syntax for list()

Short-form array syntax can now be used intead of the list() function.

Catch Multiple Exception Type

Similar to if/elseif/else syntax can be used in try/catch blocks to catch more than one type of exception.

Asynchronous Signal Handling

While this cannot be used directly within PHP, certain behind-the-scenes code is being replaced to use asynchronous signals instead of ticks. This will likely a first step to asynchronous process handling in later versions of PHP.

Closure From Callable Function

Callables will be converted to closures automatically when necessary.

HTTP/2 Server Push Support in cURL

A few other smaller features and a number of fixes were also included.

Chrome Security Update: 45.0.2454.101

Google Chrome Browser Logo: Blue gradient circle with a thick white outline and a larger circle behind it with red, yellow, and green trisection coloring from top to bottom left.

Google has released a security update for it’s Chrome web browser. The new version, 45.0.2454.101, includes fixes for a reported cross-origin bypass that affects both the document object model (DOM) parser as well as the V8 JavaScript/ECMAScript engine.

It is recommended that you update your browser to this version to prevent possible exploits. You can do so by clicking the main menu icon (three dashes in the top right) and going to Help / About Google Chrome or by downloading from:

http://www.google.com/chrome/

Canon Global Advancement: Read the Side of an Airplane!

Canon's corporate logo consisting of red lettering with sharp serifs.

Canon, a leader in technology for digital cameras has made an amazing breakthrough in complementary metal-oxide semiconductor (CMOS) technology. Phys.org reports that Canon has developed a CMOS with the highest pixel density ever for a 35 mm full-frame sensor and simultaneously overcome the major hurdles to getting there. At 250 megapixels, or roughly 250 million pixels, it is one beast of a sensor!

A CMOS sensor that appears with a gradient of blue to green to orange from top left to bottom right surrounded by the circuit it is situated on and the thin metal pins the protrude from all four sides.
The Canon-developed approximately
250-megapixel CMOS sensor via Canon Global

The features of this new visual sensor are nothing short of revolutionary. Canon shows it’s new sensor as being able to perform massive digital zoom without pixelation. At 1,920 x 1,080 pixels the sensor is capable of nearly 125x digital zoom and at 3,840 x 2,160 (4K) it is still capable of roughly 30x digital zoom without loosing resolution! They claim that at such high resolution, the digital zoom is able to capture a readable photo of the lettering on the side of an airplane that is over 11 miles (18 kilometers) up! A typical commercial airliner travels at between 30,000 and 40,000 feet or between 5.5 and 7.5 miles high.

Canon also had to overcome some age-old issues with increasing pixel count. As CMOS sensor pixel count increases, so too must the amount of data sent from the sensor into the camera’s memory. Unfortunately this increase in needed bandwidth isn’t always available and you end up with delays before all the information can be stored. If the signal can’t be read all at once you can also get discrepancies where parts of the images are read at slightly different times. This means if a boat is passing through the frame at high speed it could be cut in half or show up in two places within the same image. However these were not issues with the new sensor as circuit miniaturization and an increased speed of signal processing is able to handle the larger bandwidth throughput. In fact, the new technology, even at the highest resolution the sensor is capable of (19,580 x 12,600 pixels), was still able to capture video at 5 frames per second (fps)!

Canon is currently looking at developing this sensor for surveillance equipment, possible medical applications, and manufacturing. It will be interesting to see what becomes of this and how the advances affect camera technology all the way down to cell phones over time.

PHP 7: Release Candidate 2

PHP (PHP: Hypertext Preprocessor) Logo

The next version of the popular open-source scripting language is set to be released in early November 2015 – just a few months from time of writing! The second release candidate has been set free with a few bug and security fixes.

The upcoming version includes new features such as full and consistent 64-bit support across platforms (which also adds support for larger file sizes), removal of a number of old/dead SAPI extensions (including deprecation of mysql in favor of mysqlnd/mysqli or PDO), added support for null coalescing (also known as the isset ternary) and combined comparison operators, return and scalar type declarations, and anonymous classes.

However, the biggest change was speed. PHP 7 benchmarks are shown to be up to twice as fast as the current 5.6 version and nearly as fast as HHVM. My own benchmarks of RC 1 have shown an average 95% increase in performance on a 64-bit Windows 7 machine running benchmark scripts. The biggest performance gain was seen in string manipulation which is what many scripts rely on. However, perception is the real key and there it does not disappoint as either. Local installs of WordPress, upon first run, have gone from ~4 seconds to ~2 seconds. Subsequent runs are nearly instantaneous (1 second or less). Running them in production on Linux servers will definitely be even faster.

Backward In-Compatibility

While the majority of scripts wrote to support the PHP 5.x branch will work perfectly fine on PHP 7, there are some fixes that remain. Most notably, a number of scripts still use the old PHP 4-style constructors. They are being phased out and issue a deprecation warning. Instead of using a method with the same name as the class, you should instead create a method called “__construct” (two underscores followed by “construct”) to create constructor methods. The old mysql (mysql_* functions) are in the same boat. The old mysql extension is deprecated and will be removed in upcoming PHP versions. Scripts need to be updated to use mysqlnd (MySQL Native Driver) through the use of mysqli (mysqli_* functions) or PDO.

The other major change some scripts may run into trouble with, only if Object-Oriented Programming (OOP) is used, is how class variables are returned. According to the upgrade document:

* Indirect variable, property and method references are now interpreted with left-to-right semantics. Some examples:

To restore the previous behavior add explicit curly braces:

Errorpocolypse

The last major difference which may confuse developers is with error display and handling. The entire error handling system has been ported to use exceptions and will now only show an error in a few cases. Most errors, including most fatal errors, will now issue exceptions which do not display like errors do in version 5. You may run into an empty or blank white display or have a partially-rendered page. This is normal for PHP 7. What is happening is that a fatal error was encountered but instead of showing the typical error message and backtrace it simply halts with most scripts as they are currently written. Instead of an error an exception is thrown. A number of developers are not used to using exceptions and will become confused.

In a future post (to be linked here) I will go more in-depth into the changes made to the error system in PHP 7 as well as how to handle them (now using exceptions) and get more information from them while developing scripts.

Firefox: Stolen and Fixed

Mozilla Firefox web browser logo: an orange fox with yellow flames for a tail wrapped around a dark-blue globe.

Mozilla, an open-source software community run by the non-profit organization, Mozilla Corporation, and developers of the Firefox web browser, has announced it’s bug tracking software, Bugzilla, was hacked. The organization’s blog post states that the account that was compromised had access to privately-listed bugs representing zero-day security flaws in the browser. However, if you keep your browser up-to-date you are protected. The zero-day flaws that were stolen were all patched as part of version 40.0.3 released August 27, 2015. The post does not state the date that the account was compromised.

Green bug being swept up by a broom. Icon / clip-art.
By Poznaniak, pozostali autorzy w plikach źródłowych via Wikimedia Commons

This should definitely be a wake-up call for you to keep the software you use up-to-date. Many applications today will automatically update (including the more recent versions of Firefox) but some do not. In addition to keeping you safe from security flaws, the latest versions of programs also deliver features that make using the software more enjoyable and sometimes easier. In the case of web browsers, it also delivers new tools for web developers to use to make better web applications and websites that are more visually appealing and interactive.

More Information

More detailed explanation of why you should take the time to ensure the software you use is up-to-date will be in an upcoming post! I will link the post here.

WordPress Security Release 4.2.4

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

WordPress has released version 4.2.4. This security release fixes 3 cross-site-scripting (XSS) vulnerabilities and a possible SQL injection exploit.

In addition the update also fixes a few general bugs in the software:

  • A fix for characters not being saved correctly when a non-standard database collation is used
  • A fix for the core not type-checking directory listings using glob()
  • A fix for shortcodes not working when they are added at the beginning of an HTML element (e.g. <[my-shortcode ...] >)
  • A fix for shortcodes removing line returns inside of CDATA content blocks

WordPress is the open-source blogging and publishing software originally developed by Autoattic who handed off the software and copyrights to the WordPress Foundation, a charitable organization the supports WordPress and related plugins.

https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

Constructor Returns!

Constructor HD logo overlayed atop a screenshot of the game featuring a quaint neighborhood.

United Kingdom (UK)-based game developer System 3, after 18 long years and a number of fan requests, is bringing back the game that let us build a neighborhood then try desperately not to get run out of town. Constructor, released back in 1997, put the player in the role of a 1920s/1930s construction company owner tasked with building a neighborhood and using undesirables such as hippy squatters, corrupt handymen, and mafia gangsters to run your opponents out of business (usually by blowing up or otherwise destroying their headquarters and them). You could use everything from property destruction and nuisance to intimidation and violence to battle your opponents while trying to keep your own residents from being unhappy or burnt to a crisp.

Since then a “sequel” has been released in 2013, Mob Rule (also known as Constructor: Street Wars), which focused more on mafia-style gang control. NOTE: I have not played Mob Rule so I am not commenting on it.

Screenshot showing the re-imagined foreman managment screen allowing you to add or remove personnel to/from a sawmill that produces wood for constructing other buildings.
Screenshot showing the re-imagined construction manager screen allowing you to add or remove personnel to/from a sawmill that produces wood for construction.

The new game appears to be a re-write of the original game with higher-quality graphics and a few new features. The new game is titled Constructor HD and will be available for PC/Windows as well as on the Sony PlayStation 4 and Microsoft XBOX One gaming consoles. The site claims they have re-balanced the gameplay. Hopefully to be a little harder as it did get a bit too easy after you built up your neighborhood and forces… at least for myself. They are also adding some new game modes and maps. It does not say, but I am hoping online multiplayer will also be included (both co-op, versus, and whatever other game modes they are planning). A few of the developers who worked on the original are also working on this re-imagining of the classic.

Screenshot showing the updated management screen for the hippy squatter undesirable.
Screenshot showing the updated management screen for the hippy squatter undesirable.

Constructor was one of my favorite DOS-based games when I was a kid and I am happy to see it finally refreshed for the latest Windows and consoles! The release date for the new Constructor HD is, as of this post’s publish date — January 29, 2016.