Category Archives: General

You want to start a content site? Don’t micro optimize.

A friend emailed me with a fairly common problem: she wanted to build a site and an audience, but was getting bogged down in the details: she wanted to build a great site that people want to visit, she wanted to be able to follow SEO optimization tips, she wanted to place the newsletter signup box in the best place on the page, and to do that she needed to customize her theme, install plugins, etc, and she was getting frustrated.

Although I’m more of a technologist than a content creator, I know the dilemma well. I also encounter it every day at my job, in one form or another. The one piece of advice I’d give is: focus on creating content, the tech and details don’t matter.

In engineering, there are two important concepts that good coders end up learning as they gain experience: don’t prematurely optimize, and don’t micro optimize. By and large, many articles and advice about building a brand or site focus on micro optimizations. It’s easy to see why: they’re bite-sized things that you can do that do show measurable improvement. You can really feel like you’re doing something and see the effect. But those are primarily for existing brands.

If you look at, there’s a ton of things that don’t follow the book: it’s loud, it’s hard to see what content on the page is important, hard to see what content is available on the site, and while we promote newsletter signups and social media, they’re buried on the page. In other words, to those focused on self-marketing and usability, it does just about everything wrong. Yet the site has grown massively year over year, has amassed a large social media following, a large number of newsletter subscribers, and a ton of people comment on it.

There’s one simple reason: content. The story is the same across all our brands at PMC. Focus on content. Build a relationship with your readers (through your branding and tone, and/or directly through discussions — find your voice). You’ll want a design that reflects the brand or personality of your content, but it doesn’t have to be perfect, it just has to fit. And then write.

That’s it. Everything else only matters once you’ve already built your audience and want to grow it further.

Living the dream

When I was a kid, I eschewed baseball cards in favor of comic books. I saw ads in the comics for lofty, magical places which could sell you any comic you wanted. Missing issues would never be a problem again.

Mile High Comics, Midtown Comics, San Diego Comic-Con. Places you could reach if you were fortunate enough to live in New York City or Southern California. Out of reach for a kid in Podunk, Texas.

Now I live in Los Angeles and have gone to San Diego Comic-Con nearly every consecutive year since 2007. I’ve set foot in Mile High Comics imposing booth and pawed through their back issues. I have been to Midtown Comics in Manhattan and bought the latest Sandman series.

One might say “I’m living the dream.” And they’d be right.

Well that’s 8GB I didn’t have before

Adobe CS4 Uninstall

Preview is better than Acrobat for my PDF needs (specifically annotations).

Pixelmator handles my current image editing needs just fine. I never found CS4 lacking in features, and Pixelmator has all the features I used, and they’re at least good enough that I can’t tell the difference in quality.

Both open faster and have a smaller memory footprint than the Adobe equivalents.

What I wish I knew about writing PHP and web apps when I started

Chris Cornutt (@enygma) asked on Twitter, “If you were just starting to learn about writing secure PHP apps, what would you want to know?”  While I replied via Twitter, I figured I’d post my own short list here. I’d certainly consider this a beginner’s list, but it’s the kind of basic stuff I wish I had known.

  • There’s nothing inherently secure about POST requests nor data retrieved from the $_POST superglobal. POST parameters are sent within the body of the message instead of the URL, which allows for longer key/value pairs than using a querystring, but it’s just as visible as any GET parameter.
  • Anything transmitted to/from the server is inherently readable by anybody unless you specifically take precautions, such as transmitting via HTTPS.
  • There’s no automatic/magic security or sanitization built in to most standard PHP functions nor frameworks. It’s often there, but you have to consciously use it.
  • Just because it looks like an image, responds like an image, doesn’t mean it’s an image. (Or other type of included file.)
  • 3rd party resources have access to anything on the page, regardless whether it’s visible, behind HTTPS, or obfuscated. Serving your site via SSL isn’t a magic bullet. Javscript can still access elements on the page and do nasty stuff (XSS), and you’re still vulnerable to CSRF attacks.
  • Just because something is only “visible” server-side doesn’t mean it’s inherently secure. For example, any variable can be made global, and all the data within it can be read by any PHP script or method within that script. Case in point: the widely-used Akismet plugin for WordPress includes a dump of $_SERVER in each spam check it makes. This isn’t specifically a problem with Akismet, it’s just illustrating that code can be exposing stuff you didn’t think about, and may be exposing things you didn’t realize. You can do some really evil stuff.
  • Just because you got a file from a reputable source, doesn’t mean it’s safe or good.

Some of those are web security but I didn’t know I needed to care when I started doing PHP  and web development.  I shudder to think of some of the code I wrote that’s still out there.

Related links

Aside: One of the reasons I love WordPress is that it gives you all the tools to write secure code out-of-the-box.  Other Frameworks like Zend and Symfony do, too, but they’re not as obivous.

Google News considerations

You’ll notice a few of these suggestions either aren’t practical, or conflict with other suggestions. You’ll also notice the supporting documentation is for fixing errors with Google News listings. We have noticed that adhering to these when possible produces good results, so that’s why I’m calling attention to them.


  • Make sure that your images are fairly large in size, at least 60 pixels by 60 pixels. (only applies to main article image)
  • Use images that have reasonable aspect ratios.
  • Ensure that your images are inline.
  • Ensure that your clickable images link to a URL with a .jpg or .jpeg extension.
  • Place your images near their respective article titles.
  • Label your images with well-written captions.

Article snippets

  • To give users a preview of an article before clicking on it, Google News displays its first few sentences on our homepage and in search results. To determine which text to include, our crawler looks at each article’s code for body text near the headline of that article.
  • We also recommend clearly differentiating the text that makes up your articles’ author bylines and date information from the text of your articles’ first sentences. Ideally, we will only show the first few sentences of your articles under their headlines in Google News.

Article date

  • Place a clear date and time for each of your articles in between the article’s title and the article’s text in a separate line of HTML. This should help our crawler correctly identify the publication date for your article.
  • Make sure to provide us with the date when the article first appeared on your site.


Just putting it here for reference.

VirtualBox, Vagrant and Mac OS X: instant linux development environment

Vagrant is a Ruby project that lets you set up a Linux virtual machine very quickly, using VirtualBox. Ideally, at least.  Getting it set up the first time on a MacBook can be tricky.  Here’s how I got it running.

This assumes you’re running Vagrant in your home directory.  Also, I already had VirtualBox installed.

Updated 5/30/2011: The previous instructions added ~/.rvm/scripts/rvm to ~/.bash_profile, which caused RVM’s settings to override anything in your ~/.profile.  See “Gotchas” for more info.

Continue reading VirtualBox, Vagrant and Mac OS X: instant linux development environment

Starting and stopping NginX / MySQL / PHP-FPM on Mac OS X

Keeping up with my local dev environment, a while back I wrote a post on Starting and stopping NginX-MySQL-PHP-FCGI on Mac OS X.  I’ve made some changes since then, and I now use a slightly different stack.

I modified MacPorts to configure PHP5 with FPM support, and added in Memcached (also Varnish, but we don’t use that at work and I haven’t been inclined to mess with it, so it’s not in my script).
Script source and changelog after the break…

Starting and stopping NginX-MySQL-PHP-FCGI on Mac OS X

As these things go, it’s super easy to get a LEMP stack up and running on Mac OS X 10.6 (Snow Leopard).  Although at that point I guess it’s a MNMP stack, but that’s an even more ridiculous mnemonic.

Starting up and shutting down each individual service, however, is a pain in the butt.  Sure, 3 services doesn’t sound like a lot now but wait until your 12th configuration tweak in the course of a few hours.  Sure, every tutorial out there has a copy-and-paste-service-script-that-only-needs-a-few-tweaks-to-get-up-and-running-on-your-system.  Forget that; I just want to sudo port install nginx mysql-server php-fcgi and rock’n’roll, bitch.

I don’t want these things running all the time, so forget setting them as startup items.  And I don’t really have the patience to make or tweak service scripts.

So here’s what I do