Quitting Firefox

The opposite in fact. I've started using Firefox again and found myself cursing multiple times after hitting Meta-Q and quitting instantly. Chrome had a feature to require me to hold down Meta-Q to quit so a quick finger slip didn't kill my work. In Firefox, you can visit about:config and search for browser.showQuitWarning, then toggle it to true. Set as true, it'll warn you before quitting.

Global Entry and TSA Pre-Check

Global Entry is a trusted traveler program offered by U.S. Customs and Border Protection. If you’re able to pass a background check, interview process, and willingness to pay $100, you get five-years of inclusion in this program that offers two main benefits for me:

  1. Accelerated customs processing
  2. Accelerated airport security via TSA Pre-Check and others

You can get access to TSA Pre-Check by itself for a little bit less, $80-$85 or so, but for the extra $20 if there’s any chance you’ll go international is worth it.

Customs Processing
Re-entering the United States at entry points with Global Entry kiosks is stupidly easy. Those annoying little forms that you get on the plane that you never have a pen ready for and end up chicken-scratching something while trying to stay steady while using the seat back tray? In the past. When entering the country, you can proceed directly to a Global Entry kiosk, scan your passport, provide fingerprints on the digital panel, smile for a picture. The kiosk will walk you through a couple of customs questions—anything to declare?

You’ll get a receipt with your picture on it to present at the customs official. I’ve been painfully honest, declaring the chocolate bars I’ve brought back from Belize and Ireland. This earns a big printed circle surrounded an alert on the receipt for the official. The official asked me what I’m bringing back, they laugh at the mention of a chocolate bar, and I’m on my way. I’ve used Global Entry in Vancouver, Dublin (both have US Customs Pre-Clearance, so you don’t have to clear customs domestically on a layover), and Houston. Each time took less than five minutes from getting to the customs area to leaving cleared.

If you live near Canada, joining the NEXUS program may make sense to you too. That’ll give you accelerated entry into Canada as well. All of the interview stations are at the U.S./Canada border or in Canada and I don’t travel to Canada enough (twice in three years) to merit the effort to figure out the logistics.

Airport Security
TSA Pre-Check is all the rage. With horror stories of 2+ hour lines in Chicago this summer, TSA higher-ups being kicked out, airlines putting warnings on boarding passes, people suing the TSA for missing flights, airport security has a bad rap. Without getting into the merits or effectiveness of current security measures, it is a fact of life for now if you’re traveling the friendly skies.

When accepted into the Global Entry program, you’re given a “known traveler numbers” that you can provide to airlines when making reservations. While not guaranteed, it virtually will always give you access to TSA Pre-Check—I’ve never not received it. This is absolutely worth it. $20 a year is a no-brainer if you can qualify with the background check.

Two quick examples. My wife and I, along with two of our kids, traveled to New England for the wedding of a dear family friend. I have Pre-Check, Vanessa doesn’t. I’m able to take my kids through with me, since they’re under 12, but the rules do not allow me to bring Vanessa in with me. When we were traveling back to Austin, the shuttle from the rental car station to the terminal took longer than we expected and there was more people in the terminal then we were expecting at 4 am.

Vanessa went straight to the security line while I took the kids to the ticket counter to check our bags. The ticket counter line was insane. It filled the queue and spilled into the passageway. Checking the clock, I started to get concerned we were going to be cutting it too close. Finally, bags were checked and we went to security. Practically, we walked through security and looked to find Vanessa, assuming she made it through already.

No. Still waiting through security, where she ended up getting an extra check because she put her boarding pass and ID in her back pocket, which set off all the alarms of the scanner. Once she got through, we walked right to the gate as they started the boarding process.

For my work trips, I aim to carry-on or use the skycaps when available to eliminate the bag line. For my last trip, it was only a few days in Florida in the summer, so light clothing and easy for an carry-on. My Wingz driver dropped me off at half-past the hour, I stopped at a bench to prepare myself for security1, then went through the Pre-Check line. After getting through and collecting my things, it was 35 minutes past the hour. Literally five minutes from curb to being completely through security. Absolutely worth it.

Lastly, Global Entry (as does NEXUS) gives you access to Canada’s version of the Pre-Check line. The security process is still pretty similar to normal folks—notably you must take your laptop out of your bag. The U.S. TSA-approved lay-flat computer bags do not count in Canada, as a very direct Canadian airport security agent reminded me I “wasn’t in the United States. Our rules.”

I fly a handful of times a year, at least, and there are extra fees everywhere—$25 for a bag, $100 for a change fee, the price of airport food. This $100 for five years has been the most worthwhile “extra” expense.

  1. Even with Pre-Check, I strive to streamline processes. I keep my wallet in my work bag and wear those silly travel wallets with my ID, phone, and boarding pass to minimize things to take out. I attach my fitness tracker to my bag, just in case a particular metal detector is sensitive, so when I hit the line, I drop my work bag, my wallet necklace, and my carry-on without needing a tray or trying to dig things out of my pockets. 

Code is Poetry… and Warm!

The WordPress swag store added a couple of products yesterday. A Wapuu Christmas ornament and, my personal favorite, the “WordPress Ugly Holiday Sweatshirt“, which I don’t think is ugly at all.

This is not an ugly Christmas sweater. It's a sweatshirt.

This is not an ugly Christmas sweater. It’s a sweatshirt.

I’ve been eager to see this in production since Nick Hamze first teased it on his site in October and it is finally available to the masses. It is an amazing piece of clothing and the reaction on Twitter has been intense.

If you don’t follow Nick’s site and appreciate, on any level, swag, WordPress swag, Wapuu, Wapuu swag, then you’re just missing out on a thought leader.

Nick also runs the Unofficial Wapuu Fan Site and just published a great post on the origins of Wapuu.

The Power of WordPress.com

I’m guessing they just wanted a quick and easy way to make a functional and beautiful website, which is kind of the whole idea of WordPress.

Source: Amazon Silk on WP.com | Matt Mullenweg

Via Twitter, I stumbled upon this 2011 post from Matt sharing that the Amazon Silk Browser’s blog is hosted, for free or little cost on WordPress.com.

I have to admit it. Before starting with Automattic, I didn’t appreciate WordPress.com.

You have to choose one of their themes. You can’t install any plugins. You can’t fiddle with your theme’s functions.php file. You can’t even change CSS without paying for their $99/yr plan!

Why would anyone go with WordPress.com over a $10/month shared host?

It truly is the easiest, fastest, and cheapest way to spin up a website.

Yes, there are limitations. It isn’t the wild west of shared hosts where anything goes until you overwhelm the server or the host shuts you down, but there is incredible power behind the scenes.

With your typical shared host, you are given space on one of their servers. One server. What happens when someone else on the server runs a bad script? If your post gets tweeted out by someone with a million followers?

Bad news bears.

WordPress.com is one massive multisite install of WordPress. The same core WordPress files run the whole shebang, from your neighbor’s secret cat blog to the largest VIP site. It is spread over I have no idea how many servers on a half-dozen or more datacenters around the world (with more seemingly always in the works).

When a server fails, which will happen, the infrastructure doesn’t miss a beat transitioning whatever traffic would suffer to another server. This is redundancy is available elsewhere, but normally for a pretty penny. It is something that all WordPress.com sites enjoy, no matter if you’re on the free level or have upgraded.

I’m a huge geek who likes to fiddle with things. I’m never going to move this site to WordPress.com—I just want to play with it too much. But the beer blog I help write along with a friend? My Daddyblog? Or the private collaboration sites using o2/P2? I can do quite a bit on WordPress.com without any worry.

One of the biggest blockers I’ve had with writing on this site is the desire to tweak it. “Oh, a new version of a plugin—let’s check it out.” “Hmm, it feels a little slow, let’s check five different speed tests.” “Let’s upgrade to PHP 7 and test it out against HHVM on my site.” Many times, I’ll sit down to write something and either come up with a project like that—which like many improvement projects, end up being quite a bit more work than I expected when I started. Or, I find a bug in a plugin and want to go report it. Or something that feels weird in WordPress itself (running “trunk”, that happens more often than 99.99% of people would experience).

By putting some of my creative outlets on WordPress.com, I freed myself to actually be creative more.

Screenshot of the WordPress.com logged-out homepage

Before I started working at Automattic, when a friend asked me to spin up a site for them, I would immediately jump through the hoops of setting up an account on one of my servers for them, install WP, get them the basic setup, and let them go to down. And then field the support requests and everything else.

Now, I take a bit of time to determine what their plans are with their site and discovered that, for many, WordPress.com is a better solution and actually scalable for me. 😄

I think when the pros and cons are considered a bit more, WordPress.com is more attractive than a lot of us geeks might have thought before. After all, with all of the cloud power of Amazon, they realized that WordPress.com was a better fit for them than anything in-house.

Two Factor Authentication with Jetpack

Over the summer, I wrote up a quick one-file plugin to force site administrators to use Jetpack’s Single Sign-On via WordPress.com, specifically with two-factor authentication1.

It was closed-sourced initially, for no other reason than it was experimental and didn’t want to make a promise it was coming without it being proven.

Without further ado, I give you Jetpack Force 2FA!

On multisite installations, it forces all users to use the SSO+2fa since there isn’t a reliable way to know if a particular user is an admin on any site of the network (since once they’re logged in on one site, they’re logged into them all).

On single-site installations, if logging in with a traditional username and password, it’ll check if the user is an admin or not. If so, it’ll kill the login attempt. If logging in with SSO, it’ll either use the pre-established connection between the local user and the WordPress.com user, or it’ll automatically accept if the e-mail addresses of the two accounts match.

It is pretty helpful for us at Automattic, since it gives us a pretty easy way to get the benefits of 2FA on our Jetpack sites without having to do anything extra.

This is still pretty far from perfect. Long-term, I like the WordPress Feature Plugin that is exploring adding 2FA directly to Core. The plugin, being developed on GitHub and available from WordPress.org, adds an extendible framework to add two-factor methods.

Out of the box, it includes methods for e-mail, TOTP (e.g. Google Authenticator or Authy), backup codes, or FIDO U2F (a special USB key that when connected to the computer provides the second authentication factor). It’s going to be a nice addition to WordPress if it lands, but even if it doesn’t, can still get the benefits of 2FA via Jetpack2.

  1. Two-factor, or two-step, authentication is when you need to login with two separate items—usually something you know and something you have. In Jetpack’s case, you’ll need to know your password and need to have your mobile device, either with an app installed to provide a code or ability to recieve SMS. 
  2. The 2fa plugin and Jetpack SSO doesn’t quite work nicely together yet, but we’ll get them working together soon enough.