For the very impatient among us:
npx degit munxar/svelte-template my-svelte-project
cd my-svelte-project
npm i
npm run devEnjoy!
In this article I'll give you some insights how I set up Svelte with TypeScript and style components with Tailwind. There are plenty of articles around, but I found a lot of them overcomplicate things, or don't fit my requirements.
So here are my goals for the setup:
You'll need at least some node version with npm on your machine. At time of writing I have node version 15.6.0 and npm version 7.4.0 installed on my machine.
node -v && npm -v
v15.6.0
7.4.0To setup Svelte I open a terminal and use the command from the official Svelte homepage. TypeScript support has been already added to this template, so nothing special here.
npx degit sveltejs/template my-svelte-project
# or download and extract
cd my-svelte-project# enable typescript support
node scripts/setupTypeScript.jsAt this point I try out if the setup works by installing all dependencies and start the development server.
# install npm dependencies
npm i
# run dev server
npm run devIf everything worked so far, pointing my browser at http://localhost:5000 displays a friendly HELLO WORLD. Let's stop the development server by hitting ctrl-c in the terminal.
Back in the Terminal I add Tailwind as described in their documentation.
npm install -D tailwindcss@latest postcss@latestAfter this step I generate a default tailwind.config.js file with
npx tailwindcss initIf you prefer a full Tailwind config use the --full argument:
npm tailwindcss init --full
See the Tailwind documentation for more infos about this topic.
The default Svelte template uses Rollup as a bundler. When I run the setupTypeScript.js from the first setup step, I get the famous svelte-preprocess plugin already integrated into the rollup setup. The only thing left is that I add the config for postcss as options to the svelte-preprocess plugin. Here are the changes that I make in rollup.config.js:
// rollup.config.js (partial)
...
export default {
...
plugins: [
svelte({
preprocess: sveltePreprocess({
postcss: {
plugins: [require("tailwindcss")],
},
}),
}),
...
],
...
};
At this point Rollup should trigger postcss and therefore the Tailwind plugin. To enable it in my application, I still need one important step.
Now it's time to create a Svelte component that contains the postcss to generate all the classes. I call mine Tailwind.svelte but the name doesn't really matter.
// src/Tailwind.svelte
<style global lang="postcss">
@tailwind base;
@tailwind components;
@tailwind utilities;
</style>Some things to note here:
Now use the Tailwind component in src/App.svelte
// src/App.svelte
<script lang="ts">
import Tailwind from "./Tailwind.svelte";
</script>
<Tailwind />
<div class="bg-gray-200 px-4 py-2 rounded">Hello Tailwind!</div>Now my browser displays a Tailwind styled div. Very nice!
Let's clean up the public/i
Truncated by Planet PHP, read more at the original (another 5726 bytes)
There’s a new privacy-based search engine that just launched called GotConn. GotConn claims that it offers private search, no personalized search results, and makes use of no third party trackers. They also claim that it doesn’t track IP addresses and doesn’t keep user session logs–and doesn’t sell personal information.
GotConn was created by LyNea “LB” Bell, an African American Entrepreneur and Talent Agent. According to a press release, “Over the course of twelve months, Bell worked with Lead Engineer Jason Cook, and Engineering Professor Roderick Crowder to develop a search engine that could generate accurate and relevant search results with record timing, while dually protecting the user’s privacy.”
On the site itself, I can’t find any information about where the results are coming from (is it a meta search engine?). I cannot tell whether or not GotConn is crawling the web themselves or simply getting the data from another search engine and re-presenting it in their own format.
One to check whether or not they’re just using data from another search engine is compare results. I took a look at a search for my name, Bill Hartzer, and the GotConn results are different than they are, let’s say, on Bing:
What makes me believe that GotConn is simply taking data from other search engines is the inclusion of one particular URL that (the one that is my domain with /?=s at the end of the URL). That URL, a search parameter on the site’s home page, appears in Bing, Yahoo (from Bing’s results) but also from DDG (Duck Duck Go). They all tend to pick up that URL with the parameter, which is an exact copy of my site’s home page. Google does not have that URL in the results. There’s a very small chance that a search engine, a new search engine for that matter, would be able to find that particular URL by itself. My gut feeling is that GotConn is essentially using results from another search engine source, but they then change the results somehow so it’s their own. I don’t have a problem with that.
But we know how much it actually takes, how much investment in technology, hardware, and a dev team, to create a new search engine. After all, we don’t have a search engine (yet) from Apple, despite their resources.
The GotConn image search is, well, less than to be desired. I searched for “Bernie Sanders Chair”, well, because who doesn’t want to see Bernie Sanders sitting in a chair, right?!? So, let’s take a look at this trending, recently popular keyword:
The image results somehow are borked somehow. The developer didn’t put much thought into it, as every search engine result image is the same size–which is OK if every image on the web is the same size. But they’re not.
So, for this search engine what do I really think? I’d give it 3 stars, mainly for the effort of launching a new search engine. And making it private. The interface of the results are actually refreshing to see, as there are no ads and the search engine results pages are really, really clean. Seems to be pretty fast, as well.
Other issues I see? How, as a website owner, do I remove pages from the results? There’s not option for that–especially if I’m wanting to take that copy of my site’s home page out of their results.
I also took a look at the domain’s DNP Score, as well. The GotConn domain DNP Score is 550, which could be improved. But, it does look like the domain’s been registered since 2014 and it has been registered into 2022. The score could be improved if they set up a DMARC record on the domain, and if they registered for at least 5 years into the future.
Latest PECL Releases:
Web designers are constantly bombarded with security advice. We’re informed about best practices, security holes and their requisite patches. It’s enough to make your head spin.
Of course, this is all important and well-meaning. Online security is a constantly moving target, where even the biggest players are susceptible. Therefore, it’s up to us to keep up with the latest developments.
Two-factor authentication (2FA) has been among the most touted technologies for keeping online accounts safe. You see it being implemented everywhere from banking to social media. And it can be easily installed on your own website as well.
While 2FA can be effective at thwarting unauthorized access to our accounts, it has some potentially major drawbacks as well. Recently, I experienced this firsthand. The following is a look at what happened and the mess it helped create.
Like just about every other technology, two-factor authentication can be implemented in a number of ways. Users might authenticate via an SMS message, email or a verification code from an app such as Google Authenticator. They might also select a trusted photo that displays with each login, ensuring that they’re not on a phishing site.
Sometimes a service provider will give you a choice. But quite often you’re stuck with whatever method they offer. The more accounts you protect via 2FA, the more complicated this all becomes.
For example, lots of places utilize SMS messages for your phone. But then again some will also require that authentication app. Still others will have a different take. The challenge is in trying to keep track of who uses what technology and making sure you have the right tools on hand.
But it seems that most methods do have a single commonality: they rely on your mobile device to work. That sure is convenient. Still, what if something happens to that device?
This is the situation I found myself in, as the mobile data connection on my Android phone went haywire. Text messages were being delayed by hours or not being delivered at all. A family member residing in the same house and on the same network received their messages just fine. That led me to believe this was some sort of hardware failure.
As one does in this predicament, I tried a number of remedies. This included the dreaded “nuclear option” of factory resetting my phone. It’s worth a try, right?
The trouble here was twofold. First, it didn’t get the text messaging issue fixed. Even worse is that it logged me out of all my various accounts. Google, Facebook, Twitter, etc. were all nuked. Maybe that’s better for my mental health, but probably not so good for work/play.
Attempting to log back into each of these accounts was not so easy. Why? Because of 2FA, of course.
Google was especially tough, as the only two options it gave me were tied to my phone. It wanted to send me a text – but that wasn’t going to work. And they also allowed for a Google Authenticator code. This would have been great, but it required me to be logged into my Google account in order to, you know, gain access to the code.
The solution was to finally boot up my desktop computer and temporarily turn off 2FA for Google (they really didn’t like this). Sweet relief, I got my Gmail back.
For even more fun, I had to repeat a similar process with several other accounts. Ironically, I can’t access my online banking via my desktop, as it relies on SMS verification. I can, however, get to it on my phone because there’s no such requirement. Just thinking about this puts me into a cold sweat.
Of course, my situation isn’t unique. Anyone without access to their mobile device could easily be in the same boat.
The frustrations associated with 2FA can be useful as a teachable moment. Those of us who build websites for a living pat ourselves on the back for increasing security – and rightly so. But implementing this technology in and of itself is not the end of our mission.
Instead, it takes some serious thought. Here are a few things to keep in mind before adding two-factor authentication to your website:
It’s tempting to force users into utilizing two-factor authentication. And in certain high-risk circumstances this makes sense.
But for most sites, you may consider going with stringent password requirements instead. For example, if you’re running a membership site that doesn’t contain anything secretive, 2FA could be optional. But perhaps you ask users to change passwords every six months.
It’s slightly less hassle for users and hopefully less support work for you. And don’t forget about accessibility. Despite assumptions, not everyone has access to multiple devices.
While it may be difficult from a maintenance standpoint, offering more than a single method of 2FA could be beneficial. Users can choose the flavor that works best for them. Or, in a pinch, they could even change what they’re using should their mobile device become unavailable.
Short of that, at least offer an easy way for people to contact you if they run into problems. It’s incredibly frustrating when you can’t access your account and there’s no one there to help.
It’s possible to do everything right and still run into users who have login troubles. For instance, some 2FA implementations offer one-time use backup codes. They’re great for times when your chosen authentication method isn’t working.
However, not everyone is going to take the time to save or print these codes (I sure didn’t). Therefore, it’s important to prepare for the inevitable issues that will occur.
All told, there are a lot of reasons to like 2FA. It can be fairly simple to implement and it helps prevent unauthorized access to user data. And there are a number of different methods available.
It’s not without its shortcomings, though. As I found out, a wonky phone can cause a lot of problems. The inability to log into your most important accounts puts your life at a standstill. Imagine not being able to access your bank account or even your cell phone provider.
So, by all means, add two-factor authentication to your websites and apps. But plan ahead and try to make the process painless for users. You can expect a more secure environment – just don’t expect miracles.
The post Where Two-Factor Authentication Falls Short appeared first on Speckyboy Design Magazine.
Latest PEAR Releases:
There’s an old saying that there’s “no such thing as a free lunch” – meaning that everything has a cost. Increasingly, the available free WordPress themes seem to be heading in this direction.
In the early days of WordPress, themes listed in the official repository were often truly free and unencumbered by ads or watered-down features. Maybe a developer out there created something useful for a gig and wanted to share it with the community. Or an up-and-coming designer used the experience of building a free theme to level up their skills.
While there is still some of this going on, you’ll have to dig deep to find it. These days, so much of the free theme market consists of pared-down versions of commercial products.
The shift is gaining notice. WordPress co-founder Matt Mullenweg recently stated on the Post Status Slack channel that, “The .org theme directory rules and update mechanism have driven out creative contributions, it’s largely crowded out by upsell motived contributions.”
How did we get here? Let’s take a look at what contributed to this downturn and some ways for the free theme market to make a comeback.
One of the key things to remember about the early days of WordPress is its humble beginnings. This was a bootstrapped project that didn’t have a large influx of corporate dollars. Instead, it was a tale of some dedicated developers and the community that grew around the software.
This inspired people to contribute in ways that benefitted everyone. Whether it was squashing bugs in WordPress core or releasing a cool theme, a lot of people wanted to be a part of the team. For some, it was likely their first dive into the world of open source. The novelty of a free app you can use any way you want was the antithesis of locked-down commercial products from Microsoft or Adobe.
Corporations were also a bit skittish when it came to open-source software. Because WordPress didn’t have a traditional centralized workforce behind it, the content management system (CMS) was seen as something of a loveable underdog by its users – and somewhat ignored by larger players.
My, how times have changed. WordPress now makes up around 40% of the CMS market and is continuing to grow. Investments in Automattic (a company founded by Mullenweg that also controls WordPress.com) are coming in from big companies like Salesforce.
An entire WordPress economy has taken shape. Agencies and freelancers build websites. Developers sell plugins, themes, and maintenance services. Web hosts offer packages optimized for the unique needs of the software. And yes, enterprise use is now common.
Theme development in particular has exploded over the past decade. With that, authors aren’t looking to give something away – at least, not without hammering users with various upsells.
To put it bluntly: money changed the equation. And it’s easy to understand why. When you think of how much work goes into building, maintaining, and supporting a full-featured WordPress theme, there is a lot of effort involved. How many people are still willing to do all of that for free?
The funny thing is that, despite the money to be made, the free WordPress plugin market seems to be hanging on. If you look around, you’ll still find plenty of high-quality options – including some with no commercial offering to push. Those numbers may be shrinking, but they’re still out there.
Why is that? Well, building a plugin is a bit of a different process. A developer can make things as simple or as complex as they like. Plugins can cover a single niche or be all-encompassing. One can make a sensible case for releasing a free, fully-functioning piece of software to the masses.
As previously mentioned, themes do tend to have a lot of upkeep. But it is worth wondering if that should always be the case.
So many commercial themes are jam-packed with extras. More scripts, more CSS files and plenty of complex PHP. Not to mention the bundling of page builders and other companion plugins. The larger the theme, the harder it is to maintain and support.
It’s a competition to see who can cram the most into a theme to make a sale. And maybe that’s where things went awry…
Right now, the WordPress theme landscape is so filled with bloat and obnoxious sales pitches that it’s hard to see how anyone benefits. Users are getting a complex product that, in many cases, offers a long list of features but might lack stability or accessibility. And theme authors feel the pressure to keep adding more to stay relevant.
Perhaps taking the opposite approach is the answer. So often, free themes are lesser versions of a large commercial product. Instead, maybe the better path is to start from scratch and build something that covers the basics.
For aspiring theme authors, this could be a way to both gain experience and exposure. Rather than attempting to build the biggest thing, start small. Rely on core features like the Gutenberg block editor as opposed to reinventing the wheel with page builders. Craft a theme that simply works.
What’s more, this also provides valuable experience in supporting a product and communicating with users. The lessons learned here can help prepare you for the demands of running a commercial theme operation. When that time comes, you’ll be all the better for it.
Established authors can also benefit. Build a standalone, basic theme that isn’t littered with in-your-face upsells. Emphasize quality and create a bond with users. When they need something more robust, they’ll be more likely to stick with your products.
Initially, this approach may be like swimming against the tide. But success breeds imitation. And once a few theme authors embrace this sort of simplicity, it’s only a matter of time until the movement spreads.
Successfully onboarding new users has long been a focus of the WordPress project. Whether it’s implementing one-click installations via web hosts or a full-featured content editor, these initial experiences mean a lot. They help determine whether or not a user will stick with the CMS over the long term.
Free themes have a role to play. While a new user could certainly opt for one of the default themes that come bundled with WordPress, it’s also crucial to offer choice. Unfortunately, the amount of quality free options is lacking.
For theme authors, it’s vital that they get a foot in the door and build brand recognition. But to accomplish this, there needs to be a shift in philosophy. Instead of pushing out a half-baked version of a commercial product, a renewed focus on quality and simplicity is what the market is yearning for.
Here’s hoping a new generation of free WordPress themes comes to fruition. One that will show users the best side of the world’s most popular CMS.
The post Are High-Quality Free WordPress Themes a Thing of the Past? appeared first on Speckyboy Design Magazine.
