Since MODX 2.5.7 it's no longer possible, out of the box, to create .htaccess files. You might run into this when setting up a new MODX site with friendly URLs, where you get an error when renaming the shipped ht.access file to .htaccess. Luckily there's an easy way to get that back.
Hello! Welcome to my humble web presence. I'm Mark Hamstra, 28 years young, wearer of many hats at modmore, resident of Leeuwarden, the Netherlands. Most of my time is spent building and maintaining awesome extras and tools at modmore, but I also love gaming, cooking, and my dogs. More about me.
This site is where I share thoughts, cool projects and other oddities related to MODX, xPDO and ExtJS. I also write about MODX regularly over at MODX.today. Sometimes I post three blogs in a week, sometimes there's nothing new here in a year. Read a random article.
Today I found out about an initiative from Ben & Jerry's, the ice cream company, to promote marriage equality in Australia. They set up a marketing campaign where you're not allowed to buy two scoops of the same flavour until same-sex marriage is made legal.
It's a bit tongue-in-cheek, but they're also hitting some serious notes by encouraging people to contact their government representatives to request actual political action. Not everyone seems to be a big fan, but it got me thinking about what a business should (or should not) do with its platform or reach.
With my business, modmore, I've always tried to avoid political issues.
Of course I have personal opinions on Trump, LGBT rights, diversity in tech, religions, Brexit, and all sorts of other topics. I'd love to discuss those topics, on personal title, in the future.
But I've always tried to avoid forcing my own political/social thoughts onto modmore, so modmore as an entity wouldn't "pick a side" on certain topics.
Ideas that I might consider common sense (such as the same-sex marriage Ben & Jerry's is promoting), are literally illegal in some countries. And things that are considered common sense elsewhere might not match my worldview either.
Those differences are a given, and I've never seen it as a responsibility for modmore to take its platform and reach to encourage my view of the world, or how it should be, on customers.
People come to modmore for the excellent MODX extras and support, not a lecture about same-sex marriage.
Then, just a few weeks ago, we had a sale at modmore where people who spent over €50 received a free pack of Stroopwafels with their order. Stroopwafels are typical Dutch cookies, and part of that sale was to share a Dutch tradition, King's Day, with the world.
The sale promoted the Dutch heritage of modmore. It didn't judge countries that do not celebrate King's Day, nor did it lobby for Stroopwafels to be produced worldwide. But it did take something that is common sense in the Netherlands, and shared that with the world in a promotion.
Reflecting on it while writing this post, I may have diverged from my original stance with the sale. King's Day and stroopwafels are not really a controversial topic, but couldn't one say that promoting same sex marriage is also just promoting the Dutch heritage? After all, the Dutch were the first to legalise same-sex marriage in 2001. It's part of the Dutch history, and a great achievement for the LGBT community, definitely worthy of celebration.
So now I'm wondering, is there really a difference between shipping customers stroopwafels to celebrate King's Day, and rainbow-coloured hats on Gay Pride?
Perhaps it is my responsibility as business owner to do more to encourage equality, diversity, and other good things to make the world a slightly better place for everyone. That I can live freely in my country, irrespective of my sexuality or (lack of) beliefs, is a great privilege that deserves to be shared and promoted.
Saying and doing nothing is also a political statement, so maybe it's time for modmore to take a more active stance on certain topics that I care about.
What is your take on this? Should businesses use the reach they may have to influence politics or social opinions? Is that perhaps even their responsibility? Or should they just stick to their core business and leave politics out of it?
I've recently been working on a project with Formalicious where the client requested dynamically-filled select inputs. This is pretty straightforward to set up, as shown in this tutorial.
The PHP Version usage of MODX sites can be tracked by the Package Providers used. modmore offers such a package provider for our free and premium extras, and in this article we've taken our sample of 3565 MODX sites running v2.4 or up, and summarised the PHP version they use by minor version.
While working on adding a set of permissions to the ContentBlocks component, Isaac was wondering if there were any good ways of testing them out. The permission system in MODX is not very popular due to its (perceived?) complexity and the need to constantly flush permissions to see a result.
yeah, and the only reliable way i’ve found to test permissions in modx is to have one browser session with the admin changing permissions, and a separate session with the test user. and EVERY SINGLE TIME YOU CHANGE A PERMISSION, you log the test user out and back in ~ Isaac Niebeling
We had a bit of a conversation following that about how the ACLs work.
I had been using the Manage > Flush Your Permissions for refreshing permissions on my limited admin account. I simply made sure the limited user could access that, and that made my testing a lot easier than logging out and in again over and over.
That already seems like one step up, but can we do better?
It turns out that MODX has this thing called Stale Sessions. They've been introduced way back in 2.2.1 and their primary goal is to have a user refresh the "attributes" in its session (which contains a cache of many things about the user, including settings and permissions) the next time it requests a page.
I vaguely remembered that being there, but wasn't quite sure how it worked so I did a search across the MODX codebase to find instances of it, to see where it was called and how it affected the sessions. And that's when I stumbled across the processor for the Manage > Flush Your Permissions menu item.
As the name indicates, the Flush Your Permissions action will to flush the permissions of the user that is logged in. It even warns you that it doesn't affect other user sessions.
But that's a big lie.
The Flush Your Permissions processor isn't restricted to a single user. It tells all users to reload their permissions, through the Stale Sessions feature introduced in 2.2. Seriously, just check the source code if you don't believe me, there's no mention of the current user.
Following this discovery I did some testing with my new set of permissions for ContentBlocks, and indeed flushing the permissions for a full admin user also affected my limited admin user in a different browser.
The commit that introduced this behaviour back in 2012 mentions that it doesn't yet affect anonymous sessions, as those don't have a user record that instructs them to refresh their session, so that's a bit of a caveat if you're working with ACLs for site visitors. But when tweaking client access to the manager, using Flush Your Permissions instead of logging out and back in is going to save you a lot of time.
Can we do better?
So aside from this being a time saver, is there anything else we can do with this information?
Well, one of the reasons I started looking into this was to see if there might be a way to make MODX automatically flush relevant sessions when access policies are changed or added to a user group.
I had concerns about practicality because it could take a long time on large sites, but some tests of the flush permissions feature seem to indicate that it's only a few hundred milliseconds even on sites with thousands of users. That seems totally acceptable for the convenience of not having to flush permissions manually in a lot of cases.
It turns out, the core is already doing this, but only when creating a user group using the access wizard. Not when updating a user group, or when a policy is added, updated or removed.
Sounds like some pull requests may be in order.
I don't know.
When you think of entrepreneurs that make a name for themselves like Elon Musk, Steve Jobs or Derek Siver, those three words don't really come to mind.
While my goal is not to be world famous, a best seller author, or the first person to drive a ridiculously good electric car on Mars, I do want to hone my skills as an entrepreneur. Build products and services that people enjoy using, and growing a business doing things I like.
Yet all so often, I just don't know.
What's the best way to deal with problem X? How do we, or should we, work towards accomplishing Y? What will the effect of decision Z be? Yes or no?
There's uncertainty around every decision that needs to be made. And that freaks me out.
What if we did this one thing? What if we didn't? Will it be the beginning of the end, or is it the start of the famed hockey stick?
By surrounding myself with clever people and actively seeking their feedback I try to minimise the risk of doing something incredibly stupid. I try to force myself to take some time to really think something through if there's serious push back from people that know what they're talking about. More often than not, I change my position on said idea or decision. Maybe it's not quite as good as I first thought, or this just isn't the right time or place.
Stupid self confidence makes me wonder though if I'm a bad entrepreneur for not being 100% sure. How can you run a business if you don't know how you want to move forward on a simple decision?
I've learned to accept that it's okay not to have all the answers. It opens up an idea to more objective look. By saying I don't know, it doesn't mean that I don't care or that I don't lean a certain way, it's just that it needs further thought, analysis, time, or all of the above.
I think that's a good thing.
Free development licenses for Premium Extras at modmore is one of the things in the I don't know category that made it through to an actual launch. The first responses when I proposed this in a team meeting were cautiously optimistic. And when it was first mentioned at the MODXpo, only a few days later, people responded with a round of applause.
Now that it's live, people are starting to take advantage of it. Over 250 free development licenses have been installed to date.
So far, it seems to be a popular decision.
But will people install our paid-for extras for free, tear out our license system, and cause modmore to go bankrupt? Or will this lower the barrier to entry to the point that we will see an influx of new users and increased sales with it?
I still don't know.
But I'm cautiously optimistic.