• 41:00

Episode number: 69

ExpressionEngine v2.5

with EllisLab


We’ve got EllisLab back on the show, this time James Mathias and Wes Baker talk to us about the last ExpressionEngine 2.5 update! We get details about the new Cookie Consent module, Rich Text Editor, bug fixes and security updates in this newest release. Wes also shares his experiences working with the Reactor Team, while James talks about the importance of community feedback.


Sponsored by

  • Engine Summit
  • Your ad here (dimensions: 520 pixels wide and 60 pixels tall)

Episode Transcript

CTRL+CLICK CAST is proud to provide transcripts for our audience members who prefer text-based content. However, our episodes are designed for an audio experience, which includes emotion and emphasis that don't always translate to our transcripts. Additionally, our transcripts are generated by human transcribers and may contain errors. If you require clarification, please listen to the audio.


Lea Alcantara: You are listening to the ExpressionEngine Podcast Episode #69 with special guests, James Mathias and Wes Baker of EllisLab, here to talk about the recent EE Version 2.5 update. I’m your host, Lea Alcantara, and I’m joined by my fab co-host,

EmilyLewis: Emily Lewis.

Lea Alcantara:


Lea Alcantara: You are listening to the ExpressionEngine Podcast Episode #69 with special guests, James Mathias and Wes Baker of EllisLab, here to talk about the recent EE Version 2.5 update. I’m your host, Lea Alcantara, and I’m joined by my fab co-host,

EmilyLewis: Emily Lewis.

Lea Alcantara: This episode is sponsored by Engine Summit. Time is running out. The online live Engine Summit coming up at the end of the month covers the ins and outs of ExpressionEngine without the travel hassle of a traditional conference. It’s like bringing the experts to your desktop. At the end of the Engine Summit is the popular EllisLab roundtable discussion hosted by CEO of EllisLab, Leslie Camacho, talking about the state of EE and answering your questions. Sign up today and save 20% when using the discount code EEPODCAST at enginesummit.com.

Emily Lewis: The ExpressionEngine Podcast would also like to thank Pixel & Tonic for being our major sponsor of the year. [Music ends] Hey Lea, what’s up?

Lea Alcantara: I’m finally recovering from the flu. [Laughs]

Emily Lewis: Ooh.

Lea Alcantara: Yeah, that’s what I get for getting out of my home office.

Emily Lewis: [Laughs]

Lea Alcantara: [Laughs] So I’m relieved. How about you?

Emily Lewis: Oh, things are good, thank you. I’m super stoked to have EllisLab back with us again today! The EE 2.5 update has been anticipated by everyone including myself. I know there were a number of bugs I’ve been waiting to see fixed and it seems like 2.5 has addressed many of those. So I’m really interested to talk with James and Wes about the update, but I did want to take a minute or two to mention our survey.

Lea Alcantara: That’s right! We are nearing almost a full year. Can you believe it?

Emily Lewis: No. [Laughs]

Lea Alcantara: Of this new iteration of EE Podcast, and we want to know what our listeners think. So we’ve put together a listener’s survey to help gauge our progress and get ideas for what folks want moving forward.

Emily Lewis: Exactly. So dear listeners, we would love it if you would visit bit.ly/eepodcastsurvey and give us your feedback. That’s bit.ly/eepodcastsurvey, all in one word.

Lea Alcantara: And as a thank you for taking the time to fill out the survey, we will be randomly selecting five respondents as winner of an EE Podcast t-shirt! We will be linking to the sample t-shirt designs on the transcript page.

Emily Lewis: The survey is open now until Thursday, May 31st. We will contact t-shirt winners shortly after we closed the survey.

Lea Alcantara: Now that we’ve got a bit of that housekeeping done, let’s get on to today’s topic.

Emily Lewis: It sounds good, so today we’ve got James Mathias and Wes Baker from EllisLab. James is EllisLab’s chief creative officer who joined the team almost a year ago, I believe. James is instrumental in EllisLab’s design and user experience efforts, and as we talked with him in Episode 48, he’s been working closely with the community to solicit feedback on ExpressionEngine. Also joining us from EllisLab is director of technology, Wes Baker. Welcome guys. Thanks for joining us.

James Mathias: I’m glad to be here.

Wes Baker: Yes, thank you.

Emily Lewis: Great. Now, Wes, I gave a really brief introduction for you because I went on the interwebs and what it told me was that you like puzzles, you are married and you live in Virginia. So can you tell us a little bit more about your role at EllisLab?

Wes Baker: Yes, certainly. About a year and a half ago I started working with EllisLab after becoming a little disinterested in doing client work, but I still wanted to work in the same industry. I still wanted to make websites. I still wanted to be part of that process, and having used ExpressionEngine for probably two years before that, I decided, well, it would be cool to at least work on a product. At the very same time I noticed that EllisLab had put up a job listing for a new software engineer position. It seemed like the stars had aligned perfectly and I said, “All right, well, let me go ahead and apply.” After about a month of interviews and the inevitable waiting for responses to interviews, they told me I had the job and I started that January basically. Since them my response to it has kind of changed and morphed along the way. It all started with working pretty solely on ExpressionEngine and the rest of the code-based to working more with kind of managing the team, working with the team, kind of aligning the team in certain ways and fashions.

Lea Alcantara: [Agrees]

Wes Baker: And that’s where I am at today.

Emily Lewis: I saw on your LinkedIn profile, you are a certified ScrumMaster and Leslie had talked with us a lot, a couple of episodes ago, about how EllisLab is using Scrum. Did you get certified before that, or were you one of the people that helps that sort of come in to EllisLab, that way of running things?

Wes Baker: Well, I have to point to Lisa Wess as the person who was the chief person who brought in Scrum to EllisLab. Actually, the Scrum certification, the ScrumMaster certification rather happens three months into my employment with EllisLab along with the rest of the development team at that point. We all went to Scrum training in Dallas.

Emily Lewis: Oh.

Wes Baker: And we are all certified ScrumMasters and certified product owners in the Scrum process. So yeah, we did that as a team.

Emily Lewis: That’s cool. So let’s talk about the big news last week, the ExpressionEngine update. I know some of the key enhancements that came along with the update, the first of which, the Cookie Consent Module, which I know there was a lot of news about it. Can you tell us about the module, and what brought it about? What the requirements were?

Wes Baker: Well, the requirements for getting ExpressionEngine working is as well as it possibly can without these cookies, and for the most part, ExpressionEngine is getting along just fine for most visitors without cookies being enabled. It does remove a few nice parts of ExpressionEngine such as tracking and few other low perks here and there, but it can go along just fine as long as you are not doing too much with the website, and the impetus for the module was, of course, the law in the European Union, and I think the deadline for that law is coming up shortly, on May 26th, I believe it is. So we wanted to make sure that that was out there and ready with at least a week or so of lead time for all of the people that use ExpressionEngine in the European Union, so they are legal and ready to go.

Emily Lewis: From what I was reading, it’s that in previous versions, is that users weren’t able to consent to cookies, it was just sort of the default, and so people who couldn’t allow that weren’t able to, for example, like register or log in and do a member account in ExpressionEngine. So now, is it like the EE developer just disables the cookies and the visitor opts in for them? Or is it an option that it can be determined based on where the user is accessing, like what the IP address the user is accessing the site from?

Wes Baker: Yeah, so the way it works right now is we give you the option to basically put up a checkbox that would allow the user to consent mainly to accepting cookies. It doesn’t determine where the person is located in any way, so it’s a pretty simple module at the moment. I’d wager that there is probably going to be some feature request to make it work with the IP to Nation Module to see if this person is located in the European Union, but at the moment, that does not exist.

Emily Lewis: [Agrees] Now, I just noticed it’s not included in core. It’s something that someone is going to have to download from the add-on repository. Was there a reason for not making it part of core? Is it like functionally it’s better as an add-on that you optionally add?

Wes Baker: I wouldn’t say it’s better or worse being included or not. The reason why we didn’t include it is actually because we are starting to look at ExpressionEngine more modularly.

Emily Lewis: [Agrees]

Lea Alcantara: [Agrees]

Wes Baker: There is a bunch of modules that we include in the core package that we wager most people don’t use. They just sit in your modules folder. They are not enabled ever. For example, I mean, I can remember doing tens of sites and never using the Blacklist Module ever.

Lea Alcantara: [Agrees]

Emily Lewis: [Agrees]

Wes Baker: And I’m sure some people use it and really need it and it’s a very helpful module for them, but there are lots of modules that don’t necessarily need to be included by default because people are just never going to use them. So this one is definitely one of those more specialized modules that we see only a few people using or at least a smaller percentage than some of the bigger modules like Comments. There are more people using Comments than there will be people using the Cookie Consent Module.

Emily Lewis: [Agrees]

Wes Baker: And so we are thinking slim down the package to make it smaller and make it a little bit more streamlined, and it’s kind of part of a general sense that we have at EllisLab that we want to make things a bit more streamlined, a bit simpler for people to use and install.

Emily Lewis: [Agrees] I like that.

Lea Alcantara: So I’ve got a question about that. I know that 2.5 just came out, and now you’ve decided that, “Okay, so in order to make sure that EE isn’t bloated, we are going to create this as a module so people who need it can install it.” In ongoing versions, is the team considering taking out a few things from the default core module install? Like you mentioned, not everyone uses the Blacklist. I’m not saying that it’s going to be the Blacklist Module that you will be taking out, but are there some things that you will just keep on the add-on repository versus the core install?

Wes Baker: Nothing is certain at this point. I’m not exactly certain, but I can tell you that it’s definitely something we are thinking about. It happened probably a few months ago and this one isn’t even to go up on the add-on repository, but we took out the Blogger API Module. It’s something…

Lea Alcantara: Yeah. Oh yes, yeah.

Wes Baker: Yeah, that one is pretty much completely deprecated at that point. The Blogger API itself was very antiquated, so it just wasn’t working and so it just made more sense to get rid of it. Now, that’s an extreme case, but I could definitely see us doing that with other modules.

Lea Alcantara: [Agrees]

Wes Baker: There is no plan for it at the moment, but like I said, we are talking about it and it’s definitely a part of something the whole development team wants to do which is streamline ExpressionEngine to the point where it does exactly what you need it to do without doing too much more, without having a lot of cruft.

Lea Alcantara: [Agrees]

Emily Lewis: [Agrees]

Lea Alcantara: Yeah, because I know in my current install workflow, et cetera, one of the things that I’m doing these days is downloading the latest version and deleting anything that I don’t need before I upgrade or start a new site. My next question then is, obviously the Cookie Consent Module was one of the bigger development things that people were aware of in 2.5. Wes, is there anything in particular that you were pretty happy to have added or fixed in the 2.5 update that you think might be missed with all the Cookie Consent focus? Is there anything in particular that you think, “Yeah, people should know that this exist in 2.5.”

Wes Baker: Yeah, there are two things that excited me. It’s kind of flipped over the change log.

Lea Alcantara: [Agrees]

Wes Baker: One of them is kind of a subtle one, but hopefully it will make a big difference to a lot of people, and that’s that we removed the IP requirement from the sessions check.

Lea Alcantara: [Agrees]

Wes Baker: And what that does is before when you would go from page to page and we check on your sessions information, we would check to see if your IP was consistent with basically the last reported sessions check. It was a very good security measure. It was to make sure that things didn’t happen that would hijack your cookies basically. So your cookies don’t get hijacked so that it was actually you who was working on the website.
The problem with that is it added a lot of security, but at the expense of logging people out when they shouldn’t have been logged out. So a good example of this is if you are using something like Verizon WiFi or wireless hotspots, something along those lines, they tend to cycle through their IPs pretty quickly, so your IP would change in the realm of anywhere from every minute with more aggressive wireless hotspots to maybe 15 minutes depending upon the provider and the hotspot as well, I’m sure.

Lea Alcantara: Wow!

Wes Baker: And if your IP is changing every minute or so and you are going from page to page in the control panel, you are going to get logged out because your IP no longer matches. So it’s going to solve some of the sessions issues and some of the more aggressive logging out issues. I’m not going to say it’s going to solve all of them. That’s still something we are looking into. It’s something we are still taking very seriously because it’s a problem for a lot of people that use ExpressionEngine.

Lea Alcantara: [Agrees]

Wes Baker: It’s a problem for us as well, but I think it will start to solve some of these issues, so that was one of the things. The other thing that’s got me really excited, and this one is even more subtle. It was what’s called the My Account Nav Setup Hook. So it’s an extension hook for developers.

Lea Alcantara: That’s great.

Wes Baker: And it doesn’t sound interesting. Most of the hooks don’t, but what I really like about this is it allows extensions and therefore any add-on package basically to add a page and a pane to your My Account preferences.

Lea Alcantara: Oh yeah, yeah.

Wes Baker: Yeah, so as opposed to having to go into the add-on page, specifically the module or the extension and editing your settings there, you get to go to the My Account page, so extensions, modules and whatnot can now have per user settings more easily.

Lea Alcantara: Oh, very nice. It’s very, very nice.

Emily Lewis: Yeah.

Lea Alcantara: I think that’s cool.

Emily Lewis: Yeah, also I’m excited to update my own sites with this latest version because I’ve been having a lot of issues myself with logouts that I guess it’s tied to that session thing perhaps that you were describing. It would be great if that goes away for me because it’s definitely annoying.

Lea Alcantara: Yeah, for me personally when I was looking through the bug fixes, my favorite change, I think, and I’m sure a lot of people will agree with me here, the Publish Layouts. It sounds like you guys have fixed some of the weird PHP error issues when the layouts are not saved correctly or when someone added a new custom field that somehow messed up the published page up and it seemed a little inexplicable in the past versions because it was kind of an intermittent issue, and according to your bug fix here that that’s addressed. Is that completely addressed, or is that like the majority of issues should be dealt with in terms of Publish Layouts?

Wes Baker: From what I’ve seen, it seems like most of the issues that came out with Publish Layouts, at least with seeing the host not seeing these errors when we came back to them after adding the field types. It seems like those are gone. Just probably a few hours or maybe it was the next day after releasing 2.5, we started seeing tweets from folks saying, “You know what, Publish Layouts work out a lot better. I’m not getting those errors anymore. It seems to be fixed. Thanks a lot, guys.” So I can’t say all of the errors are gone.

Lea Alcantara: Sure.

Wes Baker: But I’d say, for the most part, the errors that people were used to seeing, they should be gone at this point.

Lea Alcantara: Yeah.

Emily Lewis: So if I’m correct, is this the second update that had the Reactor Team involved?

Wes Baker: It is.

Emily Lewis: So how was that going with the Reactor Team?

Wes Baker: It’s going really well. It’s really good to see some of the third-party ExpressionEngine developers getting to put in things that they really want.

Emily Lewis: [Agrees]

Wes Baker: With things that we don’t necessarily have the time to do immediately, but that they can contribute to the code base that they can add these features that they’ve been looking for for a long time. A good example with this one is another subtle one. It’s more of the developer edition, but they changed part of the template class to allow plugins and modules to use what’s called the Call Magic Method in PHP, and what Call does is it allows you to send all method calls to a class. So let’s say you have a plugin, it allows you to send all those calls to one method that then can route them into different things with them. What this allows you to do is it lets you have one call method that then can route any plugin calls. So if you said, “EXP calling plugin calling do something,” if the “do something” method wasn’t defined in your plugin, it would go to the call method and the call method can do a whole bunch of stuff based upon different things that are going on with the plugin class. It’s just a more dynamic way to allow the plugin to do things basically, but generally, Reactor is going really well. It’s really nice to see people putting in additions that they wanted for a long time. Yeah, I really enjoy it.

Emily Lewis: You were mentioning when you were talking about your role at EllisLab that you are doing a lot more management and leading in the team. With the Reactor Team, is there management on EllisLab’s end? Do you guys, for example, set up regular calls where everyone touches base? Or do you follow up with them? Or do you let the Reactor Team sort of work independently and then come to you guys when something is ready to be talked about seriously?

Wes Baker: Well, there is a few things. One, we don’t do calls with them. There is no real regular communication like that. We don’t have a set schedule to talk with them. It’s a lot more organic than that. So there is kind of two ways things come about. One of them is we start discussions, so that’s probably the less frequent of the two, but it does happen and some additions that come from that are really, really nice. So let’s say one of the Reactor engineers starts a discussion on Basecamp and we start talking about it. We come up with some ideas. We go back and forth going in and at that point, the person who originally sent in that message and started the discussion will start working on the code. He’ll go ahead and we have a private GitHub repository set up for this. They will go ahead and pull the code down and start making the changes, and then they will send a pull request. At that point, EllisLab will take a look at the code. We will go and test everything out and make sure it work as expected, and it doesn’t work as not expected, so to speak.

Emily Lewis: [Agrees]

Wes Baker: Make sure that everything plays nicely. At that point, the code is merged in. We make sure everything is in the change log and make sure that they get the credit in the change log and go from there.
The other method which I think is probably the more frequent of the two is they will actually just start changing the code immediately without much discussion and then they will send the pull request and that’s kind of then we have the discussion there in the GitHub pull request.

Emily Lewis: [Agrees]

Wes Baker: We will talk about what the code does, what changes were made, where they need to make changes in the code for us to be willing to pull it in, things like that. I like both methods. I like the discussion. I also like the pull request immediately. They both have their virtues and the disadvantages, their pros and cons. What I like about the pull request first is that it gives them time to formulate what they want to do. But what I like about the discussion first is we come across ideas that they may not have had to begin with.

Emily Lewis: [Agrees] Nice. It sounds like a really interesting process, and it’s also nice to see in the change log, the contributions from the Reactor Team. So another one of the big changes that came with this latest update is the Rich Text Editor. James, I wanted to talk to you about that for a second because I believe, if I’m correct, we talked about it a little bit when we had you on in Episode 48 and I recall that there had been some discussion in the community, and I even saw it recently on EE Insider when you guys had posted, I think it was like an introductory video with the Rich Text Editor on Vimeo, and a lot of folks, at least 50% of the comments I saw where people were kind of whining with that, “Oh, it’s too little too late. There are other things that are already available.” What prompted EllisLab to bring the Rich Text Editor into ExpressionEngine when there already were third-party solutions available?

James Mathias: Yeah, so part of my goal with ExpressionEngine as a product is to bring it to a place where it is both easy to build websites with, but also easy to maintain websites with.

Emily Lewis: [Agrees]

James Mathias: One of the glaring exclusions from ExpressionEngine is the lack of a Rich Text Editor which is something that is very commonly asked for on the client side, not on the customer side. EllisLab has customers, direct customers, like yourselves and like myself that are designers and developers, and we love ExpressionEngine because it helps us quickly and easily build very dynamic websites. Unfortunately, and I think this is a pain that most of us have felt at some point or another in our career, ExpressionEngine isn’t great for the end user. It isn’t great for the content editor. A Rich Text Editor starts us in the right direction.

Emily Lewis: [Agrees]

James Mathias: As far as it being too little too late, I can’t really speak on that. Maybe it is, maybe it isn’t, but I don’t think it is. I’m glad that we have it in there now. I’m using it on my personal website.

Emily Lewis: [Agrees]

James Mathias: I’m using it for a client site that I’m building currently. I think that it’s a fine addition to ExpressionEngine’s core. We wanted to make sure that we got it right, okay?

Emily Lewis: [Agrees]

James Mathias: And of course, getting it right is subjective, but as long as the content editor is happy, I’m happy.

Emily Lewis: Right. Well, and definitely from I think the content editor perspective, it’s a really visually attractive addition. The field type looks great. It looks like a part of ExpressionEngine, and I also liked the ability to sort of extend it and customize the tool set, so you could have a really simple editor, a very complex editor, which I think are features people have gotten used to from other third-party solutions. I also noticed, and I haven’t done much with SafeCracker myself, but that it’s available with SafeCracker. Is that correct?

James Mathias: I believe so. I believe it is available on the front end. I haven’t actually worked with that myself yet, but it is from what I gather. I do believe that that’s true. Wes can correct me if I’m wrong there. Thank you very much. I’m glad that you noticed the UI. Now, that was my one of main concerns with doing an RTE is I didn’t want to just grab an RTE that’s already on the market and retrofit it into ExpressionEngine. I really wanted to start from a UX and UI perspective, from a fresh slate, from a clean slate, but also I needed it to be recognizable as what it is and be easy to use. I went back and forth on a few of those buttons with different ideas before we came down what we have there.

Emily Lewis: [Agrees]

James Mathias: And I really just wanted to get it out of the way. I wanted it to be easy to use and stay out of your hair and not feel like it’s a glaring issue on the home screen at all times.

Emily Lewis: [Agrees] Yeah. I think the fact that it seamlessly sort of fits into the published form so well is something that kind of sets it apart from some other solutions I’ve used. Is there anything else about the new Rich Text Editor that you think it sets it apart from what maybe people have gotten used to using before this was available?

James Mathias: Yeah, I think that the ability to customize on a per user basis is an extremely powerful feature.

Emily Lewis: [Agrees]

Lea Alcantara: [Agrees]

James Mathias: And I did notice that there were a few complaints about missing buttons from the default install, and my response to that is that we made it very easy for you to create your own buttons.

Emily Lewis: Right.

James Mathias: Now, very easy is subjective depending on your skill level.

Emily Lewis: [Laughs]

James Mathias: You know it certainly, but there is always room for us to create new default buttons as well to ship with the product as time goes by. We came up with a set of buttons that we came up with as the most commonly requested buttons, and I know that we missed one, and that’s an oversight on my end, but being able to easily link to files and not just images, that’s definitely an oversight on my part.

Emily Lewis: [Agrees]

Lea Alcantara: [Agrees]

James Mathias: So I take full blame for that. I apologize for that.

Lea Alcantara: Yeah.

Emily Lewis: It kind of sucks that you have to say that. I think people’s expectations sometimes are just a little unreasonable. This is truly just my opinion, but I mean, you’ve brought something valuable into the core. It’s the first time it’s there. If it’s missing something, it’s not the end of the world. You guys will get it the next time around [laughs]. We are all developers. We don’t ever get everything right the first time, but I think that’s something you guys deal with a lot with the community, it seems like. There is a lot of communication from the community and some of it of the whiny kind.

James Mathias: Sure.

Lea Alcantara: Well, as part of the whiners. [Laughs]

Emily Lewis: [Laughs]

Lea Alcantara: I think it just shows that it’s a passionate community, right?

Emily Lewis: [Agrees]

Lea Alcantara: It’s because we feel connected to the software that we are using and that’s a testament to the software itself, right?

James Mathias: Yeah, I know.

Emily Lewis: I just wish it didn’t overshadow the improvements and changes that comes. Sometimes it does feel, to me, it seems like it gets over-shouted by people not getting what they thought they wanted right away.

James Mathias: Yeah, so when I first came to EllisLab, I really wasn’t prepared for that. I wasn’t prepared. I knew that the community itself would be my boss in a way, but I wasn’t prepared for the seemingly blatant negativity that occurs. But over the almost a year that I’ve been here, it will be a year in June 6th, I’ve really tried to find a balance between what’s the reality of our user base and their relative happiness and what’s the perceived. I found that there is a very, very small minority of people who are negative on Twitter, Facebook or in the internet in general, and they do not represent the larger whole of the community that’s behind the product and building the product every day. So I apologize because I do feel like I made a mistake there. I feel like I made an oversight, and I’m not apologizing because I feel like I have to apologize to the community. In my opinion, I don’t think that there are as many people that are unhappy as that there are happy, and the people that are unhappy, like Lea said, are just very passionate about the product and I think I’d rather have very passionate, angry customers that are still buying the licenses than to have people who just get mad and leave and don’t say a word.

Emily Lewis: Yeah, or the people who don’t say anything and give you a point of reference to know how to improve. It’s a good point.

James Mathias: Exactly.

Emily Lewis: It’s a good point. So other than the text editor, James, kind of like what Wes did, did you have a favorite bug fix or a favorite enhancement in this latest update that you really found the most satisfying?

James Mathias: As you know, my primary focus was RTE user experience, and also I’m glad that we got the European cookie fix out before the deadline.

Emily Lewis: [Agrees]

James Mathias: Because even though it only affects a small portion of our users, it’s an important portion, and if they can’t use the software anymore because of some arbitrary law that they can’t control, then makes it hard on us as well, and we don’t want to lose anybody because of a very simple law that gets passed and causes our software to stop being functional.

Emily Lewis: [Agrees]

James Mathias: So I’m glad that that got in there and I’m glad that the RTE got in there in the state that it’s in. I think the development team did a very fantastic job in getting it working across browser and in just the different situations that it might appear in, so I’m happy with that. In terms of other bug fixes and whatnot, I’m always happy when we get bug fixes. I think that stability in the program is actually what our number one concern, what should be when comparing to new features. New features are terrific and they get people excited and they help sell the product, but stability helps people continue to buy the product and continue to use the product. So for me, stability is a number one goal of the product.

Emily Lewis: [Agrees] Were there any other design enhancements that maybe aren’t mentioned like small little changes to the control panel that you participated in?

James Mathias: So I know that for the majority of the community, that’s the number one thing that they want me to be working on.

Emily Lewis: [Laughs]

James Mathias: It’s fixing the control panel, and I promise that it is a primary goal of mine. Myself and Sam has been a little sidetracked with another project, which is a very important first step prior to letting us dig into the ExpressionEngine control panel, and once that’s complete, that’s where we will be going, it’s straight to the ExpressionEngine control panel and trying to make as many fixes and changes as we can there, and I have some pretty big plans and visions for the ExpressionEngine control panel and ExpressionEngine, the product overall, so I want to bring all those things to fruition. But as soon as we finish the project that we are working on right now, which I can’t give a lot of detail on, but people will understand. I hope people will understand why we tackled it first before heading on to the ExpressionEngine control panel, but I do promise the community that that is definitely a priority, but it is not my current priority.

Emily Lewis: Got you.

Lea Alcantara: I have one last question about the RTE, so I’m just looking at it a little bit right now. Why choose the word “link” instead of the classic “chain” icon. So you have, for example, a button for an image and then you just have the word “link.” Any reason why you chose that as the design user experience choice versus an icon?

James Mathias: Yes, so the end user, the content editor, the person who would be primarily using the RTE is probably not as familiar with a link like a chain link, meaning a link.

Lea Alcantara: Yes.

James Mathias: And I was trying to be as clear as possible with what each of those buttons will do, and when talking with people who aren’t super web savvy, I would ask them, “What would you look for if you are trying to create a connection between two web pages?” And they all said link, they would make a link.

Lea Alcantara: [Agrees]

James Mathias: So I chose the word “link” to go into that RTE just to help people on the end user side of things. I mean, clearly all of us who have been using the internet and build websites understand that the little chain means, “Let’s create a hyperlink here.”

Lea Alcantara: [Agrees]

James Mathias: But not very many people who don’t use the internet know that, so they know they call it a link. So I was just trying to be extremely clear with people, for content editor’s sake. Did I go a little bit too far? Maybe, but I don’t regret it, and I think I haven’t heard a complaint about it. This is actually the first time that anybody has asked me why I made that choice, and I appreciate it you asking because I like explaining my choices.

Emily Lewis: So do you do a lot like user surveys or user interviews when you are doing this kind of work, James?

James Mathias: I do personally.

Emily Lewis: [Agrees]

James Mathias: Yeah, but we don’t do anything on budget with EllisLab. I don’t have like when I was working at Amazon, we would actually have like days where we would bring people in and it was very structured and we would do like eye tracking tests and things of that nature. We would find out some really interesting information, but I just do it more casual. I find people who I know who aren’t super web savvy and I would talk to them and I ask them questions, but I don’t sit them down at the computer and say, “Here, I want you to try to accomplish this goal.” I just talk.

Emily Lewis: [Agrees]

James Mathias: I just casually talk to people and I try to find out the language that they use because that tells me a lot more than how they use a website. Because if I name something appropriately, they will find it eventually, but if I name something inappropriately and put it on the screen and then sit them down and ask them to do a test without any effort, you will notice that people search around the screen for a long time. You know exactly where that button is because you’ve put it there. So those are the kinds of things that I talk to people about. I try to find people who aren’t super web savvy. I try to find people who are web savvy, but aren’t web developers.

Emily Lewis: [Agrees]

James Mathias: I just have casual conversations with them because I think that’s the most important way to get to the point that we need to be because we have to strike a really hard but fine balance between people who are building the websites and using it in the software with the same interface as the people who are going to actually be managing the website with that interface. So we have to find a balance between the two that doesn’t super confuse anyone or make it too hard for the developer to continue building really dynamic websites with the software.

Emily Lewis: So there was one more update that was included with 2.5, and I apologize for leaving it to the end because you guys do list it as important on the change log, but I probably left it too because I really don’t know what it is. So you guys have made changes with XSS filtering. Wes, do you want to describe what’s going on with that, what changes have happened, and why it’s important?

Wes Baker: Sure. First, you guys are all saying that it is a security fix and as such we try and keep the details of it pretty vague.

Emily Lewis: [Agrees]

Wes Baker: We don’t want it to be really easy to exploit the security problem, but it could be.

Emily Lewis: How’s that?

Wes Baker: Basically, what was happening is someone could submit something and if what they submit was output directly, so without any way of cleaning it up, like not passing it through the typography library, not passing it through any plugin, basically any of that would catch this problem. If you basically went straight from a form on the front of the website to then displaying the website, it could execute some JavaScript. With that being said, the majority of people out there, this would not have been an issue. You would have to bypass so many filters, so many different things in order to get it to do this, but at the same time it was an issue and we wanted it fixed.

Emily Lewis: So I mean, those security changes, are those kind of ranked at the top when you guys start getting ready for another update?

Wes Baker: Yes. Those are always at the top. Those are at the very top. Typically, what will happen is we will get an email from someone. There is a whole bunch of people that do security work, whether it’s on ExpressionEngine proper or whether it’s CodeIgniter, they kind of take a look at different issues that could come up based up different exploits, and they will send an email saying, “We found this issue. Here is the problem.” And then immediately we start saying, “Okay, how do we fix this?” This usually requires us to drop things we are working on and that’s how we treat security issues. They are dealt with immediately as soon as they possibly can be. We will figure out who on the team needs to work on this and we will start on it immediately. We will come up with a solution and then we will talk with the person who recently sent that in, making sure that satisfies the problems they found, and on our end, we are making sure that it doesn’t create new problems.
So yeah, those are definitely at the very top. We are trying to fix those out as soon as possible. It very much depends on the level, how much damage it could cause. If it’s something that no matter what it passes through, no matter what filter it passes through, it could damage your website, that’s something we are going to deal with immediately and get a release out as soon as humanly possible. Those tend to happen less frequently these days. This fix in particular is a problem, but it was not one that had to go out immediately. It needs to go out in the next release, but it was not something that was so detrimental that it could cause a lot of damage, so I think we had received the email for this one probably about two weeks before the release. We worked with him to get it fixed and solved. We put it in the release and sent it out.

Emily Lewis: Excellent. James, you mentioned a little bit that you and Sam are working on something you couldn’t really talk about. Either you or Wes, is there anything on the horizon that you can either vaguely or specifically talk about, that you are excited about, that the community should be excited about?

James Mathias: I think internally at EllisLab, we are trying to not talk about things until they are ready.

Emily Lewis: [Agrees]

James Mathias: Because historically…

Emily Lewis: That expectation thing. [Laughs]

James Mathias: Well, yeah, and it historically gets us in trouble because we have a bit of perfectionist mentality internally, so what ends up happening is we will say, “Yeah, we are going to do this.” And we do have every intention of doing it and by the date that we say or whatnot, but we run into something, like with the RTE, for example, it just wasn’t ready when we said it was going to be ready and we wanted to make sure that it was ready because it just turns out that if you release something that’s ready, even if it’s late, people are going to be happier than if you release it on time.

Emily Lewis: [Agrees]

James Mathias: Your arbitrary time scale that you gave, you release it on time and it’s poor, then it just makes things worse. Yeah, so we are trying not to do that anymore. We are trying not to give dates or talk about things until they are absolutely ready. The thing that Sam and I are working on is very close, but it’s not ready, so I don’t really want to talk about it publicly in terms of getting anybody any sort of expectation of what that is. I will tell you that it’s not software based.

Emily Lewis: Lots of opportunity to imagine. [Laughs]

James Mathias: Yeah.

Lea Alcantara: [Laughs]

James Mathias: That’s something to chew on.

Emily Lewis: [Laughs] What about you, Wes, from your development team, is there anything that you are able to generally mention that you guys are working on and are very excited about?

Wes Baker: There is definitely a lot of things we are really excited about. Things like you mentioned are very few and far between. Like James said, we like to keep a tight lid on everything. The best I can say is that there are probably a lot of very happy third-party developers when we are done with one of the larger projects we are currently working on. Beyond that, there is a whole bunch of things we obviously are really excited about internally, but I can’t talk about it publicly quite yet.

Lea Alcantara: Got you. All right, so I think that’s all about the time we have for today. Thank you, James and Wes, for joining us.

Wes Baker: Thanks for having us

Emily Lewis: Before we let you go, could you, James, tell our listeners where they can find you online?

James Mathias: Oh yes, you can always find me on Twitter, @jmathias, and you can find me at my personal website which I will definitely start contributing to soon again.

Emily Lewis: [Laughs]

James Mathias: Which is leihu.com.

Emily Lewis: And how about you, Wes?

Wes Baker: I’ve got the same deal. You can find me on Twitter, @wesbaker, or you can go to my personal website at wesbaker.com

Emily Lewis: Great. Thank you guys again for joining us.

Lea Alcantara: [Music] All right, so now, we would like to thank our sponsors for this podcast, Engine Summit and Pixel & Tonic.

Emily Lewis: We would also like to thank our partners, EllisLab, EngineHosting and Devot:ee.

Lea Alcantara: Also, thanks to our listeners for tuning in. If you want to know more about the podcast, make sure you follow us on Twitter @eepodcast or visit our website, ee-podcast.com.

Emily Lewis: Please tune in to our next episode when we will be talking with Nevin Lyne of EngineHosting about, you guessed it, hosting. Be sure to check out our schedule on our site at ee-podcast.com/schedule for more upcoming topics.
And don’t forget to give us your feedback. Please visit our user survey at bit.ly/eepodcastsurvey, and let us know what you think.

Lea Alcantara: This is Lea Alcantara.

Emily Lewis: And Emily Lewis.

Lea Alcantara: Signing off for the ExpressionEngine Podcast. See you next time.

Emily Lewis: Cheers.

[Music stops]

Love this Episode? Leave a Review!

Emily Lewis and Lea Alcantara

CTRL+CLICK CAST inspects the web for you!

Your hosts Emily Lewis and Lea Alcantara proudly feature diverse voices from the industry’s leaders and innovators. Our focused, topical discussions teach, inspire and waste no time getting to the heart of the matter.