Untitled [en]

Everywhere I turn
Is something shining in the sun
Like a diamond
Like a pearl
A speck of life or love or fire
Catches my eye
Catches my breath
My heart runs off and takes me with it
I try to follow and keep the pace
I go left
I go right
A merry-go-round lost in the stars
Lights keep flashing in my brain
I singe my wings
The flame tastes sweet
Another one
Oh, look! Another!
I shatter in a million pieces
Sent across the universe
For if I were to remain whole
Those shiny things would steal my soul.

What Goes On My To-Do List? [en]

As far as I can remember, I’ve used lists as a strategy to keep track of what I needed to do. Lists of things to pack when I was a child, lists of things to deal with when I was a scout leader or youth camp organiser, lists of topics to revise or courseworks to work on when I was a student… and so on.

In 2006, I discovered “Getting Things Done” and the concept of “next action”, which was hugely helpful. I’ve used various tools and methods over the years but the one I fall back to in times of stress (which tells me it’s the easiest for me to manage) is simply to write down my tasks on a double page, as they come, and cross them out when they’re done. Once the double page is full, I start a new double page, copy over the remaining tasks from the old one, and go from there.

But what is a task? What goes on this comprehensive to-do list?

In short, anything that I’m going to have to think about, or need a reminder for, or risk postponing or forgetting in the daily flow of things. Anything that will not naturally get done. Brushing my teeth doesn’t go on it, because it’s part of my routine and I do it automatically. Things in my calendar (appointments, etc.) aren’t either. But “contact garage to get new tyres” is, as is “sort through mail”, because it tends to pile up and I haven’t succeeded in building a routine for it yet. I also put things I want to do in my list, like “go to the museum for the samurai exhibit” or “write poetry” because I know now that they won’t just happen if I don’t prioritise or plan them.

If I find myself going “oh, I need to do this!” or “omg, I’d forgotten about that!” it means it needs to go on the list. Time horizon? Within a month or two.

Isn’t a comprehensive list overwhelming?

It can be, but it’s certainly less overwhelming than trying to keep it all in your head and running around like a headless chicken (forgetting important things along the way or staying up late because you forgot a deadline).

How do you use it?

Making a list is one thing, actually using it is another (and maybe the topic of another blog post). The trick is to set aside (plan!) a little time each day to check in on the list and update it. What I do these days is excerpt a weekly list from my comprehensive list when I prepare my week. During the week I work with the weekly list to produce and plan my daily set of tasks.

What about work?

I’ve always had a separate planning system (and list, or notebook) for work and non-work. Work usually happens in a defined timespace, particularly if you’re an employee. This, by the way, explains why I often struggled with my personal life organisation even though things were going fine at work: it’s quite obvious that at work I will keep track of my tasks, plan my days, etc. It’s taken me time to realise I also needed to manage my personal life in a similar fashion – and implement it.

I’ve tried, it doesn’t work!

In that case, what is interesting is to examine how it didn’t work for you. For example, looking back to when lists and planning failed for me, I realised that the key element of failure is that I was not scheduling time to plan, update my list, and schedule. Planning is a task and it needs to be planned for.

What about priorities, deadlines, task classification?

Over the years I tried many shiny task management tools, and saw that anything more than just jotting down something or crossing it out adds friction, and decreases the likelihood that I will keep using the system. If something has a hard deadline I might forget, I’ll write it down with the task. As for priorities, I find that my intuitive feeling of dread when I look at a task on the list is generally a good indicator of what needs to be dealt with first. However, bear in mind that setting priorities for my personal projects is still tricky for me (not enough constraints, compared to a work environment which makes things way easier), and I may have more to say about this as I progress in that regard.

How do you word a task?

I’m more relaxed about this than I used to be. The most important thing is to write it down, so if how you formulate it is keeping you from writing it down… don’t worry so much about the words. But over all, “next concrete action” is always good, especially if you can express it in terms of behaviour. A typical example is “find garage phone number and call for tyres” rather than “change tyres” or even “tyres”. The less your brain has to work to transform the item on your to-do list into an action, the better. I find that when I’m copying over what’s left of my comprehensive to-do list, I’ll often tweak the wording of the list items to make them more actionable (and avoid copying them over a third time in a few weeks!)

Got more questions? Ask away in the comments.

Vivre de son art? [fr]

Des fois, il y a des choses sur lesquelles on change d’avis. Parfois, ça se fait graduellement, presque insensiblement. Un jour, au détour d’un chemin, on se rend compte qu’on ne pense plus comme avant. Mais depuis quand? Et parfois, ça se fait quasi instantanément, à une occasion précise, qui fait déménager notre avis dans l’appartement d’à côté ou la maison d’en face.

Au début de la pandémie, quand tout s’est arrêté, un des enjeux était le soutien à la culture. Je me souviens très clairement de quelqu’un (mais qui?), quelque part (mais où?), qui disait quelque chose de cet ordre: que ceux qui pensent que les artistes et acteurs culturels n’avaient qu’à faire un autre travail, au lieu “de leur kif”, peut-être même un “vrai travail”, pour gagner leur vie, se voient dès à présent entièrement privés de musique, de films, de lecture, et de concerts… histoire de voir si les productions culturelles et artistiques sont si “facultatives” que ça dans la vie, et pour notre société.

J’avoue m’être sentie un peu honteuse, parce que je me suis reconnue un peu là-dedans. Non pas que je pensais (ou aie jamais pensé) que la culture et l’art ne méritaient pas d’être soutenus. Mais parce que mine de rien, je trouvais quand même que l’ambition de “vivre de son art”, surtout dans notre petit coin du monde, eh bien, ce n’était pas très réaliste, et que les gens feraient mieux de lâcher un peu leurs rêves de grandeur et d’accepter que leur activité artistique resterait quelque chose de non-profitable, d’accessoire. On fait de l’art parce qu’on aime ça, finalement. Tout le monde ne peut pas être une superstar.

Mouais. Je suis pas super fière en écrivant ça aujourd’hui.

Sans être une passionnée absolue de culture, comme beaucoup de monde, j’aime aller au cinéma, voir un concert de temps en temps, lire un livre, écouter de la musique, chanter, regarder mes séries et même, pourquoi pas, aller à une expo. Ce que j’apprécie n’a pas toujours été produit par quelqu’un qui “arrive à en vivre”. Et on connaît tous les histoires des créateurs au succès aujourd’hui interplanétaire, mais qui ont galéré à se faire reconnaître ou entendre durant des années, et même parfois de tout leur vivant. S’ils ne s’étaient pas accrochés à leurs rêves, pendant qu’ils étaient dans l’ombre, ils ne rempliraient pas des stades aujourd’hui et ne verraient pas leurs livres transformés en films.

Le travail des acteurs culturels est important et mérite plus de reconnaissance et de valorisation. Il n’est pas normal que ceux qui animent nos loisirs, nos moments de détente, qui donnent une couleur à notre quotidien ou font vibrer d’émotion les moments importants de nos vies soient pris dans un modèle économique où ils arrivent à peine à joindre les deux bouts, à moins de percer et de basculer (en tous cas de l’extérieur ça ressemble à ça) dans le monde surréaliste du succès.

Tout ceci est très certainement un peu simpliste, comme analyse. Je n’ai pas tellement de solutions à offrir, juste une prise de conscience – et un respect croissant pour celles et ceux qui prennent la peine de créer, inlassablement.

Changes in the World, Changes in Us [en]

These last few years, I’ve come to a slightly unsettling realisation: there are changes happening in the world around me that I’m far from enthusiastic about. It’s not just “The Shattering” I wrote about recently. It’s also small things. A restaurant I liked that isn’t there anymore. Part of the ski resort I liked that has been closed. A holiday spot that is now damaged beyond repair. My GP retiring. There is a common thread: parts of my world that I appreciated, and relied on, often for years, and which are coming to an end before I am.

This has got me thinking about how we relate to the world, and how it has to do with the ages of life. Remember what Douglas Adams had to say about how we relate to technology, according to how old we were when the technology in question appeared? Something like that.

When we are children, and teenagers, and even young adults, we seem to be changing much more than the world around us. We’re growing up, one year after the other, learning things, earning freedoms and responsibilities, discovering how the wold is and works. We see ourselves as evolving, and the world as something rather stable, outside of us, which we are excitedly discovering and understanding better with each passing year.

At some point this shifts. We become adults, we’ve gained autonomy, we’ve pretty much figured things out. Of course, we never stop “growing up” and learning. But there comes a time when we start viewing ourselves as more stable and the world as more changing. As years turn into decades, we might even catch ourselves thinking “it didn’t change this much before, when I was a child/teenager!” But of course it did. We just didn’t see it, because what was moving in the world was drowned in our ever-moving perspective on the world, discovering and discovering and discovering.

It’s logical: there is less change in us between, say, ages 35 and 45, than between ages 15 and 25. At 35, we’re fully active participants in the world. As we are at 45. And that allows us to be hit head-on with “what has changed” in that decade.

So I think back to my childhood, teenage and young adult years. I remember everything I saw in the world that seemed normal, that was simply “the way the world was”. Sure, I was already seeing changes. The CD. The internet. TV remotes. Cars changed. Houses were built in the neighbourhood. A new ski run opened. The price of stamps went up. All those changes were astonishing and exciting: wow, things change in the world! There are new things, and I’m here to see them!

But my normal at the time was “oh gosh how the world has changed, how I regret xyz” for many people who had been around a few decades longer than I had. And now it’s catching up with me.

WordCamp Geneva: a whole-day event after two years of pandemic [en]

On Saturday I headed for Geneva to take part in one of the first WordCamps taking place “after” the pandemic. (I know we’re not really “after”, but let’s not wake up that sleeping dog.)

Even though I’ve largely stopped going to events (and giving talks) these last years, and have been enjoying some much-needed alone time, I guess two years of simply not having the option of meeting-mingling-networking did make me a little itchy.

Completely unexpectedly, I found myself live-blogging the talks I attended, like it was 2008 again. Old habits die hard. I had the chance to see some local people I know, catch up with an old friend I hadn’t seen in years, and get to know a handful of nice, interesting, passionate people. I really had a nice day – a huge thanks to the organisers who made the event reality, two years after it was initially supposed to take place. Also, it felt “normal”. I’m aware I’m privileged, not being particularly “at risk” with covid, but I was able to just relax and enjoy being around so many people.

It was a bit weird, though, to realise how much of the history of WordPress I’ve lived through. I moved to WordPress when 1.2 came out. No themes back then, no static pages… Here’s what I had to say when 1.5 came out, to give you an idea. And over the last years, I’ve lost touch with some innovations: Gutenberg, to say the least. (I am familiar with the principle of block-based layouts and editing, of course, but I hadn’t realised WordPress now supported it. Yay!)

The trip down memory lane also made me notice how mature WordPress has become, not just as a tool, but as a community and even an industry. Of course it was already mature years ago – but when you step away from something for a few years, and come back, everything stands out more sharply.

All this is giving me a kick in the pants to perform some much-needed maintenance around here!

Marco Narzisi: Free journalism, fake news and Truth in the age of WordPress [WCGVA 2022] [en]

My notes of WordCamp Geneva 2022, might be incomplete or contain errors!

Anybody can create a site easily today… a newspaper! How can WP support journalism? Open-source, customisable, easy to use.

Three examples of good use.

  • Il Post: free content (Italian), they explain facts, good explanations, no ads.
  • Open: founded by Enrico Mentana, non-profit. Brings young readers close to information, fact-checking. They have ads, donations.
  • Gas social: (Ticino): social and political criticism, non profit association, membership fees, subscription for paid content, donations.

Bad usage: clickbaiting, misinformation sites, hateful content, fake news sites.

  • Lercio: obviously satirical (announced)
  • Pit poisoners: money through ads with clickbait titles. Sensational news with no verification.

Identify fake news:

  • Impressum/Team info (usually missing on misleading websites)
  • Article author indicated on each author
  • Real webdesign versus basic template
  • Images: serious websites use an agency and show credits. If it’s just ripped from the web, beware.
  • Also look for: fact-checking, corrections when mistakes are made.

WordPress is a powerful instrument to contribute to the general information ecosystem if we feel we have value to add. Focus on information rather than making money. It’s a question of conscience.

Jean-Baptiste Audras: Gutenberg : rétrospective et prospective de la montée en compétence d’une agence (et de ses clients) [WCGVA 2022] [fr]

Mes notes de WordCamp Genève 2022, prises sur le vif, n’engagent que moi et peuvent contenir des erreurs!

JB  (core wordpress)

Ces dernières années ont été riches en changements pour WP. WP a toujours suivi les besoins de l’industrie du web. Slide avec rétrospective des grosses étapes de l’évolution de WP + écosystème.

2018, le drame: Gutenberg. Electrochoc pour la communauté: incertitude… (on aime pas!)

En plusieurs phases: éditeur de blocs, puis éditeur de site (phase dans laquelle on est maintenant, 2021-22).

Du point de vue de l’agence: découverte en 2017 vu l’extension Gutenberg, premiers tests. On tente de se persuader que ça va être bien malgré les avis super négatifs (qui vont empirer sur 2018). WP 5.0 prévu pour printemps 2018, donc urgence de s’y mettre.

Veille active, contribution au développement => compris que ça sortirait pas printemps 2018. Contribuer leur a permis d’apprendre et aussi une opportunité d’influencer le développement. Décident de faire la montée en compétence via un projet client (doivent donc monter un discours client: pérennité, réutilisabilité, simplicité et propreté du code… il faut compenser l’absence de référence sérieuse!)

=> mise en oeuvre d’un discours pro-G dans la communauté. (La doc est pas encore là et ça aide pas!)

2e semestre 2018, projet full G, pour une grosse enseigne de distribution. WP5.0 repoussé en décembre, basent tout sur le plugin du coup… Tout est mouvant, grosse perte de temps (ne referait pas si c’était à refaire!) Côté crédibilité, pas simple non plus. Reçoivent maquette par maquette de la grosse agence créa qui fait que de la créa et ne veut pas toucher au reste. Le lead dev a mis les bouchées doubles, le site est sorti juste après WP 5.0, ont pu ôter le plugin, c’est allé (ouf).

2019: 100% des projets seront G. Montée en compétence de toute l’équipe (le lead dev ça suffit pas). Plein de petits projets qui se passent bien, développent des extensions, communiquent dans la communité, puis gros projet d’usine à sites pour un groupe international, avec agence créa qui connaissaient très bien G, ce qui a tout changé. (On fait les pages bloc par bloc.)

2020: pérennisation… les projets passent en maintenance, donc il fallait former les équipes support (n’avaient pas anticipé, erreur). Commencent à être rodés côté discours client, supports de formation. L’arrivée des compositions est une bonne chose (contre l’angoisse de la page blanche). Les clients sont ravis mais les agences créa continuent à être un problème si elles travaillent à l’ancienne.

2021, l’attitude change face à G, bcp d’extensions, écosystème foisannant. La doc est plutôt bonne. Recrutement plus facile… G est mature. (Au début, tout le temps des “erreurs de bloc”!)

Et 2022? Début d’un nouveau cycle. Full site editing. Phase expérimentale assumée. WP 5.9 + thème Twenty Twenty-Two => éditeur bêta clairement indiqué.

Objectifs 2022 de JB: bâtir des petits sites basés sur des Block Themes et le FSE (full-site editing) comme 2022. Préparer le discours client commercial, faire monter en compétences toutes les équipes. Expérimenter le FSE sur des petites zones de sites intermédiaires. e.g. rendre éditable le footer (on peut faire des thèmes hybrides). Puis, lancer un gros projet avec FSE (les usines à sites sont idéales pour expérimenter).

Bcp de gens critiques au départ admettent les qualités de G maintenant que c’est stable (au début: pas stable, mal communiqué, doc absente…)

Vu l’ouverture du projet, on peut au minimum anticiper, et même, contribuer!

WP 6.0 va être une “petite version”, 6.1 consolidation, la prochaine grosse version viendra en 2023 avec les outils collaboratifs.

Matteo Enna: I was a shy guy and I didn’t speak English, but then I discovered WordCamps! [WCGVA 2022] [en]

My notes of WordCamp Geneva 2022, might be incomplete or contain errors!

Matteo‘s personal story in the WordPress community. First talk outside Italy, non-technical, in English (non-remote)!

Matteo is an open-source evangelist and developer from Sardinia. Moved to Milan in 2018 to join the startup he’d been working for. Worked on a big WordPress site. Sees a 2-day event in the WP admin. Decides to go! It was WordCamp Turin. Leaves with a stack of notes after the day of talks.

Discovers the wider community (developers, writers, designers…), all wordpress lovers. Pacman (?) – leaving a space for others to join the conversation.

Second WordCamp: Zurich. Intense! travels alone for the first time, and it’s in English. On the return trip, signed up for two more wordcamps and made a talk proposal. Verona, and then Dublin. In Verona meets other people of the Italian WordPress community. Dublin was a very big community, multicultural. Problems with accents! Difficult for beginners. Also, if you’re shy, easier to sit in talks than participate in the contribution day. But he did the contribution day (support table) in English (written), because it was his goal.

Back to Italy. Being shy makes it hard to speak in front of many people! Cf. “Anger Management” movie (called “shock therapy” in Italian). Started out by being a volunteer and speaker and WordCamp Milan. In Cagliari (Sardignia), there wasn’t a meetup, so he started one.

Then he went to Glasgow, as a volunteer. And now, in Geneva (Switzerland), he shares his story in the hope it will encourage others to overcome their shyness and language issues!

  • it’s important to know and study yourself
  • participate! being a speaker is not the only way (volunteer and contribution day are great)
  • don’t miss the after party!

Pascal Hämmerli: L’aventure de la migration et de l’unification de 8 (gros) sites vers un seul site WordPress [WCGVA 2022] [fr]

Mes notes de WordCamp Genève 2022, prises sur le vif, n’engagent que moi et peuvent contenir des erreurs!

Fribourg Région. Ça commence au restau 🙂

Beaucoup de sites sur une plateforme propriétaire. 2019: il faut une stratégie pour 2022! Un doc de 18 pages, qui défend entre autres un système open source. Puis, présentation, puis de nombreuses discussions pour rassurer les gens sur l’open source. Centraliser la gestion technique.

Pas mal de workshops pour identifier et définir les modules. Puis wireframes. Idée depuis le logo: branding avec sous-sites (les régions), codes couleurs.

  • 8 sites à migrer
  • 8 bases de données à unifier
  • 20k pages web
  • objets et listings
  • FR/EN/DE
  • etc

Coeur du projet: les objets. Ex: un hôtel. Monstre Google Sheet pour définir les champs. Bcp de temps et longues discussions, voulaient garder leurs données et améliorer.

Chaque région a une nom de domaine, mais tout le monde a /randonnee /hotels /machin => pénible à mettre en place techniquement avec WordPress. Ont utilisé un plugin appelé (pas retenu).

L’associé pensait que drupal serait mieux, lead developer a dit qu’il voulait pas le faire (back-office). Souci! Problème: intégrer le back-office pour des objets complètement custom dans le back-office de WordPress.

Ont voulu bosser avec l’Inde (pas simple, bcp de boulot à mettre en place!), sont ensuite partis sur une équipe ukrainienne (plus proactifs, ont pu les intégrer dans le projet).

Outil de collaboration et planification: Monday. + Google Drive, + groupes Telegram (moins de mail).

Ont fait une base de données complètement sur mesure pour les objets. Structure des tables dans lucid. Tous les objets sont gérables depuis le back-office WP.

Question: gestion du multilinguisme?

Nestor Angulo de Ugarte: The strange case of malicious Favicons [WCGVA 2022] [en]

Live-blogging notes, may contain errors! WordCamp Geneva 2022

A story about being hacked. Clean-up team (blue team).

A few concepts to get on the same page.

Two types of companies, those who have been hacked, and those who don’t yet know they have been hacked.

Hackers (curious person who likes to go beyond limits or conventions) vs. cyberterrorists (computer hacker, aligned to enrich himself in a zero-sum game situation = the bad guy).

How a WP site is infected: there is a vulnerability, somebody discovers it and creates and exploit, injects it (final code; backdoor = worse scenario). => spam, botnode, etc.

Targets: users, database, content, infrastructure, bot net, reputation.

Some facts:

  • site hacking is almost never client-oriented (98%)
  • almost always happens due to deficient monitoring/maintenance
  • a SSL certificate is not an anti-hacking shield
  • patches and security updates almost always appear after hacking exploits
  • errare humanum est
  • security will never be 100%

What measures do we have for infected sites?

  • reactive (incident response), when something bad has always happened – pain mitigation
  • proactive, before anything happens (analysis and monitoring) – risk mitigation

In this case: incident response. Identifying an attack quickly, minimising effects, containing damage… We’ll see how Nestor discovered what hat happened and what he did.

WordPress install in which we can see a few weirdly named folders and a file zzkwjuce.zip. Scenario: spammed site. SEO affected, removed Google Rank ?, rapid reinfection. Viagra ads on site. Then you get warnings on the site… not fun.


  • no WAF (web application firewall) for this website
  • tools cleaned spam and malware in plugins and root folder
  • probable vector of infection, outdated plugin (no forensic analysis at this point)
  • integrity analysis shows some core files are modified! (md5 hashes of WP core files/folders) – using WP API

=> index.php, contains an @include to a weird favicon somewhere in a theme. Uses “$ php -a” and unphp. It’s base64 code. base64decode.org Runtime semphore.

Actually the real backdoor was in the comments of the PHP code.

ctrlq.org/beautifier can be useful to make things readable. Sitecheck.sucuri.net (slide with various useful tools).


The favicon was in fact a backdoor to connect to a remote server => turning the website into a bot node. 0day ability. Different options included (spam e.g.), tracking of infected sites, bot net dashboard…

Main question: how does reinfection happen? via a cron job in a user directory (wget), get a file from a malicious domain, make it executable, run the sh script, and there we go.

Final advice: install proactive measures!

  • reduce admins, plugins, and themes (least privilege rule)
  • use password manager, change regularly
  • have backups and validate them!
  • do your updates (remember: patches come after exploits)
  • monitor your site (wpscan.com & file integrity scanner)
  • install a WAF (web application firewall)

Invest in hosting AND security.

WAF: can be external or internal. Wordfence has a WAF. Analyses traffic. Internal can use up ressources. With an external one, the traffic has to pass through it. Sounds like the Star Trek transporter decontamination.