Welcome to my new blog

Hi, I’m PROGRAMMER BEAR.  I like fishing, long walks in the forest, and computer programming.

I’m a web developer by day, so I’ll be talking about topics ranging from web technologies to more technical programming things, general work/life issues, and anything else that seems interesting to me.

Hopefully something I say here will someday prove useful to somebody.  That’s nice to think about anyway.


How to remove WordPress’ “PHP Update Required” nag box

WordPress recently introduced a scary “PHP Update Required” nag box on your WP dashboard. “Your site is running on an insecure version of PHP” they say. Isn’t that lovely? Well, no WordPress, just because my PHP version is “old” does not make it “insecure”. Fuck you.

Fortunately it’s easy to remove. Just add the following to your functions.php:

Now, I know what some of you are thinking… “but updates are important!” Hah.

I hate updates.

These are blasphemous words in the programming world. But it’s true, I hate updates with a passion. Why? Because updates break things for no good reason. A lot more often than you’d think. I’m a busy guy, so the last thing I want to do is waste time figuring out some strange bug that appears because some shitty developer released some shitty update to some shitty plugin.

I believe firmly in the saying, “if it ain’t broke, don’t fix it”. That’s why I religiously DON’T do updates. As a WordPress user, that means I don’t update my plugins, I don’t update my theme, and I don’t update WordPress core — unless I have a specific reason to do so.

Let’s be honest, 99% of updates are bullshit anyway. We developers like it when people get their updates religiously, for a few reasons. 1) It keeps us secure in our jobs, running around fixing things when they break (which is often). 2) For those of us who make money selling licenses “for updates and support”, it keeps people renewing their license keys. 3) For my own software support obligations, I’m lazy and I hate providing support for anything other than the most recent version. So making my users update just makes my life easier.

All of these things benefit us the developers, but tell me, where is the benefit to the end user? Maybe an update adds some cool new feature people want, but most likely that “important update” just changes the color of some button to a lighter shade of teal, or some other bullshit change for the sake of change. So why do people fall for the trap? Why do people believe updates are “important”? Because we scare people with the “S” word — Security. We tell people, “that update could have important security enhancements”, but 99% of the time we’re just lying to keep our phony baloney jobs.

Sure, I subscribe to every WP Security mailing list, I look at plugin changelogs, I’m not stupid… if I see a legitimate security update, I’ll jump on it and do a round of updates. But this is rare. Like I said, 99% of updates are just bullshit I don’t care about. So I don’t waste my time. And you know what, I have a lot less problems to deal with.

Time Etc Virtual Assistants Review – It’s a Scam

My startup tech business has been growing, and I decided it was time to bring in some help to keep up with things like emails, customer service, and so on. I’m not successful enough yet to hire an employee outright, so I started looking into getting a Virtual Assistant.

I read reviews about a company called Time Etc, and decided to give them a try. Now looking back, 3 months later, I wish I hadn’t. I can sum up my experience with Time Etc in one sentence: It’s a Scam. Once they get your money — and you have to pay them up front — they do everything to avoid actually doing the work you’ve paid them for.

I reached out to them through the Time Etc website, and soon after I had a call scheduled with an account manager person in the UK. I told her what I needed help with, and within a couple of days they found a virtual assistant for me. At first everything seemed great — I signed up on a Monday, and by Friday I had a virtual assistant working for me.

Time Etc has different plans to choose from — I chose their $480/month plan which gives you 20 hours a month of VA time. After the first month I realized my VA was using barely half of these hours. It wasn’t for lack of work to do — I gave my VA plenty of tasks, but assignments that she could have finished in a day or two took her over 2 weeks to complete.

Now, in fairness, I had told my VA these tasks were not urgent, because I didn’t want to be a dick and say everything’s “urgent” when it’s not. So my VA was busy with other clients and more “urgent” tasks. Apparently Time Etc fills up their VA’s schedules with as many clients as they possibly can, which is great for the employees, but lousy for the clients (i.e. me) since I now have to compete for my VA’s attention with however many other clients she is juggling. (I wasn’t expecting a dedicated VA, but I WAS expecting my tasks to get done in a more reasonable amount of time!)

The end result? No matter how many hours you pay for, you’ll never get that many hours worth of work. You will always have unused hours at the end of the month.

After about 6 weeks I decided to lower my plan down to the cheaper, $250/month plan, which gives you 10 hours a month. That was about all the time I was getting out of them anyway. So I logged into the website to change my plan and, guess what, you can’t lower your plan through the website. You can upgrade your plan with the click of a button, but you can’t lower it. To lower it, they make you email them. So I emailed them, and then of course they wanted to set up another phone call with me. In other words, they make it really easy to give them money, but really hard to stop giving them money (or give them less).

Well anyway, on this call the account manager person suggested they could find a 2nd VA for me to help work off the unused hours in my account. I said yes, and she said they would find someone for me. That was March 28th. I didn’t hear from her again, so about 2 weeks later on April 11th I emailed her and asked for an update. She replied:

“No luck as of yet, I’m hopeful that I’ll be able to get you someone over tomorrow though!”

Tomorrow? Ha! That was the last time I heard from her. Here we are, May 12th, a whole month later, and still nothing. It only took them a few days to find my first VA, but to find another one takes months?

Now here’s the real kicker — any unused hours you’ve paid for “roll over”, but only for a limited time. After 65 days those hours expire and the money you paid for them is lost. In other words, you paid for nothing. It clear to me this was their intention all along — they didn’t really want to find me a 2nd VA to work off those hours. They just wanted to string me along until those hours expired, so they could keep the money and not have to do any work.

So, to review. Time Etc has a great onboarding experience — they’ll find you someone right away and start taking your money right away. But after that, once you realize you’re not getting half the time you’ve paid for, they just blow you off.

My advice: stay away from Time Etc. You’re better off finding somebody on Freelancer.com, where you only pay for the hours your person actually works.

[DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

This is a developing issue happening right now, please check back on this page for any updates over the following days.

Last updated 2018-03-29

Starting around March 25, 2018, I started seeing an unusual amount of bounces from my email server. The emails bouncing were the double-opt-in “please confirm your subscription” messages automatically generated by the WordPress plugin MailPoet.  This happens from time to time if, for example, somebody accidentally mis-types their email address. But now, suddenly they were coming in repeatedly for the same handful of addresses, including ones like support@linode.com and abuse@linode.com. So out of curiosity I headed over the Linode Status page, and saw this:

Continue reading [DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress

So you’re trying to upload an otherwise harmless file into WordPress, and you keep getting a “Sorry, This File Type Is Not Permitted For Security Reasons” error.  Sure you could just upload the file via FTP, but it wouldn’t be attached to anything in the WP database.  Now what do you do?

There are probably many ways to solve this, but here is the approach that worked best for my particular use case.  I’ll share it here in case it helps someone else too.

Continue reading Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress

Review: Canadian Cloud Hosting (CACloud.com)

Programmer Bear is back online… no thanks to Canadian Cloud Hosting.

Trying new cloud providers has become something of a pastime for me, over the last couple years. In that spirit, last September I moved this very site (programmerbear.com) to a server hosted at Canadian Cloud Hosting (CA Cloud). In the end, I wasn’t very impressed. Now that I’ve finally gotten around to moving this site somewhere else, I feel free to write honestly about my experience at CA Cloud.

Continue reading Review: Canadian Cloud Hosting (CACloud.com)

Why I work as hard as I do

I have a bit of a high-maintenance client.  He’s a nice guy and everything, but one of those people who’s a bit too A.D.D. for their own good… you know, always running a mile minute, talks in broken sentences across numerous emails and texts that I later have to piece together, requiring a fair amount of telepathy on my end to figure out what he really wants me to do.

Sometimes he asks me questions by email which cannot be answered in less than two sentences… and I just know that anything I write beyond 2-3 sentences will never be read by this guy.

Well, recently he asked me a question (I think because he’s angling to start some new tech start-up or app or something, and wants to test my interest), and I ended up putting an unexpected amount of time and passion into my reply.  I guess the question hit a chord in me.

Continue reading Why I work as hard as I do

Review: Cloud A – Canadian Cloud Server Hosting

Recently I had to setup a web server for a client using Canadian cloud hosting provider Cloud A.  This was my first time using them, so for anyone else who may be considering Cloud A, I thought I’d share my experience with them so far. (Overall, it’s good…)

Continue reading Review: Cloud A – Canadian Cloud Server Hosting

How To Backup Your Entire Server or VPS While It’s Running Using Linux Hot Copy

I run a few cloud servers at Linode and Digital Ocean which host stuff for clients.  Although I have automated backups in place to backup my clients’ data, I always worry about some catastrophic situation where the entire server goes down and, God forbid, needs to be re-built from scratch.

While places like Digital Ocean advertise you can spin up a new Linux server in a matter of seconds — and no doubt you can — what they don’t tell you is how long it takes to configure that server for real-world use. Depending on how many packages, libraries, and other software you need to install, and all the configuration that goes along with it, you could be looking at 2, 3, or even several hours to rebuild a server.  To many of my clients that kind of downtime would be absolutely detrimental (and not too good for my business, either).

Continue reading How To Backup Your Entire Server or VPS While It’s Running Using Linux Hot Copy

Review: X-Team developer hiring process (hint: it sucks)

Continuing on the theme of how job hunting sucks, here’s another example of exactly what I’m talking about: X-Team International.

No, I’d never heard of them before either.

I found X Team through this job posting on Authentic Jobs.  It sounded like a good fit, so I applied, including a brief message why I thought I’d be a good fit.  Like you do.

Continue reading Review: X-Team developer hiring process (hint: it sucks)