Pragmatic Redux: Connecting to React

There is a lot to like or dislike about Redux but let’s say the decision to use it has been made and now you need to understand Redux for professional reasons. This post is a good place to start because you first question is most likely how does my component get its data and react to changes in the data?

Redux connects to React by wrapping it – hype-word is higher-order component but, in the end, what you get after calling react-redux function connect is a React component placed inside another to enhance or encapsulate.

Redux data is provided as properties by the wrapper component. So called mapStateToProps, first function you pass to connect, decides which part of Redux store should be passed as properties to the wrapped component.

Changes to are detected by the wrapper component which listens to Redux store. When changes occurs, wrapper component re-renders the wrapped component. Concerns over irrelevant changes and redundant renders should be ignored in the beginning as React itself can soak up a lot of inefficiencies and Redux provides plumbings you can use to reduce unnecessary updates. There are limits, however, and it’s not that hard to run into them as your application grows.

At this point, two obvious and related questions arise which are:

  • How does the wrapper component discover Redux store?
  • How does the wrapped component dispatch actions?

Redux store is provided via context – use react-redux‘s Provider component to set that up. Wrapped component, however, don’t usually need direct access to Redux store as data is passed as properties and actions are dispatched via functions which are also passed as properties.

Use mapDispatchToProps, second function you pass to connect, to add functions that create and dispatch actions without having to declare contextTypes. It’s a minor yet useful feature.

Keeping Redux out of React is harder than it looks. To dispatch actions, component has to know about dispatching methods it received as props. If actions change, dispatching methods and reducers need to change. Changes to component, Redux state, actions or reducers will often require changes to others. It’s possible but the cost of creating reusable Redux connected React component is much higher than advertised in my opinion.

Beyond Future of WordPress Platform

This is how I envision WordPress platform evolving beyond what I outlined in Future of WordPress Platform. The vision is essentially a projection of what I had in mind with Teleport Network venture but did not get a chance to realize (old chicken and egg problem). As to why I’m doing this, it’s because WordPress has the scale and unrealized ideas are like orphans.

the vision starts with:

WordPress Studio – is the client-side application I outlined in the previous post on the subject. It’s not unlike VSCode in that much of its functionalities are derived from plugins. Plugins should be stackable so the platform itself can be extended to support key features like theming and financial transactions. Theme support, for example, needs HTML and PHP generators which in turn may need digital signature support to secure assets pushed to server. End goals are to a) reduce dependence on server-side changes to add features (a la serverless mindset), and b) create a vehicle to drive richer user experiences.

followed by:

WordPress Market – is a collection of studio plugins working in conjunction with backend services and UX-level plugins to provide rich mix of communication tools and integrated financial services. Intention is to bridge the difference between a collection of webpages and a retail store in RL. It must offer much more than in-page chatbox, even beyond what Slack offers today.

then ends with:

WordPress Atlas – uses data-science to pull blogs and websites into neighborhoods, towns, and cities based on topics, interests, and relations. Intention is to use real world metaphors to make discovery and sense of community more natural and explicit than, say, blogroll or news aggregators.

To me, Facebook is a mega-city of people just talking and exchanging photos, funnies, and insults all day everyday. I don’t care if Facebook is federated but I do care how drab everything is because you have to use what they offer and no more. I think WordPress can offer a way out of current conundrum without restarting from scratch.

More Posts Restored

This morning, I restored 400+ more blog posts from late 2005 to early 2008 by scraping from Internet Archive. Some 80+ posts and most of the images referenced by the restored blog posts weren’t archived however so they’re lost.

Only remaining restoration tasks are fixing cross-post hyperlinks and remove missing image tags.

Future of WordPress Platform

While restoring my old blog post, I started thinking about WordPress as a platform. WYSIWYG web site creation services like Wix, Weebly, Squarespace and others are gaining attention and growing fast but they are more services than platforms. WordPress on the other hand has an immense collection of plugins and healthy community of developers and designers behind it.

Main problem I see with WordPress as a platform is that its plugins run on the server-side, creating a compelling long-term incentive to host your own WordPress server to take advantage of features offered by those plugins instead of using Allowing user-chosen plugins to be installed on creates a gaping security risk and management headaches.


I think the answer lay with desktop app which currently doesn’t do much beyond what browser version offers and seemingly neglected. Key idea is to add client-side plugins support to the app, plugins that leverage WP REST-API to add features to WordPress-based websites.

There could be several types of client-side WordPress plugins:

  • Interfaces – WYSIWYG editors, media libraries, assistants, etc
  • Generators – generates and updates static assets to be added to the website or injected into webpages.
  • Augmenters – marks, corrects, suggests, and injects.
  • Monitors – tracks changes and stats.
  • Mediators – monitors, controls, and routes posts, comments, transactions, etc.
  • Services – client-side workers
  • Bridges – integrates with third-party services and platforms

And adding Docker support will allow servers to run in client-side sandboxes for use by the desktop.

Result would be a host-neutral platform, one that can address needs of both sites as well as self-hosted sites although it will significantly reduce the need to host your own.

What is JWT?

This post explains what JWT is, without getting into technical details you don’t need to know. Intention of the post is to dispel some harmful misconceptions.

In short, JWT is just a piece of data signed by someone. It doesn’t do much as-is but it’s a key building block useful in many applications.

What JWT Looks Like


If you look carefully, it’s basically three gibberish text separated by a period. Th role each part plays are:


They look gibberish because they are encoded. Important part is the payload. Rest is there to describe (header) and protect (signature) the payload.

What Each Part Does

Header primarily describes (using JSON) how the Payload was signed so the Signature can be verified.

 "alg": "HS256",
 "typ": "JWT"

Payload is a collection of name-value pairs presented as JSON like this:

  "sub": "1234567890",
  "name": "John Doe",
  "admin": true

Signature protects both the Header and the Payload so that neither can be changed without detection.

Key Points About JWT

  • JWT doesn’t say anything meaningful about its sender, recipient nor signer as-is.
  • JWT is not encrypted as-is.

This is not to say JWT can’t but they have to be added. Allow me to go into a bit more detail on each points.

JWT doesn’t say anything meaningful about its sender, recipient nor signer as-is.

JWT typically includes some info on its signer so the signature can be verified but that only proves it was signed by someone who can prove they signed it. Unless the signer is known that is. How one know calls for relationship and/or infrastructure.

Same goes for sender and recipient. To verify sender or recipient, more has to be built-on top of JWT.

JWT is not encrypted as-is.

JWT is typically sent unencrypted over a secure channel of communication to a recipient but it may even be printed plainly using QR-code in newspapers. If you need to protect the token, encrypt it whole in  way that only the recipient can decrypt it. If only part of the payload needs to be protected, then encrypt just the value.

Follow up series of posts will discuss how to build with JWT to solve some common problems like protecting APIs or delegated authorization in a mobile app without issues OAuth has. Stay tuned.

Old Blog Posts Restored

As Monthly Archive links in the left-side bar shows, I uploaded old blog posts last night. Restoration wasn’t perfect of course.

  • Posts from between late 2005 to 2007 is missing. If they are not among backups, I’m going to extract them from Internet Archive.
  • Comments weren’t uploaded. Still on my todo list.
  • Permalinks weren’t restored so links coming in will 404 until they’re fixed.
  • Deadlinks, missing stories and downloads.
  • Category extractor had a separator bug, creating nutty categories like general;technical(fixed now).

Continue reading “Old Blog Posts Restored”

Processing Old Posts

Spent a couple of hours converting my old posts from XML with custom schema to JSON. Scrubbed some obvious spam comments (any comment with more than 5 hyperlinks).

Result is a 7MB JSON file containing 1756 blog posts with comments. Hash of IP addresses were not archived so they’ll all be treated as self-proclaimed foobars.

Next step is to POST them as well as assets they reference to via REST API which should take another couple of hours of hacking since I haven’t bothered to convert the posts to RSS.