Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • The Internet is Down

    The Internet is Down

    When things were new and we used to dial in to a BBS on someone’s computer, what we meant by ‘the internet’ is down was pretty simple. Either our phones were down and we couldn’t dial out or someone else’s were down and we couldn’t dial in.

    A mischievous monkey on a net

    On August 12th, a network outage took my server ‘down.’ Now, trying to explain this on Twitter was complicated, since it’s a more than 140 character explanation. The situation was pretty basic. The internet pipe leading to and from my server wasn’t working right. But what did that mean?

    As I love to do, let’s step back and think about all the various ways your ‘internet’ might ‘break.’ It’s a fun thought experiment, and this is in no particular order.

    • Your home/work internet isn’t working and no one can get anywhere
    • Your device’s internet connecter isn’t working and you can’t get any signal
    • You’re in a place with no signal/wifi
    • Your firewall is preventing you from accessing a site
    • The server that houses site you’re trying to visit is offline (or on fire)
    • The site you’re trying to visit has a code error and nothing loads
    • The DNS is wrong for the site
    • The nameserver is wrong/changing (mea culpa)
    • The internet connection from the site to the rest of the world is down
    • There’s a problem in between you and the site

    That list is incomplete. What happened to me on the 12th was the last one, however, and it was caused by something particularly weird that can be summed up as this: We finally hit 512K BGP routes on the internet today and ran out of room.

    https://twitter.com/TheProtestBoard/status/499270694702972928

    Of course, what’s BGP is the next question. From Reddit

    BGP is a routing protocol that advertises routes externally, each large organization advertises some BGP routes at the edge of their network. Each edge device has a routing table with all the advertised BGP routes from around the internet.

    So think of it like a giant phone book, and we ran out of pages. Now before you get scared, not every router needs all the tables. Instead, most routers have the core ones everyone needs, and then they link out to other routers and tables for the rest. These tables act as giant maps for the entire Internet, and those maps are pretty damn big.

    A lot of routers, especially Cisco which I think powers most of the Internet, simply started dropping routes when they hit the 512k limit. That means you simply could not get from point A to point B, or in this case, you couldn’t get to your website from your ISP. I could, for example, get to my site on my phone and from my home internet, but not my office. Go figure. The routers had no idea how to find my domain.

    This isn’t something ‘new’ by the way. In may, the IPv4 routing table hit 500k routes and the prediction was we’d hit 512k no sooner than August, more likely October. Oops.

    As Otto put it:

    Everything was affected. See
    http://downdetector.com/ for example. All those blue graphs should usually
    be quite flat.

    Screenshot of DownDetector

    That’s AT&T. It was pretty much the same for everyone, though.

    The fix? Well systems engineers spent their August 12th reconfiguring their routers and in many cases upgrading memory, but it’s a practical limitation of the Internet. That isn’t a long term fix, either. Nor is IPv6. Oh, I should explain that too.

    Internet Protocol version 6 (IPv6) is the latest version of the Internet Protocol (IP). That’s your internet address, your IP. It’s possible to share them, like all my domains have the same one, and you can change them if you need to, but mathematically speaking there’s a limit to how many there can be, in addition to those routing tables. This gets worse when you realize that every single device on the Internet is assigned an IP address for identification and location definition. Your phone. Your iPad. You get the idea.

    There are improvements to the mess with IPv6. We’re using IPv4 for about 95% of the net right now, and the IP ‘blocks’ you get take up a lot of room. But with IPv6 the blocks will be larger and store more, so they’ll paradoxically take up less room. But it’s not a full fix. We’re going to have to come up with a better way to store the data for the tables, because things are only getting bigger.

    On the plus side, for the first time in a long time, when someone yelled “The Internet is broken!” they were actually right.

  • Getting Good Advice

    Getting Good Advice

    She was running a webstore on shared hosting without caching, and was upset it was slow. She was using only free products, no HTTPS, and was annoyed people said they couldn’t buy from her and that she could only use PayPal. She was angry that we couldn’t magically fix it.

    I sped up her site, improved PHP, and cleaned up some duplicate plugins. And then I asked “Have you considered a VPS?” She ranted that it was our job to make shared hosting better, even if it cost us more, because she certainly wasn’t going to invest in her business. So I complained, on Twitter, that people who use free/ultra-low-budget services for a business and are unhappy with performance get what they deserve.

    Then my buddy joked that Danica Patrick said it worked for $0.99! I joked back that he was taking web hosting advice from someone who’s selling skill is “I drive real fast!” As we tweeted, we elaborated it to how silly it was to take hosting advice from someone whose job it was to look pretty, drive fast, and only turn to the left.

    It’s funny to us because we know better. If I was going to ask Danica Patrick for advice, I would ask her how she managed to sell her image so effectively. I might ask her if I could learn to drive a race car from her. But asking her what the best setup was for running an ecommerce store? Hell to the no! It’s outside her expertise and I’d be a fool for asking her in the first place!

    Which brings me to my point. The advice you get is only as good as the people you get it from.

    That’s painfully obvious, right? To go old school on you, you shouldn’t ask the fish guy for advice about pork, you don’t ask the vegetarian for advice about lamb, and for goodness sake, you don’t use the marketing sales pitch as your only measure for what kind of host you need.

    Sorry, marketing guys.

    A Koala - which has nothing to do with anything

    Way back in the beyond days of websites, when we all used pure HTML and loved it, I was starting up a fansite. I had an idea that it might be moderately popular, so I reached out and asked some people who ran similar sites. I told them what I wanted to do, and asked who their webhost was, what ‘tier’ of hosting did they use, and were they happy? A wonderful woman named MadDog (I miss her so) was insanely helpful and sent me a breakdown of how much traffic she got, what her spikes were (our actresses were on the same TV show, this was helpful), how crazy the fans got, and then handed me a coupon for her host. “Use it or don’t use it. I get about $50 if you do.” (Spoiler alert: I did.)

    When I was looking at getting DSL back in 1999, I asked other people in my building who they used, why, and were they happy. Surprisingly a lot of people hated their ISP except one guy, Quinn, who told me what he used it for, why he paid as much as he did, and how it was worth his money. And he too said if I used his code, he’d get $50. Actually I think he got $150 and took me and my wife out to dinner.

    The point is this. I sought out people with a similar experience as I was expecting to have, such as living in the same building. I asked them how they used it, so I could see if their issues would be the same as mine. I asked them if they were happy, because I knew I’d been calling support at least once, and it would be nice to know how painful it would be. I did my research, myself, because it mattered to me.

    Your site matters to you. It behooves you to sit down, take stock in your goals, and research the options out there. We can’t always know where we’ll end up or how we’ll get there, but we can make the effort to find people who match our perceived direction and ask them a simple question. We can search for our peers and read articles they’ve written. We can ask them for recommendations. And in the moment those people take time to sit and answer your questions, you need to listen to them. You should thank them. You may even want to go out of your way to compensate them. Because they just gave you some amazing value.

    Would I host a business on low-end shared hosting? Sure. To start with. But as my business grew, I learned that I had to invest in order to reach my goals.

    And yes. I did.

  • Mailbag: I Don’t Woo, But I Do CPT

    Mailbag: I Don’t Woo, But I Do CPT

    A preface to this, I don’t actually use WooCommerce so I can’t give anyone a specific answer to that, but Geovanni asks:

    Im in a pinch. I have a woocommercesite and i want to make a part where i can have users who already registered can have their your own URL and page where they can make post. I read a post u made on http://wordpress.org/support/topic/allow-users-to-post-events-on-their-own-page?replies=6 ,but u didnt say anything about how u got it to work or if u have. Can you help me?

    This was a post from two years ago, where someone asked the following:

    I’m working on a WordPress site that will allow artists to post their own events. I can’t find a plugin that will allow these posts to link up to their own pages. Each user that registers has their own URL and this page has all of their information. I’m trying to make sure that the tour dates posted aren’t ending up on every users page!!

    Any help would be greatly appreciated!

    I suggested that one could accomplish this with Custom Post Types, which was a theoretical remark, since I didn’t have the details, but when the OP later said “I need everyone to be able to create an event and post it on their own page…” I agreed it would probably be a better fit for Multisite, since they may have more than one of their own events.

    Lightbulb on a table

    So what did I mean about Custom Post Types? Well sometimes the answer is to think about the problem in different ways. Obviously the easiest thing in the world is to tell people ‘their’ page is http://example.com/author/name, and then have them post in a specific category (say… events). Thus all events are in an event group, and everyone has their own page. But I also know users can be a little confused by WordPress and categories, so you have some options here, when it comes to management.

    First of all, there are plugins like Restrict Categories, which let you restrict users to a category. That works, but if you don’t want the URLs to have 

    /category/

    in the slug for just that one thing, you really do need to look at Custom Post Types. That leads us down the road of things like AAM – Advanced Access Manager which will let you make a custom role for ‘Event Manager’ who can perhaps manage all events, and ‘Event Poster’ who can only post.

    All this does highlight a flaw/annoyance in WordPress, and that is complex roles. WordPress’s role system is, at once, stupid simple and crazy complex. It’s a total headache to restrict people to specific areas, and in general, I hate having to do it because I find I spend more time messing with that than I do working on the site. At the same time, I dislike giving people more ‘power’ than they need. I can’t make a person a ‘comment moderator’ without giving them access to write/edit posts, for example, which is not a far-fetched wish. You can use plugins, like Disqus, to do that, but that means you’ve offloaded comments, and I don’t like that.

    Of course… for the question posited by Geovanni the answer is “Use WordPress Multisite.” Install WordPress, activate Multisite, give the user a site, let them go to town.

    That, of course, may not answer all his questions.

  • Don’t You Give That Girl a Gun

    Don’t You Give That Girl a Gun

    His WordPress site was hacked.

    He’d reported it as a ‘slow site’ and the techs had done an amazing job helping him clean it up, but when it landed in my lap, I took one look at saw backdoors, permissions issues, and vulnerabilities galore. So I did the reasonable, responsible, fair thing. I reinstalled the files, I cleaned up the plugins, and then I saw his theme was behind a paywall, old, and, worse, no longer supported. So I removed the theme from his website (putting it where he could get it back) and switched him to Twenty Fourteen. Then I explained in a rather long email about how his site was hacked, how I determined it, and what he needed to do to get the theme back (basically download it again from the vendor).

    He was mad.

    He argued that I had broken his site and it no longer looked right. This was true. He complained that my service was deplorable because his site looked wrong. This is debatable. He groused that I had to put the theme back. This was not going to happen.

    old fashioned rifle on a wall

    It’s the service conundrum. If you know something’s wrong, do you leave it alone or do you fix it? When I see people post their passwords in public places, I delete them and use bold and italics to chastise them. When I see people doing dangerous things like editing core, I do the same. I try really hard to educate and warn people, so they can be protected from shooting their own foot off. So when I have a rabid customer telling me I need to let them do it … I don’t.

    My job is really to help people fix their sites, and that tends to mean my job is to debug and educate and provide options. But when someone has an abjectly wrong bit of code, like the bevy of people who had their old themes and plugins break when we upgraded them from PHP 5.2 to 5.4, I will regularly go that extra mile and fix the code. That doesn’t mean I don’t educate them, they usually get a quick lecture about why we upgrade promptly, but when someone’s that far off normal that their code won’t work on PHP 5.3, I assume they just don’t know anything.

    The worst part about it, though, is when they argue. They’ve asked you for help and advice, you provide it, they demand you fix it, and at a certain point… they’re just asking the wrong person. Your webhost is not your consultant. While many times we can and will fix the site, when it gets down to code that isn’t working, we can’t be expected to re-write all the code.

    Sometimes we’re going to be the bearers of bad news. Your theme is hacked. Your plugin is vulnerable. Your code won’t work on this server because of reasons. We’re never making an excuse, but we are trying to explain to you why things happen.

    Now I know I’m a little weird, because I think that everyone should be educated in how their site works. Not that I think they need to learn to code, but to understand what’s going on, in broad terms, means you’ll be able to help us help you fix your site. And with that, I expect people to actually listen to what the support techs say. We won’t always be right, especially not with WordPress which has infinite combinations of plugins and themes (it’s a mathematical impossibility to be able to be familiar with everything) but for the most part, we are all trying to learn to be better and faster at debugging.

    But. What do you do when the person you’re trying to help insists on hurting themselves? Like the person with the hacked theme, maybe you’re lucky and your company has a policy that once you know something is malware, you’re legally not permitted to reinstall it. But what if they decide to use a plugin that has a maybe backdoor, like an older version of TimThumb? How big a deal is that? Is it better or worse than helping someone do something that will absolutely kill their SEO?

    For me, it’s pretty simple. My company does have a no-malware policy, and I can fall back on that. When I volunteer, I often tell people “I will not assist you in doing something I don’t feel is right.” and I walk away. Because I feel strongly that I should educate you, but also that I should never enable you to hurt your site.

  • All Comments By Email

    All Comments By Email

    By default, when you look at the list of comments on your WP Admin dashboard, you get a list like this:

    The Edit Comments page

    On that list, if you click on the IP address of the commenter, you go to all comments by that IP, but if you click on the email you get a mailto link, to let you email the person. That’s great, but as my friend, and fellow fansite runner, Liv pointed out, a lot of people post from multiple IP addresses these days, but only one email. What she wanted was for the icon that gave you the number of approved comments to link to that person’s approved comments.

    Me, being the sort to poke around, decided to see if that could be done. I already knew how to filter columns and tables, after all. What I learned was that there actually isn’t a filter for those columns, and the only way around it was to replace it. This means I was going to have to rebuild everything, and in doing so, I wanted that email address to be a link to the search. While annoying, it was pretty easy:

    <?php
/*
	Plugin Name: Easy Comment Search By Email
	Description: Changes the default link for emails in the comment lists from mailto links to search results for that address.
	Author: Mika A Epstein (ipstenu)
	Author URI: https://halfelf.org

Credit: https://wordpress.stackexchange.com/questions/83769/hook-to-edit-an-column-on-comments-screen
 */

class ecsbePlugin {

	public function __construct() {
		add_action( 'admin_head' , array( &$this, 'column_style') );

	add_filter( 'manage_edit-comments_columns', function($columns) {
		unset($columns["author"]);
		$columns_one = array_slice($columns,0,1);
		$columns_two = array_slice($columns,1);
		$columns_one["author-new"] = "Author";
		$columns = $columns_one + $columns_two;
		return $columns;
	});

	add_filter( 'manage_comments_custom_column', function($column, $column_id) {
		
		global $comment_status;
				$author_url = get_comment_author_url();
					if ( 'http://' == $author_url )
							$author_url = '';
					$author_url_display = preg_replace( '|http://(www\.)?|i', '', $author_url );
					if ( strlen( $author_url_display ) > 50 )
							$author_url_display = substr( $author_url_display, 0, 49 ) . '…';
	
					echo "<strong>"; comment_author(); echo '</strong><br />';
					if ( !empty( $author_url ) )
							echo "<a title='$author_url' href='$author_url'>$author_url_display</a><br />";
	
					if ( current_user_can( 'edit_posts' ) ) {
						$author_email = get_comment_author_email();
					
							if ( !empty( $author_email ) ) {
									echo '<a href="edit-comments.php?s=';
									echo $author_email;
									echo '&mode=detail';
						   		if ( 'spam' == $comment_status )
									echo '&comment_status=spam';
								echo '">';
								echo $author_email;
								echo '</a><br />';
							}
							
							echo '<a href="edit-comments.php?s=';
							comment_author_IP();
							echo '&mode=detail';
							if ( 'spam' == $comment_status )
									echo '&comment_status=spam';
							echo '">';
							comment_author_IP();
							echo '</a>';
					}
		
		}, 10, 2 );

	}

 	public function column_style() {
		echo '<style type="text/css">
			#comments-form .fixed .column-author-new {
				width: 20%;
			}
		 </style>';
	}

}

new ecsbePlugin();

    The plugin needs a way better name, though, because this is just … bad. The array slice in the beginning was to remove the first item and replace it, without having to do a lot of overly wrought arguing with possible columns.

    That said, this is the sort of thing I may submit a patch for in core, since IPs change a heckuvalot more now, and while that’s a great way to find some serial-accounts and sockpuppets, sorting by email helps you find people being trolls. Both would be good, and I don’t think a lot of us email people. If anything, I’d change the author NAME to be a mailto link.

    Food for thought.

  • How Many Plugins Is Too Many?

    How Many Plugins Is Too Many?

    Have you ever played “Name That Tune”? They used to have this show where they’d play music and you had to name that tune. One of the mini-games in the show was called “Bid-A-Note” where the host read a clue and the contestants would alternate bidding. “I can name that tune in X notes..” where X was a whole number, and the bids ended when one of the contestants challenged the other to “Name That Tune” (or if someone bid one or zero notes).

    Well. I can crash a WordPress site with one plugin.

    When people ask why their site is slow, sometimes my coworkers will say “It’s the plugins, right? He has 40 plugins!” and I’ll say “Maybe.” Then I look at what the plugins are, because it’s never the number of plugins, but their quality. Take a look at Jetpack, which is 33 plugins in one. Is that going to cause more or less overhead than if you had 33 separate plugins installed?

    WordPress is wonderful and beautiful because you can use plugins to do absolutely anything. At the same time, that beauty is it’s downfall, because you can use plugins to do anything. There are over 32,000 active plugins in the WordPress plugin repository. There are probably 4000 or so that are delisted or disabled. There are around 3000 more plugins on just one popular WordPress theme and plugin site. We haven’t even started listing themes.

    It’s a mathematical impossibility to test every possible plugin combination with every theme on every server on every host with every extra (like mod_pagespeed or CloudFlare) added on. It’s impractical to expect every combination to play nicely together, not because of any defectiveness in the code of the plugin or WordPress, but because of the reality that all of those things vary from place to place. We build out things to be flexible, after all.

    I love the flexibility. I think it’s awesome. But at the same time, I worry about it when people complain their site is slow. There’s, very rarely, one perfect answer. Not even “Oh, he was hacked” is the answer to why a site is slow, though it can be. The answer is invariably in the combinations and permutations of what someone has done with their site, what the visitors do with it, and how they interact. A site that posts once a week is different than one that posts four times a day. A site with no comments is different than one with 30 per post. And the more of those little differences you factor in, the harder it gets to determine how many plugins is too much.

    Maybe it’s your memory. One plugin may need more memory than another, but the combination of two may need more than either would individually! Sadly, it’s not something you’re going to know until you start studying your own site. There are cool tools like P3 Profiler which do a great job of giving you an idea as to what’s going on, but it’s not the whole picture. It can’t be. Just look at all the tools we list for performance testing and consider how many and varied the results are.

    How many plugins are too many? However many it takes to kill your site.

    Oh, the one plugin I can run to crash a site? It was BuddyPress and I was using PHP CGI. Once I changed it to a different flavor of PHP, the issue went away.