Author: Ipstenu (Mika Epstein)

Is This Plugin Bad?

I get asked this a lot, in part because of my job (WordPress Support Guru and Manager) but also because I’m a know-it-all busy-body. The problem with the question is that it’s very subjective, and the answer highly depends on why someone’s asking the question.

I’m sure it annoys my co-workers when they ask “Is this plugin bad?” and I ask “What problem is the customer reporting?” If the answer is that the customer has a slow site, then MY reply will be different than if they were hacked. Making matters worse, sometimes the answer depends on what other plugins they’re using, or what their theme is, or how they use everything together! You see, the issue is rarely “This is a horrible, evil, terrible plugin and no one should ever use it!” It’s generally more “Well in this case, I would say this is the best plugin, but you have to take this into consideration…”

As a customer, it’s annoying. I just want a yes or no answer. But this is like that gas milage situation I talked about in my explanation of Shared Hosting. How many tanks of gas does it take to drive from Chicago to Cleveland? For me, it’s one. For my cousin, it was two and some change. Same distance, same day, same weather! What was different? The car and how we drove.

Your site and my site are different. This site and this other site on my network are different. They run different plugins, though the same theme, and sometimes one of those different plugins causes a problem. Like I found out the custom prices plugin caused my background image not to display. Oops. Does that make it bad?

There are a few types of ‘bad’ plugins to consider.

Evil Plugins

This is the easiest to explain. A plugin that is created to do evil things, like leave backdoors into your site, is bad, no matter what. Don’t use it.

Holey Plugins

This plugin has the best intentions in the world, but for whatever reason has a security hole. Maybe they forgot, maybe they missed it, but it happens to everyone. In general, this is not a bad plugin, unless the dev refuses to fix it. Or worse, can’t fix it! Now it’s a bad plugin.

Broken Plugins

Pretty common, this is a plugin that once worked but now, with the new upgrade of your theme/plugin/WordPress it stopped. This one sucks, and not much can be done except try and fix it, unless the developer comes around.

Works For Everyone But You Plugins

This is the brunt of what people mean when they ask me “Is this a bad plugin?” but they just don’t know it yet.

If you haven’t noticed, most of the ‘bad’ plugins are really just unfortunate plugins in bad situations. Determining if a specific plugin is bad for you isn’t as simple as going “Yes, I know that plugin is crap!”

What I do know, but I have to be circumspect in saying, is some plugins are better than others for specific server situations. You’re on shared? You probably don’t want W3 Total Cache right away because the best parts of it (that hooks into server side caching) aren’t available for you. On a VPS? You can probably use that YARPP (yet another related posts…) plugin just fine! Oh, but you’re using it with BuddyPress and bbPress and a whole mess of other plugins with a high degree of interactivity? You may need more memory.

And that’s the real answer. Is any individual plugin I named ‘bad’? No! In fact I’ve used them all and they’re wonderful in their use case. But they also require me to be aware of my whole situation. What kind of server am I using, what kind of environment am I in, what other plugins am I using?

It all comes back to being aware.

28 February, 2014
Copyleft

I’ve seen a lot of people doing an un-copyright, including Brian Gardner who did it (in part) to simplify his life.

Our pervasive permission culture. Via Mimi and Eunice

While I’m a huge proponent of ‘Give it away’ (see all my ebooks), I also retain copyright on my creations for a reason, and it’s curiously the same reason why Brian (and Leo Babuta) don’t. Let me quote Leo:

I’m not a big fan of copyright laws, especially as they’re being applied by corporations, used to crack down on the little guys so they can continue their large profits.

I’m not the big guy. I’m the little guy. I want to protect what I created not for miles of profit, but because attribution is critical to my end goal of “obscurity.” That is to say the rationale behind my ebook philosophy of “Pay what you want” is that if people don’t know about a thing, they won’t buy/use a thing. Where as if people do know, and can find, a thing, they will use it.

As I said, and as Cory Doctrow says: People don’t not buy a book because it was free, they don’t buy a book because they don’t know about the book.

So if I remove copyright, and no one has to credit me, then no one knows about me and they can’t come back and get WordPress Multisite 110, or WordPress Bookstore and learn more. They can’t find this blog and get even more, free, tidbits about WordPress and computers and business and whatever else they use this site for. In short, without attribution, people can’t learn any more from me because they don’t know about me.

As confusing as this can be, I’m okay with you taking my stuff and giving it away for free. But I do want you to say “I got this from halfelf.org” so that you pass on not just the information to the next guy, but the ability for them to find more information. The knowledge, not just the information, is key here. Taking my work and presenting it as your own gives information, but it does not teach knowledge, nor does it enable anyone to learn and go forward because you’re throttling their resources.

Copyright isn’t about protecting the bug guy for me, it’s about protecting you from the big guy. It’s about making sure you know, and the next person knows where the information came from and how to resource it. Encyclopedias give away information, but the reason they’re amazing is that they give you the ability to gain knowledge from the information.

Copyright is my encyclopedia. It’s forcing you to keep credit/attribution, which gives you information and the ability to gain further knowledge from it. It protects me, but that’s incidental in that it helps you. And if it can keep the big guys from stealing my stuff and presenting it as their own, then everyone wins.

26 February, 2014
LastPass? LostPass!

ModemLoper came up with the name.

So here’s a frustrating experience. My office uses LastPass to share passwords for things. Secret things. They send me an ‘invite’ for the Enterprise account with my company email. I go to log in with the first-time password thing, and it says I need to make a new password. Sure, because email isn’t secure, so I make a new password the same way I have for the last year. I open up 1Password, make a new account there (LastPass – Work) with the login as my.email@myoffice.com and generate a password. So I have a password stored there you see. I then copy that password and paste it in, twice, to change the password.

I want to note some things here. I did not have a message about how my master password was super important at this time. In fact, it just said to enter it twice. Also remember this was for an ENTERPRISE account. Not a normal user. Okay?

So I do that, it says yay log in now! I take the same password, paste it in, no go. Oh, okay, maybe a butterfly farted. I’ll just reset it. Guess what I can’t do? The password ‘Hint’ was useless, since my password was along the lines of dyEno4FfW4EsED and I’d set the hint to “1Password” like you often do. Also there’s no ’email me my password’ or ‘reset my password’ thing I can use. Probably because email isn’t secure. The email where they’d emailed me a temp password just before to create my Enterprise account.

At this point I tweeted obscenities. I have an account but I can’t use it. I can’t reset the password. I can’t recover the password. I don’t have a ‘One Time’ use password because I never got to the point where it let me create that sort of thing. Ditto with ‘reverting’ my vault. There was nothing to revert to so I couldn’t do that. The official answer was to delete my account and start over. There was more swearing. Most of it public use of the F-word on Twitter.

But I did delete the account, made a new one, and this time it said “Hey, this master password thing is super important!” and took me to a second screen where I have to re-enter it. Oh, and yes, I used the same password I’d made before. It worked this time. My coworker resent the invite to join our Enterprise account. I do so, set up Two Factor Authentication, trust my laptop, and he shared the folders.

As I spell out the drama to him, I realize that this may be happening because I didn’t have an account before. That is, I went ahead and used the account and password from the email. Don’t believe me that they sent a clear-text password? Here:

I redacted the account, even though you could guess it. Four hours pass. I get a tweet from the LastPass CEO:

https://twitter.com/joesiegrist/status/403649508715667456

to which I replied:

https://twitter.com/ipstenu/status/403649761212784640

Everything’s fine now, and my takeaway from this is ‘Make an account before joining an Enterprise’ because clearly their ‘sign up through your enterprise’ thing is buggy. The whole interface is a little janky, and I find that their statement of how they cannot possibly reset your password to be weird:

Recovery for LastPass is not the same as other services you may have previously used – due to our encryption technology, LastPass does not know your Master Password, so we cannot look it up, send it to you, or reset it for you. This means your data remains secure from threats, but also means that there are limited options when you forget your Master Password.

I gather they mean “There’s no way to change your password without knowing your current password.” And really this is the ultimate security, isn’t it? No one but you can change it without knowing your master password. The problem with this, and really all these things, is that if I have one master password, it must be easy for me to memorize and remember at the drop of a hat.

Which means my master password is my least secure password. Check the sticky notes on my monitor.

24 February, 2014
InBox Insanity

I get a lot of emails. I’m usually receiving and sending every hour or so. Most of the time they’re email alerts, sometimes conversations. While I’m a massive unsubsciber of email lists, I filter a lot of my emails into folders, where I’ll leave them unread until I have time, and then I delete them. Oh yes, I’m a member of Inbox Zero.

I started doing the Zero because I wanted to cut down on the stress in my digital life. An unread notification sits there, like a malignant ‘Deal with me!’ eye. And the thing is I do, I will, I always at least read the email. I don’t always reply, but I will read it. But what I don’t need is a five year old kicking my seat asking if we’re there yet.

I’m not patient. I eat my bagels undercooked because if the dang thing isn’t done in the time it takes me to start the toaster, get my cream cheese, make a coffee, and go to the bathroom, then it’s getting eaten as is. I would never be a good chef because I don’t care if every slice and dice is the same, I care about eating. If it’s time to go and you’re dawdling, I hate you. I get annoyed when people can’t budget their time well and thus are always late. It’s a thing, it’s mine, and it’s what it is.

Conversely, when it’s not food, or when its not a specific time event (like “I’ll meet you there between 4 and 5”) then I don’t stress about it. And when it’s email or Twitter, I’m seemingly negligent about serious replies because I may take a long time, and reply to other people frivilously, but in reality I’m thinking about the right reply. I have a couple emails in my drafts at any one point in time because I’m thinking.

It’s funny, I know, that I get upset when people nag me about replying. But I understand that people need processing time, and while I’m terribly impatient when I wait for an email reply from someone (seriously, ask my wife, I’m really annoying), I try as hard as I can NOT to bother them about it! I may send them a little “Hi” note after a week or so, depending on the issue, but I’m usually asking someone for a special favor in the first place, and I try to respect their boundaries.

Whew. Lots of me me me here!

Also I like using desktop applications. I like email apps, and Twitter apps, over in their own thing that I can totally close out and ignore if I need to write or whatever. I’m not tempted to open twitter.com in my browser because I never do it. It’s good for me and my sanity, because I don’t get those ‘gotta clicks.’ The only ones I have in my browser are my RSS reader, Facebook, and Google Plus, none of which annoy me with alerts in my browser (well, not once I forcibly turned off all alerts).

But email and Twitter, being a desktop tool on my Mac, need some settings changes too. Twitter has two places:

On the first settings page, General, I set my menu bar icon to disabled, so nothing to pester me up there. On the Notifications page, I turn of nearly everything. The exceptions are mentions (which I keep as menu, just in case I change my mind… it’s been a month, I suspect not) and messages. Messages are important. Very few people DM me on Twitter, and when they do, it’s probably important or private, so it needs serious attention.

Nothing else does.

Email is weirder. How do you turn off the dock? Surprisingly easy. Go into your System Preferences and click on Notifications (first row, last column). In there, I always turn on “Do Not Disturb” settings from 9pm to 7am. If I’m up and coding at that hour, I’m in a zone and leave me alone. Otherwise I’ve left the laptop open, and either way I’m probably not in a mood to talk to people. The last thing I want is more alerts.

Next scroll down to your email app (mine is Postbox) and turn off everything. Uncheck the boxes and set the style to ‘None’ and walk away:

Boom. No more red number.

Don’t worry, I’m still checking mail.

21 February, 2014
Dr. Jekyll and Ms. Hyde

I like WordPress. I like the community and I like the way I can invite other people in on it. But. I wanted to run a site, a small site, with static content for the most part, no comments, and just the basics. So why not Jekyll? After all, I’m big on self-hosting, and while most people I know seem to be running Jekyll on GitHub, you know me. I want to do it myself, I want to have it all here.

Six drinks later…

My major issue with Jekyll is that the ‘Simple’ directions aren’t obvious the way everyone seems to think they are. I mean, yes, they’re simple, but they lead you to some pretty crazy misconceptions based on how websites and CMSs work, and have worked, for a long time. And given all the posts I’ve read about how terrible WordPress is, my remark on that is: No, Jekyll is not terrible, but it has an audience.

Look, of course WordPress can be terrible. So can your car. It’s all in how you use it, what you add on to it, and what you fuel it with. I have a lot of reasons to use WordPress, and I really like it for many reasons (least of which is if you asked me to explain Jekyll to someone who emails me a PDF of a Word Doc to post on WordPress… Well, yeah, no, it’s not simple.)

Misconception: Where Do I Install Jekyll?

DaFUQ?

Okay… you think “Hey, Jekyll’s running my site so it’s all on Jekyll, right?” Nope! Jekyll is installed on my laptop. It’ll be used to create content that I will deploy to my website. Jekyll generates the webpages. Just bear with me. Yes, it also runs the site, but it doesn’t have to. In fact, it generates all of my pages into a subfolder called _site, which you can actually load as a webpage. If I copied all of that over to a folder, it’d work as is. So option one here is that I could just do that. But that’s not what I’d call ‘friendly’ and it means all my code has to be on the server where a sneaky person could go get it. Part of why Jekyll interested me is that it’s more secure by being a flat site.

Option two is to use a Jekyll ‘front end’ deployer, like Octopress or Prose. Option three was to stop and think “Maybe I just don’t get this and I should start simpler.” It’s very odd to me to have my ‘content’ on a server, but the ‘source’ not there. While if it’s just me running a site, that’s great. But as soon as I have to tell my dad to check code out… Maybe this is a bad idea. I don’t want end-users to have to learn all this. I want to tell them “Write your content. Save it here. Magic.”

Revise: Needs vs Wants

When I get really bogged down in thoughts like this, I step back and ask my self “What are my needs?” That’s similar to asking “What problem am I trying to solve?” but it’s a little broader, as I may not have an actual problem, I may just need a small change.

I’m looking for a product with a small footprint, no comments, a way to subscribe to updates (RSS or email), separate content and design (so my writers don’t mess with the layout), and it needs to have a workflow that does not involve me having to teach svn or git commands to a music major. Oh and it has to be easy for me to upgrade (one click or git pull will do).

Say what you will that git is easy (it is for me, albeit sometimes confusing). It’s not necessary for everyone to learn. I really feel a journalist shouldn’t have to learn to use it in order to write content! Still, after banging my head on this, I finally decided I was making my life too complicated by trying to self host before I understood the actual workflow of the process. So I went one step further back and decided not to self host right now.

KISS: GitPages

Everyone uses GitHub Pages. So fine, so will I. They walk you through the setup, so that’s nice. It was pretty painless to make a repo. But what did that have to do with Jekyll? I can edit everything within GitHub which is nice but I don’t want that. I wanted to learn Jekyll… Scroll to the bottom and there’s a nice graphic saying I can use Jekyll!

And they link to the Jekyll quickstart. Okay, thank you, I can install Jekyll. How do I hook them up? I had to actually Google to find the link to Using Jekyll with Pages and frankly, after reading it… I don’t want to. Oh I did it, but it’s not “simple.” It’s a total pain in the ass. It reminds me of the old MoveableType when you had to fuss with cgi-bin. It’s all manual. And this is fine for a dev, but I don’t want to have to install this on my Dad’s laptop. Did I mention he was on Windows?

So using this for a version controllable, static website, is actually far less tolerable than I wanted it to be. I can use it, I kind of understand it (the whole source folder is confusing me a little…) but it’s not something I could easily roll out to a medium-technical person without some serious training. In fact, I need some serious training to get good at just pushing my content, and when I compare that to WordPress…

I get why people like it, though. The static files alone are pretty cool, but it’s going to be a learning curve.

19 February, 2014
Impostor Syndrome

Shortly before I pushed out an ebook (WordPress Plugin Support) I had a rush of panic and fear. “Why do I think I’m capable of this!?” I asked myself. “I’m not a great coder like Jorbin! I don’t know deep seated WordPress secrets like Otto! I’m not an autodidactic trac machine like Sergey! Where do I get off thinking I can write a book about plugins!?”

Then I stepped back. I wasn’t writing a book about how to write plugins or how to code, or even everything that everyone did wrong. I was writing a book about how to submit a plugin to the repository. I was writing about how to handle support, how to document, how to reply to people, and generally how to not be a pain in the ass. That’s all stuff I know damn well, and I’m good at!

So why was I scared?

Impostor syndrome is a weird idea. It’s basically feeling like you’re not worthy of the praise you get. Have you ever had someone say “Thank you!” and you replied “It was nothing.” even though it was hours of thought where you racked your brain for a long lost memory? Why didn’t you say ‘You’re welcome.’ instead? It’s because somewhere, deep down in your head, you were sure you didn’t deserve it.

Mentioning this on Twitter brought up the suggestion I write a book about impostor syndrome and how to overcome it, but the fact is I don’t know how.

Oh, don’t get me wrong, I know what I’m supposed to do, but I can’t do it and not feel a little bit like a fraud. I was always told ‘Write what you know!’ and that gave me the courage and confidence to hit the publish button on a lot of posts here, and my books. Certainly I wasn’t raised to not be confident, which is funnier if you know my father. I have absolute confidence in myself and my abilities. I know I can do things, but still I get scared.

Here’s what I do know. At some point in my life, I lost that ability to be certain at all times. But only when I’m alone. Before I speak at a WordCamp, any WordCamp, I am tense and stiff, not very funny, anxious, and nervous. People get a lot of crappy pictures of me that way. I told the photographer at Las Vegas “It takes a bit for me to warm up. As soon as I start talking, though, I’ll be fine.”

And this is true. Once I start doing it, I’m fine. As soon as I hit publish, the fears were gone. As soon as I did something I felt great. This is true pretty much all the time (except the one time I clearly remember thinking “Bad choice! Bad choice!” and it ended in broken bones). I know it won’t be perfect, and I know I’ll probably have to go back and fix things, but that’s alright.

What is the truth here? Am I really lying to myself at one point in this process? Do I really know nothing? Why can’t I, or anyone, just shake it. It’s not true, and I know it, that I’m incapable of things, but fear and all this stuff that’s ‘in my head’ is frustrating especially because I know it’s pretty much all in my head.

The point, and this comes back to why this is on my ‘tech’ blog and not my personal one, is that what holds us back more than anything else is ourselves. The reason I don’t code ‘as much’ with core is not because I can’t but because I still feel awkward and slow when doing so, which holds back a process which is running along so fast now, it can hardly stop to wait for me.

But instead of grumbling and giving up, I’ve been slowly, steadily, working on what I can do, making it good– no, making it great, and moving forward with that. Sometimes that develops into a patch, and sometimes it means I write a long blog post about things and what they mean to me, or how I learned them.

That’s my truth. The only way to keep fighting that impostor feeling is to ignore that inner-me telling me I’m not good enough, accept the fact that I’m probably not fast enough for the rapid development world, and just truck on keeping up and fixing what I can, when I can.

But this is my answer. It’s not going to be the same for everyone, and that’s why I can’t (yet) write a book about this. Because there is no answer for everyone, or even enough people, to make that doable. Still, know this. If you did something, if you tried something, then you did it. You tried it. No one can take that away. Not even that really annoying inner you who thinks you suck.

Because you don’t suck.

17 February, 2014