Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • Impostor Syndrome

    Impostor Syndrome

    Shortly before I pushed out an ebook (WordPress Plugin Support) I had a rush of panic and fear. “Why do I think I’m capable of this!?” I asked myself. “I’m not a great coder like Jorbin! I don’t know deep seated WordPress secrets like Otto! I’m not an autodidactic trac machine like Sergey! Where do I get off thinking I can write a book about plugins!?”

    Torn poster with the word 'Truth'Then I stepped back. I wasn’t writing a book about how to write plugins or how to code, or even everything that everyone did wrong. I was writing a book about how to submit a plugin to the repository. I was writing about how to handle support, how to document, how to reply to people, and generally how to not be a pain in the ass. That’s all stuff I know damn well, and I’m good at!

    So why was I scared?

    Impostor syndrome is a weird idea. It’s basically feeling like you’re not worthy of the praise you get. Have you ever had someone say “Thank you!” and you replied “It was nothing.” even though it was hours of thought where you racked your brain for a long lost memory? Why didn’t you say ‘You’re welcome.’ instead? It’s because somewhere, deep down in your head, you were sure you didn’t deserve it.

    Mentioning this on Twitter brought up the suggestion I write a book about impostor syndrome and how to overcome it, but the fact is I don’t know how.

    Oh, don’t get me wrong, I know what I’m supposed to do, but I can’t do it and not feel a little bit like a fraud. I was always told ‘Write what you know!’ and that gave me the courage and confidence to hit the publish button on a lot of posts here, and my books. Certainly I wasn’t raised to not be confident, which is funnier if you know my father. I have absolute confidence in myself and my abilities. I know I can do things, but still I get scared.

    Here’s what I do know. At some point in my life, I lost that ability to be certain at all times. But only when I’m alone. Before I speak at a WordCamp, any WordCamp, I am tense and stiff, not very funny, anxious, and nervous. People get a lot of crappy pictures of me that way. I told the photographer at Las Vegas “It takes a bit for me to warm up. As soon as I start talking, though, I’ll be fine.”

    And this is true. Once I start doing it, I’m fine. As soon as I hit publish, the fears were gone. As soon as I did something I felt great. This is true pretty much all the time (except the one time I clearly remember thinking “Bad choice! Bad choice!” and it ended in broken bones). I know it won’t be perfect, and I know I’ll probably have to go back and fix things, but that’s alright.

    Que es la veritat?

    What is the truth here? Am I really lying to myself at one point in this process? Do I really know nothing? Why can’t I, or anyone, just shake it. It’s not true, and I know it, that I’m incapable of things, but fear and all this stuff that’s ‘in my head’ is frustrating especially because I know it’s pretty much all in my head.

    The point, and this comes back to why this is on my ‘tech’ blog and not my personal one, is that what holds us back more than anything else is ourselves. The reason I don’t code ‘as much’ with core is not because I can’t but because I still feel awkward and slow when doing so, which holds back a process which is running along so fast now, it can hardly stop to wait for me.

    But instead of grumbling and giving up, I’ve been slowly, steadily, working on what I can do, making it good– no, making it great, and moving forward with that. Sometimes that develops into a patch, and sometimes it means I write a long blog post about things and what they mean to me, or how I learned them.

    That’s my truth. The only way to keep fighting that impostor feeling is to ignore that inner-me telling me I’m not good enough, accept the fact that I’m probably not fast enough for the rapid development world, and just truck on keeping up and fixing what I can, when I can.

    But this is my answer. It’s not going to be the same for everyone, and that’s why I can’t (yet) write a book about this. Because there is no answer for everyone, or even enough people, to make that doable. Still, know this. If you did something, if you tried something, then you did it. You tried it. No one can take that away. Not even that really annoying inner you who thinks you suck.

    Because you don’t suck.

  • Open Source Olympics

    Open Source Olympics

    I try never to argue about the ‘spirit’ of the law these days and god help me if I ever consider talking about the spirit of GPL. But I do have a firm belief in the spirit of what Open Source is and how that impacts what we do.

    I generally tell people I’m a Socialist and that’s why I love Open Source. It’s also true that I love the Olympics not because I want my country to win (I rarely keep track of medal counts) but because I want to see people exceed their expectations and go higher, faster, stronger. I cheered when the Dutch finally won the shorter length races in speed skating. I was sad when Simon Ammann did not place in ski jumping (I’ve been watching him jump for 16 years!). I was delighted to finally see women’s ski jumping!

    But if I wanted to sum up exactly why I love the Olympics so much, this single viral photo sums it up:

    Russian skiier, Anton Gafarov, gets a new ski from Canada

    If you watched the US broadcast of the men’s cross country finals (individual sprinting – they’re basically doing running on skis, it’s brutal), you saw Anton Gafarov wipe out, or at least part of it. They readily admitted they missed why he fell, but rewound so you could see this poor guy, skiing in his home country, come flying down on his back, behind the other skiiers, and crash into the wall. He lay on the snow in anguish, because he knew he would never get a medal now. He had trained his life for a moment that may never come again, and that hurt.

    But, and this is what you didn’t see on NBC, Gafarov got up and kept racing.

    Russia's Anton Gafarov falls with a broken ski during his men's semifinal of the cross-country sprint at the 2014 Winter Olympics, Tuesday, Feb. 11, 2014, in Krasnaya Polyana, Russia. (AP Photo/Matthias Schrader)

    And then he fell again, because (as you can see), his ski was broken beyond repair. It would be illegal for him to finish on foot. His race was totally done. In a sport where the difference between first and second is tenths of a second, he was out the moment he fell, but now he wouldn’t even be able to place and would end his Olympic experience disqualified. If you’ve never been a part of a competition where you DQ’d, I promise you that hurts way worse than not placing well.

    That’s not where the story ends, though. Go back to that first picture. See the guy on the right side getting him set up with a new ski? That would be Canadian coach Justin Wadsworth.

    Canadian coach Justin Wadsworth ran to Gafarov with a replacement pair of skis and putting them on.

    Wadsworth took new skis out, helped Gafarov put them on, and thus the Russian finished the race (in dead last) to rousing cheers from the crowd. When asked by Canadian news site The Star why he did it, the answer was simple: “It was like watching an animal stuck in a trap. You can’t just sit there and do nothing about it. … I wanted him to have dignity as he crossed the finish line.”

    We love to say that the Olympics are about overcoming adversity and doing amazing things, but much of Olympic spirit is inclusion and helping others. It’s never ‘us versus them’ but ‘look at how cool humans are.’ And to me, that’s what I mean when I talk about the Spirit of Open Source.

    Open Source is about people creating amazing things in an open environment, without fear of restrictions. It’s giving incredible freedom to let the art of code shine through the function, and it allows for astounding advancements because of that. But it’s also about making things better by doing it together, and by enabling the next guy to take your work and do more.

    If we see someone who has a need, we try to meet it. Not always for those wants (like I’d love a new iPad and laptop, but I don’t need them), but when someone’s in a massive car accident, or loses a job, or wants to go to an event and can’t afford it, we move heaven and earth.

    Open Source would bring Gafarov a ski.

  • A Monstrous Regiment of Content

    A Monstrous Regiment of Content

    Any similarities to website configurations, current or defunct, is probably somewhat intentional. But I’m not naming names here in this tale of woe.

    The situation:

    You have your website: domain.com

    You have a staging version where you test all your code: stage-domain.com

    Your coders edit the theme code, install plugins, configure them, etc. At the same time, your editors edit content, make posts, etc. The code (plugins etc) is managed by Git because you know you should be using versioning. The posts are not because… WordPress.

    The Problem:

    In order to post content, you have to push code and content up to the production server. This means that if you’re trying to upgrade WordPress, you have to put a hold out on content until the upgrade is done. How do you keep the two in sync, without goobering your content?

    An Answer:

    Decouple content and code.

    First let’s version control the php files. This means your themes and plugins will all be edited on staging, and when you’re done, you check the code in and then check it out on production.

    Next we attack the DB. Have a job that, when you check out files in production, it copies up only following tables:

    _options
_users
_usermeta

    This means that all your code (plugin settings, theme settings, etc) gets pushed live, and all your content remains isolated. If you have extra tables, you may need to make allowances for them (like, say _podpress or _badbehavior), but you can find them quickly looking at the current DB. You’ll want to add these as necessary, or not. I’d count _podpress as ‘content’ and leave it out (we’ll get to what to do with it in a second), and _badbehavior as transient data.

    A military regiment marching in a paradeOn production, you have your content makers be Editors. They edit the content live (because you trust them). If you want to be extra secure, lock down the server via IP rules. At the end of every day, run a reverse sync, where the staging DB’s posts and content are replaced by the live site’s, thus ensuring everyone has the ‘live’ data. Obviously you’d want to script in a serialization safe search/replace after every sync (and have an auto-backup taken before any messing about starts).

    It’s in the copy back that we decide what to do with the other files. Either make an exclude list or an include list, whichever makes you feel safer.

    Includes would be:

    _commentmeta
_comments
_postmeta
_posts
_terms
_term_relationships
_term_taxonomy

    And then anything else you want like _podpress (see? I told you I’d get back to this).

    Excludes would be anything I have in my push script from before, so _options etc. To this I’d also add _badbehavior or anything transient. I don’t really need it.

    Pitfalls:

    Featured PageContent isn’t just posts and pages. What if your ‘editors’ need to edit widgets?

    What if they don’t? StudioPress’s Genesis Framework has a totally awesome widget called “Featured Page” which lets you pick a page, check options, and off you go. What if you had a page called ‘Header Widget’ and in your widget area for Header, put that widget, pointed it to that page, and checked ‘Show Page Content’? Now your editors just need to edit that page!

    What if they still do? Grab a plugin like Members and make a special role for “Super Editors” to let them make widget changes. Of course, now you have to uncouple _options and you’ve lost some of the magic here. This is a bad idea. You want to decouple content and code. Using Widgets for this is a cool idea, but what if you did it another way entirely. What if instead you used custom post types, and just had it show the most recent in the ‘spot’ for that header? Say you wanted an ad to show at the top of the page. Make your CPT for ‘header ads’ and write a post. Then schedule another for Wednesday at 3pm. Boom, your ad gets replaced! This also makes it easy to go a step further, make a Role for Marketing or Advertising, and now only they (and admins) can mess with ads. Downside there is you may end up with a lot of CPTs.

    What about when WordPress updates? Well, that’s something to be careful over. If you update staging to (say) 3.5.1, but production is on 3.5, the tables will get updated. Thankfully, WordPress rarely messes with posts and comment tables. The ones that normally get poked with an update is _options, and we’re syncing that anyway. Still, you should set aside some time to test in staging before you go ahead and push this. Since we’re only posting content on production, this will have no impact on your editors.

    Alternatives:

    Put the content tables on another database. While WP doesn’t make it as easy as it does for custom user and meta tables, certainly you should be able to fiddle with that. Then just sync the rest of the tables. Code like hyberDB already lets you split the DB for load balancing, so you could fork that.

    Or … Sync the whole database. But that defeats the purpose.

  • Forget 100%

    Forget 100%

    Can I tell you a secret?

    Kids doing karateI hate the five nines. The Six Sigma Stigma has me wishing that everyone who tells me they’re a ‘black belt’ please die in a fire. It’s not that I don’t think that the process can work for some people, or that it’s useless as a whole, but that I think too many people treat it like an MBA. “I did this thing for a few months, I am now an expert.” I had a bunch of coworkers who did that. I hated them. I got to the point that if you said “We need five-nine reliability” I had a Pavlovian reaction that involved me rolling me eyes and tuning out.

    Now this doesn’t mean than I don’t think 100% ‘uptime’ in anything is a nice goal, but I see it as a lofty goal. Look, you know this stuff already. I will not walk down the stairs successfully 100% of the time. I will not have the next key I strike on my keyboard function as I expect 100% of the time.

    So moving this off and saying “I don’t need 100% uptime, I need 99.999% uptime.” doesn’t actually change anything. In fact, I’m willing to bet that a lot of people look at the five 9s and think that it’s so close to 100% that they should never see or notice an outage. Thanks, Six-Sigma people, you just made 99.999% synonymous with 100%.

    That wasn’t the secret, though.

    My secret is that I don’t care about 100% uptime in anything.

    I worked for too long in deployment to understand that there is no such thing as 100% uptime for anything. There are ways to minimize and mitigate downtime, and there are ways to make sure it causes as little impact as humanly possible, but there’s no way to avoid it. Ever reboot your computer? Of course! Ever upgrade WordPress? You have then experienced downtime. It’s a nature of life. I expect it, I don’t sweat it.

    So if I don’t care about 100% uptime, what do I care about?

    Reliability, accountability, responsibility, and timeliness.

    I was reaching for the words that end in “ibl”, but really the root ofable is my concern above all else. Are they able to handle it when things go pear shaped? Are they able to fix problems quickly, correctly, and efficiently? Are they able to prevent the exact same error from happening again? Are they able to own up to their mistakes?

    Two wood models fighting over moneyI don’t expect anyone to do all that 100% of the time, but I expect them to care about the things that are important to them as an entity. My webhost should care about the severs not being on fire and serving up webpages. My bank should care that my money is safe and available. My government should care that it’s … Too soon? Anyway, the point is that you should care about what you do, and provide the best service you can. Now, if 50% uptime is your best, maybe I’ll look for someone else. I am reasonable about these things. If email goes down, how fast did you get it back up? But to me 50% isn’t reliable unless I’m looking for something that, intentionally, only works half the time.

    All this said, I don’t actually look at the uptime numbers all that much, unless I feel that the reliability is sub-par. The actual numbers, the metrics, the absolute “This service is up 100% of the time or your money back” is not really what I count on. My friend Pippin said it wisely the other day:

    I have far more faith in a company that encounters occasional problems but responds incredibly promptly than one that has fewer issues but doesn’t respond half as well

    He happened to be talking about a brief (like 10 minute) outage on his site when all databases were inaccessible.

    Don’t bank on the percentage, bank on the ability to react and come back.

  • Just Ask

    Just Ask

    Someone asked me why I spoke at some events and not others. Or why I was on some podcasts and not others. For WordPress, I do generally apply to speak if I’m going (for what I consider obvious reasons, I’m good at it and I actually enjoy it, shut up Jenifer, you were right) but I also like going to WordCamps just to learn and be social in a businessy sort of way. This is my job, after all.

    So why did I talk on WPWatercooler or MeetWP or The Matt Report? Why did I do the interview with Code Poet? It’s so simple you’ll laugh.

    They asked.

    Just Ask: Woman stretching out her handI very rarely say no. The two days I tend to are Fridays and Saturdays. I’m not online Saturday, and Friday is usually pretty busy for me. Okay, and I admit Sundays I’m usually out at the archery range or solar (it’s an arts and crafts thing), but still, with enough warning I can make some time. The point being, I’m totally fine with people asking me “Hey, can you be on our thing?” Unless you’re totally hate filled, anti-everything, jerks (which is … surprisingly hard to find in the WP world), I’ll likely say yes if I have the time.

    Mind you, I don’t listen to or watch most podcasts or hangouts in real time. I just don’t have that time anymore. I have a backlog saved, and when I’m at work, I play them on my iPad when things are slower.

    I am sorry to have had to turn down WordCamp Orlando last year, but I’d just come off of three funerals and 6 events in 8 weeks, and I was burning out emotionally (I’m putting you on my list for 2014!). I’m sorry I had to turn down a same-day request from the Matt Report once, but it was just phenomenally bad timing that day. I didn’t even see the email until it was almost too late. Yeah, that kind of day.

    The point to all this is that while I know a lot of people don’t find me super approachable because I like having my personal space respected, and I feel that an unsolicited email is roughly the same as a phone call, my real intent with that viewpoint is to make you think. Think about what you’re asking. Think about what you’re giving to people and what they’re giving you. Don’t take brutal advantage of their good nature, and always respect them as humans with lives and agendas that may not be 100% the same as yours.

    See that’s not hard? Give and take is what makes WordPress great.

  • SSL for One Domain on Multisite

    SSL for One Domain on Multisite

    To start with, I made a mistake and assumed, bad me, that the Terms of Service that let me collect donations for my ebooks would similarly be okay with collecting payments for said ebooks. Alas, no. “Digital goods including digital currency” are not permitted, and that was my bad. It resulted in me losing my entire account and having to fight to get my customers their money back.

    Meanwhile I decided to get started on making an easy way for people to pay and stay on my site (like Stripe), and this, no matter what, means I need to have SSL.

    Normally that’s not too much of a problem, but my store happens to be a subdomain of a mapped domain on a multisite. My WordPress install is at ipstenu.org. This site is actually tech.ipstenu.org, and my store (store.halfelf.org) is actually hshop.ipstenu.org (stands for HalfElf Shop…). I used domain mapping to point halfelf.org to tech.ipstenu.org, and store.halfelf.org to hshop.ipstenu.org. While I could just edit the site and home URL in the ‘Edit Site’ page, domain mapping is needed for in order to tell WordPress that the domain is really a thing.

    Setting all that up was the easy stuff, though. The SSL part was something I’ve poked at before and given up, since multiple domains and one SSL cert is a pain in the ass. But today, if you go to the Half-Elf Warehouse, you’ll see it’s all SSL! (NB: It was. It’s now only SSL on pages that need SSL, to allow for better caching.)

    You will need….

    SSL Certs

    This is the easy part. You need an SSL certificate for the domain you need to protect. If this is the only domain you want to add this on to, it’s relatively easy. If you need to add SSL on to multiple domains, check with your webhost.

    I actually have multiple SSL certs. The problem with multiple SSL certs is that a wildcard one for subdomains costs around $300 (this is on Comodo), and I have three domains I need to protect on one server… Oh. Wait, wasn’t this a problem before? As it happens, I’ve got SNI on my Apache instance now, so that was fixed. I picked up a cert for store.halfelf.org and set it up, done. Except…

    Add-on Domain

    Why this? Well it’s funny. I used to always tell people ‘Use Parked Domains, it’s way easier’ and this is still true, it just has a caveat of ‘unless you’re trying to use SSL.’ Now that I am, I hit a sticking point where a parked domain cannot have it’s own SSL cert, but an add-on domain can. This was a simple fix. I deleted the parked domain and flipped it to an add-on domain. Then I added the certificate in for my site and now I have https on ipstenu.org and store.halfelf.org but not halfelf.org. Why? Because halfelf.org and store.halfelf.org are separate add-on domains. Had I bought a wildcard cert for halfelf.org, I could have made halfelf an addon, and store.halfelf a parked domain on top of halfelf, but this works too.

    The other option, of course, is a multi-domain cert, which is too much money for my tastes, and I don’t need it all the time. I have SNI, which makes this so super easy for me, it’s silly. Just add the cert for the domain and have a party.

    WP-Config

    But today I only want to force one of my mapped domains to be SSL:

    if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) {
    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);
}

    No that was it. If it’s two domains, it’s this:

    if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) { ...}

if ( $_SERVER["HTTP_HOST"] == "ipstenu.org" ) { ...}

    and so on and so forth. Why not using an OR check? Because it failed miserably when I did that. I suspect it’s due to ipstenu.org being my main domain, but I was tired and stopped here.

    .htaccess

    Okay, now I want my domain to default to SSL when people visit too!

    RewriteCond %{HTTP_HOST} ^store\.halfelf\.org
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://store.halfelf.org/$1 [R,L]

    That was easy.

    WordPress SSL

    What about making everything on my page load SSLish? Install and activate? That was it? Oh. Okay.

    Verify!

    https://store.halfelf.org

    Hey! Looks good! Actually I’d had a problem when I first ran this.

    Chrome's Warning for SSL

    Yeah, that little yellow triangle. What the heck did it mean? I trotted off to Why No Padlock? and got an error:

    SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
    ERROR: no certificate subject alternative name matches

    That didn’t help me at all, so I viewed page source and looked for http://store and didn’t find anything. Then I looked at the console and saw that it had an error on some JS:

    //Moral? Always read the ToS.