Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • Gaining REM

    Gaining REM

    Not sleep… And not the band.

    REM (the band) in 1981I was reading Breaking up responsive design on Yoast.com and, like pretty much everyone else, they’ve been been scaling down the browser base font to 62.5% for a while now. The default font-size for most browsers is, as it happens, 16px. The problem with that 62.5% call is that, at least on Chrome for Mac, I ended up getting a flash of 25.6px fonts before the page would load right. Turns out that wasn’t just me, and it’s the bane of 62.5%

    So the fix would be to make my font 100%:

    html {
	-webkit-text-size-adjust: 100%;
	font-size: 100%;
}

    And then I’d have to re-do all my font calls in my CSS because they were all based on 14px. This made me stare at my child theme on another site for a while, and finally knuckle down and script in better font handling, because the idea of manually cranking through everything was too daunting, even if I used REM Calculator to sort out my px/em ratio.

    Still, doing this still meant I’d still have a lot of stuff like this:

      font-size: 16px;
  font-size: 1rem;

    Bah. Who want’s that? It was time to get sassier. I went back to Tracy and came up with her use of “Mixins.” And this is where Sass gets weird. It can do my math for me. This was, I admit, what originally made me interested. But in July it was a theoretical attraction. By December it was love. See, Tracy did the math with her sass-responsive library, which she calls a library of variables, mixins and formulas geared towards Responsive Web Design using Sass.

    I called it _taupecat.scss but we’ll get to that in a second.

    The first step would be to split up my files. See, I’m using Genesis, and they have a handy table of contents for all the sections, so I just made each section an import:

    /*
HTML5 Reset
--------- */
@import "normalize";

/*
Defaults
--------- */
@import "defaults";

/*
Structure and Layout
--------- */
@import "structure";

    List of my sass files I admit, this gives me a million files, as you can see in that image on the right, but it’s actually pretty easy to figure out what’s where. It took me a while to get everything where I wanted it, and while I could have used Bones for Genesis, I know me, and like using Git is the fastest way to learn it, so is using Sass. So I started with the basics of splitting it up like imports. Also I didn’t want to add in Compass to my mix just yet.

    I named my files _section.scss and they all consisted of the normal CSS for each section at first. After all, the first step is segregation of code. The second step was to use Tracy’s code and change all instances like this:

    	margin-bottom: 24px;
	margin-bottom: 1.5rem;

    to this:

    	@include rem(margin-bottom, 24px);

    And then

        padding: 0 12px 0 40px;
    padding: 0 0.75rem 0 2.5rem;

    to this:

        padding: 0 12px 0 40px;
    padding: 0 cr(12px) 0 cr(40px);

    This lets me use Tracy’s cool files and her hard work to make mine way easier! Basically I no longer have to math out that if 16px is 1rem, then 32px is 2rem, and that means 40px is 2.5rem and so on and so forth. It’s faster. Of course, since I’ve done this in pixels, it takes me a teensy bit longer to use inspector to fiddle, since I have to uncheck the rem and edit the px, but I’m okay with that.

    I also tossed in two special calls:

    @import "settings";
@import "taupecat";

    REM (band) in 2011The taupecat has all of Tracy’s code, and settings… well that’s for another post about how I’m controlling my colors and the fonts. But for now, well, all my font sizes and paddings are dynamic. It does mean I have to rebuild my css every time I make a change, but if you ask me, that’s better than math sometimes.

    That’s why we have calculators, right?

  • Your Slides Suck

    Your Slides Suck

    At WordCamp Las Vegas, I had a watershed moment of privilege realization. I’ve had these before at WordCamps, like Portland where I realized how much I rely on my phone for the Internet, and what that actually means to other people (thank you Eric Mann for that one, you should post those slides!). This time it was as simple as AccessibleJoe asking my new friend, Rebecca, if she could help him. I glanced over and saw that Joe was sitting with Laura Legendary.

    Laura’s blind.

    In that instant, the very second I saw her cane, my mind wiped out every single thought I had and focused on this. “Holy crap, my slides are worthless. Not just on the screen today, but when I give the URL out, because they’re all IMAGES.”

    See, while I use SEO slides, my slides are a PDF imported from PowerPoint, which makes them a bit honking waste for her. No text. No tooltips. The deaf similarly were left out until they read the text posts I tend to make as a follow up to my slides, but since my slides are a counterpoint, or emphasis, to my speaking, I really greatly on what I say and how I say it. That means my slides are absolutely worthless to anyone who is differently abled.

    When Rebecca needed to go away before Joe got back, I offered to take over, introduced myself, and said “I’m sorry, my presentation slides are worthless to you.” Laura was kind enough to explain to me the situation, demonstrate how she used her phone (before her own presentation where she showed everyone exactly how much running a website sucks. It blew my mind when she said there was only ONE theme she could find that was accessible on the front and back end so she, a 100% blind person, could manage her site all herself. And then she only had one plugin for an estore that worked.

    Zoidberg: Your slides have bad accessibility and you should feel bad One.

    Single.

    Theme.

    If that doesn’t slap you in the face and make you think you’re doing something wrong with your programing, allow me to do this for you.

    We suck. We are inconsiderate. We are selfish. We are ignorant. We have no idea how hard the web is for people. Even though I do spend a lot of time working on my site to make it easier to read for the visually impaired (that is people who hate small fonts), I have no idea how crap my site is for the actual blind.

    Want to know how bad it is? Close your eyes and try to use your site. Go on, make a post. If you’re on a Mac, there’s a tool built in for this. I played with it the other night and was galled at how hard it was to get around the customizations of a theme. To write code, I rather expected to be hard, but the theme settings (not the customizer built in, the settings from Genesis) were not very easy, even though I knew what I was looking for.

    Sad smilie face in a sea of happy ones.So my pledge to this starts here. I’ll be making all my slides on SEO slides from now on, with long descriptions and alt text for everything, to make my slides more accessible. I will continue to speak clearly concisely, and more over, I will print up my slides notes in advance so I have them right there without having to use PowerPoint.

    I love PowerPoint’s ability to have speaker notes, but it relying on them means I made my efforts fail for some people, then it’s time to do something new and different. I’m still going to keep my slides with few words on it, but with the SEO Slides features, I’ll be able to show the ‘notes’ (I hope, right guys?) so the deaf can read and follow along. It’s not perfect, but the only other idea would be to learn sign language, or get my wife’s up to the level where she can do that for me.

    Challenge accepted.

  • Genesis Design for Gummies

    Genesis Design for Gummies

    You’re not a dummy, right, you know how to write and you know what’s good and what’s not, but the last time you had to edit your CSS your site went white. It’s worse now that you’re using this awesome theme called Genesis where every design is a ‘child’ theme that you don’t even want to edit because if WordPress taught you anything it’s that you don’t touch the plugin and theme files!

    Gummie BearsWell great. Now what?

    I’m not a consultant. I suck at it, I hate it, and I don’t enjoy it. My friends the Norcrosses over at Reaktiv Studios are a dev agency that makes themes and plugins and even updates (they’re not paying me or compensating at all for this statement, I don’t even use ’em, I just like ’em). They’re good at it, and to make their life, and your life, easier, they came up with a new plugin called Genesis Design Palette Pro.

    Previously, if you want to edit your theme, I would have said to use Jetpack’s CSS editor. Heck, that’s really what I do here, since it keeps revisions of your css changes. But most of what people change are the standard things that make your site look like an individual. The CSS is just a wall of weird, codey, text thing that made no sense when I first looked at CSS back in 1999. And that’s really how everyone did stuff back when Prince was en vogue.

    But now there’s that nice Theme Customizer built in to WordPress that lets you edit the most basic (and most commonly used) aspects of your site right there and see the changes live! Wouldn’t it be nice if every theme let you play with its design like this?

    Example of the Theme Customizer

    Come here. Closer. The Genesis Design Pro plugin does that for you in a way that looks ‘right’ and familiar. Don’t believe me?

    Design Pro screenshot

    Looks familiar, don’t it? Okay, it’s not exactly the same, yet, but give it time. You can edit for mobile or desktop, adjust colors and padding with simple interfaces that are way easier for a lot of people to master than the weird CSS world. You can even add that freeform CSS if you want.

    I think my only wish for it would be to have an export to css function, so I could design everything, save it, and then plunk it on a site as is.

  • Videos: Local or Service

    Videos: Local or Service

    One of the hardest things to do is sort out where and how to host videos.

    The problems

    Let’s be direct here, videos are still one of the messiest parts of hosting websites, because of two major reasons:

    1. Multiple formats
    2. Bandwidth

    I used to have “File size” on there, but these days with most of us having at least 5G of space on shared hosts, it’s not an issue. The other two are big problems. Since it’s 2014, I’m sticking to only HTML5 video stuff right now. It’s backwards compatible enough. If someone’s on IE8 or earlier, they’re left in the cold, which I feel bad about, but that was released in 2009 and while I know my last job was struggling to get off it in 2012, my ‘workaround’ was to include a line below all videos that says “Can’t view this? Click here…”

    Multiple Formats

    No MIME Found screenshotGot an iOS device? Great, you can’t play Flash, which means the smallest compression out there (flv) won’t work. There are a lot of different formats. Just have a look at the breakdown of HTML5 video browser support for a moment. It gets messier when you’re an Open Source advocate and you realize how jacked that makes you with iOS, which is pretty much ‘MP4 or GTFO’ these days.

    Don’t forget that Firefox doesn’t like MP4s either (see the screenshot to the right) so now you must include a webm or ogg file to make that happy. This means, in order to get the broadest audience, you need to include at least two formats of video. This touches back to the ‘File size’ issue that I don’t really think is much of an issue these days.

    This is a hassle since most of us don’t have a lot of great tools to take our amazing video of ducks and turn it into these other formats. I use Miro Converter or Handbrake much of the time to convert things, but by no means are these profession quality. Hang on to that thought, I’ll be back.

    Bandwidth

    Sometimes people lump this with File Size too, but bandwidth is how we measure how much data you’re sending when people visit your website. We relate it to file size because larger files use more bandwidth. Obvious, right? Videos are large files, so they use up more bandwidth. Right now I get 5TB of transfer per month before I have to pay extra, and my average is 150G, so I have a ways to go before I need to worry about it. That said, not every host is as generous, and remember that ‘unlimited’ means ‘within reason’, especially with Shared Hosting.

    There’s also a related concern we call ‘hotlinking’ and that’s where someone takes your images (or videos) and links to them directly, which means they;re using your content (and bandwidth). When someone does it to you, we call it bandwidth theft. When someone does it to YouTube, we call it ’embedding media.’ Personally I use Perishable Press’ ultimate hotlinking strategy and block all my images and videos from this.

    It’s actually the concern of bandwidth and the availability of embedding media that drives many people to external hosting.

    Your options…

    Now that we know what makes this hard, what can we do? it’s pretty simple, we can host it ourselves, knowing these woes and being prepared to address them as they come up, or we can host our stuff elsewhere. For many of my friends, this is a no-brainer. Host it elsewhere, pay a little extra, but have all the technology headaches solved for you.

    But.

    I work a lot with fansites and they face two major hurdles. Posting some videos is, strictly speaking, illegal as all get out. That 6 second clip of Mulder and Scully? Illegal. Hosting it? Illegal. Making money off it via ads on your site? Illlleeeeeeeeeeeegggaaaaallll.

    You get the idea. But they’re going to do it anyway, and unless they decide to turn it into an animated GIF (still illegal actually according to some sources), they’re going to have a small video to host. Where can they host it?

    Film stripThe only place is their own server. Now, legally, you have to be given time to comply to a takedown DMCA notice, and really these monolithic companies are supposed to send YOU a takedown before going after your webhost with a demand, but that doesn’t always happen. Many fansites are banned from YouTube because of those clips, so it’s always going to be a fear.

    Do I think that clips of TV shows should be illegal? Not within reason, no. I think a small clip, under 2 minutes, can be awesome advertising. And now a days, a lot of shows put their own, official, embeddable, clips up online. Of course… they also remove the clips after a while, which defeats the purpose, I feel.

    What’s wrong with hosting locally?

    Really? Nothing. It’s just hard, complicated, and complex. If you can do it, I actually suggest you do. You can embed most video files in WordPress these days, so it works well. I wouldn’t do it for large clips (I don’t go over 10 megs myself), because it can and will slow your site down.

    Mind, I wish WordPress.com’s video server code was up to date. I’d like to try that. Still, that’s where I am today. I’ll put in the effort and minimize my risk.

  • Your Username is Not A Secret

    Your Username is Not A Secret

    I keep seeing this pop up. “Your CMS is not secure because it makes your username/id public! Once a hacker has that, they can try to break in!” At one point I snapped “Sure, and your house isn’t secure because someone knows your address.”

    Secret FilesIt’s one of those logical fallacies that seems vaguely accurate on the surface, but really are just plain wrong. On some level, you’d think that if a hacker doesn’t know your ID, they can’t get in, but the reality is most hackers, the surface level idiots who are trying to break into any site available aren’t checking for your user ID/Name, they’re looking specifically for a vulnerability, like they did with the TimThumb accidental (D)DoS.

    In addition, they’re not usually looking for your ID when trying that brute force login attack. The practical difference between someone trying to log in with “admin” and someone trying to log in with “ipstenu” is pretty negligible, since they’re killing my server before they get in anyway.

    As I wrote this, I thought what it would be like if there was a mod_security rule that checks if you’re trying to log into a site with the username ‘admin’ and, if so, blocks you from being able to log in. Of course, there are millions of sites with millions of CMS tools, and for some you actually cannot change the admin account name away from admin.

    WordPress is not alone in thinking your username isn’t a secret. Drupal also thinks disclosure of usernames/id is not a security risk. In fact, Google doesn’t think your ID is a secret. After all, you can log in to Google’s devices with your email, and everyone whom you’ve ever emailed kinda knows that. “Oh, you emailed me from ipstenu@gmail.com? I’ll attack that!”

    Now of course, if you try to log in with that too many times, you lock your IP out. And similarly, if you try to log in to my server via SSH too many times, the same thing happens. Have I ever locked myself out? You bet. Less since I switched to 1Password and SSH keys, but it still is very effective.

    Why isn’t this built into the core of most CMSs? Because a CMS like Drupal and WordPress is not as volatile as, say, the healthcare.gov site. The danger that comes from someone getting into my blog is minimal compared to someone getting into my email. But again, everyone knows my email account, so they’ve always got one half to the puzzle right then and there.

    Top Secret FilesOne of the other primary reasons this isn’t built in to WordPress is that it’s hard to do right, and in a way that will work on all servers, and in a way that will be easy for someone to undo. I said I locked myself out a couple times, right? I can unlock myself with a device on another IP, or I can call up my webhost and tell them my IP and can they please unlock me. Now flip that to your blog. How do you handle it? Who do you call? Do you make this a ‘solvable by the host only’ problem? Can you envision your host being happy about handling that?

    Not that I’m passing the buck here. There are plugins and extensions that do this, but they’re still best used by people who already understand security than by the common man, because the people who know what to do when they have to edit a .htaccess are the ones who probably already know how to pick a secure password, or install two-factor authentication already.

    All this comes back to something blindingly obvious though. Everyone is going to know part of your access. The reason we tell people not to use ‘admin’ as a login ID is not because it’s more or less secure, but because it makes it easy for script kiddies to target. Remember, most of the time when you’re being attacked it’s nothing you did personally, it’s just a script running. When it’s someone who has an absolute vendetta against you, your userID is the least of your concerns.

    The crux of the matter here is that your username is not a point of authentication, it’s a point of identification. Giving you an identification (I am Ipstenu) is not the same as giving you data that can be used to authentication (my mother’s maiden name is Jones; I was born in Battlesboro, VT; My favorite superhero is the Flash). There’s a reason we call them ‘Secret Questions’ as they’re both identification and authentication. Only I would know these things. And no, that’s not true, which is why secret questions are pretty useless. The more obscure they are (my first maths teacher) the less likely I am to remember them correctly. “His name was Smith… Now did I put in Dr. Smith, Mr. Smith, or Smith? Oh wait, how did he spell Smith? Smythe? Smyth? I know people with all those spellings! Which was he?”

    So no. Your user ID is not a secret, nor should it be. I spend no time hiding it.

  • Welcome the Warehouse

    Welcome the Warehouse

    It’s January and my ebooks are now located at http://store.halfelf.org/ and managed by Easy Digital Download. The WordPress Multisite books have been seriously updated for WP 3.8, with new screenshots, new plugin recommendations, and some simpler layouts. If you downloaded them before, you may want new copies now (and there’s a new one on plugin support!). But let’s go back to EDD.

    It was really that easy

    About three years ago, I thought about selling my ebooks on a dedicated site (ebooks.ipstenu.org) but it never worked right, and I didn’t like it. Then I tried just tracking the downloads with a plugin, but that was more work and I was getting a little twitchy and obsessive about the metrics. So for most of 2013, the downloads weren’t tracked at all on this site. But when I was redesigning my site, I knew that I really wanted to try this plugin my friend Pippin wrote: Easy Digital Downloads

    I want to note that I had decided to play with the plugin before I read Chris Lema’s post on Easy eCommerce & Membership Sites using WordPress. Which doesn’t have anything to do with anything except that he’s right, it’s easy, and anyone can do this. And as Chris pointed out, the tools can make it fast and easy for me. A couple years ago, I’d tried to make an online store for my wife and ended up telling her “This is too complicated, I can’t do it. Let’s use Etsy.” But that was physical products and this is digital, and we’re in California now which has a different law about selling digital items that is so clear, I understand it at first glance.

    Publication 109, Internet Sales

    Your sale of electronic data products such as software, data, digital books (eBooks), mobile applications, and digital images is generally not taxable when you transmit the data to your customer over the Internet or by modem. However, if as part of the sale you provide your customer with a printed copy of the electronically transferred information or a backup data copy on a physical storage medium such as a CD-ROM, your entire sale is usually taxable.

    That is so much clearer than anything iBooks or KDP ever said, it’s hilarious. Since my stuff is all 100% digital and I live in California, there will not be taxes, which means I can sell things off my site, not have them be ‘donate if you want.’ Don’t panic, now they really are “Pay if you want.”

    About the Warehouse and Pricing

    If you’ve checked it out, you may notice the default price is no longer zero but $7.98 cents. As I started working on this, I really did get all the way through with a zero option before I realized … that was dumb.

    Icon of a BookI had a couple logical reasons for pricing at zero when I started out with this two years ago. First of all, I was entering unknown territory without any information. Secondly, I wanted to get my name out there. Third, I didn’t want a hassle. I still agree with Cory Doctorow about how DRM is evil, and the problem with only selling books is that people don’t really know if they like your writing, or if the book is worth it. Mind you, everyone could read my blog and sort that out for themselves, but I understand there’s a weird leap about paying even $0.99 for something you don’t know about.

    But let’s think about what this means. With a normal book, you buy it, you own it, and if you hate it you can bring it back for a refund. With eBooks on the Kindle or iBookstore, you ask for a refund, they take the book back. Since I’m DRM free, I don’t have any way to revoke the book if you want a refund. Yes, that means if you demand a refund on the Kindle you keep the book and I get bupkis. (Two people in the history of ever have asked for a refund – both accidentally clicked ‘Buy Now’ twice.)

    What am I getting from people not paying for the books? A whole lot of reading, that’s what. 3% of people who got 70 pages of Multisite knowhow paid ‘something’ for the book. And I’m not ungrateful to them. Getting that book out was really part of the whole process that landed me my job, speaking at WordCamps (which I surprisingly enjoy), and I’m incredibly happy with my life. But still, nothing from nothing, carry the nothing, does leave a person feeling a bit grumpy cat.

    So would I incur the wrath of the Internet by saying that, as of 2014, you have to pay for the ebook? I think I would have. Especially since I said I would never force people to pay (even tweeted that whilst working on the site). With that in mind, I decided to do this differently and have it default to pay, but also super easy to not pay. My wife called it the “RTFM Tax” because if you read the site, you’ll see the code, and pay nothing.

    Photo of a gateway into Mumbai, India

    On the sidebar is a notice about discounts for either 100% or 50% off. There’s also a ‘secret’ code of PIGS which drops the price of one ebook to $0.99, which is the cost of Angry Birds. I thought it would be funny.

    How did I come up with the price of $7.98? Amazon helped me here. Initially I mathed the average donation to $8, and I adjusted my price on the KDP a couple times before I sussed out that people actually like non-even numbers like $7.98 so I did that and then publicized the discounts. No matter what you pay, you get to download the epub and the pdf. The ebooks are all DRM free. You’re still permitted, no, encouraged to duplicate and give ’em away.

    Think of it like a GPL plugin you bought. Yes, you pay for the code, but once you bought it, it’s yours to use, burn, give away, or expand on. The one thing you can’t do is resell it as if it was yours. Which I hope you think is fair.

    Let’s have fun with ebooks in 2014! After all, my next ebook is about … ebooks.