Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • WPwatercooler – Multisite Edition

    WPwatercooler – Multisite Edition

    Half an hour kbittzing about Multisite with the players from WPwatercooler

    Credit: WPwatercooler

    It’s also going to be on podcast and sticher and apparently I have a nice, soothing, voice. Thanks, Cousin Dan, for the tips and tricks about that!

  • Command Line Cleaning WP

    Command Line Cleaning WP

    Blob-Town-The-Blob-1958-Documentary-@-Phoenixville-Pennsylvania-by-James-RolfeI’m a huge fan of the scorched earth clean up for WordPress. By which I mean when I clean up WP, I rip it out, scrub it, and reinstall. This scares the heck out of people sometimes, and if you’re doing it in a GUI, yeah, it can be sucky and time consuming. Me? I do it in 5-10 minutes, depending on if my cat wants to be petted.

    I’ve been asked ‘How do you do it that fast?’ so here are my steps for cleaning up WP, with the following assumptions:

    1. I’m working in the folder where WP is installed
    2. wp-config.php is in this folder
    3. WP is in ‘root’ (i.e. I’m not giving WP it’s own folder)

    If any of those aren’t true for you, adjust the folder locations in the commands:

    Download WP: wget -P ../ http://wordpress.org/latest.zip

    Unzip it: unzip -qq -d ../ ../latest.zip

    Backup DB: wp db export

    Pause. Here I’m using WP CLI, which makes my life way easier. If you’re not, you’ll need something like this: mysqldump --opt --user=username --password=password --host=yourMySQLHostname dbname > domain_com.sql

    Zip up the files I want to backup: zip -r ../domain.zip *.sql wp-config.php .htaccess wp-content/

    Set glob. Glob is scary, I know, but read about glob before you dismiss it (if you’re on korn, you can usually skip this): shopt -s extglob

    Delete files: rm -rf !(wp-config.php|wp-content)

    Pause. At this point, It’s probably wise to consider that my hack may be in my theme and/or plugin. If so, I want to nuke them and JUST keep my uploaded files, so I use this instead…

    Delete files: rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir)

    Pause again. No matter what, want to scan for evil files, but this way I do it over a much smaller group of files. Either way, though, I do want to scan the folder for evil, because leaving behind hacks in themes and plugins is really common. Also it’s a good idea to delete every plugin you don’t use, and theme as well. Since you really can’t delete all themes but one on a Multisite, this gets harder. Generally I don’t delete the themes automatically, but instead go in and nuke them one at a time, so I run this…

    Delete files: rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir|themes|mu-plugins)

    Now we can move on, knowing our personal files are clean.

    Copy it back: cp -r ../wordpress/* .

    Clean it up: rm -rf ../wordpress ../latest.zip

    And now you’re done! When you want to reinstall plugins and themes, I do via wp-cli because it’s faster: wp plugin install NAME and wp theme install NAME

    Then I activate as needed and I’m off to the races. If I deleted my mu-plugins, I copy those back from my backup zip, one at a time, checking each file for hacks.

    The best thing about this is you can apply the logic to any CMS out there. Just know what you have to delete and keep. The downside? It doesn’t touch your database. Rarely is this an issue for me, except in the case of the Pharma hack. I’ve not had a DB infected yet.

    Do you have a solid methodology for cleaning it up?

  • Plugin Wish: Login With Google

    Plugin Wish: Login With Google

    Now I know what you’re thinking. “Mika, there are a hundred plugins that let you log in via Google!”

    That’s not what I mean. Let me explain with a story.

    You have a business, example.com, and you use Google Apps for everything. Then you start tying this into other companies, like a time sheet company, that let’s you ‘Login with Google’ and redirects you to the right company settings. Cool, right? Kind of like this:

    replicon

    And you think you’d like an internal, private, blog, where people can post cat pictures. Or whatever. What if you could just have the login screen be that Google button? And you know there’s a bajillion plugins for it, but you want to have it be only people on example.com. So you@gmail.com can’t login, but me@example.com and dad@example.com can too!

    I want that.

    I have not yet seen it, but I think that would be an amazing plugin. By default, the domain it ‘validates’ would be the one on which it’s installed (so here it’d be halfelf.org), but you could override it (which is good, since I’d want to use ipstenu.org). Then you’d want it to ‘generate’ new users if they don’t exist, since you don’t want to have to add every single new person, right?

    Oh and you don’t have to terribly worry about that fired guy, bob@example.com, because once he’s fired and you disable the email account, he can’t log in!

    Some concerns of course would be Two-Factor Authentication. Also how do you handle multisite? I would envision a default nothing-set option for Multisite, where the network admin could network activate, and set the default domain there. Add in a check box for “Allow individual sites to override?” at the very least. Maybe a sneaky “Always allow the super admin to log in” setting too, though that gets complicated fast.

    Cliff Seal pinged me about this and said he’d been fidddling with https://github.com/logoscreative/wordpress-openid but he never finished. Who’s up for the challenge?

    And no, it did not escape me the hilarity of me, a loud “I don’t like Google owning all my data!” person suggesting this.

  • Change Your Code

    Change Your Code

    “Should I Recode?”

    Old Code (Lock)A piece of spam comment made me think about this, recently. The spam was along the lines of “My developer wants me to switch from .NET to PHP but….” I deleted it at that point, but it made me think about my father. My father wrote some software called Riskman, which is still being used today. And it’s written in Visual Basic.

    I don’t know how familiar you are with that, but Visual Basic was written in 1991, around the time my younger brother was born. Sometime around the mid 90s, Dad took Riskman (DOS) and made it VB’d. I remember this as I was in high school and my father explained some of the theory of programing to me (the basic math part at least), and is part of why I took some computer classes in college.

    But that was over twenty years ago, and VB 6 (the last version) was written in 1995.

    “You’ve Come A Long Way, Baby”

    When I was growing up, my grandmother Taffy ran her own business, and in the front office she had posters of the old Virginia Slims ads. I never asked her why. Among the many things Taffy did, however, she had a computer system at her company. This was crazy rare and crazy expensive at the time. In fact, it was so weird that when they went to get a loan for the computer server room, the bank asked “IBM who?”

    But they persevered, got the money and the servers, and kept going until the early 1990s, when Taffy sold the company to Capezio, computers and all. In between, they had direct dial-up on Novatel phones, which I quickly mastered at a young age, in order than I could handle data entry and Taffy could make me breakfast. Taffy changed with the times. She moved forward as it was needed, and was ahead of the curve in some things.

    The Only Constant is Change

    If you didn’t see Jen Mylo’s keynote speech at WordCamp Portland, check it out.

    Websites change. Design styles change. What’s ‘cool’ changes. The logical extension? Code changes.

    CHANGEIt’s nearly 2014 and my father is still coding in VB 6. I had to help scrounge him up a copy of it with a license when he had to reinstall it on his new laptop. It was monumental. At the time, I asked him why he didn’t upgrade to .NET and he replied that he’d have to recode everything. This means mastering a new programing style and possibly language. My father’s in his 60s and he’s gotten a little curmudgeony about this stuff.

    But at the same time I pointed out a horrible fact. One day Microsoft was going to release an operating system that didn’t work with old VB apps. Sure, an executable is an executable, but one day that old EXE won’t work right. Worse, you look like you’re not keeping up with the times, that you’re not adapting to the changing landscape, and for a risk analytics programmer, this may be critical.

    Code Changes

    Perhaps ironically, Dad asked me about what he’d have to do to make his app work on an iPad, and we discussed data storage, the cloud, and how to keep data in sync between devices. I showed him Byword, which stores my data and downloads it locally when I need it to. He started to look to the future of how people will use his program. They’re not just sitting in cubicles anymore, they’re in the field wanting to update stats on the fly and be able to communicate, then and there, the risks.

    He knows coding it all up for iOS is monumental. Unlike .NET, there’s no vaguely similar comfort level to the new language. This is a massive undertaking, and it brings up the question of if he should learn it, hire an expert, or get a new partner. For 20 years, this has been a one-man shop with the code, and bringing in someone new is a major undertaking.

    My first ‘big’ WordPress plugin sucks. I love Disabler, but I want to sit and recode it with classes and singletons and using the options table properly. It’s a massive undertaking, and I’ve been putting it off for a long time. No reason other than it’s hard. If more people used the plugin, I’d probably do it now because there would be a driving need. In that way, I’m like my Dad. I don’t want to learn all the things I need to do what I’d have to do to fix it, and it’s not broken so why bother? And like my Dad, I do consider the future, where it will take me, and what that all implies.

    Should you change your code?

    Keep Calm and Iterate OnChanging your code to improve it to meet the current standards is not a requirement for all of us. As an idealistic goal, yes, we should all strive for it, but realistically we are a limited resource. Should you totally change all your code from VB 6 to .NET? One day, maybe, if that’s where your clientele go, yes. At the same time, even if you choose not to change your code, you should keep an open mind. The future comes at you pretty damn fast, and sticking your head in the sand just because it works today will end badly.

    You should change. You should grow, change, learn, expand, and improve. As we like to say here in Open Source “Release and iterate.” Don’t settle, but also don’t change needlessly.

    The best changes are the ones you don’t notice because they feel like they’ve been there all along.

  • Facebook: Scam Artist

    Facebook: Scam Artist

    Stop me if you’ve heard this one…

    “Gain 500 likes! Just use our service!” or maybe “Click here to read how to get 1000 followers!

    If you’re like me, you hear that, laugh at the silly scammers, delete/block as spam, and move on.

    But … what about when you get this in your notifications:

    likes

    That’s not spam, it’s not a scam*, and it’s terrifying to consider. Facebook is sending me, as a ‘page’ owner, a suggestion that the only way to increase my likes (i.e. my presence on Facebook), is to pay them.

    Greed is Good

    I need to stop and tell you that I have absolutely no problem paying for things. Facebook provides a free service, and if they want me to pay them to promote my wares above and beyond the word-of-mouth business I’m doing, that’s awesome! Same with Twitter. These are business, and I’m totally copacetic, no, I’m totally in favor of paying them for above-and-beyond. Do I, as a user, like those ads? Generally no. But do I, as a business, appreciate them? Hell yes!

    And there in is the line between the goals. As a user, my goal is to do what I want without a hassle. As a business, my goal is to get users to interact with me to convert them into users on my site, and thus profit like an Underpants Gnome. The reality is, of course, not that simple, but as we like to say, there ain’t no such thing as a free lunch. The dichotomy of social media is never more apparent then when I want to put on my business hat and try and evaluate the usefulness of any marketing campaign.

    Blackmail is Bad

    There is, however, a major difference between being “greedy” (asking people to pay extra for extra things) and what Facebook is actually doing. You see, Facebook intentionally throttles you. Facebook stops a large percentage of your traffic from reaching the people you follow. I wrote that a year ago, and guess what? It’s still true. So what they’ve done is create a false economy. This is not like virtual gold farming, where I pay someone to mine for junk on a game, and turn around and sell it at a higher price. That actually makes a certain amount of sense in an open economy. Instead, Facebook is creating a situation where your hard work is absolutely meaningless, and the only way to get what you want is to pay.

    At least with Gold Farming, if I wanted to put in the time and effort, I could see the same results.

    Director of Product Marketing for Facebook, Brian Boland, told TechCrunch back in 2012 that their behavior of only letting 12% of people who follow your business see your post isn’t bad, because “… there are pieces of content you create that are interesting, and there’s some that are not.” (Your Average Facebook Post Only Reaches 12% Of Your Friends – TechCrunch, Feb 29, 2012.) I don’t know about you, but that doesn’t make me happy. Someone else is deciding if something I said was interesting or not?

    Viral is Voted On

    facebook-adsThe way we expect social media to work is like this: I make a post, people who follow me like it and repost it via likes or retweets, so people who follow them see it, read it, and the circle continues. So to many of us, it’s outright galling to hear that Facebook has always decided what is and isn’t ‘interesting’ and promoted your crap accordingly. Essentially they’re using Edgerank to decide if your content is worth sharing. The catch-22 of course is there is a practical limit to how organically you can increase your Edgerank score. That means to get higher, you have to pay, and now we’re back to blackmail.

    Now I, as a user, can change my feed to sort by ‘recent posts’ and not ‘most popular.’ And I, as a business, can write ‘more engaging’ posts and get my engagement (this is a technical FB term) up. I can get a pretty high engagement by posting at the right target audiences, and using catchy titles/content (which I do anyway). But it’s unclear, to say the least, that these things are happening! Had I not read the first article about the 12%, I wouldn’t have known to look for the others and see this was always the case and how to ‘fix it.’

    By the way, I don’t think requiring a user to make a change is a fix, I think that’s a cop out. Also that change resets every time you log in, or reopen your browser. Just like the chat setting I turn off every other week. Clearly Facebook ‘knows best.’

    Expectations are Engineered

    This reminds me of a story my friend Yesenia Sotelo (of SmartCause Digital told me: Why Charity Engine Quit Facebook. When I read that article, I was amazed that they had ever treated Facebook like an email list. You see, what they used to do was send a message directly their followers about news and services, using Facebook messages as their page. After all, people opt in to liking your page, so only people who wanted to communicate with you would do that, right? Nope!

    We want you to connect with your fans in the most effective way possible. That’s why as of September 30 you’ll no longer be able to send updates to fans using Facebook Messages. The best way to make sure your content is seen is to post it on your Wall so people see your updates in their news feed.

    Interesting how that’s not ‘effective’ isn’t it? That’s right up there next to Facebook telling me they know what content of mine is interesting before any human gets to interact. I don’t believe their AI is that smart. Popularity is not just math, it’s got to do with the pulse of reality as well as the flavor of the day. Release your product on the same day as a natural disaster? Poor timing, and you probably won’t be as ‘interesting’ as the time you release your new Dodgers themed product the day they clinch a playoff berth. Those aren’t things you can bank on, of course.

    Truth is Terrible

    The truth is this: Trust no one.

    Facebook’s bottom line is not yours. Neither is Google’s or Twitter’s. If, for now, your goals align with theirs, then great. But remember you’re not their audience, you’re their prospective customer, and you get what you pay for with them.

  • SEO Slides Is A Pie

    SEO Slides Is A Pie

    This review is of the FREE version during the beta release!

    I wanted to love you. All my friends rave about you and tease me for using PowerPoint. “Don’t you want to own your data!” they harangue me. And it’s true, I do! So the idea of having my slides on my server, embedable into posts? Hey that sounds great!

    The cake, is, alas, a pie.

    It’s not really a ‘lie’, but there are points that I just don’t love like they do. This is not to say I don’t like it, in fact I am happily using it, and I’m going to keep using it, and for a lot of people, this will be perfect to make slides. It’s not (quite) perfect for me, but that’s because of my current usage. I can see the future of slides and WordPress, and it really is going to be SEO Slides for many (if not all) of us.

    seoslidesBefore I get deep into this, you have to register to import PDFs. This is perfectly fair and understandable. They’re converting a PDF into images on their server and importing. Okay, I’m jiggy with that. I could conceivably make the images myself, but this is fine. The problem, or rather the part I don’t like, is that they really all just images. And they’re named things like c6ddd0b82e5a45c70fb2718869cad3e1-7. So once I import, I have to go back and change all the titles and (if I want) copy in my notes.

    So why not just write it in SEO Slides? Because of Presenter View.

    Say what you want about PowerPoint, but the fact that I get a presenter view, filled with my notes, is actually very important to me. I make notes, as you may have noticed reading my post from WordCamp Portland, 2013. Sometimes they’re exactly what I’m going to say, sometimes they’re slightly different bullet points than my slide has. Sometimes I have NO bullet points on the slide, so they’re all in the text. I really try to use that aspect of Power Point. I don’t really script my talks to 100% detail, but I treat those notes as flashcards to keep me on topic and on pace. They even will have time notations.

    As a presenter, keeping to my time limit and topic is important to me. Since I do give similar talks a lot (example: I used ‘A Tale of Two Servers’ to talk about Managed WP hosting in Boston, but I also have a Degrassi themed one called ‘Whatever it Takes’), the notes are often the same, but the pacing will be different. I try to cater to my audience. For now, this is the absolute number one reason I’m sad-panda about the plugin. But if that’s not your thing? You have no worries!

    The important factor to me is embed-ability. I have to be able to embed my content on a page. I use that page with a custom shortlink and put it in my slidedeck. Now with SEO Slides, I can just use the page, but it doesn’t let me put text or notes around it, so I’ll still want this to be embedded. Problem? Embedding with SEO Slides is not as obvious as you’d think. I read the Embedding FAQ and this just did not happen for me:

    When you “Publish” your presentation, you will be provided a link to “Use presentation in a new post.” This option will embed your presentation directly into a new blog post.

    I thought I was doing something wrong, but finally I realized the ONLY way to get this “Use in presentation” link was to save the post once published. Gah. Why not a nice button? Still, this was not insurmountable, and in the end, I really did like the look of the embed way better than the Slideshare one.

    Except … I’m not really thrilled with having to upload all my media. It makes me want to make a dedicated SEO Slides site on my network so I can isolate content. Part of the issue is with how I like to write my slides. I know for a WordCamp where I speak for 45 minutes, in order to leave room for questions, I should have no more than 30 slides, and that’s only if I’m doing roughly a slide a minute! I try to keep it closer to 20-25 honestly. A 45 minute talk should have at least 5 minutes for questions. I like to keep the text on my slides minimal, so I have a lot more to actually talk about.

    I hate slides that are pretty much what the person reads off… thanks. And that’s really a totally personal thing, but it means my slides are really image heavy. So that adds a lot of weight to a site. It’s not a plus or minus, just something I have to consider.

    The other problem with embeds is the embed CODE. You get a lot of parameters but the ones that jump out at me is this:

    site_src="http://slides.ipstenu.org/site_title="Slideshows"

    It looks cool, and I can change the site_src and site_title…. What I can’t do is change the output. I mean, I can’t remove that ‘source and title’ at all. I can’t change the default so it’s always ‘halfelf.org’ instead of my placeholder site. And worse? I can’t turn it OFF so other people can’t embed my stuff. I mean, what if I don’t want them to embed my warez? This means if someone looks at my slides, clicks the slick plus-sign, they get the code for embedding and they get my slides.ipstenu.org link. Now if you go there, you get redirected, but that’s not the point! Why have this customizable if I can’t… customize it? There are no settings options save entering my API key and allowing for tracking (which I turned off). Why not have an option for customizing output!

    A final minor note with SEO Slides, the title is also wonky. This may be because I’m running Trunk but I get this weird title thing in my … well … title:

    titlewonk

    Not really super happy about that. I did report it though. Also I reported that I ‘ran out’ of uploads of PDFs. In the free version, you get three free PDF conversions. I did it once. I tried a second time and it said “Upload Error: Your subscription has exhausted the use of this service.” So I filed tickets for both of those on November 14th.

    On the good side? These guys are WAY responsive to my enquiry about something (which they changed promptly), and helpful when I said “DaFUQ?” about embedding.

    I’m not sure if I want to use it going on. I may end up using it for embedding, though, but it won’t be a replacement for PowerPoint for me any time soon. Now I just have to decide if I want to pony up the $200 a year just to convert my PDFs. There are enough ‘little’ things missing that frustrate me, like no quick-edit if you just want to change titles, no categories, no tags, no main ‘slides’ page (that is – the custom post type has no archive page).

    Of note! Since this initial review was written, but before it was posted, SEO Slides upgraded me, so I’ll have to come back and re-review once I bang on the Premium Version: Is it worth it? Since, clearly, the brunt of why I’m ‘meh’ about this is the presenter mode, I may fall in love with Premium! The software’s only been out for two months at the time I wrote this, there’s a LOT of room for growth and I’m probably just being really really impatient.

    As this moves from Beta to Live, I expect a lot of great things from SEO Slides. Do I love them? Not yet. But I like them a hell of a lot more than I like PowerPoint, with that sole exception. The presenter view. God help ’em, no idea how you’d tackle that! Can’t wait to see how they do it.