Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • Why You Shouldn’t Use Plugins

    Why You Shouldn’t Use Plugins

    These are words I never like hearing: “I want to change WordPress functionality, without a plugin.”

    At first, when I started using WordPress, I would say that myself sometimes. WordPress should have everything! Why do I have to use a plugin to use footnotes? Why do I need a plugin for fighting spam!? Why can’t I have everything I want and need all in one!

    Flash forward many years and my answer is “Because the world’s largest Swiss Army Knife is unusable.”

    85 options and when I look at it, I can’t fathom how I’d use it to do the things I need a Swiss Army Knife for. I do own one (two actually) and they’re both the perfect, simple, classic models. Heck, the one I pulled a picture of here has more gizmos! Mine has two knife blades, two screwdrivers, a toothpick and tweezers. That’s it. No extra bells and whistles, and I don’t need them. That little tool is 100% what I need for the moments I need a Swiss Army Knife, and has gotten me into locked buildings, fixed a car, pulled a thorn from my dog’s paw, and a hundred other little things.

    So when I hear people say “I want to do XYZ without a plugin…” I can’t help but think they’re looking at the whole process wrong, and I ask them “Why?” People have some pretty amazing excuses for why they can’t use a plugin, but I stick with my beliefs that no tool is all-in-one, and the more I hard code customizations, the harder it will be for me to upgrade them later.

    A plugin isn’t ‘core’ so it’s less reliable.

    People have this odd idea that ‘core’ makes something better. It’s actually not true. A good part of the design in WordPress was done so people could hook and action into it, making changes and tweaking things. So if you trust that core is ‘reliable’ then you trust those hooks are as well. And if you’re trusting the hook, you’re trusting the plugin. I think what the real fear is, is this:

    A plugin author might vanish.

    There are a lot of WordPress devs who vanish. Some even work on core. But yes, a plugin author could take a walk and you’d never see them again. This is ‘dangerous’ if you think of WordPress plugins like you think of, say, software vendors. You shouldn’t. Let’s look at HP’s tablets. No one has any idea what’s going to happen with them, if there will be more software, hardware or any support at all in the future. But HP is a proven, reliable company! And what about the Zune? Every vendor makes mistakes with products, and a freelance plugin dev is no better or worse than a major company at the end of the day. A real company might close it’s doors without warning, too! Maybe what people are saying is this:

    There’s no one to sue.

    Why this is a sticking point… The non corporate version of this is actually “For my protection!” But much like the point above, having someone to sue isn’t a magic solution. It’s not a promise that your vendor won’t wander off into Chapter 11, and leave you hanging. Go ask around, everyone’s had that problem with a pay-for program, and worse, one that left you with no one to sue. People are too sue-happy in my opinion, but I can’t fight that one. I do ask why they think they’d need to sue, and I get told this:

    A plugin is less secure.

    I’d like to know when the last time was you did a security audit on WordPress. Look, I’m not saying plugins don’t have the potential to be insecure, but if you’re performing your own due-diligence, and security is your bugaboo, then you should be testing WordPress core, your theme and all plugins with equal scrutiny! We perform audits on all vended software. Every year we have ‘hack it day!’ where we actively try to break into our products (in a non-live environment) to verify it’s as secure as we can make it.

    So if you have a plugin you really want, you should be reviewing the source code. And that’s where open-source code takes the prize. I can open up a plugin, and if I see base64(), or get() calls to things I don’t recognize, I know the plugin’s possibly insecure. I may even email plugins@wordpress.org and let them know about the bad behavior (base64() isn’t allowed at all). But none of that gives me a feeling, like so many other people, of this:

    A plugin is less reliable.

    Than… what? Seriously, I’ve heard this a hundred times. You’re saying “Someone else’s code isn’t as reliable!” but I’ve never had anyone explain how the code total strangers wrote in core is more or less reliable than the code in a plugin. And what about the plugins written by core devs? Are they incapable of problems? Tell that to the bugs that slipped into Jetpack. Nothing is perfect.

    Now, there are checks and balances on core that don’t exist on a plugin. Core changes are tested by hundreds of people (you’re testing it right now, visiting this site, which runs on the latest bleeding edge).  With all those testers, it’s still possible for major bugs to slip through (like json conflicts, sorry, Nacin). Which is probably why people say things like this:

    If I edit my site myself, the code will be there forever.

    Don't Edit CoreThat one amuses me a lot, actually. A friend of mine blogged about this recently and pointed out that life ‘without a plugin’ is dangerous. If you edit your site yourself, you have two places to do this.

    1. You edit core
    2. You edit your functions.php

    If you edit core, after you’ve killed a kitten, you’ve locked yourself into manually updating WordPress forever and ever. You can’t use the auto-upgrade, you have to read and re-read every code change to make sure it’s not on your file, and you have to pray nothing else was changed to make your hack invalid. How is that different from a plugin? Even a deprecated function used in a plugin will still work.

    As for your functions.php … maybe you don’t know this, but the difference between a functions.php change and a plugin is where you put it. Put it in functions.php and now you’re locked into that theme. Which is actually a problem I have with Custom Post-Types right now. If I want to switch themes, there are things I have to remember to bring with me. Hassle. There are plugins, thankfully, that can cover that for me, and I’m glad for them.

    Just use the damn plugin!

    Well okay, then. Are there reasons when a plugin’s a bad idea? Sure! Brian nailed it in one:

    If the plugin is making it snow on your site, I’d consider it unneeded. But I don’t advocate the use of fewer plugins just to use fewer. I do it because I think everything should have a purpose. If there’s no good reason to use a plugin, don’t use it. If it’s redundant, don’t use it.

    What else? Oh, Joey says:

    And that’s another excellent reason. If you want to learn to code, you don’t use a plugin. Or if you’re like me, you ‘fix’ it.

    Excuses, excuses

    What are the best ‘worst’ reasons you’ve heard for why a plugin shouldn’t be used? Here’s what my tweeple said (and my slightly sarcastic replies):

    Clearly they’re unclear on the concept. Functions are great for small, quick changes, but they’re tied to your theme! A plugin is forever.

    https://twitter.com/#!/TJList/status/153654497380540416

    So will adding the code manually.

    https://twitter.com/#!/sabreuse/status/153664752810336256

    I couldn’t even dignify that with an answer.

    http://twitter.com/sabreuse/status/153664914278453248

    If everything was ‘in core’ it would be 600megs and no one would use it.

    Let’s hear your best ones!

  • “Without a plugin” considered dangerous | sabreuse

    There’s just one problem with this. Plugins exist for a very good reason: to add non-core functionality 1 to your site without hosing up the whole lot.

    Via “Without a plugin” considered dangerous | sabreuse

  • Stop SOPA And Change Your Registrar

    Stop SOPA And Change Your Registrar

    If you have no idea what’s wrong with SOPA, just Google it.

    GoDaddy, a pretty well known domain registrar, not only supports SOPA but helped write it. While in recent days they’d stepped back, it got me thinking. I left GoDaddy years ago, when one of my domains was almost up for renewal. I switched it to NetworkSolutions, which was where my other two domains were.

    History. When I first purchased ipstenu.org (08-Sep-1999 00:09:50 UTC) we got domains by filling out a web form, getting an email with a PDF, printing it up, singing it, photocopying our drivers license and faxing that back in. Then, if you didn’t actually have a drivers license, you got a phone call and a fun chat with a woman about what was going on, yes, the state ID was fine, the domain will be set up in five days. A year later I bought another domain, and since I had an account with NetSol, it was as simple as ‘I want that one,’ and I was done.

    When I got my third domain, I used GoDaddy since it was cheap, easy and fast. Click, click done. In 2008 or so, all the news about GoDaddy’s rampant sexism and general asshattery ended up with me transferring off GoDaddy and onto NetworkSolutions. Except I didn’t. I had a friend do it, since he and I were trading favors. So up until December 27th, 2011, I’d never actually transferred a domain name!

    It’s still weird, and reminds me of the fax days, but it’s pretty easy.

    It’s not that I was having any issues with NetworkSolutions. But their statement on SOPA, while anti-SOPA, still sat in my craw a little. Basically they were chickening out, and while I was pretty sure my domains were fine (and my relationship with NetSol), it was one of those days when I felt like I needed to make a change.

    Namecheap has been on my radar for years. I’ve had an account with them, and no domains, for most of 2011, since the last time GoDaddy got stupid. See, I raise a lot of money for charity, and one of the things I raise money for is elephants. I want them out of zoos and I want them out of circuses. So when I saw GoDaddy’s founder hunted elephants, I had no choice. I couldn’t be a hypocrite and I had to turn my back on GoDaddy. When I decided I should move from NetSol to someone a little friendlier, whom I felt I trusted as people (that’s a huge deciding factor for me) and who had a good rep, I decided to turn to the people taking ruthless advantage of GoDaddy.

    Like Namecheap.

    See, they hate SOPA. A lot. Enough that between the $20 credit I had from them (for playing Internet games) and the $7 SOPASucks discount they were offering, it would cost me a grand total of $1.01 to move my domains over. The only time I’d ever worry about moving my domain names is if my DNS (i.e. the nameservers) were run by them. They’re not, they’re run by me, which means a transfer like this is all paperwork. No downtime, nothing to fuss about except the waiting.

    All the politics aside, if you have no problems with where you registered your domain, and can do everything you want, then there’s no reason to move. I mean that sincerely. I feel that way about webhosts, and all things computer related. If there’s no compelling case for you to move, stay. If there is, though, moving your domain registrar is actually a lot less scary than moving hosts!

    There are a few rules about moving domains. Like you can’t make a bunch of edits to your registry info and then move (it looks ‘suspicious’), and there are date ‘blocks’ on certain things that make you wait 45 days. But assuming, like me, you’ve had the same registrar since the dawn of dinosaurs…

    Step 1) Turn off domain protection from your existing host.

    Makes sense, you’re now setting it up for people to ask if they can have your domain. In the case of NetworkSolutions, you have to check a box to get an EPP Key (Authorization Key). Save that Key, you’ll need it in a minute.

    Step 2) Turn off any WHOIS protection you have.

    If the transfer company can’t see who you are, they can’t add you.

    Step 3) Go and request the domains be transferred over at your new registrar.

    Dead simple. You add the domains, the new guys send an email. You read the email, visit the webpage and click “Yes, please. I want you to be my boss.” This is ‘Fax Number 1’ in the old day.

    Then you get another email, this time it’s the old domain register. “Oh noez! Why you leave me?” they wail. Or rather ‘Are you sure?’ Click yes again. This is Fax Number 2.

    Step 4) Wait up to 5 days.

    And write a blog post.

    My move isn’t done yet, but it’s ‘in transfer.’ While I understand why we have the back and forth’s of the emails (faxes) to make sure I’m really me and I really requested this (remember, I work at a bank in my day job), it’s still odd that after the approval is done, it’s a 5-day wait.

    But there you are. That’s how (and why) you should switch your registrar.

  • Dot-dash-diss: The gentleman hacker’s 1903 lulz – tech – 27 December 2011 – New Scientist

    A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi’s wireless telegraph

    via Dot-dash-diss: The gentleman hacker's 1903 lulz – tech – 27 December 2011 – New Scientist.

  • Plugin Banners

    Plugin Banners

    WordPress now lets you add banners to your plugin pages.

    Naturally, I added one to Impostercide that reflected my own brand of humor:

    Which is now Nacin approved:

    https://twitter.com/#!/nacin/status/149884924990734336

    Add your own by creating an assets folder in your SVN repo (same level as tags and trunk) and add a file called banner-772x250.jpg (or .png). Make the image 772×250 px, check in your change, wait 15 minutes, and you’re done!

  • WordPress Upgrades and You

    WordPress Upgrades and You

    A year ago I wrote this – How the WordPress Update Works – and, the update tool has changed, but the crazy expectations have not.

    Before We Begin…

    Perfect. Change.I want to reiterate this, since apparently I can’t say it enough, the auto upgrade tool will never be 100% perfect.

    Part of me seriously wonders why people expect things to work perfectly all the time. The other part of me knows that if it wasn’t for WordPress getting it right so often, they wouldn’t have such violent reactions when it wasn’t. Skewered on their own swords, I guess. By making WordPress easier to install, use and upgrade, I do feel we might have lowered the bar too much, or at least beyond the current ability of servers and applications.

    I feel there’s a practical limit to how ‘simple’ you can make things. It’s sort of why I hate writing ‘troubleshooting’ documents that consist of ‘If you see this error, do this.’ It stops people from thinking and troubleshooting on their own, and instead ties them to a script. You’ve been there, I’m sure, telling the guy on the phone that you already rebooted your system.

    On the other hand, the vast number of people who just don’t do that is why I started writing up the Master TroubleShooting Lists for WordPress releases (this is now my third). Before 3.3 came out, I monitored the Alpha/Beta forums, the email lists, and pinged people I knew were testing the pre-release on Twitter and Google. Then I grabbed the other support geeks on the wp-forums list, asked them for advice and suggestions, and drafted up the post you see up there now. Well, except not. That post has been edited by anyone with moderator access on the forums (something I encourage and support, by the way).

    What does all that have to do with how the upgrade works? It’s simple. If you don’t want to take the time to understand how a process works, what it entails, how it’s tested before release, and what goes into installing it for you, I don’t want to help you. Actually, no one does. One of the last things anyone in support wants to hear is ‘You don’t understand…’ (First place goes to anyone who says ‘It doesn’t work.’ and won’t tell you what ‘it’ is, what the error is, or anything useful.)

    How Does The Upgrade Work?

    Many things are still the same. WordPress downloads the files, replaces them, runs the ‘deprecated file list’ and deletes only those files. What’s new is that, as of WordPress 3.2, we only upgrade the newer files!

    Faster Upgrades — The update system now support incremental upgrades so after 3.2 you’ll find upgrading faster than ever

    Does it Work?This made the 3.2.1 upgrade really fast for everyone. If you look at the release notes for 3.2.1, you’ll see a list of files at the bottom. Those were the only files that got updated when you ran an automatic upgrade, which is really cool. And when you look at the notes for version 3.3, you don’t see those files. Why not? The first reason is there are a lot more files. In fact, I’m willing to bet most files are touched in an update from 3.2 to 3.3 (those are major releases, by the way). So listing the files would be crazy. The second reason is that a major release isn’t viewed the same way as a minor release. We’re supposed to expect big changes.

    I started working my way through the code before I gave up and asked Nacin if the 3.2.1 to 3.3 used the incremental or the full upgrade? My gut feeling was, based on how long it took, it was a full upgrade. Nacin was quick to confirm that, elaborating by saying those are only done for partial releases, though the update was smaller than before, since it omitted the wp-content folder. This isn’t new, by the way.

    So basically the upgrade hasn’t changed. Which begs the question…

    Is WordPress 3.3 ‘Worse’ Than 3.2?

    This goes back to my Master List posts. The whole reason I started them was that 2.9 to 3.0 was insane. It was huge. It was crazy big, with lots of changes, and lots of visceral reactions. “I hate this, I hate that, I hate you.” I’m currently ignoring (most of) the people who are doing that. I get that you’re unhappy things aren’t perfect, but I’m going to put this out there: You’re being irrational.

    Tech SupportNow, it’s okay that you’re angry. I mean, your site is ‘broken’ and you’re upset. It’s justified. But from our end of helping you, it’s like trying to negotiate with a truculent five year old. You won’t listen to reason, you just want us to fix it, now, and by the way it’s totally our fault that everything broke. I don’t mollycoddle people when they start loosing their blob like that. I walk away and wait for them to comprehend reality.

    No, 3.3 isn’t ‘worse’ than 3.2. And it’s not, generally, WordPress’s fault your site broke. It’s not anyone’s fault, actually.

    Just like everyone waiting (or delaying) filing their taxes until the last day, plugin and theme developers also sometimes put off the seemingly minor task of checking their plugin or theme with the new version of WordPress. In fact, a shockingly high number wait for the release candidate. I said this before, if you make your living on WordPress, you damn well better test earlier. Sure, it makes sense that people like me (who actually don’t WordPress for a living) don’t always test in time. On the other hand, if you’re a professional, you’re remiss in your responsibility by not doing that.

    And even then, you can still miss something. My best WordPress Friends missed a bug in their plugin. They do this for a living. How did that happen? It happened to be a feature you don’t often go and change. They had tested ‘does this still work when I upgrade?’ and that was hunky dory. But this one thing that only gets used when you’re doing one specific thing, that people only use once, that wasn’t working. Oops. You can see how that got missed. They just didn’t test it. It happens, they worked out a fix, and it’ll be out soon. Those are understandable misses because you can’t test everything. Maybe they’ll make a checklist of things they must test on a major upgrade, but then again, this plugin had survived multiple other major upgrades. It’s hard to say.

    Vulcan IDICBut what about when it’s your plugin plus someone else’s theme plus the new version of WordPress? Now it’s harder, because you get an IDIC epidemic(That is possibly my favorite Star Trek novel, by the way.) with WordPress. IDIC is a Star Trek concept. The Vulcans believed in “Infinite Diversity in Infinite Combinations” which I think is a perfect way to explain the problem.

    It’s because of both the myriad complications thrown in by the incalculable customized installations that, when people say the upgrade broke them, I have to do the thing I despise and ask them “Did you read the Master List and try everything?” I actually do wince every time I paste that link in. It is with a resigned sigh that I hit enter. I don’t want to have to say that, but when I see people posting ‘It doesn’t work’ or ‘Help! My site is broken!’ without any information as to what they’ve already tried, I look at the volume of posts and assume they did nothing.

    I tweeted at one point “I’ll stop posting stock replies when you stop posting it didn’t work.”

    It’s a give and take. You have to give a little information if you expect people to help. And not one of us thinks this install is 100% rock solid perfect. 3.3.1 is already on the docket with a couple things, including putting support for people with no DB prefix.

    Invariably we’ll all find something new and horrible to add to the master list. Like this time, I had to put ‘flush all your caches’ because, when WP changed the jQuery to 1.7.1, some browsers decided they weren’t going to update the local cache like they’re supposed to. The amount that pissed me off is huge. Also, as Nacin groused, the core devs yet again missed a JSON issue. One bitten, twice WTF? as he put it.

    For the most part, the real issues people have with 3.3 aren’t technical issues, they’re user issues. People love/hate the flyout menus, the toolbar (oh dear god the tool bar) and the uploader. They hate that not all their plugins work, they hate hate hate. It’s wearing, you know. And we, the happy Half-Elf volunteers out there want to help you fix things. But if you’re not going to accept that problems are usually bigger than just WordPress, we can’t help you.

    Practice vs TheoryLike the Database needing repair, okay? Some people had to repair their DB. Guess what? This isn’t just a WordPress issue. I ran a major upgrade on a webapp for work last month, and the damn thing did the same thing! I had to repair the DB to get it to work. This is because, as I know, I’m making some major changes to a database, and if there’s any sneeze on the sturdy tubes of the Intarwebz, then I may have a weird glitch. This is why, again, I tell people to manually upgrade. These problems are cause by the upgrade, but they aren’t WordPress‘s fault. They just happen. A thousand times you add a post, and one time it causes your database to crash. That’s uncommon, but not impossible, and that is what people fail to grasp.

    You’re experiencing uncommon problems.

    Don’t Lower Your Expectations, Raise Your Understanding

    Sometimes I think people get the wrong idea when I talk about this sort of thing. You think I want you to give support people more of a break, and while I do, it’s for the same reason I want you to give your coffee barrista a break(Best coffee I’ve ever had, no lie, was when I told the overworked barrista “Take your time, if the jerk is in a rush, I’ll wait.” It cost me ten minutes, and they gave me the best coffee ever. One size larger.), or the chasier at the DMV. Treat people like people, because that’s the right thing to do.

    Instead, you should learn more. Understand more. Take the time to go “I hate this. Why did they do it?” and then, instead of making that angry shit-distributing, post, learn something. With very little effort, a person can scroll down to the Alpha/Beta forums on WordPress and see if this problem was reported before. A slightly more experienced person knows about the blogs the devs use, and one step up from that, you know trac. Trac’s a little scary when you’re new, and search it is complicated, don’t get me wrong.

    Cheat SheetBut see, the ‘geniuses’ who are helping you at all your problems? We’re just people like you. And we just have an idea of the lingo and what we’re really looking for on Google. And we would really like it if you could treat us like people before you lose your mind.

    We’d also like it if you read, and thought, before you said ‘this is broken.’ Mind you, I think that of the guys I teach to solve problems. Listen to what people say, pay attention and try to draw better explanations from them, and solve the real problem. The number of times I’ve watched people just throw a rote answer at the wrong problem drives me nuts. But so do ‘web developers’ who don’t understand what FTP is.

    If you’re going to run a website, even though apps make it easy on you, there’s no excuse for not learning what you’re doing. I don’t mean you need to learn how to write code, but just as I feel everyone needs to know how to jumpstart their car and change a tire (or patch one, if you ride a bike), it’s in your best interest to have at least a basic understanding of the magic that is the internet. And if the website is your life (as so many people on the forums short), well, then so is learning that. A chef knows how to use the fridge and sharpen knives because it’s expected of them. While a fashion designer may not be the best at sewing, they know how clothes are put together.

    See the theme here? Know what you’re doing. Understand what’s behind your art.

    Otherwise? Well, WordPress.com has fantastic hosting options and I send many people to them.