Author: Ipstenu (Mika Epstein)

Get Out of The Monkey House

“I have this refrain about the monkey house at the zoo. When you first enter into the monkey house at the zoo, you think, ‘Oh my god this place stinks!’ And then after you’re there for 20 minutes you think, ‘it’s not so bad’ and after you’re there for an hour it doesn’t smell at all. And anyone entering the monkey house freshly thinks, ‘this stinks!’ You’ve been living in the monkey house.” (Quoth Tim Gunn, from the 2008 finale of Project Runway)

Bless Tim Gunn for saying it out loud. Sometimes you’re too deep in the monkey house to realize your idea stinks. This isn’t to say it’s a bad idea, but you’ve spent so long working on the project you lose your perspective, and can’t see how it looks to someone from the outside.

Being able to keep your mind open and see things from the perspective of the programmer as well as the end user is difficult, to put it mildly. When you write and design something, you know where you’re starting from and where you’re ending. You understand, instinctively, the journey it takes to get where you’re going.

This is true of webdesign as well as programming.

For me, I know how to navigate my sites and find what I’m looking for, because I know where to find everything! I have no problem popping around to where I need to be, to do what I need, because I built everything and I’m as familiar with it as I am my closet. Possibly more-so. So when someone mentioned, after I did a redesign, that they had just learned where everything was, and they would have to re-learn it all, I smacked my head and shouted, “Why is it always monkeys?”(That’s a Kim Possible joke.)

This sent me on a three day documentation binge, where I struggled to explain things about BuddyPress that I took for granted. Like how you edit your profile, what ‘activity’ was, and how you sent a PM. It doesn’t help me that BuddyPress and WordPress are in a weird in-between stage of their Admin Bar relationship (I’ve beta-tested Boone Gorges’s new code for it, and it looks lovely). But knowing well that I’ll implement it and be comfortable using it, regardless of my user base, drove me to sit down and explain.

It was in those explanations that I realized things were wrong. Things weren’t intuitive the way I’d designed them, not for someone new, and the layout could be better. It smelled bad, and by the way, did I forget to look at the site in FireFox? The only way to chase off those monkeys is to find a way to look at everything with fresh eyes. For me, I get there by documenting with pictures and explaining a process to someone with no basis. I get there by finding a specific error, bouncing between three browsers and wondering what the heck happened to my CSS?

I have to thank a teacher, Ms. Gallagher, who sat us down one day in Life Science class and asked this question: “Pretend an alien has come to earth and asks you ‘What does salt taste like?’ They have no concept of sweet and salt, they have never eaten any human food. How do you explain it?”

I was flummoxed then, and to a degree, I am now. The answer was that you cannot explain things without something to compare it to. The human mind, at least, needs an analogy, or a basis, to stand on and build their new concepts from. Even the greatest genius in the history of pyhsics said that explaining things in laymans terms was not simple at all, which when you think about, is a hell of a lesson to toss at a bunch of hormonal 12 year-old kids, but boy did that lesson stick!

Understanding the ‘why’ behind a website may not be as complicated as physics but the basic tenant, that a person is going to look at your website and ask ‘Why do I need to do that?’ and ‘How do I do this?’ we can accept as givens. Thankfully we don’t need to subscribe to the intense level of intellectual honesty that Richard Feynman does with science. We can say ‘BuddyPress groups are similar to FaceBook pages.’ We can assume that people have a basic concept of what a forum is. We can trust people know that when there is a text box for ‘Username’, people will fill in their user name.

And yet. These are all learned skills that we have developed over years of using the internet. Twitter makes perfect sense to some of use, while others need to read mom, this is how twitter works.

The deeper you get into your own work, be it a website, physics, or painting, you have to remember you are in your monkey house. Sometimes the house is clearly visible and understandable, sometimes the house locks you in. Be that as it may, get out.

18 July, 2011
How to Ask for Help

Imagine you’re at the coffee shop and you make your order. Plain coffee. The guy behind you jumps up, RIGHT as they’re making your order and shouts “I want the exact same thing, but a latte with no foam!” Then the guy behind him chimes in “I want an espresso!” and “I want a hot cocoa!”

What happens to the people behind the counter who have just gotten a dozen different orders all at once?

You end up with a bad coffee, that’s what.

That’s why I tell people to make their own topics.

7 July, 2011
How (Not) To Ask For Help

I wrote about this once in I’m not a coder and I need help! It’s come up again.

I was a bit torn about posting this, given that it’s a guy acting like a real jerk in public, and I’m still pretty sure his problem is that he doesn’t understand what we’re saying. But. I think it’s good to have a concrete example of how you don’t ask for help on a forum.

The story so far: WordPress 3.2 was released on July 4th, and we knew there would be some minor issues. Most of them are related to the fact that WordPress no longer supports IE 6, PHP4 and MySQL 4. Before it was released, I decided to be proactive and take the lessons learned from 3.1 and make a Troubleshooting Master List. I posted to the forum mailing list and got advice from everyone there. As soon as 3.2 was let loose, I posted and started checking the forums.

Then I found this guy.

Yes, I did get really annoyed/upset with this guy. Full on anger. My face went hot and I felt myself typing furiously. And I deleted what I’d written at least a dozen times in order to keep as cool as I could. I knew I was mad, I knew I was writing in anger, and I backed away. That’s why my replies got shorter and shorter until, finally, I walked away and let the rest of the community hit him with a brick. I did come back the next morning and close the post, but only because it had become impossible to help the guy. And yes, I would have left it open to help him. It’s what I do.

So taking the cue from his post, let’s run down the ‘what NOT to dos.’

Cursing

The actual title of his post is Upgrade to V3.2 and my site is f**ked. Except he said ‘fucked’ but we modified that. The URL still says it. Just don’t do that. It’s rude. If I have to explain why it’s rude, you need more help than I can give. And I say this from the point of view of a foul mouthed tart. There is a time and place to swear, and the free support forums ain’t them.

Mouthing off

Even if you’re not swearing, there’s a huge difference between being polite and being a cretin. People are taking time out of their day to help you. Treating them like they’re worthless and insulting them is not a good thing to do. Being polite, even when you’re very angry and upset, is hard. I’m aware of this. But that doesn’t excuse your behavior. You’re the one who decided to show your fanny. It’s like what they say on Reality TV. The people being filmed will blame the editing, and the editors will point out ‘We didn’t MAKE you pee on Joe Bob there, you did that on your own.’ Yes, selective quoting and editing can make you look worse, but frankly, you’re the one who put it out there.

Not taking the time to read

I think this falls under ‘Not taking the time to think.’ We told the guy multiple times ‘You need to reset your plugins.’ We linked him, multiple times, to directions on how to do that when you can’t log into your back end. Three times he complained that he couldn’t get to the back end of his site before he finally up and said he wasn’t going to.

Most of the issue was that while we told him what to do, he was blinded by his own interpretation of what we meant. He would have been better served by simply saying ‘I don’t understand what you mean by FTP’ … except he did.

Not following directions

This is really simple. If you’re asking for help, you’re assuming the people who answer know more than you. If you refuse to follow their advice, you’re done. Seriously.

Getting derailed

You may have noticed how he started picking on my language (I used ‘seriously’ twice, and apparently that was too many times), my nationalism (I’m a dual-citizen as it happens), politics (Afghanistan), and so on and so forth. A lot of energy was wasted by his anger and the resulting attitude from it.

The entire reason I did not snap back and point out where his gross assumptions were wrong is because it was not productive. It would just make him madder (yeah, think about that for a second) and make the situation more volatile. Don’t feed the fire.

It’s NOT all about you

I cannot stress this enough, every single volunteer on the WP forums knows and understands exactly how important your site is to you. I have this problem in my day job too. I work with hundreds of very important people (they actually are – the office would come to a standstill if any one of them broke). They are all incapable of understanding that everyone is just as important as they are. I have been known to snap at people and point out that more than one VIP is having a problem, and I am working on the issue, but if you’d like to tell them that YOU are more important, go for it.

No one ever does. They usually shut up, which tells me that really they’re like a kid who fell down on his tush. He’s fine, just crying for effect. You may think that the squeaky wheel gets the oil, but you forget about the boy who cried wolf. At a certain point, we stop listening to you until you come in with a broken wheel.

What else?

Obviously this list can’t be exhaustive (I’d run out of internet before I ran out of examples). The real basic rule is ‘Don’t be a dick.’ Everything else is an extension of that.

If you’re helping someone who treats you like crap, you’re allowed to walk away. At work or at play, you don’t have to deal with it. Just walk away. Of course, at work, you need to tell your boss, and on the WP forums, I tend to email or ask people directly to step up for me please and thank you. In fact, watching the community get my back in that post was both pleasing and very sad. I was sad it had to happen, and I remain sad that he couldn’t be helped.

5 July, 2011
Understanding Zero-Day

If you run a website or work with computers much at all, you’ve heard the term ‘Zero-Day Exploit’ and you probably had no idea what that meant.

At its heart, a “zero day” attack or exploit is one that happens before any of the developers are aware of it. It’s pretty straight forward, in that the attacks take place in that window of opportunity between code release and code patch. Logically, you’d think that all exploits are ‘zero day’ because a programmer would never release a product with known vulnerabilities. Right?

Wrong.

We already accept the fact that human beings are not perfect and thus, by extension, neither is our code. We cannot make every product work on every setup, otehrwise there wouldn’t be browser and OS wars. Keeping that in mind, we have to accept the fact that there will always be security holes in code. And sometimes we developers are well aware of them, but consider them acceptable risks. This means that when a vulnerability is plastered as a zero day, the question becomes ‘By whose calendar is this a zero day exploit?’

If you found a zero-day flaw in a product, the ethical thing to do is privately communicate with the product developers ‘Hey, if I do this, I can get access to THAT.’ At that point, the product developers should take the time to craft a fix and quietly push it out to everyone. The public often isn’t told about this until the patch is written and available, and even then, details are withheld a few days so that, during the critical time it takes everyone to upgrade, people aren’t exploited further. This also allows people to apply one patch instead of 17, as multiple fixes can be wrapped up into one install.

Of course that’s a perfect world scenario. There are multiple cases of exploits being announced in the wild before a fix has been made. Sometimes it’s a case of an over enthusiastic reporter, but also sometimes the people who report the bug get mad at how long it takes to fix it, and release the information in order to speed up the process. There are unprintable words for those fools, and the fact that they can’t understand how they’re making the situation worse is sad.

By its nature, an exploit no one knows about is the one you can’t protect yourself from. That’s why vulnerability disclosure is such a touchy subject. Sometimes the fixes are really easy, but more often they’re not. Like a vulnerability exploit in your car is the gas tank. Anyone can walk up, unscrew your fill cap, and pour in anything they want. That they don’t has more to do with the fear of retribution than anything else, but they certainly could. Also vulnerable? Your mail. I can’t tell you how many times I see the mailman leave the cart on the sidewalk while she goes in to deliver our mail. Someone could steal the mail, but rarely does that happen.

In 2008, there a DNS cache poisoning vulnerability was discovered.(ZDNet – Has Halvar figured out super-secret DNS vulnerability? by Ryan Naraine | July 21, 2008, 2:12pm PDT) The details of the exploit itself are inconsequential to this story. When the vulnerability was discovered, the folks ‘in charge’ asked for a thirty-day embargo where no one would ask about it or talk about it, to allow the code to be patched and deployed. This radio-silence would end with a news release and explanation. This did not work as well as one might have hoped. (ZDNet – Vulnerability disclosure gone awry: Understanding the DNS debacle by Ryan Naraine | July 22, 2008, 7:09am PDT) People accused the organizers of performing a bit of media hacking (i.e. social hacking) and spinning the news to make a bigger impact for themselves. Essentially, they claimed there were no altruistic reasons to keep the lid on the issue.

When you seen a report of a zero-day exploit, the important thing is not to panic. Firstly, check to see if there’s already a patch. Secondly, remember that just because you’re vulnerable does not mean someone’s spiked your gas tank. Thirdly, accept reality for what it is and know that you’ll be impacted at least once in your life, and that’s okay.

If you know how to recover from this, you’re better off. But that’s another topic.

1 July, 2011
WordPress: Change HTML Editor Font
Starting with 3.2, the WordPress HTML editor has become MonoSpaced. Yay! Problem is that it looks best on a non-Windows PC, so someone of my friends who happen to be Windows users have the grumpy.

I made an htmleditor.php file and tossed it into my mu-plugins folder. You can use the folder in single and multisite WordPress, and it makes any php files in there act similar to your functions.php. I find it preferable since you don’t have to port to a new theme, should you change it. Read What is the MU-PLUGINS folder? if you need more help.
```
<?php
/*
Plugin Name: HTML Editor
Plugin URI:  https://halfelf.org/hacks/wordpress-html-editor-font/
Description: I don't like the HTML editor Font on Windows
Version: 1.0
Author: MA Epstein
Author URI: https://ipstenu.org/
*/

function html_editor_admin() {
        ?>
        <style type="text/css">#content #editor, #editorcontainer #content, #editorcontainer textarea#content, #editorcontainer textarea, div#postdivrich.postarea #editorcontainer textarea#content { font: normal 13px/1.5 verdana !important; }</style>
<?php }

add_action('admin_head', 'html_editor_admin');
?>
```
You can obviously change font: normal 12px/1.5 Monaco, monospace !important; to whatever you like.

Enjoy!
28 June, 2011
Introducing HEO

We all know that SEO is ‘Search Engine Optimization.’ I humbly suggest we pay better attention to HEO – Human Experience Optimization.

After you spend hours and hours optimizing your site for search engines, you should sit back and think about how the humans who are reading your site. This should be blindingly obvious to everyone, but more and more we hear about how you should make your URLs SEO friendly, or your post excerpts/slugs/format/meta-data the best to get highly ranked in Google. At a certain point, you’re missing the goal of a website.

A website is not for search engines, a website is for humans.

Humans like to be able to find what they want relatively painlessly. They like to know when something was written (or when whatever it’s about took place). They like to be able to search, sort, surf and select. They like to know weird things. It’s your job to make sure that when a user hits your site, they stay.

Fonts

I’ve mentioned before that font choices matter on your site. Perhaps the most important thing to remember about fonts is that people have to be able to read them. A lot of sites make their fonts very small, which force viewers to hit Ctrl-+. This is one of Jakob Nielsen’s pet peeves. Users should be able to control their font size, but you should also set your font starting size to something legible.

Imagine my surprise when I went to a site and saw this:

I had to zoom in to read. That font is set to font: 11px/13px "Lucida Grande"..... Just by changing it to 12px/20px it was easier to read, but to make it a perfect starting point, it should really be 14px/20px. You’ll need to balance on your font choice with the size, though, as too-thick and too-thin fonts are equally painful for people to read.

Colors

I’m in my mid-thirties with the best worst vision you’ll find before someone gets classified legally blind (that said, I have fantastic night vision). I cannot read black backgrounds with white text for more than a few seconds without getting after-images. I’m not in the minority of the world. There’s a reason books, eReaders, newspapers and magazines tend to print dark text on light backgrounds, and it’s not just the cost. More people can read that setup. On top of that, don’t use background images. The busier the background, the more difficult it will be to read and you’ll draw the attention away from the text.

The colors on your site need to be easy to read, and not strain the eyes.

Layout

Did you know that users tend to read to the left? This sort of flow makes sense when you consider that most languages are read left-right. Jakob Neilsen points out that people spend “more than twice as much time looking at the left side of the page as they did the right.” (Jakob Nielsen’s Alertbox, April 6, 2010: Horizontal Attention Leans Left) Not only that, but people actually tend to read pages in a pretty distinct F-shaped pattern. (Jakob Nielsen’s Alertbox, April 17, 2006: F-Shaped Pattern For Reading Web Content)

So how do you best layout your website? I tend to think people read content better if it’s on the left, so I put the body of my text left and the sidebars right. I also take into account that newspapers and magazine break up text into columns for readability reasons, and set a fixed width to my site. That choice is somewhat controversial among my friends, but I like to look at the iPad and Kindle for examples as to why you want to not allow forever-width pages. Monitors are big, browser windows can be huge, but in the human head, eyes are spaced in a certain way. Making your page’s content too wide is a drain.

Page Length

There used to be a concept of ‘The fold’, which was basically that people didn’t scroll down on webpages in the early days of the web, so if they didn’t see your important content on the top half of your page (i.e. above the fold), they weren’t going to see it at all. It’s 2011. People know to scroll down a page.(Jakob Nielsen’s Alertbox, March 22, 2010: Scrolling and Attention) But you still need to make sure your site has the most important content ‘above’ the fold.

Where’s the fold these days, though? Monitor size is a lot more variable today than it was in 1995, and the break-point on a page is getting pretty difficult to figure out. Unlike a newspaper, where the ‘fold’ is pretty obvious (unless you’re the Chicago Sun Times), you have to take a pretty good guess at where the ‘top’ of your site is. Oddly, this is a lot easier with the iPad, which currently is my benchmark for ‘the fold.’

Keeping that in mind, page length matters! I try to keep each post no more than 1200 words, because of human attention span. If I happen to dip longer, I’ll consider breaking the post into multiples.

Permalinks/URLS

Samuel Wood (aka Otto) said it simply:

Humans care about dates. Leaving a date identifier (like the year) out
of the URL is actually de-optimizing the site for humans.

Not everything should have a date, mind you. Resources like WikiPedia or other sites that act as repositories for static, timeless material (like a book), certainly do not need date stamps. Deciding if your site needs to include the year in the URL (like I do here), or not at all (like I do elsewhere), is something you need to think long and hard about. If you’re making a ‘traditional’ blog, or a newspaper, or some site that acts as a repository for time-based information, the answer is simple: Yes you do.

In addition to sorting out if you need dates or not on your site, you have to think about the post format. I’m a huge proponent of pretty URLs, so I tend to lean to custom crafted URLs. On WordPress, I always review the permalink and, if I think it could be better shorter, I do so. MediaWiki defaults to whatever you want to name the page and puts that in as your page title(Oddly you can only override this with {{DISPLAYTITLE:Custom title}} , which has weird results in searches.), but WordPress uses the ‘title’ of your post and makes that your page title.

This is pretty easy to change, though. Just click on edit and make it shorter (which I strongly suggest you do in most cases).

What else?

I could go on and on. Like how you shouldn’t use too many ads (and whatever you use, they shouldn’t be bigger than your post content!), don’t use flashing images/text, and keep in mind your audience! What are your hot-button topics for making your site human friendly?

27 June, 2011