Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • Mailbag: An Appropriate Solution

    Mailbag: An Appropriate Solution

    Y’all know I don’t really like to answer these questions. I mean. Presumably you’ve noticed I don’t answer this a lot anymore?

    I don’t care if you use Multisite. And I hate this question because you’re (innocently) asking me one of the most incredibly complicated questions possible.

    I’m working with a college who wishes to create a portfolio system for their students. Basically, a student can create their own website – or multiple – to share with employers and others. I’m thinking WP Multisite may be a good option. I could have super admin access, the college’s admin can have super admin access, and each student will have admin access to their individual sites. Would you agree that WP Multisite would be an appropriate solution?

    I agree it can be an appropriate solution.

    I will never agree it’s the solution.

    Read the post I linked to above, will you? The one that explains exactly why this is such a damned hard thing to answer.

    Now. Ask yourself this:

    1. Are those students the people who will be happy where they can’t install a plugin or a theme, or will they badger you endlessly to install them?
    2. Will those students ever want to easily export/move their sites?
    3. Will they ever need ‘more’ than WordPress and, thus, need shell or DB access?
    4. What do you want them to be able to do when they’re done?
    5. How much time do you have to fix their sites?
    6. Are you able to review and ensure security for all plugins and themes they may want?
    7. Do they already have webhosting? (Most universities give you some.)

    Figure that out and you’ll know if it’s the most appropriate solution for them and you.

  • Stupid Easy

    Stupid Easy

    You have made yet-another stupidly easy plugin. I love it!

    My buddy James said that after testing a plugin I wrote for WordPress that has no settings.

    Frankly those are my favorite plugins, the ones where you install them and walk away because they do one thing, they do it well, and you’re done.

    A plugin without options means it does the one thing, I don’t have to decide how I want it to work, and it just goes. Now, at the same time, a black box plugin with no information can be complicated and tricky, which means you have to sit and make the decisions thoughtfully at the beginning.

    The first question I ask is “Who is it for?”

    I love W3TC, but dear god is it complicated. It’s doing a lot of things and while it does them all very well, it’s hard to understand what all the settings mean and how they all need to work together. When I set about adopting a Varnish plugin, it was picked by my coworkers specifically because it was simple and it worked the majority of the time. Can you break it with other plugins and themes? Sure. That’s the nature of WordPress interoperability. But at the same time, it works without user interaction.

    That was the key, we felt. A plugin that just runs, no user interface needed, just let it go. This was simple, this was easy, and this was direct.

    Since then, I’ve added in two ‘options.’ One is the ability to define your true IP address. This is for people who are behind proxy services like CloudFlare. The way a Varnish purge works, is it sends a command to the domain name. If your domain is handled by CloudFlare’s servers, then it gets messy. The second was a ‘purge all’ button on the toolbar, which let you manually flush the entire site.

    Those two settings are hard and easy to access. The defining the IP can only be done via editing your wp-config.php or via command line. Why? The majority of people don’t need it. It’s actually often a latency issue when you cache a cache with a proxy, so it’s not really the best idea in the first place. The purge button is limited only to the admins of a site, because they’re the only ones who should be flushing the cache for an entire site anyway.

    Does this work for ‘everyone’? No. No it doesn’t. Of the 6000 people who like it just fine, there are about a dozen who want things differently. They want a settings page, where they can allow more people to flush cache and define the IP. They want a per-page flush button. They want better error reporting.

    I’m with them on the last one but the others… well it’s interesting. Adding more complications will certainly expand the usability of the plugin, but is that the goal of this plugin? No. In many ways, it would be much better to make a second, different, plugin. Maybe an add-on. Call it “Varnish Advanced” for those people who need more power.

    But the majority need the simple because I knew my target audience were the people who didn’t know or want to know the technical stuff. I handed them a plugin that works in the majority of use cases. I made sure it handled the majority of situations. And I made it so they could just install and walk away.

    I do agree that it needs a little better error reporting, but even that has to be handled carefully. You can’t just hand an end-user an error without simultaneously giving them a direct way to correct it. And no ‘Talk to your host.’ is not a fix. A fix means the user can do something (hopefully simple) to correct a problem. Now, my ‘edit the wp-config file’ fix is not super simple for everyone, but at the same time it serves an important purpose. It makes someone think about how big a change is and what it means.

    Knowing my users means I know they need that stop to think, and it means I know they will think.

  • CDN vs Local

    CDN vs Local

    Which is better?

    I have no idea.

    Sorry. That’s not the end of the post, obviously, but really after the time it took to write this, my answer is that I really don’t know. So let’s talk about why I don’t know.

    The claim is this: “A CDN is faster!” The idea here is that a CDN will be faster because it lessens the load on your server. Anything that’s being process by another server means less work yours has to do. And that is totally true. Also, many CDNs have worldwide locations, which means someone in India can download your cat video from a nearer server than yours in Michigan. Also, more people have downloaded shared resources (like Google fonts) so it won’t be downloaded again, making their experience faster.

    And all that sounds great. But the actual functionality and performance gains are not going to be exactly tit for tat. At first, I thought that since I get a lot of traffic in Brazil, having a CDN that has local servers would be great for them. It was. A little. But it was a lot worse for me. Using my site in the US slowed down measurably. This was because of the latency of the CDN being worse than my own server.

    In addition, many site speed tests measure how many URLs you call in your page. Using a CDN ups that by one. It’s minor, but it’s something to consider. There’s also the idea of branding, which a CDN can hurt if you use it wrong (most CDNs will allow you to use cdn.yourdomain.com of course). Using too many servers for a CDN (think of it like cdn1.example.com, cdn2, and so on) can slow down the user experience too and cause overhead with all the DNS lookups.

    What’s the alternative? Good caching. And I do think that proper, server side caching is hugely important. But at the same time, the right network for your static files can provide significant improvements. Which is why we always end up back at CDNs.

    The real thing to consider is what your content is on that CDN. WordPress is dynamic content and shouldn’t be on a CDN. Images and stylesheets, though, those are perfect for a CDN. You take the traffic and, thus, the load off your server and it becomes faster. Streaming video too.

    Which brings us around to the idea of the cloud as a CDN.

    But is it faster? Is it better? Is it safer?

    Maybe. It certainly can be, but there is no blanket perfect answer for all of us.

    Currently I build local but prepare for the possibility of a CDN later on.

  • Mailbag: Curbing Comments By Count

    Mailbag: Curbing Comments By Count

    Someone had a rant in my mailbox about my strong stance on comment moderation, which can be distilled to this question:

    I noticed you really have strong opinions on comment moderation. Do you use anything other than bad words to flag for moderation or outright block?

    Sure do!

    I’m very careful about ‘bad words’ since ‘anal’ will also pick up ‘canal’ and I only moderate for for things that are generally only used as a pejorative. Example? Okay, I have ‘dyke’ and ‘kike’ in my mod list. The first one I get called a lot. Still. The second has fallen out of favor. But because people have a remarkable talent to say words with the sole intent to be hurtful, even under the veneer of “I was just being funny, stop being so sensitive!” I have cherry-picked the popular ones on my sites and tossed them into moderation.

    The only thing I blacklist are people. People’s emails (and user names sometimes) go into the blacklist. That’s why I wrote Sitewide Comment Control, I’m able to blacklist people from the whole network easily. But I only use this for people. People should be blacklisted when they prove themselves to be untrainable.

    That leaves one thing up in the air and that’s moderation. You have three choices with default WordPress: Moderate all, moderate un-approved, moderate none.

    I have “moderate un-approved” which means I have to manually approve all first time comments. To add on to that, I use Comment Probation in order to restrict people I’m not entirely sure about.

    And finally, I moderate by length.

    I month ago, I mentioned on Twitter that I was playing with an idea to have my comments moderated by length. If a comment was over X words long, it should be flagged as needing approval before showing.

    Caspar Hübinger, in the time it took me to get a cup of coffee, wrote Comment Moderation by Word Count. I made one, small, patch to it, and I’m using it now.

    This simple WordPress plugin will send any comment that would otherwise be approved automatically by WordPress to the moderation queue if it contains more than a given number of words.

    The theory I have is this: If your comment is over a certain length, you really may want to consider making it a rebuttal blog post of your own. My limit is currently set to 250 words here, which is half a page of content.

    Mod by comment length is a very basic field on your Comment Settings section

    My one change was this:

    If current_user_can( 'edit_posts' ) then they should be able to leave a comment of any length without moderation.

    My theory here was that admins and editors are trusted users.

    And now you know!

  • Cookie Free Domains and CDNs

    Cookie Free Domains and CDNs

    After I dropped Cloudflare I went back looking at other ways to speed up my site and what could I optimize things. As I mentioned in Static Content Subdomain, one of the benefits of that mess was to allow me to have a cookie free domain and, in having a cookie free domain, I basically made a domain that could be used as a CDN for my (mostly) static files.

    It was noted then that, if you’re a non-www person, you have to actually use a separate domain. I do. I hate www in URLs. So I picked up a free domain for the site where I’m doing all this: ex-static.com. I probably could have gotten it even shorter if I’d tried sitecdn.net but that was short enough for me.

    Since I already had everything over at /home/user/public_html/static I created an add-on domain in cPanel and told it to use that as its home.

    Then I ran a search/replace on WordPress:
    wp search-replace static.example.com/wordpress ex-static.com/wp-content/uploads
    wp option set upload_path /home/example/public_html/static/wp-content/uploads

    Since I’d already changed my media settings, that was all I needed to really run a replace. It changed my media settings too! Since I was planning to move my static content, not just images, I changed the path too, so I had to go back and change upload_path as well, but wp-cli is my friend.

    Next up, because of the static content move, I copied my wp-content folder over and added this to my wp-config.php:

    define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/static/wp-content');
define('WP_CONTENT_URL', 'http://ex-static.com/wp-content');

    Boom. Everything’s where I want it.

    Sadly, it got messy for MediaWiki and ZenPhoto. The later doesn’t allow you to move your themes folder at all so I made a symlink to /home/example/public_html/static/themes/themename/ and called that a day. MediaWiki was a damn dirty lie.

    Supposedly you can set this:

    $wgStylePath        = "http://ex-static.com/wiki/skins";
$wgStyleDirectory   = "/home/example/public_html/static/wiki/skins";

    As soon as I did that, I got errors all over the place and had to change the directory path back:

    $wgStyleDirectory   = "$IP/skins";

    Weirdly named, $IP is set as follows:

    $IP = "/home/example/public_html/wiki";

    I did the same thing as with ZenPhoto and made a symlink then I could change the style directory.

    Lastly (and this was last for a reason) I changed my .htaccess rule:

    # CDN
<If "%{HTTP_HOST} == 'example.com' ">
        RedirectMatch ^/static/(.*)$ http://ex-static.com/$1
</If>

    This was last so that I could not break things mid-flight. And I added in this:

    # CDN
<If "%{HTTP_HOST} == 'static.example.com' ">
        RedirectMatch ^(.*)$ http://ex-static.com/$1
</If>

    Everything works as expected. And? I have cookie free domains and I’m ready to move all my data off to a CDN whenever I’m ready for that step. The CDN would only have to cover the ex-static.com domain, to boot!

  • CloudFlare Experiment Ends Weirdly

    CloudFlare Experiment Ends Weirdly

    I ended up turning it all off for one reason only.

    I keep getting a 522 error on cloudflare.com.

    Now. I have a working theory that it happens when I’m hitting my own site a lot (be it for development or as recently, a lot of traffic I need to reply to), but what would happen is I got an error 522 on my sites. So I’d go to cloudflare.com to whitelist my IP, since their explanation of “This means your site is down” was wrong (site was up, I was ssh’d in at the time), and I’d get a 522 on cloudflare.com.

    Let me roll back to August 1st.

    That night I went to make some changes on my site to the CSS and, instead of turning on Dev Mode in CloudFlare, I did my thing with Git, pushed my changes, dumped the cache of that CSS file, and was prepared to smile at my glory. Nope! I got a 522. This was odd, since I was currently on the server via SSH and the load on the box was 0.3. Naturally I went to support.cloudflare.com to try and see if I’d missed some directions only to get a 522 there as well.

    Track that for a second. I got a 522 on CloudFlare’s domain.

    The possible answers I could come up with, since I couldn’t read any of their documentation, as either my IP was blocked or the cache server I was proxying through was down. Since I could log into the dashboard for my accounts, I went in and tried to guess how to whitelist my IP. I couldn’t find that, so I opened a support request:

    I can’t access support.cloudflare.com because of 522s. My IP is 172.249.156.169 – Is there any way I can get whitelisted?

    I got reply that it was the wrong place to ask, which I don’t think was correct. One of the solutions (per a Google cache of the support page I couldn’t access, hello) said that you could whitelist your IP to see if that helped. Cool. Except I couldn’t get the part of the page to load that told me where and how that was set.

    So I asked for support with the dashboard via the dashboard support panel. Instead I got someone telling me I had to open a new ticket. And he was incapable of transferring my ticket or saying “Hey, you can’t access the right support place, let me make a ticket for you! Sorry about that.” It was akin to telling me to email them to tell them my email was down.

    I fumed. And then I kept clicking until I found the place to enter my IP. I did and magically CloudFlare started working for me! I quickly went and opened a ticket to complain that I couldn’t have a ticket transferred (or made for me), and suggested this:

    If someone’s logged in via the dashboard and they’re getting a 522 on ALL Cloudflare sites, it’s a logical assumption that something blocked them. But if I can log in, the odds are I’m really me, so that should get an auto-whitelist. If that isn’t possible, can it be detected and alerted? “Hey, we noticed your IP is blocked. Would you like to white list it, since you’ve logged in we can be reasonably sure you’re not an asshat?”

    They replied with a standard ‘A 522 means…’ and told me to whitelist their servers on my server firewall. For some reason the email didn’t get to me, so I made a new ticket.

    In this ticket, I had to wait until I got another 522 (end of August) and when I sent in my error ID and a screenshot, I was told this:

    This was a timeout between our cache server and the origin server that hosts support.cloudflare.com.

    I think he actually meant “Our cache server was down.” because at that time I couldn’t get to any CF hosted site until I rebooted my router and got a new IP.

    I don’t really buy this, though, and I think their IP block is too aggressive. I would run into it all the time when I was at a hotel. I’d be reading comments on my own sites and get blocked. And every single time I got blocked, it was from all of my domains and cloudflare.com. Sketchy as hell to me.

    When I added in the problem that ‘always up’ actually meant if your site was down they’d put up a CloudFlare page to apologize for the site being down, I decided to turn it off. It clearly wasn’t helping me as much as I’d hoped.

    This isn’t to say CloudFlare is terrible and you should never use it, just that it proved to be too frustrating for me to want to use.