Author: Ipstenu (Mika Epstein)

Why I (Still) SelfHost

The other day I saw the notice that Google was banning all explicit adult content from blogger.

Outside of the irony of remembering when the post’s author (Violet Blue) had her content deleted from Boing Boing back in 2008, she’s actually pretty uniquely qualified to talk about the difference between censorship and removal. For the record I think that it’s a pretty crappy thing to do and I don’t like it. But as I often say, my beliefs are pretty straight forward:

I do not agree with what you have to say, but I’ll defend to the death your right to say it. ~ Voltaire

Is It Censorship?

Let’s be clear on this. The change to Blogger’s Adult Content Policy is pretty straightforward.

Starting March 23, 2015, you won’t be able to publicly share images and video that are sexually explicit or show graphic nudity on Blogger.

Yes, this is a change to their Terms of Service (which they reserve the right to do at any time), but is it censorship for them to say “We don’t want hard core stuff on our servers”? That’s like saying a country music station on the radio is censoring heavy metal. No, they just don’t want to have it on their servers. Google’s said they don’t want that. They don’t want to do business or make money off of things they find morally distasteful.

Frankly I think the whole planet’s hang ups about sex are laughable. The majority of adults I know have consensual sex and like it. I do know a couple asexuals, and I know people who have reasons why they hate sex. I also know people who hate peanuts. It’s about the same thing for some of them (one has a traumatic peanut in his ear story that resulted in surgery and hearing loss). Sex is normal. It’s what everyone does and no one talks about (thank you George Carlin). So grown ups wanting to Google for information about the sex they want to have? There’s nothing wrong with that! There’s nothing wrong with kids looking that stuff up too. We used to hide in the back of libraries, looking things up when we didn’t feel comfortable asking our parents.

The argument that they’re not ‘censoring’ they’re just enforcing their guidelines falls flat when you remember that the definition of censorship is defined as acting as a censor. So yes, I think Google’s censoring, but in this instance they’re within their right to do so. That doesn’t mean I think it’s right, but I’ll support their legal rights.

Is It Discrimination?

One of the sites hit up by this is a site where porn stars play D&D. I kinda like that site. It amuses me to no end and is how I learned about this change. They had just posted about how they’re leaving the escapist. They were talking about discrimination and general asshattery and non-inclusiveness. Their site may be punted off of Google’s Blogger service soon for being ‘adult’ by nature.

I’m actually not sure about that. But I really have no idea why their site is considered ‘adult’ in the first place. I’ve never read anything about sex there except this:

I’m Zak, I live in Los Angeles. Most of the people I know here are women I know from being a porn “actor”–so they’re porn stars and strippers. So that’s who I play Dungeons & Dragons with.

First of all, I want to play with them because the game looks fun, but mostly I don’t recall ever reading adult or explicit content there. So of course I started thinking about how they could be making it harder for people to read about things that help them understand themselves. A lot of people sort out what they’re interested in by quietly reading stories about other people who had similar issues and thoughts and feelings. While Google’s only said they’re punting “sexually explicit” content, that’s a really slippery road.

I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description [“hard-core pornography”], and perhaps I could never succeed in intelligibly doing so. But I know it when I see it, and the motion picture involved in this case is not that.

That quote is from United States Supreme Court Justice Potter Stewart, used to describe his threshold test for obscenity in Jacobellis v. Ohio in 1964 (the film being Louis Malle’s The Lovers). We’re allowing, and trusting, Google to define what is and is not explicit. And this means that it becomes a case by case value judgement. Are two women kissing ‘explicit’? It gets messy really fast.

Is It What I Expected?

Yes. I totally expected this.

Google to punt all explicit blogs? Haaaaaaaaave you met WordPress?

I meant Self Hosted WordPress, James. Yes, WordPress.com also restricts and censors your content. It’s their playground. I will, till my dying day, support their right to do this. They don’t want to do business like that, fine. I wouldn’t argue the French restaurant that servers pomme frites needs to serve a hamburger or some chutney. That’s their business choice and it just means I can’t use them.

But it brings up the main reason why I still self-host.

As someone who self-hosts, I still have to be aware of the Terms of Use for my webhost, but generally that provides me a lot more freedom. I have a legal contract and a leg to stand on. As long as I don’t violate that, I’m good to go.

And of course I work for a company who would host anything, as long as it’s legal.

25 February, 2015
Stop Using Copy Protection
I’ve seen a million features out there to ‘prevent people from stealing your content.’ The idea is that by preventing people from (easily) copying your work, you stop them from stealing it and profiting off your efforts. You may even think that you’re saving your images from being stolen. In general, they use javascript to prevent things like right-click, view source, copying text, and disabling keyboard short cuts. In general, they suck and here’s why.

User Experience

Anyone who uses a screenreader or an alternative mouse tool now, officially, hates you. You’ve made your site look like absolute crap. Some screen readers can no longer read your content at all. Also not everything handles javascript very well (which is by far the ‘most popular’ way to block out content) and that makes for a pretty lousy experience for your visitors.

Support

If you have a problem with your website and ask the world at large for help, they will take one look and hate you. No one can easily help you with your CSS or your layouts or your design now, because you’re protecting content. When customers ask for help, the first thing I do is turn those plugins off so I can use my normal debugging methods and not worry about cruft interference.

It Doesn’t Work

If you disable right-click, you make it harder for me to bring up Chrome’s dev tools, but not impossible. You can’t make it impossible. This is, in part, because there are so many different browsers to account for, but also because developers really don’t want you to be able to kill dev tools. We need them to fix the web, and if I were to leave the dev tools open and then visit your site I would be able to have it open on your site.

Once I have dev tools open, I can view the resources loaded by your page. Take Instagram, who doesn’t let you right-click on an image to download. I can instead right-click, chose ‘Inspect Element’ and I get this:
```
element.style {
    background-image: url(http://photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-11/10912600_6619567248918_1818171895_n.jpg);
}
```
Guess what I can do now? Load that URL in another window, download, done. If that’s not available, I’ll go over to the Resources tab, open up the Instagram folder, then Images, and find the image I want. Again, done.

There’s Only One Way

There is but one foolproof way to prevent your content from being stolen: Don’t publish it.

But of course no one wants to hear that. So what’s the other way? Well give up on not having your words stolen. Even if you make it difficult, people will get at it. People type up books and scripts today, they’ll do it for your website if they’re properly motivated. Images, on the other hand, are a different issue. If you’re a photographer, don’t put your full-sized images online unless you’re selling them. And if you are selling photographs, put them on a cloud host like Amazon. Large files and PHP aren’t the best of friends anyway. Your website, unless it’s a store, doesn’t need the 10meg image file.

As much as it pains me to say it, DRM is also a solution. So is watermarking your images. The way people like Getty protect their images is to lock it down to purchased users only. You can (fairly easily) download the smaller, sample images, but the awesome big ones are locked down.

But that’s how you protect your content. Not with those plugins.
23 February, 2015
Mailbag: Wrong Robots
I got an odd email from ‘Yan’ who, amidst the odd hate and sexist filled remarks that apparently I don’t like people in the WP community, had a legit question:

Seen your post:

But… Your actual robots.txt does not reflect the content of the article. Hmmm…

Well. That was almost 2 years ago. And it never reflected the content of this site. I don’t care if this site has it’s images snagged. I have anti-hotlinking protection in my .htaccess anyway. It’s my other site, my massively major huge gallery with 10G of photos that I protect.

That brings up a point that many people miss about this site. I’m not always talking about what I do here. For example, I talked about making a slide-up bit of code that duplicates WordPress.com’s follow tab. That email setup isn’t here and it never will be. I’m not particularly worried about my followers’ ability to find the sidebar email registration box there. This is a site for slightly more technical people.

However, the site that code is on is a site visited by luddites, primarily. They want their news about their thing in a way that is simple, straightforward, and easy. They need a reminder. Also they share links on social media a lot, so making a slide-up that auto-pops when you come from Facebook or Tumblr or Twitter was the right choice to make sure people knew what was going on and how to sign up. It’s had amazing results.

There are lessons I learn from running multiple sites and I bring them all back here to people who would appreciate them.

Now if people wonder, yes I do think that Google’s still evil for how they hotlink images. Of course, I’d think them equally evil for copying my images. Image search is just a really messy thing. The two options you get for it is that either Google has a copy of all the images on the planet or they hotlink. Even assuming they’re clever enough to protect themselves from duplicate images using some sort of super powerful algorithm, you get those options and each has a problem. If you’ve copied everything, you have to have a file server the likes of which would make the pyramids look teeny tiny, and in both cases you need a database with enough speed to stop us all from running Google Pagespeed tests on Google.

Am I the only one who does that? Oh. Sorry.

We’re talking about Google being evil and robots.txt files. The site that I do block Google Images on has a very large robots:
```
User-Agent: *
# My stuff
Disallow: /cgi_bin/

# WordPress
Disallow: /trackback/
Disallow: /blog/
Disallow: /wp/
Disallow: /wordpress/wp-admin/
Disallow: /wordpress/wp-includes/
Disallow: /wordpress/xmlrpc.php
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /xmlrpc.php
Disallow: /wp-

# Gallery
Disallow: /gallery/albums/
Disallow: /gallery/themes/
Disallow: /gallery/zp-core/
Disallow: /gallery/zp-data/
Disallow: /gallery/page/search/
Disallow: /gallery/uploaded/
Disallow: /gallery/rss.php
Disallow: /gallery/rss-comments.php
Disallow: /gallery/README.html
Disallow: /gallery/rss-news-comments.php
Disallow: /gallery/rss-news.php

# Wiki
Disallow: /wiki/images/
Disallow: /wiki/bin/
Disallow: /wiki/cache/
Disallow: /wiki/config/
Disallow: /wiki/docs/
Disallow: /wiki/extensions/
Disallow: /wiki/languages/
Disallow: /wiki/maintenance/
Disallow: /wiki/math/
Disallow: /wiki/public/
Disallow: /wiki/serialized/
Disallow: /wiki/tests/
Disallow: /wiki/skins/
Disallow: /wiki/t/
Disallow: /wiki/index.php

User-agent: Mediapartners-Google
Allow: /

User-agent: Adsbot-Google
Allow: /

User-agent: Googlebot-Image
Disallow: /

User-agent: Googlebot-Mobile
Allow: /

User-agent: Browsershots
Allow: /

User-agent: Dotbot
Allow: / 
```
So yes, actually, I am still using that code. There you are.
20 February, 2015
What Themes Get Wrong

I neither create nor review themes. I can fix a theme and edit one and hack one, but I don’t design them because I don’t visualize that way.

But boy do I see a lot of themes doing things in a way I can only describe as wrong.

Packaging and Requiring Plugins

A lot of themes do this, and I can understand why. If you make a theme that’s meant to be a store, then of course you want it to be used with an ecommerce plugin. That makes sense. But then we have to think about the drama of Revslider or TimThumb and we have to question the themes that throw every feature into their code. Part of development is maintenance. This is an accepted responsibility and, in the case of plugins, we’re all used to upgrading them for maintenance. The same isn’t true of themes. People hate upgrading their themes, and it’s the fault of themes themselves, doing things wrong.

Forcing Users to Edit Files

The first week of February I lost my mind at a theme. I had found a user who had run into a mod_security error. They were trying to edit their theme via the WordPress theme editor and hitting save tripped the scanner. Why? The code in the functions.php file was phrased in a way that spooked the scanner. We walked her through SFTP, which worked, and I helped review the security rules to see if we could safely change them. But then I asked her why she was editing the files directly.

She wanted to edit her footer, to remove the ‘powered by WordPress and Theme’ line, and the only way was to edit the file.

That couldn’t be right, I shouted at my screen, but I tested and used the theme and was stunned. Yes. The theme was written in a way that the footer wasn’t editable unless you could code and use a hook to unset the action and make a new one. Even just a simple child theme wouldn’t help because the footer was handled in a function and not footer.php

No wonder users edit themes. But then it got worse.

Forgetting About Cache

The top line in the header.php was a forced setting to create a new PHP session. There are a few problems with this. In many cases, having PHP sessions causes a cache to not serve cached files because the forced session tells it that the particular visitor is meant to have a unique sessions and its trying to honor that. The other common situation is that the first person makes the cache with their unique data, and all subsequent visitors get that cached data. Neither is desirable.

Why do people do it? I presume because when they built their features, they wanted to make sure each user got an individual view. But sessions are a cheap and dirty way about it. Sadly so are cookies, which a cache will either ignore in order to serve cache, or honor and slow a site down.

People remember to test a theme for speed and features, but so often they forget to test for cache.

Un-WordPress Designs

When a theme makes its own custom interface, it’s harder for users to know what to edit and where. It’s the kind of cognitive dissonance that happens when you’re reading a book or watching a tv show and suddenly everything feels wrong. Like if Harry Potter and Dolores Umbridge started dating. Right. That’s how uncomfortable it is to see a theme with its own custom design for the admin pages.

Let WordPress be WordPress.

Accessibility

I don’t meant on the front end. I mean did you know that there are very few themes that, on the back end, are fully accessible to the blind? It’s just not something people think about and it’s the worst thing a theme can do to the world. You may think that only a small part of the world is blind and you may not worry too much about such a small potential user base. But look back to the previous point. The less you design like WordPress the worse it is for users. All users.

What Do You See?

What drives you batty?

18 February, 2015
Don’t Be Rude (Except When You’re Not)

Don’t be rude with devs (hello Mika)

A mysterious person named John posted that as a comment to a post about WordPress suffering from the inventors dilemma.

I replied ‘Hello John’ and added “(I’m sure many people feel I’m rude though I have no idea why John does.)”

From there on, many of my friends replied that I wasn’t rude. Or in the case of Brianna, when I said I was rude on occasion, she replied:

“on occasion” seems like the perfect amount to me.

When two people are passionate but have opposing views on a situation, one or the other is always ‘rude.’ This is just what it is. Rudeness is something that is very situational and subjective. We’re talking about a world where we put our hearts and souls on the line with our code or our problems and, sometimes, someone comes back and says “No” or “That’s the way it is” and they’re rightly annoyed.

This does not mean they were rude.

Except that it does.

I try very hard to be polite, especially to people doing me a favor or providing a service, and I try very hard to respect their time. I try to remember that just because someone is terse doesn’t mean they’re angry with me, they’re probably just trying to get through their day. I try to thank people (especially when I call in to anything insurance or travel related). I try to remember they’re people.

But I know that, when you’re talking to someone who has deep emotions, who feels a great amount of fire in their heart for something, the opposition or the speed-bump can be met with great ire and angst. The person who says ‘no,’ which frankly is my job many times, is the enemy. They’re against you because, clearly, they’re not for you.

Except that they’re not.

Am I rude? I’m sure that, on occasion, I come across to someone as rude. I’m sure that sometimes when I bang out a fast answer, my brusqueness is perceived as disrespectful. I’m sure that my unexpected replies feel like a breech of etiquette. And maybe sometimes they are. I don’t always phrase myself perfectly. I’m not patient enough all the time.

But I’m not a rude person. I’m always coming from a place where I’d like to help people and educate them. I’m generally a smiling, nice, person. When I’m not able to be that me, I shut myself up at home and read and write, I go for a run, I play ping pong, and I blow off steam. You will rarely see the angry, inconsiderate, insensitive, mean, me. That Mika exists, but she’s not allowed to come out and play. The closest you’ll get is if I feel the need to come to someone’s defense. Like calling my friends or coworkers vile names.

This doesn’t mean I’m a nice, wonderful, polite person. It just means I’m a person, like you. I’m sure I’m rude. I’m sure I’ve pissed people off. But unless I’ve told you so, it’s unlikely I’m actually being intentionally nasty to you. Maybe I was trying to be serious when you were being a little silly. Maybe I was silly when you needed serious. Communication issues happen. We should try to learn from then and move on.

When we’re thinking about a world that exists primarily in text, our communication woes become more important. The majority of my work with other people is in email, instant messages, and once in a while, video chat. But mostly it’s text. This means I cannot read your ‘tone’ easily. When I know someone well enough, I can hear their voice in my head. Like I read Otto’s email saying “Here’s the thing…” and I know his intonations. When I see Jan message that has “Hah!” in it, I know it’s the somewhat self-deprecating amusement of the universe. When I see James’ “Nooooo!” I know he’s making like Darth Vader. I bet I can even tell which face Jen’s making when her email consists of “Mika.” Sorry about that.

But these are people I know and work with. Figuring out which emotion is behind a sentence of “You’re not doing that right.” is hard. Was I mean? Was I terse? Was I frustrated? Was I brusque? Maybe I was just tossing that off as the shortest way to explain something. It’s hard to tell. And because it’s hard to tell, it makes the online world of open source development fraught with headaches.

The best advice I can give you is that if someone says “Can we start over?” to take them at face value and start over. It’s so very easy to go down the wrong path for too long that you get lost. Remember it’s okay to let go and start over.

16 February, 2015
Rant: Worse than a Popup
I hate popup ads. Everyone does. You’re trying to read an article, perhaps on your phone, and these inline popups show up and obscure the content with ads for things you don’t care about.

We hate them more when they play music.

We hate them more when you can’t click on the tiny X on a phone.

But I have something I hate even more than that and it’s Apple’s fault.

You see, I use Safari sometimes to read on my phone. This is all well and good until I scroll on a slow site (probably slow because of their abuse of javascript laden social media toolbar crap that we didn’t care about to begin with) and my finger accidently brushes an ad. And then the ad opens the App Store to ask me if I want to download some idiotic game.

I take deep, calming, breaths and then I close out of the App Store, go back to safari, and I leave the page. Most of the time the article remains unread.

And why is this Apple’s fault? After all, the fault should lie with the idiots who thought that the best idea for a mobile site would be to have a bajillion ads.

This is Apple’s fault for two reasons:
1. There’s no way to tell Safari not to open these
2. There’s no ‘are you sure?’ message from Safari to let you decline
In fact, in all my research, the only thing you can do is to clear the browser cache and set Safari to only allow cookies from Current Websites Only. But as Apple warns you, that may cause issues with other sites.

This can be fixed! Apple can simply make it an option (hidden) to hide this. But also you website designers and developers, if someone says they don’t mind the popup ads and lightbox garbage on the mobile site, I want you do to me a favor.

Say no.

The web won’t get better unless you make it better. Please don’t make a website you’d hate too.

Oh and those ‘cool’ floating sidebars with the tweet links? They look terrible when you zoom in on the teeny tiny text on your website.

Stop it.
13 February, 2015