Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • AI Solves Site Speed And Won’t Make You Obsolete

    AI Solves Site Speed And Won’t Make You Obsolete

    I have a bit of a moral problem with AI.

    I hate how it stole data without compensation to build its databases, and now charges people for use.

    I hate how it’s shit for the environment.

    But I also use it day to day for work because it can do some things faster than I can. Imperfectly, but still, it’s like having a handy junior programmer who is up to speed on the latest techno brouhaha, but doesn’t have the scope or depth of thought just yet.

    It can be a very useful tool, but it’s difficult to look past the practical issues.

    All that said, I have been hearing a lot about how plugin shops and theme shops for WordPress will go out of business because of AI.

    Hogwash.

    AI Doesn’t Think

    This summer, I was designing and building an app for work that used two languages (BigQuery and Laravel) I wasn’t familiar with, and two services (PlanetScale and GCP) I hadn’t used before. I sat down and wrote up what I wanted the app to do and more or less how I envisioned it working and I tossed that into AI to ask it to help me:

    1. Estimate costs based on data volume
    2. Estimate time to develop
    3. Construct a plan using Claude TaskMaster to keep it organized
    4. Write up a summary pitch

    After a lot of back and forth and starting new chats to clear the memory, I had a decent plan and presented it. It’s pretty much as planned though we did learn and tweak as we went along.

    Could AI have invented that without me?

    No.

    AI can do a lot of things, but it cannot invent from nothing. It needs prompt and the better your prompt, with the more details of the needs and wants of the project, the better it can help you create. But it cannot just decide “you know what, I need an app for X.”

    Unlike a human, who can think about the moral consequences or the practical UX, an AI only knows what it knows from its limited info base, and cannot expand on its own.

    A human will go “this sounds nice, but …” where an AI might ask you about the flaws but only as it knows them.

    AI Is Great For Optimizing

    Also this summer, I was looking at how slow LezWatch.TV is in the back end. Now I knew that this was due to how much cross data we save, and how inefficient WordPress is about storing it.

    For example, adding a new character to the database will:

    1. update the character count for the actor(s)
    2. update the character count for the show(s)
    3. update the meta for the gender and sexuality of characters for the show(s)
    4. update the stats of characters for actors, shows, formats, death, etc
    5. adjust show(s) score

    There’s a lot of other little stuff, but every save of character does that. And it’s slow.

    So I thought “there must be a better way…” and I wrote up a list of everything. Then I asked Claude (the AI in my code editor) to review the character saving code and tell me where it was slow.

    It listed everything I had, plus a couple more (shadow taxonomies, weird cmb2 <=> taxonomy stuff) and with that, I dumped a summary into Gemini (Google) and said “Based on all this, is Action Scheduler a good idea? Tell me why, or why not, and propose alternatives.”

    Now notice I came in with my own proposal!

    This is key because it set the expectation that I knew “saving is part of the issue, so if I can schedule out post processing, then saving will be faster!”

    AI Extends What We Can Do

    This is where AI is great, it extends. After I moved things to the action scheduler, I thought about the other slow parts and decided to make my sql calls more efficient.

    I know how to solve an N+1 issue (not redundancy, but the select problem), but the pain in the ass with WordPress is it tricks you!

    Let’s assume $things is a collection of post objects. And you want to loop through all those things to get the ones with a meta of ‘other’ and echo it.

    foreach ($things as $thing) {
        $other = get_post_meta($thing->ID, 'other', true);
        echo $other;
    }
    

    Looks perfect, right? Simple. Fast. Easy.

    Well it’s two of the three. When you have 100 post objects, it’s fast. It’s even fast at 1000. But when you get to 3000 … now you’re going to see things slow down, and Google will ding you for TTFB (time to first byte).

    The fix?

    $thing_ids = wp_list_pluck($things, 'ID');
    
    foreach ($thing_ids as $id) {
        $other = get_post_meta($id, 'other', true);
        echo $other;
    }
    

    It doesn’t look much different, but the trick here is that instead of looping and getting all the post data, we’re just using the IDs for a faster lookup and echo.

    This gets compounded when you use WP_Query. Yes, it gives you the posts but if you also need their meta or taxonomy data, WordPress doesn’t load that in the same query. So you end up doing one query to get all the posts, and then one extra query for each post to get its related data.

    That’s the N+1 problem: 1 big query + N small ones.

    By writing direct SQL, I can grab posts and their meta/terms in a single query, instead of hitting the database over and over.

    AI Solves With Directions

    My father used to say that people think of AI like it works in Star Trek. Captain Picard says he wants “Tea. Earl Grey. Hot.” The replicator knows exactly what he wants and makes it. Geordi LaForge asks the Holodeck to make a Sherlock Holmes themed villain, capable of defeating Data.

    Given the recent issues with guardrails on AI and it pushing people towards suicide, I can’t help but think Dad was 100% right and still is. People look at AI as a panacea. It will solve problems because it has access to all the information and can make the right conclusions.

    It doesn’t.

    While I used it to help me find all the speed issues, with my set parameters (saving, searching, etc), I can’t just say “make my site faster.” The amount of refining that happens, and sometimes straight up corrections on what is pretty basic dev work is how I know this. Any developer work their salt will tell you it’s not perfect.

    What AI is great for refining, improving, and assisting.

    It does not, cannot, think for itself. It will not propose to you “hey, I’ve been looking at the code you’re working on and I have an idea.” It will not solve the problem before you identify there is a problem.

    AI is a tool.

    Use your tool wisely.

    But … can you make it better for the environment?

  • Toxic Users: The Unforgiven and the Danger of Unbanning

    Toxic Users: The Unforgiven and the Danger of Unbanning

    Over the last couple years, I posted a lot of stories about the crazy things I saw as the Plugin Rep on WordPress.org. A great number of those situations ended with someone being banned, but those aren’t the only stories out there.

    Still, with the recent situation on WordPress.org, I felt it was appropriate to break down my views on banning, and when it’s the right thing to do.

    Bans are about Safety First

    The number one reason to ban anyone is the physical safety of the community.

    With the recent announcement of a “Jubilee” and how people who were banned between August 2024 and now are being reviewed and (in some part) unbanned, I made a fairly vocal statement on Mastodon and BlueSky that this was a dangerous thing.

    So #Wordpress (org) is really unbanning EVERYONE who’s ever been banned. This was confirmed by Matt on Twitter (screenshot attached).

    I’m going to have to cold-stop any and all contributions because it’s demonstrably UNSAFE for me to be a part of the community.

    Stalkers. Harassers. DEATH THREATS.

    It’s NOT safe for me to be there.

    Until someone SANE comes up with limits, guidelines, and restrictions for this ‘all bans,’ it is NOT SAFE for me to be on WordPress.org.

    I repeat: THIS IS NOT A SAFE COMMUNITY FOR ME OR ANY OF THE THOUSANDS OF VOLUNTEERS WHO HAVE WORKED HARD TO ENFORCE GUIDELINES EQUITABLY FOR OVER A DECADE.

    (See X/Twitter for the thread)

    Matt Mullenweg tweeting "This covers all bans, not just ones I did."
    Ipstenu (Mika E.) on Mastodon

    I will note, I posted that before any clarifications as to who was being unbanned.

    While I have had one credible death threat (and a half dozen others that were laughably stupid, including threats to have various Gods wreak vengeance on me), I am aware via my friendships with Automattic employees that there are a significant number of legit threats out there.

    Those people can and should be banned, and must remain banned. Period.

    Safety isn’t Just Physical

    The number two reason to ban anyone is the ephemeral safety of the community.

    By ‘ephemeral’ I generally mean code. That is, if someone is putting backdoors in their plugin, we need to kick them out and ban them because they are an abject danger to the sites the plugins are installed on.

    But this also means things like extortion, harassment, name calling, bullying, and so on. If someone demonstrates, through their repeated actions, that they can only communicate in a hostile manner, then they need to leave the community.

    There’s a saying, once a single Nazi is allowed into a bar, it has become the Nazi Bar. All communities need to stringently protect the safety of their users. If leadership is okay with a couple people mistreating their community members, then they have just demonstrated they are not going to protect the more vulnerable members.

    This protection is bidirectional, by the way. I’ve banned as many users for harassing developers as I have developers for harassing users!

    The Community is More than Users and Developers

    The number three reason to ban anyone is the legal safety of the community.

    Any community of a decent size is one that faces legal matters. It can be a fan-club, an open-source development community, or a writing group. You have to be aware of the legalities of what you’re doing.

    You have no idea how many times I’ve had to explain the basics of copyright and trademark law to developers, who just want to have a plugin for Facebook. I totally get it, Facebook is delulu about how they enforce their trademark — you can’t even use the word ‘Facebook’ or ‘FB’ in any of your plugin names, meaning no ‘Integration of Blah with Facebook’. But that’s how it is, and you have to obey the law.

    For example, if a plugin is closed for something like that and the dev complain but make the change, that’s good. But if they make the change back when the plugin team isn’t looking, because they happen to know the team doesn’t review every change, then what happens is the plugin team gets a very nasty legal doc that threatens the entire repository. They plugin gets closed a second time.

    You can see how this would escalate. Especially when the dev starts complaining ‘but someone else got away with it!’ See what really happens when they do that is the team goes and looks at the other person and closes their plugin. No one wins. The legal team from Facebook gets angrier and angrier, and the legal mess gets worse and worse.

    If someone is the cause of putting the entire repository (or worse, the project) in legal jeopardy, they’re going to get banned and should be. They’re reckless and a danger to all.

    Fake Content Hurts the Community

    The number four reason to ban anyone is spam, auto-generated content, and lying.

    I’m sure someone is confused that I’ve lumped them together, but they’re all worthless content.

    Spam, no one would argue is ‘good.’ I know you get that one. Lying? Again, pretty obvious why you’d get banned for lying over and over again. If you can’t be trusted, then your contributions can’t be trusted.

    But auto-generated content? I almost called it ‘low quality content’ because that’s what it is. People who post copies of AI generated ‘answers’ wholesale are posting low quality content. Since we know that AI has issues with hallucinations (read ‘it just gets things wrong sometimes’), you have to verify it. If you’re doing that, you’re going to end up changing some of what it says.

    When someone doesn’t change anything it said, they’re not adding anything of value. It’s like dropping a ‘Let me google that for you’ link. They’re wasting everyone’s time and aren’t educating someone on how to help themself in the future. This is especially true on support forums.

    Community should help itself. If someone wants to look things up with AI, more power to them, but if they come to a place to ask for help, they deserve to be treated as a human, not a bot.

    Protect the Community From Yourself

    The number five reason to ban anyone is they’re actually acting harmfully to the community, not just you.

    This is sort of a backwards thing. It’s more ‘the number one reason NOT to ban…’ but it works anyway.

    I have never once banned a single person because they annoyed me, or hurt my feelings, or even threatened me.

    I’m pretty sure there are some people out there who are scoffing.

    As hard as that may be for some of you to believe, it’s the truth. I have only banned people for guideline violations. Pretty much all the threats I’ve received happened after I banned people, first of all, but more to the point, everyone who devolves to threats tends to have a violation first.

    There are some rare exceptions. I remember a few plugin reviews that had the sole reply of “fuck you” (or similar eloquence) and those were pre-emptively banned. Not because they swore at me, but because they clearly were incapable of following the guidelines. I didn’t want people thinking it was okay to talk like that to the community.

    Not me.

    The community.

    Call me whatever you want, I don’t care, but when you do that I sure as hell judge you.

    The Community Must Come First

    You may sense a theme here.

    Every single reason you ban someone is to help the community. Sometimes you’re protecting the community from itself, sometimes you’re doing things because there’s a grumpy lawyer standing over your shoulder (metaphorically), but at the end of the day you ban people who are actively harmful to the community.

    There will always be people who cannot be unbanned because of the danger they represent. Those people, the people who hurt the community, must stay out.

  • Open for Employment – No Longer!

    Open for Employment – No Longer!

    As of Dec 2, 2024, I am employed with AwesomeMotive! I am no longer in need of a new gig. I am leaving this post up in case someone does want to pay me to work on LezWatch.TV and make bagels all day.


    As of 31 October 2024, my engagement with XWP will end. I am incredibly thankful for the time I spent with them and the trust they placed in me. Don’t get me wrong, it sucks, but the world just works like this sometimes.

    What am I looking for?

    Honestly as much as I’d love someone to pay me to just work on LezWatch.TV and make bagels all day, it’s pretty unlikely (though if you do…).

    What I’m looking for is a full time job where I get to make cool things, get a fair paycheck that allows me to save to buy a house, and provides enough vacation time that I’m not spending all of it on Jewish Holidays and can actually take a trip now and then.

    What do I want to do?

    This is likely a tech stack question. I can do WordPress, I’m very good at it, but I also know Hugo and can pick up other stacks pretty quickly. I’ve done full stack work before (server birth to death), worked in automation, and myriad other platforms like MediaWiki, ZenPhoto, and more. I’m game for learning any CMS.

    Would I really still work in WordPress?

    I would.

    Look, I know there’s a lot of volatility in the WordPress world but honestly with that in mind, you need someone like me! Why? Because I know WordPress plugins! If something happens and you can’t access .org, I’m your girl. I know how to scan plugins (and themes) for backdoors and bad code, as well as write the good stuff. I know risk assessment and management, which means I can help you when plugin ownership is in doubt.

    I also know a lot of backstory to a lot of development shops and how they treat people. What? You knew I took notes about plugin devs!

    There are millions of WordPress sites out there. They still need devs.

    Would I leave WordPress for anything else?

    Absolutely! Nothing against WordPress (or the current state of affairs), but my love for it is not absolute. It’s tempered in reality. WordPress is not the perfect solution for everyone, after all. I’m game to learn new things, to integrate, to test, and to break things.

    And if you’re transitioning a site to or away from WordPress? Hey! I’m uniquely positioned to be able to tell you exactly what that code was doing and, in most cases, why!

    Would I work for Automattic?

    No. That ship sailed about 15 years ago. I interviewed pretty much around now back then, and in talking with Matt directly we both agreed I would be a bad fit. No harm, no foul. I think that was the right choice, all this time later, and I have no regrets.

    Would I go back into Hosting?

    Sure. I liked that work. It’s fun, challenging, and I learned a lot of new platforms and specifics. I got to play with servers and it gave me a deeper understanding in how to approach asking a host for help. Bonus? I know devs, so I can help debug your code on servers!

    (If DreamHost calls me up right after this post, I would absolutely talk with them about opportunities without a second thought!)

    What about Agency Work?

    Depends on the agency.

    Some agencies are real meat grinders, and some are less so. The hardest part about agency life is how fast everyone and everything has to move. Also it’s incredibly volatile! If the company who hired you isn’t doing well, fffftttt you’re screwed.

    (Again, if XWP called me tomorrow, I would happily talk with them.)

    Would I work for a plugin shop?

    Yes, I would. I know plugins, I know the repo (sure things have changed but the basics aren’t going to), and I know the forums. Plugins are a lot of work of course.

    How about a security company?

    That would be epic fun. Yes. Finding issues, reporting them reasonably and privately, getting them fixed, and helping everyone? I miss that from Plugin Reviews.

    What about just plain ol’ IT?

    I’ve done it before. I’m sure some of my info is out of date (anyone need a Windows NT Server certified dev?), but again, I’m willing and able to learn. Basic IT has some joy you know, and users do some wild and crazy things you don’t expect.

    Didn’t anyone tell me not to sell ME in a resume?

    Many. But the thing is, you’re not hiring a machine, you’re hiring a person. If you want a grunt to grind? That ain’t me.

    If you want a well reasoned, insightful, and creative individual who thinks for herself and is willing to try things even if they fail, because those lessons help you going forward? Who fights for the users and is honest even when it hurts? Who will stand by her principles even if they cost her work? Who is passionate and puts her all into everything?

    That’s me.

  • Why NOT WordPress?

    Why NOT WordPress?

    There’s a website I’ve been running since 1996.

    Yes, I know, I’m an Internet Old.

    1996. That’s 7 years before WordPress was a thing. So it’s not surprising this site was (at one point) moved from ‘something else’ to WordPress. Actually a lot of something-elses over the nearly 30 years of its existence. I moved it over to WP around 2005 (WordPress 1.5) and pretty much left it there for years.

    Now it’s different. Now the site is 100% powered by Hugo.

    Why Did I Stop Using WordPress?

    To understand this decision, you have to keep in mind that the site had been three parts for about 20 years.

    1. The Blog, where announcements were made, etc, powered by WordPress
    2. The Image Gallery, which had … images (about 20 Gigs), powered by netPhotoGraphics
    3. The Wiki/Library, which is the documentation, powered by Hugo

    Well, this year I got a nasty-gram and was forced to shut down the gallery. The simple truth was yes, the gallery included images that legally I didn’t have the right to use. No excuses. But the company involved was kind enough to work out a partial situation. I’m still in the middle of moving what images I can keep into a new home, but while that’s going on, I had a chance to sit down and face reality.

    The gallery, you see, was the biggest feature of the site. Next was the Wiki/Library, and the blog was pretty much just announcements. There was a forum, it was removed ages ago. There was BuddyPress, ditto. People management just isn’t fun.

    There was also the matter of cross linked data. Oh my, did a lot of images appear on the blog and the gallery. I was going to have to purge the old blog posts en masse anyway, so at that point, I asked myself that big question.

    Do I want to move the library to WP, or the blog to Hugo?

    Consider the following:

    1. I was going to have to manually curate nearly 30 years of blog posts (took a few thousand down to about 50)
    2. I already had a running Hugo site and was familiar with it (it has over 1600 files)
    3. If I ported to WP, I would have to rebuild my data setup for how the data is output
    4. Importing blog posts as text only is incredibly easy

    With that in mind, it seemed obvious. Hugo.

    What’s Different with Hugo?

    Obviously I lose the ability to write a blog post and press publish. I have to add a new file, manually link it to my new image, and push to GitHub, where it’s auto-deployed to the site in question. The process for any data is basically this:

    1. Create a branch on my GitHub Repo
    2. Add the new content
    3. Merge the branch into Production

    At that point a GitHub action takes over.

    Beyond that, however, there are some things you take for granted with WP. Like the ease of a mailing list with Jetpack. Now, I did export my Jetpack subscribers and I’m working on a solution there, but yeah, that was a big hit. There’s also the matter of auto-deploying content to socials. But… honestly that’s been pretty much shit-and-miss lately, what with Facebook and Twitter being what they are.

    But all the ‘easy’ stuff? Well Hugo has RSS Feeds, it can process images as it builds (though that will cause your deployments to take longer), it’s open source, and best of all? The output is static HTML.

    Go ahead, try and hack that.

    How Hard Was It?

    Honestly, it took me about 3 days to pick a new theme, apply it, move my basic content over, and start rebuilding the blog. Migrating blog posts took me about 3 weeks. The hardest part was realizing I was going to have to write some complex Hugo Mod code to include my gallery with lightbox code, but I banged that out in an evening.

    There were frustrating moments. The Hugo community is significantly smaller than WordPress (I mean, whose isn’t?) and some of the code is a little on the ‘understood’ level (by which I mean things aren’t always spelled out, they assume you know what they’re talking about). In a way, it’s like using WordPress back in 2006 all over again, and look at where that’s taken me!

    I’m very happy with the result. I picked a ‘fancy’ theme, called Hinode, and it came with Dark Mode built in. I ported over my custom code for recaps (I have a whole star rating system) and started building out topical small galleries where I could.

    If I was a newbie to the web world? This would have been impossible. Then again, a lot of the work I’m doing in WP would be impossible for a newbie. About the only tool I’ve used where I think it’d be easier would be … Maybe MediaWiki? But only because you can build templates from the editor backend.

    Even with Full Site Editing, WordPress would have been a bear and a half.

    Historical Notes

    The ‘Library’ was once on MediaWiki because I had this idea to be a public repository anyone could edit. Only I kept getting attacked by spammers, so I turned off registration. Then I had to apply all sorts of plugins, only MediaWiki didn’t allow you to self-update like WordPress, and I had to write scripts and it was just a pain.

    I rebuilt it all as Hugo about 6 years ago, and I really enjoyed it. GoLang is not something I’m familiar with, and sometimes the language drives me to drink, but so does PHP.

    The Gallery used to be a home-grown SHTML setup, which then moved to a now defunct project, Gallery, and then to ZenPhoto, and finally to NetPhotoGraphics after ZenPhoto decided to be more than just a photo library. NetPhotoGraphics is hella fun to use, and I even built an embed tool for it, so you could paste a link into WP.

    I did that with Hugo as well, and I’ll probably port that back to the new site sooner or later.

    It Is Sad Though

    Basically this site has been a part of my dev growth from day one. I wouldn’t be working in WordPress were it not for this site, and I owe it a lot. Moving to Hugo is the end of an era, and it is a bit sad. But at the same time, I feel like I’m now in even more control over everything, and I’m making a leaner, faster, website every day.

    I have no regrets for the steps I’ve taken on the way, and none about this move. It’s nice to not have to worry about updates all the time. After all, what’s on the site is just HTML.

    I do miss being able to schedule posts though…

  • Piracy and the GPL

    Piracy and the GPL

    Sé and I go back a while, so when she asked me if I’d like to come on WPwatercooler and talk about Piracy and the GPL, I said sure! I’m including the video at the end so you can see the whole conversation but … What got me interested was that she didn’t ask me about what I thought she would!

    The Hill I Die On Is Theft

    I always get people pissed off when I say this, but you absolutely 100%, without question, can steal GPL code if you mess with copyright law.

    I even went and asked ChatGPT for some fun:

    It would be considered unethical and potentially illegal to take GPL-licensed code and release it as your own work. The GPL requires you to respect copyright laws and the rights of the original authors. By claiming GPL-licensed code as your own without proper attribution or acknowledgment of the original authors, you would be violating both the terms of the GPL and copyright law.

    The GPL allows you to use, modify, and distribute the code, but it also requires that you maintain the integrity of the original license and give appropriate credit to the original authors. Failure to do so could lead to legal consequences, including potential copyright infringement claims. It’s essential to adhere to the principles of open source licensing and respect the contributions of others in the software development community.

    I expected the chat to be about that. It wasn’t. It was about the lovely grey area I spent a decade and a half in.

    Piracy is/n’t Theft

    The crux of Sé’s question was this: Is it piracy to get a copy of a premium plugin (one you have to buy to get) from someone else.

    The initial answer is ‘yes’ but then Sé laid out some amazing nuance.

    1. She’d already bought the code before
    2. She couldn’t buy the upgrade because the devs are in Russia (and sanctions)
    3. There was a workaround to pay an intermediary, but she felt it was sketchy
    4. She intended to migrate off the plugin, but needed the latest version to do so
    5. Someone she knew offered to give her a copy of the latest version

    Now, I worked for a bank before WP, and I can tell you that her workaround is what you do when you launder money. And if you did use that workaround, you run the risk of ending up on the FBIs sniff-list and they do not have any sense of humor about ignorance of the law.

    So now, would I still call it piracy? Actually … yes. I would. But it’s small scale and not actually a huge issue and really depends on the intent of the person who gave it to her, and what Sé did with it in the end.

    The Scale of Piracy

    There’s a constant battle going on between consumers and corporations. I’ll use an example close to my heart. The TV show Willow was a fun fantasy romp with silly flashbacks and messy magic. It wasn’t perfect, it wasn’t the greatest thing ever, but it was fun. Shortly after it got mid-to-low reviews, it was removed from streaming.

    There is no way to watch the TV series, except for piracy.

    Is it piracy if I had managed to download the videos beforehand and kept them for my own entertainment? Yes. Yes it would be. The same as how all of our mix tapes were technically piracy. Mixtape artists have been arrested under RICO charges for that!

    But the reality is that no one was going to waste time and kick in your door for making a mixtape and giving it to your sweetheart. They didn’t really care that much about it (and in some cases, like The Grateful Dead, encouraged it). It was incredibly hard to make money off mix tapes. I made copies of a CD I had bought in high school for friends, never sold ’em.

    Then came the internet and suddenly I could copy that CD into files and send them across the world! And you know what? People did. Suddenly the scale of what could be done with a pirated copy of a CD had skyrocketed.

    Obscure Monetization

    I pause here to quote from Cory Doctorow’s interview back in 2010, when he was asked why does he give all his books away for free?

    I give away all of my books. [The publisher] Tim O’Reilly once said that the problem for artists isn’t piracy – it’s obscurity. I think that’s true. A lot of people have commented: “You can’t eat page views, so how does being well-known help you earn a living as a writer?” It’s true; however, it’s very hard to monetise fame, but impossible to monetise obscurity. It doesn’t really matter how great your work is; if no one’s ever heard of it, you’ll never make any money from it. That’s not to say that if everyone’s heard of it, you’ll make a fortune, but it is a necessary precursor that your work be well-known to earn you a living. As far as I can tell, these themes apply very widely, across all media.

    As a practical matter, we live in the 21st century and anything anybody wants to copy they will be able to copy. If you are building a business model that says that people can only copy things with your permission, your business is going to fail because whether or not you like it, people will be able to copy your product without your permission. The question is: what are you going to do about that? Are you going call them thieves or are you going to find a way to make money from them?

    The only people who really think that it’s plausible to reduce copying in the future seem to be the analogue economy, the people who built their business on the idea that copying only happens occasionally and usually involves a giant machine and some lawyers. People who are actually doing digital things have the intuitive knowledge that there’s no way you’re going to stop people from copying and they’ve made peace with it.

    Cory Doctorow: Publish books free online

    There’s Piracy and There’s Piracy

    On the podcast, I mentioned a book I’d bought for school that was over $100 (this was in the mid 1990s) and, having bought it, I worked with a friend in the print shop to make copies for classmates and sold them at enough for me to break even. I think it was $5 a pop, and I would accept lunch instead.

    Piracy? Oh you betcha.

    Illegal? Again, yeppers!

    Immoral? ….

    Oooh now I brought up a dirty word.

    But it ties in to that intent I mentioned when I was describing Sé’s situation.

    If Sé or I took the copies of the book/plugin and sold them with the intent of making a profit, then yeah, we’re immoral shitbags. But that isn’t the case. I was trying to not go broke because of that stupid college textbook scam that’s only worse with DRM. Sé wanted to properly move off a plugin that she cannot use anymore.

    It’s all about that intent. As I said on the podcast, if you see someone sleeping in their car and it’s illegal where you live? No, you did not see anyone sleeping in their car. Did you see someone shoplifting diapers? No you did not. And if I have to explain why you didn’t see those things, you may be following the wrong blog.

    Those GPL Avenger/Nulled Shops

    I have to loop back to the GPL.

    Officially, technically, 100% the GPL says that the code you write and release under the GPL is free for anyone to do whatever they want. And if you make changes, you have to release it under the same license.

    Now, if you’ve spent any time in the WP world, you’ve run into sites that offer the same expensive plugins as you’ve seen for sale, but cheaper and ‘nulled’ (which means they no longer phone home to momma for your license). And technically under the GPL, that’s allowed. But I argue this:

    1. The intent here is to circumvent legitimate, available purchasing
    2. There is no assurance the code has not been tampered with
    3. It’s a dick move

    Can plugins been overly expensive? Yes, absolutely. I saw one for over $500 and it was not worth it. But you’re not paying for the plugin itself, you’re paying for security, support, and maintenance.

    (Off Topic: I mentioned how cool it is when someone releases free back ported security fixes for premium plugins – I wish it was easier to do and everyone could do it, but it’s really freakin’ hard! Still, the easiest way would be “find all people with expired licenses and email them the latest release of the last branch they paid for, free of charge”. Easier said than done.)

    The other problem is that by giving away the plugin, you may have broken the purchasing agreement. You know the one? Don’t rip off the tags on this mattress? Well first of all, the GPL actually supports people selling code (they’re not stupid, people gotta earn a living), and they’re of the Doctorow approach — watch your price point, convert the free users to paying one with value.

    The value most plugin shops offer is support and updates. They’ll patch your plugin until they go out of business. And they’re clear about how you’re not paying for software, you’re paying to have it sent to you:

    You can charge people a fee to get a copy from you. You can’t require people to pay you when they get a copy from someone else.

    Frequently Asked Questions about the GNU Licenses

    So what do I mean by a purchasing agreement? Well it’s your license agreement. I pay for YoastSEO, and from them I get a license. If I break the terms of that agreement, they have the right to sever my license and no more updates for me.

    Those nulled/GPL Avenger sites are regularly playing with fire, and most have to make purchases with disposable credit cards and shuffle things around in order to not get caught. Once they’re caught, they’re banned and blocked and someone figures out how to catch them ahead of time next time and prevent sales in the first place.

    Piracy is Nuanced

    The reality of all this is piracy is an incredibly nuanced situation.

    Pirate Radio Stations use airwaves they didn’t pay for and play music they have no license to. But at the same time, they might be the first way you hear a certain song that inspires you to go out and buy the album.

    Sharing Cory Doctorow’s books for free takes money from him, but how is that different than using the library or loaning your favorite book to a friend? The goal isn’t to make money, it’s to share joy.

    Asking a good friend for a copy of a premium plugin so you can test it out is, in my eyes, much the same. Asking for a copy so you can update and move off it is also fine.

    When you start working at scale to actively block people from making a living (like if I took all of Doctorow’s books, printed, and resold them) then you’ve crossed my line about what is ethical piracy and what is just being a jerk.

    Don’t be a jerk.

    And remember, they’re more like guidelines.

    WPwatercooler

    Watch me on the world’s most influential WordPress Podcast, talking about piracy, GPL, copying books, and money laundering.

  • Docked Libraries and DNSMasque

    Docked Libraries and DNSMasque

    I use Docker at work because it’s what we have to use to build sites on specific servers (like WordPress VIP). Honestly, I like it because everything is nicely isolated, but it has been known to have some … let’s call them ‘quirks’ with the newer M1 and M2 chip Macs.

    You know what I have.

    And I had some drama on a Friday afternoon, because why the hell not.

    Drama 1: libc-bin

    After working just fine all day, I quit out of Docker to run something else that likes to use a lot of processing power. When I popped back in and started my container, it blew a gasket on me:

    21.39 Setting up npm (9.2.0~ds1-1) ...
    21.40 Processing triggers for libc-bin (2.36-9+deb12u1) ...
    22.74 npm ERR! code EBADENGINE
    22.74 npm ERR! engine Unsupported engine
    22.74 npm ERR! engine Not compatible with your version of node/npm: npm@10.1.0
    22.74 npm ERR! notsup Not compatible with your version of node/npm: npm@10.1.0
    22.74 npm ERR! notsup Required: {"node":"^18.17.0 || >=20.5.0"}
    22.74 npm ERR! notsup Actual:   {"npm":"9.2.0"}
    

    I was using Node 16 as a holdover from some work I was doing back at DreamHost. Of course the first thing I did was update Node to 18, but no matter what I tried, Docker would not run the right version!

    I looked at the Dockerfile and saw this section:

    # Development tooling dependencies
    RUN apt-get update \
    	&& apt-get install -y --no-install-recommends \
    		bash less default-mysql-client git zip unzip \
    		nodejs npm curl pv \
    		msmtp libz-dev libmemcached-dev \
    	&& npm install --global npm@latest \
    	&& rm -rf /var/lib/apt/lists/*
    

    When I broke it apart, it was clear than apt-get install was installing the wrong version of Node!

    Maddening. I wrestled around, and finally I added FROM node:18 to the top of my Dockerfile to see if that declare would work (after all, Docker supports multiple FROM calls since 2017).

    To my surprise, it did! Almost…

    Drama 2: PHP

    It broke PHP.

    While you can have multiple FROM calls in modern Docker, you have to make sure that you place them properly. Since node was the new thing, I put it as the second FROM call. In doing so, it overrode the PHP call a few lines down, causing the build to fail on PHP.

    Our Dockerfile is using something like the older version of the default file (I know I know, but I can only update a few things at a time, I have 4 tickets out there to modernize things, including PHPCS), I had to move the call for FROM wordpress:php8.1-fpm to right above the line where we call PHP.

    You may not have that. But if you add in that from node and it breaks PHP telling you it can’t run? That’s probably why.

    Huzzah, the build works! PHP and Node are happy … but then …

    Drama 3: UDP Ports

    Guess what happened next?

    Error response from daemon: Ports are not available: exposing port 
    UDP 0.0.0.0:53 -> 0.0.0.0:0: listen udp 0.0.0.0:53: bind: address 
    already in use
    

    I shouted “FOR FUCKS SAKE!”

    I did not want to edit the compose.yml file. Not one bit. If it works for everyone else, it should be that way.

    Thankfully, Docker has a way to override with compose.override.yml (we have a docker-compose.override.yml file, old school name, old school project). I was already using that because, for some dumb reason, the only way to get the database working was to add in this:

    services:
      db:
        platform: linux/amd64
    

    It’s not a super dumb reason, it’s a Docker vs M1 chipset reason. Still, it was annoying as all get out.

    Naturally, I assumed override meant anything I put in there would override the default. So I tossed this in:

      dnsmasq:
        ports:
          - "54:54/udp"
    

    Turns out, override doesn’t mean override when it comes to ports. I went to the documentation, and there is no mention of how to override ports. On to the Googles! A lot of searching finally landed me on an old, closed ticket that implied I could do exactly what I wanted.

    After reading that whole long ass ticket I determined the syntax is this:

      dnsmasq:
        ports: !reset
          - "54:54/udp"
    

    Finally I could get my site up and running! No idea why that isn’t documented, since the dnsmasq issue is a known compat issue with MacOS.

    Drama 4: Update All The Things

    Then I did the dumbest thing on the planet.

    I updated the following:

    • Docker
    • Everything I use from HomeBrew
    • Mac OS (only the minor – I’m not jumping to the next major release on a Friday afternoon!)

    But I have good news this time.

    Everything worked.

    Final Drama…

    The thing was, I didn’t really want to have to edit the Dockerfile. It’s a tetchy beast, and we all use different OSes (I’m M1, one person is older Mac, one is Windows). Cross compatibility is a bit issue. I did test a number of alternatives (like defining engine in package.json and even mimicking our other setups).

    At the end of the day, nothing worked except the above. No matter what, libc-bin was certain I was using NPM 10, which I wasn’t. I wish I’d found a better solution, but so far, this is the only way I could convince my Dockerfile that when you install via apt, you really want to use the latest.