Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • Crypto Mining on Websites Isn’t Evil

    Crypto Mining on Websites Isn’t Evil

    A recent hot button topic in WordPress has been Crypto Mining.

    What is Crypto Mining?

    Mining is a way to use your computer hardware to ‘mine’ for Bitcoin (or whatever cryptocurrency). Cryptocurrency is a digital currency, generated by performing computationally expensive tasks that use a lot of your computer’s processing power. Basically a computer is paid for solving math numbers. This math solving verifies transitions, and effectively runs the cryptocurrency Wall Street.

    Mining is earning money.

    Why is it bad?

    The problem is that you can’t actually do any profitable mining on your laptop. It’s not powerful enough. People have to build out crazy computers dedicated to mining, and those use a lot of power, which means you’ll end up paying more for electricity than it’s worth. Somewhere along the line, people decided to use the power of the crowd to make the money for them, and started to bundle mining tools in their software. uTorrent, for example, did that so every time you used their app, you made them a few thousandths of a penny. With millions of users, they make money and you pay more for electricity.

    Isn’t that illegal?

    Well. No. You agreed to their Terms of Use and guess what got buried in those EULA’s you clicked “I Accept” on? Surprise! Technically this means its legal. Ethical is, of course, a different matter. Mining without reporting your income on your taxes is illegal (surprise again), but the actual mining itself isn’t. But the reason why people say this is unethical is less that people are using your computer to mine, but that you don’t get any of the money from it!

    How did websites get involved?

    People figured out how to embed, via javascript, a mining program in websites as an alternative to those ads no one clicks. While most (if not all) web hosts will kick you off their services for using their servers to mine, this instead uses the computers of site visitors to mine. Which brings us back to the part where your laptop (or worse – phone) is being used to mine without your knowledge or real permission. Because in the case of the javascript, most aren’t asking you to opt in. All the visitors make thousandths of a coin for the website, all without knowing (except maybe wondering why the website is a little slow).

    It’s THAT illegal?

    Apparently not. Which is why I recommend you install and use an adblocker. I currently use Ghostery, which is an add-on for your browsers. It stops most bad actors from being loaded if they’re tracking you, but it doesn’t block all javascript. Which yeah, it shouldn’t! You need javascript for the modern web to run.

    Instead, you could block bad javascript, which I do via jsBlacklist – a Safari extension. I’m sure it exists for other things, and my friend Jason has a Javascript Blacklist of all the naughty miners and services he knows.

    Amusingly, Showtime’s website was mining, and we’re not yet sure how or why. It was removed quickly.

    Is there a good way to use this on my website?

    If you absolutely must, I recommend an approach like AuthedMine. This legit enforces opt in. But check with your web host first to make sure it doesn’t violate their terms. And above all, make sure people know what they’re agreeing to.

  • LGBT+Allies At WordCamp US – 2017

    LGBT+Allies At WordCamp US – 2017

    Yet again, Tracy and I have gone a little insane and we’re throwing another fabulously big queer party at WordCamp US. This year the venue is Nashville, which made an interesting turn as Tracy’s in Philly and I’m in SoCal. We drafted some local help and, after a series of emails, phone calls, and one text in all caps, we are happy to announce our second ever LGBT+ Party.

    Friday, December 1, at Suzy Wong’s House of Yum.

    Grab your tickets now before they’re gone!

    And we’re still looking for sponsors to cover the cost of the food and drinks, so please contact us if you’d like to chip in.

    Back for the second amazing year is the faaaabulous LGBT+Allies Meetup for WordCamp US!

    WordPress as a community has been welcoming and inclusive to people of all backgrounds, sexual orientations and gender identities. To celebrate our wonderful diversity, we’re bringing the party to Nashville, for an evening of honky tonking at a brothel of epicurean delight.

    This year, the party will be at Suzy Wong’s House of Yum, located in the heart of Nashville’s trendiest alternative night life scene. Suzy Wong’s House of Yum is a creation of Chef Arnold Myint (and his alter-ego Suzy Wong). Prepare yourself for a cornucopia of vegetarian friendly Asian delights, creative cocktails, sleek décor, and of course seriously campy music.

    We will have the entire venue to ourselves with delicious food and drinks!

    But we wouldn’t be able to bring you all this without the help of our amazing sponsors. In 2016, thanks to the help of our sponsors we not only had a private room, but drinks, food, and amazing exclusive t-shirts. The event is fully funded by the community, and all help is welcome.

    Venue Sponsor: DreamHost

    Sponsors

    If you would like to support the community and sponsor this event, please contact us.

    We hope to see you there!

  • Targeting Ads

    Targeting Ads

    Selling things on your website isn’t a strange concept. A lot of people have sites where they want to do that if only to break even. And most people do it with generic ads. When, for whatever reason, Google and such aren’t a viable option, it’s time to consider targeting your advertising a little pragmatically. Or rather, more specifically.

    Take Aim At Your Content

    One of the reasons Google Adsense is so popular is that it claims to target your readers for you. It does the hard work and you can just walk away. But the reality is that it’s targeting your readers based on their search patterns, not necessarily based on your content.

    Now. Google does target ads based on content. However it’s not the way I felt would make the most sense. You see, when I think about content targeted ads, I would think “this post is about bicycles, I should have ads about bicycles.” What actually happens is you get some bicycle ads and then some ads for table wax, because you were shopping for that earlier in the week.

    Advertisers over Content

    The problem arises in prioritizing advertisers over readers. It’s one of those peculiar paradoxes. Ads are made by people to make money. They pay you to put them on your website. But that only works if the people who visit your website click on their ads and buy their things. That means it’s more beneficial for advertisers to aim at the visitor directly than via your website’s content.

    Most people don’t actually go to their ad preferences on Google and fiddle with their personal preferences, so the default ads are always going to be based on everything. Since some people have weird interests, the ads on your site might be geared towards beds instead of bicycles.

    Taking Control

    If your goal is to have fewer generic ads then the only solution is to take charge of what ads are on your site. And that’s work. Not many of us have the time to pick our ads every single day, and even if we did, we’d be set with the ones offered to us. I’ve used Project Wonderful before, and it lets you pick what ads you show. But only from the ones that submit to your site.

    The next choice is cherry picking ads from what’s available on a service like Amazon’s Associate Program. That shows you all of Amazon’s available bounties and promotions, which you can put on your site and leave them alone. Some even last ‘forever’ so you don’t have to worry about expirations.

    More Control?

    Of course, there’s also the work of adding individualized ads on each page, for the product you’re talking about. But that is another post.

  • Admins Are Humans Too

    Admins Are Humans Too

    This conversation happens often enough that I've ceased to be mind boggled by it. A developer will submit code, I review it, and I'll tell them to please sanitize the input. Instead of just using the functions, they'll come back and ask why? Invariably they'll point out that they're using nonces to make sure only authorized actions can happen (no cross site scripting), and they're checking user permissions too, limiting access to only admins. So why am I being pedantic? My default reply:
    Admins are humans. Humans make mistakes. Computers do exactly what they're told to do. 

    Admins Are Humans

    I'm often a broken record, telling people to sanitize, validate, and escape. When people ask me which sanitize function to use in WordPress, I play Socrates and walk them through the logic process. What kind of data are you saving? What will it look like? Okay, now what of these looks the most appropriate based on their descriptions? Sanitizing data is contextual. By this I mean we sanitize for what the saved data should be. If you're saving an email address, make sure you sanitize for email and so on. This has a side benefit of helping validate your data as well. If you check that the email address entry actually is an email, you're both sanitizing and validating. Now you've prevented someone from putting in a domain instead of an email!

    Humans Make Mistakes

    The details of 'best practices' for coding change often, as we learn about how to make code safer and smarter. That said, the ultimate best practices have nothing to do with the language you're writing in, the app you're writing for, or even the platform!
    • Restrict access to only the people who need it
    • Sanitize and validate the data you're given
    • Provide helpful error messages
    • Test your code with good and bad data
    • Document what the code does and what the errors mean
    Those practices transcend every single minutia of programing. If you do those five steps, your code will be robust, sane, and safe. Because you will have taken the steps to ensure that humans can make as few mistakes as possible. You don't save 'Dog' when true/false is the only valid answer.

    Computers Do What We Tell Them To Do

    The real problem is that AI doesn't exist.
    Source: CommitStrip.com
    Computers can't think for themselves, and humans have a tendency to stop thinking at weird moments (or just go on auto-pilot) which means nothing can destroy work faster than a human. And since a computer does what it's told, the most dangerous computer tool is the one that doesn't account for how big a mistake a human can make.

    Sanitize, Validate, Escape

    Especially when it's an admin.
  • Housing Large Media Files

    Housing Large Media Files

    For the most part, the WordPress media library is fine. It falls down when we start needing to upload large files, though, for a variety of reasons. When we look at files like large PDFs or movies or podcasts, it’s really not a great solution to upload through WordPress itself. It’s slow, it’s clunky, and worst of all, those large file downloads can slow your site.

    The ‘right’ fix is to offload large media to servers that are built for this sort of thing. And in this case, I’m talking about Amazon AWS or DreamObjects.

    Of course, if you search for solutions like this, you’ll be disappointed. You will mostly find plugins that are geared towards syncing your media library with the cloud services. To be honest, the more I think about doing that, the less I feel like it’s a sustainable idea. Unless the CDN is super fast, it could actually make your site worse off by adding another domain to download from.

    I Don’t Trust Simple CDNs

    I’ve always been skeptical of CDNs in general. When there’s a shared library, it makes sense for everyone to call the same library. That keeps the world in sync. But your own media? The reason a CDN is good is that you can distribute your content across multiple locations. Provided you can actually, you know, do that. And keep them all in sync.

    Before hosting, I worked at a bank, and one of the headaches we had was pushing software updates across multiple servers and locations. After all, you can’t just upgrade the Chicago servers and not the LA and Atlanta ones. Plus you have to do them all at the same time, or make sure Jane in Idaho isn’t in the middle of depositing money when we reboot her server.

    Knowing how crazy all that is, I worry about keeping data in sync across all the servers. What happens when media is updated? Is the CDN built so that my primary location properly triggers updates for everything else, and the data is updated? No matter what, I’m sure I’ll end up with some data out of sync for at least a little while.

    In short, CDN synchronization isn’t simple and anyone who tells me it is, is selling something.

    So Why A CDN At All?

    Big files.

    The goal of a CDN is to speed up delivery of content without slowing down your website. For most images on a website, this isn’t a huge issue. But for those big files, it sure is. And uploading them to the could means three things:

    1. No lost disk space
    2. No lost bandwidth (if someone’s watching a movie for example)
    3. No lost speed (see the aforementioned movie)

    The rest of your CDN ‘needs’ can be handled properly by caching. I prefer server side, but as you like it. This means if I upload my large files to the CDN, I can link directly to them in my post content. Everyone wins.

    Except Uploading Sucks

    The common solution is to manually upload the file via a client like Cyberduck or Transmit, copy the URL, and then paste it into a blog post. Yuck. What I need is a file manager for the cloud. And that doesn’t seem to exist for WordPress.

    So I made something. DreamHost Objects Dropzone lets me upload files to DreamObjects, through WordPress, without touching the file server at all. It’s not perfect. It can be slow when trying to get stats on all the items in a bucket, and I don’t quite have an interface to make it easy to insert links and content into posts. Yet.

    Something to look forward to though.

  • But Seriously…

    But Seriously…

    In reviewing people’s code for WordPress, I’m constantly struck by the lack of foresight people put in to their success. When a developer makes it clear they intend to run a business or have some modicum of popularity, one would expect them to put a bit of effort into it. Instead, I’ve watched people make the same mistakes over and over. And they complain to me about why their plugin is failing to become “the one” to use.

    The answer always seems to surprise them. People don’t take them seriously because they are unprofessional.

    WordPress Basics

    First of all, no one magically knows all this when they start. So it’s alright not to know. However. If you’re going to go into business based around anything, you need to learn the rules of the road. Take the time to learn that it’s WordPress with a capital P, that there’s a foundation, a trademark, and, yes, that you cannot use WordPress in your domain name.

    If you were going into business with PayPal or CitiBank, that’s all legwork you are expected to do beforehand. This is a business, and when you don’t take WordPress seriously, you won’t be taken seriously by WordPress.

    SEO Basics

    Pick a good domain name for your business site. Make sure you’re not violating a trademark or copyright. Pick a good name for your product. For the love of all things whiskey, don’t name your slider plugin “Slider” and stop using “Mega” as a prefix for anything. Remember, the name of your product cannot infringe on anyone’s trademark. So while “Shoppable Cookie Cutters” is not trademarked, “Shoppable” is. And yes, you’ll get a C&D for being similar.

    Write good copy for your website. Have a clear mission statement, a human about page, and some semblance of being real people. This extends to your documentation. Write it. Write it good. Write a readme that tl;dr pitches your product, explains why someone needs it, and details out what kind of services it uses (if any). Remember that most of your SEO comes from humans. Write for them.

    Community Basics

    The OpenSource community in general will help anyone who asks politely. So be polite. Be respectful. Be courteous. Be generous. If people are helping you for free (and most of them are) then thank them and ask how to pay it forward. Offering services, answering generic questions, educating users, or even just publicly thanking volunteers helps.

    The community also includes your users. Respect them. Especially when they’ve gone off the deep end and accuse you of wild impropriety. Your plugin hacked their site? Probably not, but treat them with respect and kindness. It goes a long way to inspiring the volunteers to back you up. But also don’t spam your users with a million in-product reminders to review your product, give it five stars, or otherwise distract them from actually using your plugin.

    Universal Basics

    Do your research. There is nothing on this earth that is a get-rich-quick, so study what you’re getting into. Don’t jump in blindly. Make sure the community is one you can work with, that they have ethics similar to yours. And if not, make absolutely sure you really are comfortable with going for the money.

    Set your expectations realistically, and be willing to have them reset. Take your work seriously, don’t make excuses like “someone else did this first!” Own up to any mistakes or missteps you make. Remember, you absolutely will screw something up along the way. The measure of success can be found in how you handle it.