Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • When It’s (Not?) Burnout

    When It’s (Not?) Burnout

    I took 2020 as a break from speaking at conferences, live for obvious reasons, and online for a couple different reasons. It took me until November to get my home office set up in a ‘non-embarassing’ way so that I didn’t feel like I was showing everyone my mess when we video’d. Also I was exhausted and realized how close I was to burn out after the last four+ years of stress and travel.

    But there has been one other thing. I’d talked to a number of friends. I’ve broken down sobbing after a coworker mentioned what was going on. I’ve had longs talks with therapists and experts in this sort of thing. The issue wasn’t my workload, it wasn’t even the work I was doing. But I absolutely was burnt out.

    … But it’s not for why you’re probably thinking. I’m dead ass burned from being harassed.

    Harassment

    The largest contributor to my burn-out is an ongoing, over two years, harassment.

    A year ago I gave a talk in NYC about how to deal with being attacked online, and the tools you can use to protect yourself. What I didn’t mention in detail in that post was what has been going on since November 2018.

    Back then I was watching the Macy Parade (like I do every year), waiting for the oven to heat up, and cleaning out the emails for the plugin review team, when I got pinged by a forum mod. A plugin developer was being cruel to users, making weird threats and claims, and said volunteer wanted to know what to do, since that person had a flag on their account saying “If there are any guideline violations, report to plugins ASAP.” So I threw the turkey in the oven and pulled up the records.

    What I found was a series of minor issues, but all repeating. The developer was asked (twice) to change their plugin name to be less spammy (ex. “The world’s greatest slider plugin! Greater than anyone has known! Used by millions!”). There were also multiple emails reminding them not to ask to contact people off the forums.

    There was also a strange email from a couple months prior. A woman had emailed the plugins team about this developer, saying that after she left a bad review she was harassed by them on Facebook. At the time, we issued a final warning about behaviour (which is why the flag in the account existed). I had forgotten about it being related to this developer, as it was about their other plugin, but also we get a hundred emails a day, and I don’t memorize everyone’s drama.

    In looking at that, and the post the forum mod was worried about, I saw the parallels. This was very obviously repeat behaviour, and at the time I was pretty sure that the developer was account sharing (multiple people using the one dev account), which meant not only did they not understand the message about not being unkind, but they were not making sure everyone who worked for/with them did either, and they didn’t understand basic security (there’s no need to ‘share’ accounts on WordPress.org — you can make new ones and ad them to your plugin as support reps after all).

    This meant I did what I hate doing. I closed their plugins, locked the accounts, and emailed them saying that they were banned for repeat abusive behavior. After all, they’d had multiple warnings.

    In retrospect, I should have seen this all coming.

    Megs of Logs

    At this point I’ve amassed megabytes of logs on this drama. I’ve written up a nearly 30 page document (with citations no less) of everything that’s happened before and since. I thought about listing everything they did ‘wrong’ here but honestly it doesn’t matter if I list out everything. That was all ‘normal’ poor behaviour by developers. People make mistakes, and many times they really just do not grasp how serious things are even when the email says “This is your last chance.” Which means I know I have to be the bad guy to tell people “Hey. This ends now.”

    Now, banning people, especially existing developers, is not a common thing! It’s not un-common or rare, but it’s not like I do it every day. Around 4 people a year get banned following a final warning. Usually it’s only one person each year (though due to people being people, it may involve multiple accounts — we still consider that one). More often, people get insta-banned for trying to use the directory for malware. Once in a while someone will be banned without warning for lying about being previously banned, but usually we catch those pretty quickly these days. Even so, it’s not an every month thing, or even an every season occurrence! The majority of people get that final warning and stop and rethink their choices. That’s normal.

    What was abnormal is what happened after they were banned.

    Between November 21st and the 27th, the Plugins team received over 30 emails. The first few replies were replied to in kind, pointing out that they had their fair chance (and a couple extra) and they squandered it. At that point, emails were not replied to for 24 hours, when they were informed again as to their numerous violations, and asked to stop emailing or their actions would be treated as harassment.

    The emails did not stop. 21 more were sent following that caution.

    Yes that means over 50 emails in a 6 day span. Probably closer to 100, since we only tracked them by subject rather than by how many replies they got.

    On the 24th, they tried to bribe me by sending me money via PayPal (it was refunded and reported — and yes, this is why generally I don’t like when developers send me a donation, though I understand most are not trying this). The message asked me to ‘forgive’ them and rescind the ban. At that point I blocked their email on all my personal systems and went on my merry way.

    Instead, they thought “Well she blocked us on one email, let’s use a different one!” and found my old, only used for Google events, account. By the way, none of those personal emails were ever provided to them. It’s not hard to guess what my email on Gmail might be, though.

    On November 27th, a threat was made. They emailed saying they prayed to their god to “take away all your name, fame, respect, wealth everything” and more.

    And then it escalated…

    Yeah some of you are thinking “Wait, THEN it escalated?”

    • From November 24th to the end of the year, 77 separate email chains were sent, using 3 separate emails.
    • In 2019 there were over 600 separate email chains from 126 separate email addresses.
    • 2020? 34 separate email chains.
    • 2021? Only 3 email chains, but it’s only February.

    So yeah, 2019 was rough. My Dad died in the start, and this developer had the gall to say Dad’s death was my fault, as I was being punished by their (the developer’s) god. Yes, that really happened.

    I did a lot fewer talks in 2019 because I was coping with the world without my dad, and in 2020 …. well. We all took an in-person break, and I took a virtual one as well, because I was tired of prepping myself before talks.

    See, every time I would go to a WordCamp, I had to prepare myself. What will I do if they show up? They had made, after all, ‘threats’ to come to California, and they’d already sent physical items to my office. So how would I handle it? The odds of them getting to the United States, given our then administration, seemed unlikely, but what if… What if?

    I rehearsed, I practiced not being alone, I made sure at least one trusted person knew why I was nervous. My wife and I talked about strategies. But online? What if he saw something on my backdrop that let him figure out my home? What if he tracked me? What it he did something to put my family in danger? It was all too much to bear, so I simply didn’t.

    Somewhat related, my office knew and went way above and beyond what I had any reason to expect to make sure I felt safe there. I love those people.

    So … where are we now?

    The developer still emails, on average twice a month now. We’ve sent a cease & desist (which was repudiated) and I’ve spent a lot of time literally ignoring everything that comes in. I do have a list of all the various claims made, and all the email subjects. I stopped tracking the content of the emails in mid 2019 because they were so outlandish that I couldn’t even anymore. I mean, does anyone think Alexandria Ocasio-Cortez cares that someone in another country is angry they got banned from a website?

    Effectively? I am still being cyberstalked and harassed. And my god, it’s draining.

    I sat here, thinking ‘is this even a good idea? It’s just going to make them be bigger annoyances”

    After how disastrous 2020 has been? I think it’s right to step up and say “Hey, so this shitshow happens, and people are out there who are going to make it their mission to make you miserable. You’re not alone.”

    This is me, walking back into the fire because I’m refusing to let it make me smaller.

    What I want?

    It’s super simple. I want it to stop. I want them to accept that they’ve burnt every single bridge a human can burn, short of physically attacking me, and now, even if anyone accepted their apology, we cannot unban.

    There’s no way to know they won’t start this up again, or use this as the freedom to be a bigger harm to the community. There’s no way to walk back from this level of harassment. And if that means I have to shoulder this to protect everyone else? Well. I’ll do it, but I’ll do it my way, which means I post this. I share to the world “This is a thing.”

    And this sucks. I hate telling someone “Buddy, it’s over. You’re done.” But they are. Even if I overstepped or over-reacted, 700 emails, physical packages, cards, threats, accusations of killing people, etc … how do you go back and say “Oops, I was wrong” and expect everything to be okay.

    It’s not, because it can’t be. Things don’t just go away and get better because you said you were sorry. I do believe they’re sorry, but I think they’re sorry because they got caught and punished. They aren’t sorry they did harm (if they were, they’d have stopped). Right now, they’re at the point where their argument is “We will stop hurting you when you do exactly what we want.”

    And that, I simply cannot do. Not just because I’m standing to protect the rest of the WordPress.org users, but for the principle of the thing.

    What I want? I want them to stop trying to contact me in any way, shape, or form. I want them to accept the (painful) fact that they made a massive mistake and acted in a harmful manner. I want them to be grown ups and walk away.

    Sadly, this appears to be something they cannot do.

    It’s totally Burnout

    This absolutely is burnout.

    I’m socially burned out in a lot of ways. While I had some phenomenal support from WordPress, from my work, from my friends, from professionals, it was exhausting to have to deal with this. Legally? There isn’t much I can really do. The persons involved don’t live in the US, so our laws are not in play here. International harassment laws don’t really exist. There’s nothing the police can do to stop it unless they show up in the US (which is highly unlikely).

    At best, I can file complaints (which I have) and block their contacts (ditto). I can also be proactive, look them up, find out everything that’s them, and block them before they contact me (did that). I’ve done a lot more than I list here, by the way. I don’t want to tip my hand.

    People have done everything I could possibly expect from them, and more, but … it’s still going on.

    And yes, this is part of why Plugin Team emails went anonymous.

    It’s absolutely, 100%, burnout.

    And about speaking at events?

    I don’t know.

    The last two years I just needed a break from all that to process how I felt about the situation. I knew I was tired, but that isn’t really how I feel emotionally. The last year was so hard for everyone, so brutal for us all, that having it sit on top of the pain of loss meant I never really got the chance to process. I don’t feel like it’s been two years since Dad died, I feel like it was yesterday.

    What I feel is anger and annoyance and a lot of ‘damn it to hell.’ And I am filled with defiance.

    Now that there’s a little less stress in my life (and most of ours), and with the hope that people in charge will be held accountable for their seditious actions, I feel like I’m freer to say that this happens. This happened. This is happening.

    Soon, hopefully, I’ll feel like I can safely do interviews and talks again.

    Why did I post this on my Tech blog?

    The world is angry right now. Everyone’s at their limit for coping, and for most we’re well beyond what our brains can wrap around. Half a million dead in the United States alone? It’s nearly unimaginable. And I think we’re letting our anger get the best of us.

    I posted on HalfElf and not my personal me-blog because in tech, we can easily forget there are other people on the screen. I knew, when I banned this person, that I was harming a human. I felt I had run out of other options to get them to understand that they were doing harm to the world in general, and I didn’t want anyone else to get hurt. This is not an excuse, though. I hurt someone. I hate that I did it. I hate that I have to. But there’s literally no way to stop someone from hurting others without hurting them in some way. At least not that I’ve found.

    But if I banned someone from a physical location, I could get the cops to do something (in theory, I know). I could get legal help. I could have security escort them from my location and be within my rights.

    Online?

    We don’t build our tools to handle harassment. We just don’t.

    If someone harasses you on Twitter, or Facebook, the ‘solution’ is to turn your account private, because these people will just make more and more accounts. We can’t block by IP, because they can use VPNs. We could ban all VPNs, but that has a negative impact (just for an example, I can’t edit Wikipedia when I’m at my office because we have a firewall and VPN).

    Looking at WordPress, how would you stop someone from harassing you? You make use of banned terms and plugins, but did you know most contact form plugins don’t have block tools? Logically it’s so if someone’s accidentally blocked from commenting, they can get a hold of you. But most don’t even have this as an option.

    So I post this here to put a human face on the damage being caused by our own negligence, and to make us more aware of the monster we’ve created.

    When you write new code, think about how it can be abused. Think about disrupting harassment. Think about allowing people to protect themselves. And, above all, if someone tells you this is going on? Believe them. I was lucky. Everyone believed me. Most people are not.

  • Email Verification and Unsubscribing

    Email Verification and Unsubscribing

    If you follow me on Twitter (no you probably don’t want to), you know I’ve been dealing with the messy technical side of death for around 2 years now. My father died, unexpectedly, and I picked up his digital life and dropped it on my laptop in order to untangle things. While my father had shared his login information with me before, I did run into a number of technical issues like needing the phone for an SMS confirmation when I logged in from a new location.

    Now all that said… Here’s the technical problem a LOT of companies created for themselves.

    1. They don’t require you to verify an email before sending you advertisements
    2. Those emails do not have unsubscribe links

    Yeah, those two things are killing me, smalls.

    Why not delete the account?

    Someone’s thinking this…

    Because the last time someone emailed it, legit looking for my Dad to tell him something funny/relatable/personal, was December 2020.

    Dad was in his 70s. He had a lot of sporadic friends over that time, and sometimes they would randomly think about him and reach out. Many were long-standing friends, some I knew and hadn’t seen since I was in elementary school. He lived in a lot of places. Those people needed to be told he was dead.

    Maybe one day I’ll delete his account and his website, but it won’t be any time soon.

    How to Fix This

    The good news here is all this is fixable if people start caring about data properly.

    See the problem here stems from companies wanting your data. They want it so much that they use any excuse to grab it and never let go. But this is wrong both legally and morally.

    It’s not their data. It is YOUR data, and you should have a right to it. Per the GDPR, UK’s Right of Removal, and even California’s new laws, my data belongs to me, and I have a right (in most cases) to get it off their system. In the case of my dead father? That data is as useful for you as wings on a mongoose. But as his estate’s legal representative, I legally own Dad’s data, which means I should have control.

    Check The Email First

    Anyone who’s signed up for anything online lately knows that you have to opt-in to getting ads. That’s just how the world works now. But you also have to confirm your email before you can use your account fully.

    At the outset, that sounds great, right? It forces people to confirm! The reality though is that by letting people make an account, with or without verification of the email, those companies add the email to their mailing lists. That means that when some moron uses my father’s email to ‘test’ (or because they’re some idiot in the midwest who regularly thinks it’s his email even though Dad made it in the 1990s and has used it since then, seriously buddy, stop it), I get the email. And when they correct the email in the account, they retain access and I keep getting emails that I cannot unsubscribe from.

    We’ll get to the lack of links in a minute.

    The obvious thought process here is “People wouldn’t put in the wrong email!” but the reality? They do. They totally do. There’s a guy who bought a Ford, has a credit line, and a loan from a bank, and I know a whole lot about all this because he is a total idiot who keeps using the email that was my father’s. Seriously. It’s never been his email. The first owner of the domain was Dad. The second is me. The email he used has been in use, by my father, since March 2, 1995. Not joking.

    Now, if you keep along with the (incorrect) thought train, you’d think “Once someone enters their email, I can add it to my mailing lists as I have their consent.” And again, sure. IF the email is actually theirs. And what’s happening is all these sites add in your email to their lists before they confirm (if they confirm at all) that it’s really your email. This means my poor Dad’s email is not just added to an account, it’s added to all their lists as well.

    Let Us Unsubscribe

    The other (related) issue is there’s no unsubscribe link.

    Look, I get it. There are emails that are not unsubscribeable for as long as you have an active account. There are legal reasons why you have to be mailed some things. However all those emails must have a way you can actually close/remove your account. A link would be great, but even an explanation “Hey, we cannot unsubscribe you unless you close your account, here’s how to do that.” would be better than the message from a certain ISP who told me I had to log in to the account… but were unable to provide me with the login info.

    In the case of two separate companies, if you do have to legally send out emails to people because they have an active account, you should be including some information like ‘Your account name is X’ or even ‘Your account number is X’ so that we can have a place to start. Instead, I have a bunch of emails that all say they can’t unsubscribe me while I have an active account, please log in …

    And what do you think happens when I go to log in? Of course ‘There is no account with this email…’

    Which brings me to…

    Let Us Recover Accounts

    It needs to be ‘easier’ to recover account. Especially if someone’s dead.

    Now, I’m not talking about Facebook’s idiocy on locking people out and requiring them to have someone else verify them, only to send another email that bounces and you can never log in. Although that was certainly fun to do with my Dad’s stuff.

    Take a hard look around. People are dying by the thousands per day, and those are not ‘expected’ deaths by any means. This means the number of humans who were unprepared and unorganized are stuck trying to find things like account numbers, and have no clue where to start. If we’re lucky, we can get into their email and change the passwords so we can keep it but…

    This is not actually very easy! The only reason I had Dad’s email was because I was his email admin. If I wasn’t, I’d have to have logged in while I was still in Japan, from his laptop, and then hoped beyond reason that I was able to change the passwords without knowing the current one.

    Think about that for a second. My father lived in Japan, had a Japanese number. He’s dead, the phone number was closed, and I can’t get it back as I’m not a Japanese resident. Which means the methods to recover are … email. But that isn’t enough for some companies.

    My ‘favourite’ is someone telling me that there was no way to know what account used my Dad’s email. Yeah, they had no way to connect an email to any account, and required me to provide a local phone number to call me about it. I blocked their emails because I literally have no other solution. They can’t tell me what email uses the address I own, and they can’t help me except by a local-to-them phone call.

    Summary? Let People Own Their Data

    Okay, here’s your summary:

    1. Require email confirmation in all cases where an account is being made. No verification? No account.
    2. Allow people to correct the emails if they can’t verify. If someone put in stevejobs@appl.com and forgot that E, they should be able to fix this.
    3. Allow people to unsubscribe from all emails with an easy to find method. A link, some explanations, whatever. Make it obvious.
    4. If people cannot legally unsubscribe while having an account, then you need to make it possible to cancel accounts when a user DO NOT KNOW the account name. If you’ve verified emails, yo, magic. “I forgot my account name…” — And again, this needs to be easy to find information.
    5. If someone sends you a damn death certificate, you should honour it.

    This is not going to fix everything, but it would certainly make us hate a couple companies a lot less.

  • Shlinky Dinks

    Shlinky Dinks

    For a number of reasons it was time to move on to new things. I was looking for a better, more modern solution to running my own short URLs.

    There are a lot of reasons people want these. When I started with them, it was because Twitter had limits and I wanted to control my tweets and short URLs. But then time moved on, Twitter decided to meh, not care about URL length, which meant I didn’t really need the extra weight.

    But I had a reason to keep mine around, and that’s WordCamps. 99.999% of the use of have for short URLs is to link people to things for WordCamps, like my slides but also related links that otherwise would be too long for anyone to write down in a reasonable time frame.

    And while I’d been using the same old, functional, system, it had quirks that had long since frustrated me, including not being a modern design. I felt like I was stepping back into the early 2000s, and yes, that UX matters to me.

    Enter Shlink.io

    After experimenting around, I found Shlink.io, a GDPR (yes!) friendly self-hosted URL shortener that is a little more tech, but a lot more smooth. It has a full blown API, a deep command line, and an (optional) admin that is, well, nifty.

    Features include:

    • Custom short URLs
    • Multiple Domains
    • QR Codes
    • Tags
    • Robust stats
    • Validates URLs before linking

    It’s not a set-and-forget install, to be sure, and each server is going to have some quirks, but overall I’m happy with it already.

    What’s Missing

    There’s no WordPress plugin. Yet. I suspect this will happen once people realize the API is so freaking crazy.

    There’s no way to import everything from another service, but I did a fast export of my DB and then grep’d and search/replaced so I could run commands like this:

    php bin/cli short-url:generate -c SHORT https://example.com/
    

    Done and done. Imported a few thousand URLs. I will note that most of those links don’t matter, since nearly no one hit them, but I’m just a stickler for old URLs continuing to work. Most of the time. I went back through all the failed import and found I had old links to things like test sites.

    Also the admin backend is an add-on (or non-hosted but I’m neurotic). I installed the web client at a subdomain and then used the configurator to allow passwordless logins. No, I didn’t leave it unprotected! I went old school:

    #Protect Directory
    AuthName "Dialog prompt"
    AuthType Basic
    AuthUserFile /home/ipstenu/example.com/admin/.htpasswd
    Require valid-user
    
    SSLOptions +StrictRequire
    SSLRequireSSL
    SSLRequire %{HTTP_HOST} eq "sub.example.com"
    
    ErrorDocument 403 https://example.com
    
    <Files "servers.json">
      Order Allow,Deny
      Deny from all
    </Files>
    

    What Was Messy

    The GeoLiteDB stuff was weird. It took me a while to realize I was running out of space in tmp and that was blocking me from doing anything. Since I host this VPS on DreamHost at the moment, and I work there, I went and set tmp to disk instead of memory and that magically worked.

    Now. Would I like the admin stuff to be built in and easier to manage? Of course. And would I like ‘better’ security when I use the server.json file (like maybe telling people to protect it and hide their API keys, hey) but I’ve properly opened up a ticket for them on that one.

    End Result?

    I like it. So I’m using Shlinks now and there you go.

  • There Are No Top Influencers

    There Are No Top Influencers

    It’s that time of year where people post their ‘top X influencers’ for whatever they happen to be blogging about. It’s not a secret I hate those lists. In fact, I ask to be left off of them entirely.

    All Lists are Incomplete

    No matter what, no matter if you list 100 people, you’re going to leave someone out. This is a huge problem because those people will be hurt. The common complaint you hear is that a list cannot possibly list everyone, and that’s exactly the point. You know from the start you won’t have everyone listed, so you’re just going to pick the people you like best. And this is because…

    All Lists are Biased

    A couple years ago I saw a top-40 list that was 97.5% male. That means there was one woman on that list. Equally bad, there was only one non-white person on the list. They were not the same person, which meant this list left off someone who should have been terribly important since she led a major WordPress core release that very year. Leaving off hugely qualified people because of your unconscious (I hope) bias means you further work against the progress to be found with representation. And really that points to the next problem….

    All Lists are Personal

    If I was to list the biggest influences on, say, WordPress for me, I would include my father and my wife. To his dying day, my father emailed me a PDF and asked me to upload the content to his blog. My wife constantly asks me for help remembering the rare parts of WordPress. It’s that kind of experience that drives me. They influence me every day to make things easier for the non-technical. Another major influence are my co-editors on LezWatch.TV who ask me things that I feel should be obvious but clearly are not. Which means …

    All Lists are Pointless

    My mother is a huge influencer in my life. But you’re not going to get anything from following her. The developers I follow are ones who speak and talk in ways my brain has no problem following. The designers have taught me how to visualize (something I’m terrible at). The political wonks aren’t just an echo chamber, they’re thoughtful and educational. I follow a Sappho bot because I like her poetry. But none of that, not one thing, will help you get better at development or WordPress or anything really other than knowing I’m a human who likes a lot of weird stuff.

    We’re Solving the Wrong Problem

    What’s the point of these lists anyway?

    I can only come up with a couple reasons people make them:

    1. Currying favour with the people on the lists to make them feel important
    2. Lists are easier than actually writing a post with content

    That’s all I’ve got. And that brings me to my point.

    No One is a “Top Influencer Anyway”

    The person who influences WordPress the most is probably someone you never noticed.

    People tell me I should be listed and I point out that my ‘influence’ is not seen by the majority of people who use WordPress. They never see a plugin review or the work we put into making things safe and stable for them. And that? That is as it should be! How many users can name the release leads? Those names don’t matter to them, and they shouldn’t.

    Dad never cared if Nacin or Helen or Mel or Matt lead a release. He didn’t even care that I know them. He cared that WordPress worked and did what he needed.

    Isn’t that what we all care about? Not the personal aggrandizement of a few select individuals, but of the collective success of the WordPress project.

    Make Lists Matter

    If you want a list that matters, make a list of the best talks/blog posts/event-things you experienced in a year and explain how they influenced you. Tell people about what you learned and how you use it. Explain why things matter.

    But lists?

    Come on, we can do better.

  • On Behavior and Respect

    On Behavior and Respect

    I’ve had an interesting week with WordPress. It’s been bad enough that I have to preface this post with a note.

    I have no plans to quit WordPress at this time.

    Good Faith and History

    This morning, I woke up thinking about a statement I picked up from Wikipedia. Assume good faith. I like that. I try to do it. The concept is simple and direct. Don’t assume everyone’s evil, instead assume they do mean well, but sometimes they may have trouble expressing it properly.

    And while I do believe that most people don’t mean to be evil (there are exceptions…), I think that more people remain concerned about themselves over anything else. And this self-involved nature causes problems like happened recently, with choices certain companies made to self-promote in ways that other people found offensive and harmful.

    So when I think about ‘good faith’ I do it with a look back to the previous actions someone (an individual or a company) has taken. How have they behaved before? Have they constantly shown poor choices? Is this a first? What happened the last time I tried to talk to them about it? Did we have a discussion? Did I get 15 emails in a row, alternately being called names or being begged to give them another chance?

    That means I find it strange to watch people use the concept of ‘Good Faith’ to argue that they don’t look at people’s past actions to judge their current ones.

    I’d like to think that my consistency would be something people would use to judge my actions, but I’ve learned people whom I’d trusted don’t. And yes, that’s sad. It’s depressing to find out people would rather jump to outrage and pointing fingers and blaming me than taking into consideration 10 years of work.

    Respect and Doubt

    Respect is both given and earned. You give people respect for a position, under the assumption they deserve it, and people either live up to that respect and thus earn more, or they don’t. But when you have an unknown person, you start from assuming good faith based on the hope that they have legitimately earned the position.

    Obviously when you know someone, hung out and had dinner, your assumptions are based on more than that. And if someone has a public history you can turn to, you can use that to base your assumptions.

    That’s not what happened to me this week. Instead, I found out people actually assume bad faith, because perhaps my opinions are different than theirs, or because I saw something in a different way. It felt like “Assume good faith, but only if you’re on my side.” And that? That is sad.

    I imagine how different things would have been to say “Hey, y’all. Mika’s been really careful about using her power here for five years. Give her the benefit of the doubt.”

    Instead, people said I was seeing things that weren’t there. I was playing a victim. It was all in my head. There’s a word for that: gaslighting. God help you if you call them out on it.

    Damage and Care

    It’s in a week like this where I totally understand why so many people have been quitting WordPress. People have worked hard to do good for a community, without any expectations of compensation, but they find out their opinions are dismissed and their word discarded or minimized. They feel disrespected, and it’s worse when they feel made fun of by the community they’re trying to help.

    Some of them have chosen to walk away from WordPress, and I fully support that choice. To do anything less would be like telling someone that the beatings will stop once morale improves. It would be cruel and unkind to dismiss their feelings, and it would mean I’m not listening to them and have no empathy for them.

    Also I’d have to be blind not to see it, because it happens to me all the time. This week? People I thought I knew assumed the worst in me. They didn’t give me the benefit of the doubt and, when I asked what I’d done to deserve that, they said I’d done nothing. They said they were just being fair and hearing all sides.

    In other words all the work I’d done, being consistent and fair, acting carefully and listening to everyone was pointless. In the end, they were just going to dismiss all of that and jump on the bandwagon with everyone else.

    And it was more than one person I’ve know for about a decade who did it.

    For a while I wondered “Did I really mess up here?” And then I asked myself if I’m told I did nothing to be not-trusted, but I was going to be anyway, was there a possible positive outcome here?

    Empathy and Power

    It really boils down to empathy. If someone says “Hey, this hurt me.” and your reply is “Yeah, I don’t see that” then you’re dismissing what they said. And it’s not just because I get treated badly that I have empathy, it’s because my parents, my family taught me to have empathy and care about the strangers as much as I cared about myself. We don’t live in isolation, we live in a community.

    You can see why I call myself a Socialist, right? I care not just about the people I know, but the people I don’t know. I think about the impact my choices have beyond me, and given the amount of power I wield, that has a lot more weight than you might think.

    Oh yes, I have an insane amount of power, and it scares the hell out of me. I could destroy a company with a click. I could insta-ban people for wrongs. I could close plugins for every single security and guideline mistake. I could publicize exactly what specific people did to get permanently banned. Worse, I could spread fear and doubt in the entirety of WordPress, just by closing a plugin.

    I don’t. I handle the majority of that quietly, on the books but privately, because I assume good faith in everyone, even people who make massive mistakes. And because I consider the negative impact to the community in general before I take an action.

    How much trust do I erode in WordPress as a whole with what I do or say? How much damage do I cause? How many people do I hurt? How many people will this person hurt if I permit them to carry on as they have been? Will their uncensured actions damage the reputation of WordPress? Will the community forgive a mistake?

    That’s what I think about, every single day, before I approve, reject, close, or open any plugin.

    Alone and Together

    If you look at some of the people who’ve left the WordPress Community recently, you’ll see a trend. They feel alone. They feel like they’ve been tasked with ever increasing, insurmountable, chores, and they have no support or backup.

    I feel that way too. It took months to be taken seriously about a problem, to the point that serious action was taken. Months, in which I questioned myself. Was I seeing something that wasn’t there? Was my value so little that I’m not worth taking the time to address this problem?

    To put it in perspective for you, someone told me that my father’s death was my fault for banning them for abusive behavior.

    When you look at it, you’d wonder how I could ever doubt myself. Well, that’s what happens when people don’t step up and ask how they can help. And certainly I could have been more vocal about it, but at the same time, it illustrates the invisibility problem in our community. People are hurt all the time, and no one is looking out for them.

    Should I have to scream that someone is hurting me for it to be seen? There’s no oversight in all things, but there’s also no clear way to ask for help. How much worse would this have been if I didn’t have support from people in the community, people in places who could (and did) help me?

    What about everyone else?

    Unending and Critical

    Now look back at Slacks and Blogs and Twitter. You know which ones I mean. Read what people are saying and assuming, and ask yourself “Is this making a welcoming environment?”

    Far too many of us have used our critiques as excuses, without caring for the damage they cause. Dismissing people’s pain. Not offering honest and sincere apologies. We hide behind the veneer of “I’m just passionate” or “I’m being critical.” And instead of discussing the idea, we sling ‘understandings’ like accusations, and we cut at people for disagreeing. We assume the worst and treat people shamefully.

    And worst of all? Our comrades allow this to happen in their backyards. They won’t remove a homophobic ‘joke’ comment because clearly it’s not meant sincerely. They will allow someone to be called a powerless puppet. They give space for hateful comments that barely even have a veneer of merit.

    We’ve stopped encouraging meaningful discourse and regressed into screaming across the aisle that the other person is wrong. We believe our way is the only valid way, and we will tear people down, all the while claiming we’re doing it for the greater good.

    And yet people can look at all that and not see the pitchforks and tiki torches.

    Comments are Disabled

    There’s a reason I disabled comments and mute and block people on twitter with ruthless abandon. It’s not that I don’t want to hear different voices, it’s that it’s stressful to be attacked all the time. It makes a person physically ill. Certainly it’s made me that on more than one occasion.

    I don’t leave comments open, I don’t engage with certain community news sources, I left many Slack groups and I don’t offer comments when asked very often. You see, I can either do good work for the community, do my best and keep things safe, secure, and as fair as a human can, or I can wade through toxicity.

    I decided to do good work.

    I would like to think that a decade of it would allow any perceived missteps of mine to be taken with a grain of salt and a sip of trust. I will still believe in the inherent goodness of people, and their ability to make colossal mistakes. I will still accept an appology when sincerely given.

    But I will not forget and I may not forgive.

    Then again, forgiveness should never be the point of your apology.

  • Hiatus: Irregular Updates

    Hiatus: Irregular Updates

    This will not be the final post on this site, however after six years of regular, two to three times a week posting, I am putting a pin in the promise of two posts (minimum) a week.

    The reality is that I’m just too busy now with writing to write.

    You can pause for laughter there.

    I’m busy with another site, and writing and the various work that it entails. Shockingly to me, I’ve found I’d rather work on it than this. For a long time, I was super happy to do both, but the reality now is that I’m not.

    Of course if something comes up in my regular work that I can share, I will, or if I find a wild bug or a cool workaround. But I don’t actually have the time to dedicate to that amount of blogging here.

    And so, at 1035 posts, I thank you all for reading. This blog absolutely changed my life.