Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • Everything Is Vulnerable

    Everything Is Vulnerable

    Every other day we hear about a tool that has a vulnerability. It’s been the servers we use, Flash, or Silverlight, or the Jeep that was hacked.

    This Is Not New

    The idea that hacking like this is new or novel is, let’s be honest, naive. In the 1800s, people used to hack into the newly born telephone system. Before that, we didn’t call it hacking, we called it conning. Yes, the confidence games people played to get others to trust them and then rip them off is the same idea as a hack.

    A hacker is someone who finds a weakness in a computer system and exploits it to some benefit. Early bank penetration tests, the ones to see if they could get at your money, were as much social engineering as technical skill. A ‘hack’ is simply something taking advantage of an exploitable weakness. This is not new to anyone or anything.

    The Scale Has Changed

    The primary difference between the hacks of old and the ones today is the scale of those hacks. Hacks used to be very personal for a reason: there was no world wide network. Your hacks had to be local and careful, because no one trusted the stranger. You can to build up credibility before taking your win. Of course, now we have near instant communication with the entire world. That means it’s milliseconds to access the server of someone in Africa, all from your happy NYC Starbucks.

    The difference is that now, when someone says “And Flash has a security vulnerability” the number of people impacted is in the millions. And the number of people who can be hurt by it is, similarly, high.

    We’ve spend years trying to create a global internet, and in doing so we’ve quickly shared communicable internet diseases with each other.

    Nothing Is Unhackable

    My boss and I were chatting about the ways one might hack the stock exchange, and he pointed out that one of the ways they slowed down trades was by having a really long cable.

    38-mile coil of fiber-optic cable
    Credit Stefan Ruiz for The New York Times

    This cable, and yes it’s real, is literally used to create a small delay in processing of orders, to level the playing field with traders. In short, it makes sure that the trades from across the ocean run at the same speed as the ones for the people in the room of the New York Stock Exchange. Each additional mile of fiber-optic cable adds 8 microseconds to a transaction, which adds up to 304 microseconds. Among other things this is hard to hack. You can’t send a software signal faster than it goes (physics being what it is), so it made things harder to hack.

    The next Mission Impossible movie will involve Tom Cruise being slowly lowered into the box with that cable in order to shorten it invisibly. Only Cruise can do it because only he is small enough.

    That was my joke. But it’s actually rather demonstrative to the point. You can physically hack things as well.

    Analyze The Risk

    To quote my father, “What can go wrong? How likely is it? What are the consequences?”

    That’s why I don’t own a wifi pluggable garage door or thermostat. Do I think they’re cool? Yes. Do I think they could make much of my life easier? Yes! But they’re new and they’re toys, which means people spend a lot of time poking at them and digging into the underlayer to see how and why they work. Which means people are finding hacks daily.

    That means the likelihood of someone figuring out how to use my thermostat to drive my budget through the roof is pretty high. Someone already did that to his ex-wife if that review is to be believed. Of course he had the access in the first place, but it proves one point. If you get access, you can do things.

    Change it to my garage door? Or my front door? Say good bye to my things. I know I’d be a target because I’m using the pricy toys to start with.

    Educate Yourself

    If you can not do stupid things, the odds of you being hacked are low.

    By stupid things, I mean using insecure passwords. I mean logging in on public WiFi to do your banking. I mean installing any old plugin on a WordPress site running a store.

    The things you know are dangerous.

    Don’t be stupid. Make backups. Be prepared for disaster.

  • Don’t Publish Bad Code

    Don’t Publish Bad Code

    I thought it was self evident, but two of my more respected programer friends missed the point or, rather, took notice with one aspect.

    So let me rephrase what I meant when I said it was okay to write bad code.

    Write all the bad code you can. Learn from it. Make it better. But the code you publish should be the goddamned best damn code you’re capable of writing at that moment in time.

    The point I was trying to make was not to let the fear of ‘This code is shit’ stop you from learning and improving. That’s like saying if you can’t play a piece of music the first time out, you should quit. That’s stupid! Few people can do that! The rest of us have to practice and learn and keep going.

    And yes. That means sometimes when we give a public performance we screw up. That doesn’t mean we shouldn’t perform. That doesn’t mean we shouldn’t fail.

    You’re going to fail, okay? Just give up on that wish. Everyone fails. We fail more times than we succeed, and that failure hurts more than the success feels good.

    When you do a thing, do it to the best of your abilities and no less. If you’ve left a comment of “Come back and fix this.” then you damn well go fix it before you release the code. Writing bad code is no excuse to slack off, it’s an acceptance that not everyone gets it right from the start and you’re going to have to learn from it.

    So learn.

  • Rant: Chrome is the New Nanny Browser

    Rant: Chrome is the New Nanny Browser

    Part of my job is to look at possibly naughty and dangerous sites. Usually Chrome gives me an ‘are you sure?’ warning before I look at a hacked site, and I understand why. But see, my job involves me going to known hacked sites, seeing what’s going on, reverse engineering, and fixing. So yes, Chrome, I need that ‘I’m sure’ option.

    Lately Chrome hasn’t been giving me an option. It’s been saying no.

    So I went to the documentation, Can’t download files on Chrome, to find out how to turn it off and I was annoyed.

    If you don’t want Chrome to show you download warnings, you can turn off your phishing and malware protection setting. Turning off these warnings will also turn off other malware and phishing alerts:

    I want phishing protection!

    Actually what I want is Chrome to say “This download may harm your computer. Don’t download it if you have auto-expand or auto-run on for downloaded files. Are you sure you want to download this?” and default to NO.

    And no, I’ve not figured out how to do this yet.

  • OpEd: Community, Community, Community

    OpEd: Community, Community, Community

    Lately there have been a lot of talk about the issues within various communities. It might be the shit storm over in Reddit land, it might be the drama in WP World. It doesn’t actually matter for the purposes of this post.

    Poisoned Well

    As my friend Helen asked recently:

    Do you ever feel like the entire internet has been taken over by trolls because I feel like I’m drinking from a poisoned well right now.

    I do.

    All the time. Always have. People have always used the internet as a way to let out what they’re feeling without filtering it through their humanity first. They hide behind anonymity, or the simple shield that they can’t see the faces of the people they bully and humiliate. They see it as ‘just good fun’ or ‘just letting things out.’

    My friends know I feel that way too. But I always ask them “Can I be unfiltered? I need a rant.”

    The Internet Is Broken

    What we’re facing is the endemic brokenness of communities as a whole and their sewage spewage.

    As my friend JJJ remarked (specifically about a subject but it doesn’t really matter for the purposes of this post):

    … I’m waiting for a “things are broken” post …

    J-trip, I know I’m not the person you’re asking for the post from but, yes, things are broken. Things are badly broken. Things have always been broken. We’ve always been at war with Eastasia. Things are broken because we, as humans, are broken. The online communities we tout as being fundamental to the growth of software development and that bind us together, closer, as humans, is broken because humans suck.

    What’s broken isn’t PHP or Reddit or WordPress.

    What’s broken is us.

    And we remain broken because we don’t fix things.

    Let’s Fix It

    Fixing isn’t easy though.

    Unlike your ‘in person’ community, an online one is incredibly diverse.

    At the same time, we need to stop giving it a free pass simply because it’s online. Treat it with the care and love you would treat the people who come together to shoot arrows or sew or watch a baseball game. This is a community and we need to treat it like that.

    Remember that what we do in public, and yes the Internet is totally public, reflects on who we are because it is who we are. Behave with integrity and honesty and be yourself. If that self reveals itself to be a bad person who does mean things and doesn’t care about the outcomes, then deal with the outcomes.

    Stop pretending that there are no repercussions just because you’re online. Stop thinking that you can get away with being mean just because it makes you feel better. Start caring about people as people, online and offline.

    And then there’s the hard thing. Stop letting people get away with it. We all fear the cry of censorship, but there will come a time when we have to stop killing ourselves. It’s our choice to keep the hatemongers among us, and it’s our choice to tell them to change or leave.

    Make the right choice.

  • Rant: We’ve Forgotten Nettiquette

    Rant: We’ve Forgotten Nettiquette

    When I was new on the interwebs, people told me things like “Don’t bump your posts” or “Don’t nag people.” I took those lessons to heart, and even though this new online message board thing was awesome and addictive and a great way to talk to people all the time, it introduced us to a new/old problem of instantaneous gratification.

    While the world is a 24/7 place, and people are working around the clock to make cool things, it’s really hard for people to understand what being ‘polite’ means in these instant times. But I get poked on email, then in a Slack chat, then on Twitter, then on Facebook (where few people can access me at all), and even G+ when someone decides they need to get in touch with me ASAFP.

    Since the Core Rules of The Net have been lost on many of us, here are some rules for you:

    Respect Downtime

    Every time you ping someone more than once in three days about the same thing, you’re probably hitting them on their downtime. People need breaks. Just because I’m active on Twitter, talking about comic books or music, doesn’t mean I’m available to talk about debugging your website.

    Respect “No”

    If someone tells you “Not right now.” or “Please ask someone else.” there is only one, proper, reply. “Okay, sorry about bugging you.” And you walk away. (You can ask “Sorry, who else can I ask?” of course if you really don’t know, but people bugging me actually do know if they think for a moment.)

    Respect Priority

    I got news for ya. You’re not my priority. Oh I do understand the importance of you and your work and that it’s very much on your radar. But you’re not always at the top of mine. I have to make my priorities in my own order and sometimes I can’t tell you about them. It’s never a case of being dismissive, it’s always a case of having a lot to do and having to sort things in an order than I can maintain. It really sucks when you’re not the priority, but it’s the world we live in.

    Respect BRB/Later

    Sometimes I’ll be working with someone in chat and my wife will ask me a question that need a now answer. Or she’ll want to go out. And if we’re not working on a ‘save the world’ thing, I will likely say “I need to go take care of my personal life. Can we pick this up at another time?” I will work out when that other time is, but people should respect that space. Similarly, if I type “Hang on, I have to deal with a thing.” then maybe I’m talking about a bathroom visit, or maybe my cat lit the other cat on fire. Either way, someone taking a long time to reply is not cause to have hurt feelings. We need to have time to think, time to process, and time to put the fire out on the cat.

    Respect ME

    Look. This should go without saying, but respect me. Respect what I say to you and when and where I say it. Respect me as a human and as you would want to be treated. If I say “Stop being so pushy, you’re not making it easier for me to do XYZ” then stop being Gordon effing Ramsey and give me a moment. If I ask you not to communicate with me about something on a specific channel (like asking me long WP questions on Twitter) then respect that. It’s totally okay to ask me “Where can I ask you for help with…?” but it’s not okay to assume that I’m going to want to be all WordPress all the time everywhere.

    I happen to like other things and so do you.

  • Internet Abuse

    Internet Abuse

    I try not to make this site about my personal grievances about people and attitude, and only about my code, but it does come back to code many times.

    “I thought you knew what you were talking about. Never mind.”

    That was actually said to me, about three years ago, when someone realized my name, Mika, was a woman’s name and not the male ‘Mike’ he’d thought it was. This was after pages upon pages of testing and debugging. The moment someone corrected him as to my name, and gender, he stopped listening to me. At the time, WordPress was my hobby, and so I decided he wasn’t worth my time anymore and walked away.

    Then he followed me ‘home’ and emailed me saying women like me should stop trying to do tech support, and just find someone who knew what they were talking about. I deleted the email, blocked his email from my inbox and my blogs (using Sitewide Comment Control), and moved on.

    If you need a reminder of the abuse and harassment we face daily, please read about the ping-pong theory of tech world sexism or No skin thick enough: The daily harassment of women in the game industry. In both cases, the content may upset you.

    The problem is that I can’t tell you how to deal with people who want to chase you off the internet, and if you should or should not fight them. I can tell you how to prevent them from getting further into your life once you’ve decided that you’re done with them.

    I talked about this at WordCamp Minneapolis earlier this year, and the steps to Detoxify Your Website remain valid. In fact, those are my best methods for self protection. I use them today, not just when people are mean to me but when I know I cannot be nice to them. Some people rub you the wrong way and you know you’re going to lash at them. It’s okay to prevent yourself from talking to them.

    That’s how I deal with them.

    Don’t Reply If You’re Angry

    If I’m angry I tell them “Hey, you’re making me angry right now and I can’t talk fairly about this, so I’m walking away. I promise I’ll come back, but I need to cool down.” If they follow me after that, they get blocked and I don’t go back. Respect people who need to step back and cool down. If it’s not a situation where I have to reply, I reach out to my friends in the same arena. “Can you talk to this person for me? I’m too angry to be sensible.”

    Set Boundaries and Stick To Them

    I’m very firm about this with plugins. If I emailed you a plugin thing, like I had to close your plugin, asking me to update you on Twitter or Slack doesn’t actually do anything except annoy me. Yes, Aaron, we’re friends and yes, that still annoyed me. The real reason replies to plugins take time is that I don’t have a TARDIS, so unless you can invent one, it’s best to give folks at least 48 hours to reply. But replying to an email and then pinging me on Slack and Twitter is the equivalent of the phone call “Hey, did you get my email?”

    I totally get that the subject is important to you. It’s important to me too. But you’re not helping me. So I draw a line and say “Hey, don’t ping me about the email. Reply to the email. I’ll read it and reply back.” That’s my boundary. I like it. It lets me cool down if I’m mad (see the previous note).

    Don’t Feed Trolls

    Lara Littlefield taught me a great phrase. “This makes absolutely no sense.”

    To quote her:

    I will reply “this makes no sense” to any comment that expresses misogyny or racism.

    That’s my new reply. I’m using it. If someone drops into misogyny, racism, or anything of that ilk, they generally do it in a way that shows me they’re not going to listen. It’s like Godwin’s Law. Once you’re at the Nazi place, conversation is over and you’re not getting anything good about it.

    That makes absolutely no sense.

    Have People To Vent To

    I bitch to my friends when I’m angry. I start with “I’ve very pissed off, it’s not at you, but I need to rant.” And guess what? My friends will let me bitch. They let me complain in language that is inappropriate and not well thought out. They give me a free pass to say horrible things. They let me get it all out. And then they help me be constructive.

    You guys are pretty cool.

    But it only works because I start with where I’m at and what I need. Sometimes they ask “Do you need to rant or do you want help figuring out what to do next?” Sometimes I don’t know, and that usually turns into “Rant away, Mika, and we’ll see what comes next.” Find those people. Keep them in your life.

    Don’t Air Dirty Laundry

    If you have a fight with someone, don’t plaster it all over the news. I’d say ‘and don’t subtweet’ but sometimes it helps. The real thing is that you don’t want to hurt your friends. Friends can be pretty vile to each other when we fight, so remember that you are friends, and try not to destroy things. Don’t blog post or comment about how so and so sucks. Don’t say the horrible things in public if you can help it.

    You can’t go back from that.

    The internet remembers.