Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • WordCamp Elevator Pitches

    WordCamp Elevator Pitches

    When I go to a WordCamp, I bring a little notebook. We had a DreamCon and there are about a vigintillion little Scout Books branded for it and no one at the company wants them, so I have 20 at my desk and a couple boxes more at home, and every month I burn through one. But I also bring a fresh one to each WordCamp:

    Both of those notebooks are 90% full right now. At the end of a month, I copy over everything that wasn’t done in the previous book and put it on the first page. After that everything gets a new page and I X out the page when it’s done.

    But this isn’t about how I take notes, or not, it’s about how I learn something new at every WordCamp I go to. Often I learn about new products from people I know, but other times I learn about new methods to coding, tricks I can use to improve my development processes, or just understanding a feature a little better.

    I stress everyone should unplug at a WordCamp, turn off the laptop (unless you can just take notes without checking Twitter and Facebook compulsively), and listen. I take notes by hand because it forces me to focus. I have to listen and write and pay attention. By hand I can doodle as well, so I give myself visual clues to what I was thinking later on.

    One thing I also do is that I take notes on sessions from the front to the back, but from the back to front I write down all the new-to-me products and features. Sometimes it’s just ones I know about and need to look into a little more. Sometimes they really are brand new. This is why I don’t take your business cards. I write down what I need to know, what I think about it, and your URL. If you can’t give me a URL (or your URL is too long) maybe I’m not going to look at your site.

    After a camp, in my ‘downtime,’ I go back through the notes I’ve made, look them up, and decide if I like them or not. From that I’ve sorted out some tips for vendors and people trying to give me their elevator pitch on why I (or my company) need to pay attention to them.

    Make It Short

    If it takes you longer than 5 minutes, I’m tuning out. You’re at a WordCamp, people are generally checking you out in between sessions, so we want the tweet version of what you’ve got.

    Our product compresses images better than SmushIt.

    That was perfect. That got my attention and immediately had their name in my notebook.

    Make It Easy To Find

    If I go to your URL, the one you gave me, and cannot find the ‘WordPress’ product in one click, you’ve failed and I’m not looking at you anymore. The aforementioned image compression tool failed on that one. I went to their company site, the one they gave me a URL to, there was no information on that specific product. In fact, it’s been a few days, and I googled for it, and I still can’t find it! I know it started with a V, but I assumed that they’d have a link to their WordPress related products on their webpage.

    If the main URL of your site is not the one with this product, make that clear.

    Check out example.com/product-name/

    Oh and that’s a great URL.

    Have a Demo

    I want to see how good this is. Period. With the exception of ‘I’m a new webhost’ if you have a product, let me see if and if possible play with it. This is incredibly true of people who have proprietary code, like a service. No demo? Not going to look further.

    Be Ready for Tech Questions

    You’re at a technical conference. I’m going to ask things like “Have you benchmarked against TinyPNG? What’s the improvement over the similar functions in Photoshop like XYZ? Does the plugin hook into an API on your end? How do you handle network latency and speed? What happens if it times out? What’s the failback?”

    75% of the vendors I talk to at WordCamps tell me “I’m not the technical person…” That’s disheartening. If your sales people can’t answer the basic questions, or you don’t even have a white paper with some tech dirt, you’re not thinking about your audience. Selling to WordPress people means you shouldn’t forget the devs. You can sing and dance your cool factor all you want, but if someone asks a technical question, you should have a technical person around.

    Show Me The Code

    This annoys me a lot. When people are selling a plugin, I have to buy it to see the code. So when someone asks me to eval, the first thing I ask is “Is this a service?” If it’s not, I’m annoyed I can’t see your code. Moreso when I ask you “Well I’d eval but it’s pay for. Can I look at the plugin source code?” and you say no.

    If you’re at a tech conf and they want to see your code before committing, you may want to consider who you just asked to evaluate the code. I do explain that I’m a plugin reviewer for WordPress.org and I work for a webhost. Now if you’re interesting enough, I’ll buy your plugin and check it out. Still. A lot of us want to see the code.

    Your Product Beat Your Swag

    There were two vendors at a recent WordCamp where the swag they gave out was more memorable than what they were selling. That’s just sad. I don’t care that you were giving away notebooks or watches or cups or shiny balls. I care what you’re selling.

  • Mailbag: Self-Signed SSL

    Mailbag: Self-Signed SSL

    This was actually a tweet, not an email, and I’ll get to it later on in the post.

    Essentially, a weird thing happened.

    I’ve been setting up SSL for admin’ing my sites (because you should) and using a mix of Comodo SSL via Namecheap and StartSSL depending on the domain. But I also set up some Self-Signed SSL certs for other domains. In particular, this one.

    Now. SSL certificates provide encryption between the two ends using the certificate. That’s all. They’ve never been able to verify who the two ends are, and all a paid-cert does is say “And I paid these guys to prove who I am” so now you’re ‘trusting’ three people. Maybe. The point is that there’s nothing wrong with a self-signed SSL certificate in specific situations.

    If you’re messing with money or personal identification, you need to use a signed certificate. This isn’t even an option. But halfelf.org doesn’t do that and I really just wanted an SSL cert for a secure connection to my wp-admin dashboard. No big, right? So I did that, posted a new article the next day, and my buddy Mike said:

    hey there, clicking on the article title from the email notification tries to force https:// and throws privacy error warning

    What the what?

    For some reason, the setup I had that works perfectly fine, no errors on ipstenu.org wasn’t working on halfelf.org, and the only difference was that self-signed certificate. Apparently the emails sent by Jetpack grabbed the https URL and while the server was set to redirect to http, users still got that moment of “Hey, this isn’t a real certificate.”

    I know that a self-signed certificate means there’s no chain of trust, but it’s quite annoying that Google Chrome and other browsers flip out when you’ve done it. If it was just a warning “Hey, this site is secure but we can’t verify it…” that would be one thing. But what Chrome does is slap up a big fat warning and stop users, making it a double click through to get to the page, which forces them back to http anyway. Visitors may not trust my site to be safe, but frankly, that site wasn’t really meant to be ‘safe’ anyway. It’s safe on the back end for me. Not you.

    It’s a complicated mess, and I can’t wait for Let’s Encrypt to take off. I’ll be installing that on my server ASAFP because the ability to self-sign without making browsers flip out.

    To fix it for now, I turned off SSL over admin (which literally was all I’d done for WP) and picked up a legit certificate. But it’s rather stupid that the email sent from Jetpack decided it was meant to be https when it wasn’t, and that my site that forced http over https for non-logged in users wasn’t ‘enough to convince the browser they were in the wrong place.

  • How Do You Solve a DB Like Maria?

    How Do You Solve a DB Like Maria?

    I was talking to my friend James about upgrading SQL. If you didn’t know, upgrading SQL is a horrifyingly monumental thing, because there’s no way back except restore from a backup. Minor upgrades are generally painless, but the CentOS warning is as follows:

    Upgrades to new major releases (the first two digits in the version string) are more involved because there is a substantial risk of data loss.

    Data. Loss.

    It’s scary when you consider doing it for yourself. It’s horrifying when you consider doing it for a few thousand users.

    On top of that is the issue that MySQL is owned by Oracle and they’re not exactly known for being good stewards of OpenSource. Unlike many other Open Source projects, Oracle owns the entire copyright to MySQL. All contributions are done if the developer has signed a “contributor agreement” that assigns ownership to Oracle. This isn’t all that weird, to be fair. When I worked for The Man, that was basically how things worked and it made sense. The work I did for the company belonged to the company.

    Where this is weird is that Oracle has said that about a GPL product, even to parts of it the company has not written. Why is that? It’s because all contributors to the code have to sign a “contributor agreement” assigning ownership of the copyright to Oracle, which is not alone in this. Sun before them used contributor agreements to get full source ownership, and many other projects do the same.

    Now, James and I looked at the MariaDB vs MySQL compatibility doc and had a laugh.

    tl;dr “For all practical purposes, MariaDB is a binary drop in replacement of the same MySQL version,” except for this long list detailing where you’re screwed.

    Now when you get down to MySQL 5.5 and MariaDB 10, the issues become very minor and unlikely to cause you migraines, which is a relief, but that list sure is long and daunting.

    I’m not yet running MariaDB because it’s an all-or-nothing move. I can’t keep on MySQL, and I have a few old (ancient) bits of non-WordPress code on this server. I always stress that WordPress is not the limiting factors in server upgrades, and it’s still the truth.

    I’ve started doing the recon work to make sure MariaDB will work for all situations on my server, for all apps, and I’m currently pretty sure that I’ll be fine, but I do have one way-out-there app to check into. They’re also one of the few people who pay me for hosting, so we may have to have a sit-down anyway to discuss their future.

    The most important question has been answered.

  • Mailbag: Facebook Page Notifications

    Mailbag: Facebook Page Notifications

    A family member, after teasing me for not knowing someone was married because the only place they announced was on Facebook (and Shredder? You’re not off the hook either), finally asked:

    Why do you still hate facebook?

    Because the interface is inconsistent and sucks. Let me explain by showing you about my Page Notifications.

    I still use Facebook under duress and happily go weeks without noticing I have alerts waiting. When I do remember to check in, this is usually my first clue I have that there are unread notifications:

    Sidebar alert - a VERY subtle count

    If I click on the group, the toolbar at the top of the page gives me a much better idea of what’s going on:

    Page Navigation bar lists how many unread I have

    So I logically click and I get this:

    The notification page has the number on the left and a non-distinct way to see what's unread on the right

    I don’t like that I have to click three times just to see my notifications. Yes, I can click on that teeny-tiny number to go to the page properly and wipe them, but what if I don’t want to? Also have you noticed how small the number is? It’s hard to hit if you’re not ‘great’ with your mouse. Guess what I’m not? Great with my mouse. I like larger icons because they’re easier for me to tap. I’m not the only one.

    The next problem is the text color. It’s not really all that distinct. It changes to a useful red/orange on other pages, but the subtle grey on blue grey, combined with the size, makes it weird. Compare it to the alerts you get for unread posts in your timestream, or personal notifications:

    The top bar says I have 1 new friend request and 13 posts that I should read

    Clearly their goal is to keep me on that front page (which is obviously why they swap my ‘recent posts’ to ‘top posts’ every chance they get). But even then, once you click on the item, the number goes away but the items are not marked as read. You still have the mark-as-read buttons, which are not very noticeable or distinct. In the case of a page, the number count on the sidebar goes away, but not the one on your toolbar or the notifications page. Welcome aboard the inconsistency train, thy name is Facebook.

    Interestingly, this day when I clicked on the “Mark as Read” link, the number dropped from 20 to 1. But there was nothing else to mark as read. All the backgrounds went from pale blue to white, and there was no other indication as to how I might find what was unread.

    Eventually I saw the sidebar:

    Sidebar lists ONE unread notification

    There it was. I hovered over it, clicked ‘Mark As Read’ and that number went away. I had to refresh the page to make the orange alert go away, because apparently that level of Ajax is hard.

    My conclusion is pretty simple. Facebook wants me on the main page of their site, my timeline, all the time, and that’s fine for a user. But in doing so, they’ve made administration of their pages and groups overly complex and inconsistent with the rest of the flow of their site. They want me to add in content, but they’re going to decide how I, and others, consume it, which means my ability to easily input and manage is secondary (or even tertiary) to their consumer design.

    The pages and groups are a nice idea, but still ill planned for a ‘MySpace’ replacement. The only reason that even worked was because MySpace blew up on itself.

  • Mailbag: SNI Incompatibility?

    Mailbag: SNI Incompatibility?

    Kim asks:

    You wrote an article which does a great job of explaining a number of things. My only question (comments appear to be closed so I could not post there) is the SNI – do you find that there are many people using browsers that are old enough that the SNI creates a problem? I have looked over the list of incompatibles and it does not seem to be that much of a risk, but I thought you might have more concrete information since you’ve been using the setup.

    This relates to how I set up my SSL certificates, which is to use Server Name Indications and have multiple certs on one server with one IP. And the question is “Do we care about the old browsers?”

    Let me quote my coworker.

    IE8 is EOL, XP is EOL. We can’t support things forever.

    XP makes up most of the sites that have issue with SNI so I’ve only found 0.006% of my visitors impacted.

    Yes, I did that math properly. I checked it a couple times.

    No. I’m not worried about SNI and I don’t care. We can’t support old things forever.

  • I Hate Your Framework

    I Hate Your Framework

    The plugin itself was one PHP file and three JS files.

    The framework was over two megs.

    The plugin added in a new setting to select which one of the three javascript files should be called.

    The framework ‘made it pretty.’

    I’m right up there telling people that the WordPress Settings API is a giant bag of wet hair. It’s confusing, it’s cryptic, it doesn’t always play well with everything, and sometimes it makes you feel like the point is to make us have decisions, not options, for our plugins. But I don’t think plugin frameworks are the answer. At least not the way most people seem to be going about them.

    When I say frameworks, I don’t mean the libraries like the AWSSDK for PHP framework that you package up into your plugin and do a proper check for a function, calling yours if the the library isn’t there. No, I mean the plugins that are totally separate plugins but are meant to be called by yours in order to make development easier and more consistent.

    That’s what I hate.

    I love the idea of these frameworks, actually. I think that a boilerplate plugin, similar to _underscores, where I can put in my plugin name, my information, and press a button to have the basic plugin files generated for me is brilliant! But I think most of the libraries out there are doing it in a way that will annoy and upset most people.

    The problem is less the framework and more the people using them as a ‘quick fix’ without properly thinking about what they want to do.

    They’re Too Large

    In the case of this plugin, one file with three settings could just be done with two functions (maybe three) and instead he’s made a download half the size of WordPress core. The zip is large, it makes things take just a little bit longer for people on slow servers to download and upgrade, and the larger you get, the worse you are for the really small shared hosts. I know a lot of people argue with me about this, but remember than a high number of hosts still default you to allow 7M in PHP upload size. That means when your plugin becomes the 30 meg behemoth with all your dev files, you’ve made things pretty bad for some users. But even when you’ve only made your plugin 2 or 3 megs, why would you do that when you have one file of actual code?

    The logic escapes me.

    They’ve Got Too Many Files

    Not the same thing as too large! There are hundreds of files in a framework, and if you’re using only 4, that means you have 96+ files to review for security. You just increased your workload for not enough value. Which is really a major part of my next issue. The point here is you, the developer, are responsible for every single file in that framework. You are expected to know everything about it, where it installs, what it uses, why it uses it, and when to upgrade. This is a pain. It’s a chore. And it’s your job now.

    You Don’t Know How to WordPress

    This is also why I don’t like the idea of making Multisite too much easier. The further you take a developer from writing this code, the further they get from understanding how it all comes together and the harder it is for them to debug their own plugins. If you’re developing a plugin you plan to share with other people, even a teeny tiny one, you need to understand what you’re doing. You need to learn about the way the code interacts with the CMS tool, you need to understand why some things are secure and others are not.

    You Use the Frameworks Wrong

    I said before, I love the idea. And I do. They’re a brilliant idea and, when done right, work perfectly. The problem with them is, a bit, a problem with WordPress, which is we really don’t have a way to handle children plugins. You see, the best thing for a true framework plugin would be to have it be a separate plugin. But without plugin dependency support in core or the directory, it becomes another level of hassle for users.

    For example… if you have the plugin as a separate plugin, these are the issues we’ve see for end-users (not developers):

    • Not recognizing the framework plugin, and thus deleting it (causing the plugin(s) to break)
    • Not recognizing the framework plugin and thinking they’ve been hacked
    • Updating the framework plugin separately from the dependent plugins, possibly leading to breakage
    • Updating a dependent plugin without updating the framework, possibly leading to breakage
    • Different plugins requiring different versions of the framework

    And bearing in mind that the framework and plugin developers are different people, that’s another level of coordination/compatibility issues. Frameworks and libraries should be packaged with each plugin (hopefully in a way that doesn’t conflict with other plugins using the framework or libraries). At least until core supports plugin dependencies.

    But I still think that’s wrong.

    I still think the best framework plugin isn’t a plugin at all, it’s a tool to help you design and build a plugin via your editor of choice. Or maybe a Grunt Script that lets you build it out based on parameters. Time spend making a framework for making the plugin ‘interface’ better would be better spent making the Settings API better.