Category: How It Is

Making philosophy about the why behind technical things.

What I Learned From The Man

It’s no secret I worked for “The Man” for nearly fourteen years. I’ve learned some pretty amazing technical things from that, but I also learned some tricks about ‘working’ with a big company that have yet to fail me no matter where I worked. They were all lessons my family instilled in me, but having some pretty amazing people like Bonine, Margie, Joe P., Nikki, Rae, and a host of other amazing people all reinforce the morals of the stories, and it made me know that these were the right things.

Always Admit Fault

Scariest moment of my life was the day I accidentally rebooted a trading server at 10am on Thursday. Those were only supposed to happen at 10pm on Thursday nights, well after all trading was done for the day. I did it mid-day which meant there was a high risk that in-flight data could be lost. I was tasked with diagnosing what had happened and, after a lot of review, I came back and said the only logical reason was I had typo’d when I scheduled the time. We since changed to 24/7 clocks and not AM/PM to mitigate, but I was up front about the error being me. Similarly, when a bad change I made to a script broke the internet for all of our UK offices, I said it was me, I fixed it, and I took the hit. This meant later when a change I’d fought against was put in and caused an outage, everyone believed me when I said I’d done it, but it was someone else’s idea. I had credibility and history and (of course) documentation on my side.

Document It Or It Didn’t Happen

I had a boss whom I did not like. I liked the work, but working with him was terrible. He didn’t grove like I did, he was misogynistic and racist. He also had a flagrant disregard for protocol. Love it or hate it, when your company has specific steps to follow to do a thing, you do the steps. He didn’t want to and demanded I make an on-the-fly change. Verbally. I didn’t. This ended in a shouting match which our manager had to step in and settle. But before that event, I was told to make a change I knew was wrong. I demanded it be documented that this was a change in scope and a requirement by him. I then, under duress, made the change. It broke. I backed it out. That marks the last time I ever let it go that far and may explain to many people why I’m so firm about not letting people do ‘wrong’ or ‘bad’ actions. If I know something’s wrong, I won’t do it and I won’t help you do it.

Remember You’re Special, And So Are They

I’m a techie. I know all sorts of weird things. Remembering that I know those things and understand the different between minimizing a screen and closing a window is important. Joe reminded me about that once. I never forgot it. I also don’t forget that my place is to make sure problems are solved. So just because I don’t panic doesn’t mean I’m being cavalier, but at the same time I have to make sure the other person knows that.

Credit: xkcd

That window resize via a resolution change was the only way to fix a specific problem with a specific app. I used to travel across town to do it for people because trying to walk them through it on the phone was too difficult.

Use Your Calendar

“I’m sorry, I’m really busy.” has a lot more weight when they look at your calendar and see it’s booked. Solid. When I know I need to spend time working on a specific project, I schedule it as booked time and that way everyone can see and understand I’m busy. This is also a respect issue. If someone schedules a meeting, you confirm and click that damned ‘I accept’ button. It’s a contract, or a friendly agreement, in order to tell someone ‘Yes, I will be there.’

Don’t Waste Group Time

Irony. If you think about big companies, you think about wasted meetings where people never get anything done. I’m not talking about that (which is a thing). I’m talking about wasting time with being disrespectful of the meeting. Keep your phone/mic on mute in a conference call so no one hears you pounding on a keyboard. Turn off your video feed if you’re not presenting so you speed up the internet for everyone. Joining in a massive meeting with hundreds of people? Get a conference room for your location to prevent overwhelming the system. If it’s an on-line, text meeting, follow the announced protocol.

What Did You Learn?

I’m not the only open-sourcer who used to work for the Man. Did you learn anything that you still use today?

Those meetings, by the way, are generally a waste of time. I greatly prefer stand-ups. Everyone gets 60-90 seconds to state status. Everything after is taken outside meetings.

11 March, 2015
Mailbag: What Code Makes You Sigh?
When I was talking about ThemeForest, I mentioned we had code on WordPress.org that made me sigh. Or cry depending on the day.

Here it is:
```
if (!defined('WP_CONTENT_URL')) define('WP_CONTENT_URL', get_option('siteurl').'/wp-content');
if (!defined('WP_CONTENT_DIR')) define('WP_CONTENT_DIR', ABSPATH.'wp-content');
if (!defined('WP_PLUGIN_URL')) define('WP_PLUGIN_URL', WP_CONTENT_URL.'/plugins');
if (!defined('WP_PLUGIN_DIR')) define('WP_PLUGIN_DIR', WP_CONTENT_DIR.'/plugins');
```
Why do I sigh?

It’s not needed.

You can use functions to determine those directories and while I’m sure someone’s thinking “But WP_PLUGIN_DIR is shorter than plugins_url()!” it’s not.

That code block above was used so that one line of code could exist.
```
include(WP_PLUGIN_DIR.'/PLUGINNAME/settings.php');
```
Those four lines, plus the include, could be replaced with this:
```
include( plugins_url( 'settings.php' , __FILE__ ) );
```
So yes, I sigh. Because with just a little work, you could see that there’s a more efficient way to make your plugin smaller.
6 March, 2015
I’m Fine With Envato

I just don’t use ThemeForest.

Look. I think Envato is actually pretty awesome. They’ve made a way to help people monetize development within WordPress. I’m all about that! I want to see people making a living from WordPress and I want people to be able to succeed and make WordPress even better. A number of people I know who are currently successfully running their own WordPress related business got started over there.

So why don’t I use their products? I haven’t had a need to. I don’t use WooCommerce either, or their themes. There’s nothing wrong with that. But there is a ‘problem’ with Envato, or rather there’s one with ThemeForest, and it’s the same problem as we have on the WordPress.org plugin repository.

The last (and possibly only) time I mentioned them, I said I had an issue with their lack of upgradability. If I buy a theme or a plugin, I can’t easily get updates. I’m stuck on the old way of download when I get an email. There’s no way to do it easily from inside my dashboard. This is a problem of our own creation. Ten years ago, that was normal. Today, we have a reasonable expectation to easily upgrade WordPress, it’s themes and plugins.

I happen to know Envato’s working on it, so I still look forward to their solution.

But they have the exact same problem as we have with the WordPress.org plugin repository: crap code.

You see, there’s only no practical difference between the WPORG repository and ThemeForest and how it handles reviews except they actually may be checking on every upgrade. If you didn’t know, ThemeForest does review things. But they do it exactly like we do! They read the code, they test it, they look for evil things, and they approve or not.

Theme review on WPORG is a tighter ship than plugin, for a few reasons, but frankly I doubt the overall quality of code on WPORG (plugins) or ThemeForest is all that different. We’ve had some pretty insane vulnerabilities in plugins, after all, and the WPORG repository doesn’t have a great way of dealing with them. But to say that you don’t trust ThemeForest because the code quality is bad while simultaneously using any free plugin from ORG is naive at best.

The constant problem we have with plugins, and one they have with ThemeForest themes, is that we allow a lot of different types of code. In being liberal like we are, we can allow for a lot more creativity and expression and, well, art. The downside is that there’s a practical limit to what a human being will be able to catch. We’re like the TSA. We try, but we’re fighting a loosing battle and that’s why we’re always going to miss things and we’re always going to be running behind and cleaning up.

And worse they have the same problem with any code they yank. How do you upgrade everyone? When is it right and safe? When is it an overstep? Weighing security risks with information with compatibility is complex. For the WordPress.org repository, we have a long way to go before we’ll be able to push minor security updates like core can… at least not without a lot of fear and consideration. We’re on the road there, though, so one day you may wake up to a plugin magically secured on your site.

Oh and as a reminder? If you see a WordPress.org plugin hosted that is insecure or doing evil things, email plugins@wordpress.org with the plugin URL and all the possible information about how it’s insecure. If you know how to hack it, please tell us exactly what you did. You make it faster for us to sort things out.

For Envato, you can report these things via their Helpful Hacker program.

2 March, 2015
Mailbag: Being Rejected Is Good

Do you talk at every WordCamp you go to?

Nope.

You probably wanted a longer answer. I suspect the real question is “If you apply to speak at a WordCamp, are you always accepted?”

Nope.

Looking at the numbers, I speak at just over half the WordCamps I attend. I apply to about 75% of them (yes, sometimes I intentionally do not apply, it’s nice to just go to a camp). I’ve been specifically asked to apply to a couple, and I’ve been requested to speak (no application) at two I think (one I did not manage to attend, sorry).

But I’ve applied to multiple WordCamps and not been selected to speak, like WordCamp San Francisco 2014.

It doesn’t bother me much.

Oh, it bothers me some, since I don’t often get to find out why. Sometimes I do. I like when I do. But looking at WCSF 2014, I assumed I was a long shot. I’d spoken at the last two, there were a high number of applicants, and lets be honest, we should get some new faces in there. I also don’t think I submitted the best application, but it was rather obligatory that I do submit, so I did.

Still, it’s good to get that rejection email, especially when they do tell me things like “We already had X number of speakers apply about Foo, and you’re not local.” I love hearing that one. Yes, pick local! The generic rejections, like from WCSF (I swear I’m not picking on it) makes sense when you consider the mountains of submissions. Same with WordCamp NYC. I submitted twice, once something I picked and once was something they posted as ‘Talks we’d like.’

That’s my magic sauce for speaking, by the way. I ask what kind of talks they’re looking for, or what the theme of the WordCamp is. A WordCamp based on security should have a security themed talk. A WordCamp with a high number of bloggers and community runners probably would benefit from a talk about dealing with the community. Not everyone has a wide range of topics they can talk about, of course, but it’s still good to broaden your own horizons and talk about what both makes you comfortable and what doesn’t.

The rejections I learn from. I try to ask what about it wasn’t right. What did people want and not get, what did they not want. This works well with my job, because I’m supposed to be keeping in tune with how people are using WordPress, and being rejected means I learn where I’m wrong.

Does it hurt? Of course. ‘Losing’ in any sense of the word is painful and uncomfortable, and all the time I tell you that you can learn from it doesn’t make that feel any better. But what will make you feel better is next time. Because if you do learn from it and become better at what you do, then you will speak at an event, or stand up and do a thing, or simply succeed, in whatever way you mean for that to be. And not much feels better than that.

My father told me once that you lose more than you win, and losing hurt worse than winning felt good. He’s right. And that hasn’t changed in my life one bit. What has changed is that I appreciate the winning a whole heck of a lot more, because I’ve lost.

27 February, 2015
Why I (Still) SelfHost

The other day I saw the notice that Google was banning all explicit adult content from blogger.

Outside of the irony of remembering when the post’s author (Violet Blue) had her content deleted from Boing Boing back in 2008, she’s actually pretty uniquely qualified to talk about the difference between censorship and removal. For the record I think that it’s a pretty crappy thing to do and I don’t like it. But as I often say, my beliefs are pretty straight forward:

I do not agree with what you have to say, but I’ll defend to the death your right to say it. ~ Voltaire

Is It Censorship?

Let’s be clear on this. The change to Blogger’s Adult Content Policy is pretty straightforward.

Starting March 23, 2015, you won’t be able to publicly share images and video that are sexually explicit or show graphic nudity on Blogger.

Yes, this is a change to their Terms of Service (which they reserve the right to do at any time), but is it censorship for them to say “We don’t want hard core stuff on our servers”? That’s like saying a country music station on the radio is censoring heavy metal. No, they just don’t want to have it on their servers. Google’s said they don’t want that. They don’t want to do business or make money off of things they find morally distasteful.

Frankly I think the whole planet’s hang ups about sex are laughable. The majority of adults I know have consensual sex and like it. I do know a couple asexuals, and I know people who have reasons why they hate sex. I also know people who hate peanuts. It’s about the same thing for some of them (one has a traumatic peanut in his ear story that resulted in surgery and hearing loss). Sex is normal. It’s what everyone does and no one talks about (thank you George Carlin). So grown ups wanting to Google for information about the sex they want to have? There’s nothing wrong with that! There’s nothing wrong with kids looking that stuff up too. We used to hide in the back of libraries, looking things up when we didn’t feel comfortable asking our parents.

The argument that they’re not ‘censoring’ they’re just enforcing their guidelines falls flat when you remember that the definition of censorship is defined as acting as a censor. So yes, I think Google’s censoring, but in this instance they’re within their right to do so. That doesn’t mean I think it’s right, but I’ll support their legal rights.

Is It Discrimination?

One of the sites hit up by this is a site where porn stars play D&D. I kinda like that site. It amuses me to no end and is how I learned about this change. They had just posted about how they’re leaving the escapist. They were talking about discrimination and general asshattery and non-inclusiveness. Their site may be punted off of Google’s Blogger service soon for being ‘adult’ by nature.

I’m actually not sure about that. But I really have no idea why their site is considered ‘adult’ in the first place. I’ve never read anything about sex there except this:

I’m Zak, I live in Los Angeles. Most of the people I know here are women I know from being a porn “actor”–so they’re porn stars and strippers. So that’s who I play Dungeons & Dragons with.

First of all, I want to play with them because the game looks fun, but mostly I don’t recall ever reading adult or explicit content there. So of course I started thinking about how they could be making it harder for people to read about things that help them understand themselves. A lot of people sort out what they’re interested in by quietly reading stories about other people who had similar issues and thoughts and feelings. While Google’s only said they’re punting “sexually explicit” content, that’s a really slippery road.

I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description [“hard-core pornography”], and perhaps I could never succeed in intelligibly doing so. But I know it when I see it, and the motion picture involved in this case is not that.

That quote is from United States Supreme Court Justice Potter Stewart, used to describe his threshold test for obscenity in Jacobellis v. Ohio in 1964 (the film being Louis Malle’s The Lovers). We’re allowing, and trusting, Google to define what is and is not explicit. And this means that it becomes a case by case value judgement. Are two women kissing ‘explicit’? It gets messy really fast.

Is It What I Expected?

Yes. I totally expected this.

Google to punt all explicit blogs? Haaaaaaaaave you met WordPress?

I meant Self Hosted WordPress, James. Yes, WordPress.com also restricts and censors your content. It’s their playground. I will, till my dying day, support their right to do this. They don’t want to do business like that, fine. I wouldn’t argue the French restaurant that servers pomme frites needs to serve a hamburger or some chutney. That’s their business choice and it just means I can’t use them.

But it brings up the main reason why I still self-host.

As someone who self-hosts, I still have to be aware of the Terms of Use for my webhost, but generally that provides me a lot more freedom. I have a legal contract and a leg to stand on. As long as I don’t violate that, I’m good to go.

And of course I work for a company who would host anything, as long as it’s legal.

25 February, 2015
Mailbag: Wrong Robots
I got an odd email from ‘Yan’ who, amidst the odd hate and sexist filled remarks that apparently I don’t like people in the WP community, had a legit question:

Seen your post:

But… Your actual robots.txt does not reflect the content of the article. Hmmm…

Well. That was almost 2 years ago. And it never reflected the content of this site. I don’t care if this site has it’s images snagged. I have anti-hotlinking protection in my .htaccess anyway. It’s my other site, my massively major huge gallery with 10G of photos that I protect.

That brings up a point that many people miss about this site. I’m not always talking about what I do here. For example, I talked about making a slide-up bit of code that duplicates WordPress.com’s follow tab. That email setup isn’t here and it never will be. I’m not particularly worried about my followers’ ability to find the sidebar email registration box there. This is a site for slightly more technical people.

However, the site that code is on is a site visited by luddites, primarily. They want their news about their thing in a way that is simple, straightforward, and easy. They need a reminder. Also they share links on social media a lot, so making a slide-up that auto-pops when you come from Facebook or Tumblr or Twitter was the right choice to make sure people knew what was going on and how to sign up. It’s had amazing results.

There are lessons I learn from running multiple sites and I bring them all back here to people who would appreciate them.

Now if people wonder, yes I do think that Google’s still evil for how they hotlink images. Of course, I’d think them equally evil for copying my images. Image search is just a really messy thing. The two options you get for it is that either Google has a copy of all the images on the planet or they hotlink. Even assuming they’re clever enough to protect themselves from duplicate images using some sort of super powerful algorithm, you get those options and each has a problem. If you’ve copied everything, you have to have a file server the likes of which would make the pyramids look teeny tiny, and in both cases you need a database with enough speed to stop us all from running Google Pagespeed tests on Google.

Am I the only one who does that? Oh. Sorry.

We’re talking about Google being evil and robots.txt files. The site that I do block Google Images on has a very large robots:
```
User-Agent: *
# My stuff
Disallow: /cgi_bin/

# WordPress
Disallow: /trackback/
Disallow: /blog/
Disallow: /wp/
Disallow: /wordpress/wp-admin/
Disallow: /wordpress/wp-includes/
Disallow: /wordpress/xmlrpc.php
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /xmlrpc.php
Disallow: /wp-

# Gallery
Disallow: /gallery/albums/
Disallow: /gallery/themes/
Disallow: /gallery/zp-core/
Disallow: /gallery/zp-data/
Disallow: /gallery/page/search/
Disallow: /gallery/uploaded/
Disallow: /gallery/rss.php
Disallow: /gallery/rss-comments.php
Disallow: /gallery/README.html
Disallow: /gallery/rss-news-comments.php
Disallow: /gallery/rss-news.php

# Wiki
Disallow: /wiki/images/
Disallow: /wiki/bin/
Disallow: /wiki/cache/
Disallow: /wiki/config/
Disallow: /wiki/docs/
Disallow: /wiki/extensions/
Disallow: /wiki/languages/
Disallow: /wiki/maintenance/
Disallow: /wiki/math/
Disallow: /wiki/public/
Disallow: /wiki/serialized/
Disallow: /wiki/tests/
Disallow: /wiki/skins/
Disallow: /wiki/t/
Disallow: /wiki/index.php

User-agent: Mediapartners-Google
Allow: /

User-agent: Adsbot-Google
Allow: /

User-agent: Googlebot-Image
Disallow: /

User-agent: Googlebot-Mobile
Allow: /

User-agent: Browsershots
Allow: /

User-agent: Dotbot
Allow: / 
```
So yes, actually, I am still using that code. There you are.
20 February, 2015