Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Is

Making philosophy about the why behind technical things.

  • “Oh yeah. That’s a bug.”

    “Oh yeah. That’s a bug.”

    “You’ve been saying you’re working on it for two years! How hard could it be?”

    The post made my blood pressure rise a little. I was uncharitable, in my own mind, thinking Well if you know how to do it, why don’t you get off your whingy ass and do it? I was snippy, I was snide, I was … let’s face it, I was mean.

    But I didn’t say it out loud. I stood up from the laptop and played a round of ping pong with a coworker who is a bazillion times my better (seriously, he’s great) and tried to learn to return spin-serves. I still can’t, but I understand them now. Then, refreshed, I went back and replied.

    “I know it sounds really dismissive, but there are more things at play then just slapping a new coat of paint on the system. We have to take into account the following things [list]. On top of that, we have to do it all in a way that won’t crash the system and that’s backwards compatible!”

    I looked at that for a moment and I sighed. No matter how I explained it, no matter which language I used to demonstrate the complications, the reply was still going to be ‘Don’t make an excuse, just fix it.’

    Complex art

    There’s a weird truth about software and development that is the people writing or fixing the code generally don’t get fired up about it in a reactionary way. That’s not to say they’re not passionate, or that I never see them angry or excited, but that they’re sort of a Cool Hand Luke about a lot of things, including their job.

    From 1997 to 2012, I worked at a bank. I tapped out just shy of 15 years, and through that time I went from desktop applications to operating systems to server based desktop applications (remote apps) to server deployment. I did a lot. I worked on everything, but I was never what you’d call ‘tech support.’ I did support for developers for about 5 years. At one point, when I was working on the OS side of things, my manager asked if I could help one of the senior VPs with an email issue. I agreed, went to his computer, looked at it, calmly minimized the app, fixed the resolution (yes), and was about to go when they screamed.

    “You closed my email!”

    I blinked a few times, clicked on maximize, and pointed out I had only minimized it.

    My manager apologized for over-reacting, but suggested next time I maximize before I leave the desk. I did not point out that what I was doing was not in my job description at all, but I did agree he had a point and said that I would be sure to leave the PC the way I found it, except fixed. This lesson stayed with me. When I fix your site, I try to leave it the way YOU wanted it.

    The next day I had a complaint land in my lap, from the Sr.VP, that I didn’t take the issue serious enough. This was tacked on to the heels of another incident that, at the time, I’d forgotten about, where a server went down, people flipped out and called me, and I said “Uh huh, I see what’s wrong. *type* There we go. All better, I’ll fill in the ticket. Sorry about that.”

    What was this complaint? I was too cavalier.

    I did argue that complaint, and ‘won’ as much as anyone can, because I noted you don’t want the panicking person to run around and scream when they fix your broken stuff, you want them to be calm and collected. At the same time, I did learn something important, and that is people need to feel that you do empathize with them and feel their pain. I’m much better at that now than I was in 2001, but in the last thirteen years, I’ve blown my site up enough to know that level of terror in a visceral way.

    But for the person who is having the horrible, no good, very bad, day, there’s a lesson for you too! Sometimes when someone says “Yes, we know.” or “Yes, we’re fixing that.” they can sound far more calm and casual than you are, to the point where they seem dismissive, not because they are dismissive, but because of their experiences. It’s the same logic behind anyone who handles high-stress situations regularly: we get used to it, and we have managed to overcome our panic.

    What does all this have to do with the time you asked for a change and we said “We’re working on it?” We’re calm because we are working on it. We sound dismissive because we’ve said many times we’re working on it. We know we don’t have an answer and how much that sucks, but we know (and you know in your heart) that yelling at people to fix it now has never, in the history of ever, actually made someone come to that genius moment faster. Even critical bugs, like Heartbleed, are things everyone tries to fix as soon as possible, but not in a rush or a panic. And if they’re not critical, then we’re generally not going to rush and fix it unless we’re certain we can do it in a way that is safe for everyone, sustainable, and we agree with it.

    That sounds like a lot, and it also sounds like an excuse. It’s not. If someone replies “Yes, we’re working on it.” it’s okay for you to ask “Is there anything I can do to help?” It also means you may have to accept that some annoyances are going to stick around for a long time, because they’re complicated, or maybe they require a total rewrite. But as long as they’re communicating with you, they’re not ignore you.

  • iPad Mini

    iPad Mini

    I normally don’t review hardware. I like it, but given my one experience with serious electrical work (buy me a coffee, it involves a barn roof), I tend to not mess with it. So I’m purely a hardware consumer.

    That means when things like the iPod came out, I was highly interested. A deck of cards and it has all my music? I’m in! Now I have an 8G iPhone (yes, the smallest one) and it’s perfect for what I need it for: a phone and a walkman. Don’t get me wrong, I have a couple games (Tetris, Bejeweled, and Dungeon Raid), but for the most part I use my smartphone to handle the phone and texting stuff, directions when I’m in a new place (which happens a lot now) and listening to baseball games.

    I also have a laptop, which I use to code and write and … well you know what they’re for. Then I have an iPad. I’ve had one since they first came out as I’ve always had a mad crush on the idea of an Apple Tablet. Back in 2004, a whole decade ago, I wanted it for ebooks. Today, I use it for books, comics, surfing the web, Angry Birds (do do doot do!), email, and writing. Yes, I like writing stories on my iPad.

    Recently, I started looking at the iPad Mini as a viable choice. It’s smaller, lighter, and still retina. At the time, my iPad was the ‘new’ iPad (3rd gen, with Retina), and it worked well, but always felt heavy and clunky in my purse. The main issue I had with the mini was how would reading comics feel.

    Answer? Awesome. The retina display is somehow better on the mini, crisper and clearer without me having to crank the brightness up. It has good battery life (reading all day) and the apps are more responsive than my iPhone. There’s less lag jumping between them. This is due to the beefier processor, I know. I also got more disk space, so now I don’t have to download one manga at a time and delete it when I’m done. I like to re-read.

    Dude reading an iPad

    The only thing I don’t like is reading it in the sunlight, which I know is a common kvetch of the iThings. I love reading on my deck or patio, in the sun, so now I just sit with my head in the shade and it works out. Also, and this is a first world problem, my iPad is so crisp, my eyes get tired reading on it. Though that I’ve solved by changing the iBooks font and colors.

    So why blog about this? Well my iPad also has an SSH app (iSSH) and a file editor (Diet Coda) and when you toss in WordPress and Chrome (with my normal profile saved), I can bring just my iPad to a WordCamp and be able to work or take notes. I joked I needed a svn/git app, but really I just use Coda, sync with DropBox, and pick up the files when I’m at my laptop. Yeah, it’s pretty cool.

  • Not Everything is WordPress

    Not Everything is WordPress

    I touched on this when I talked about a project that forked, and I’ve said it before. I don’t use WordPress for everything, and I don’t think I should.

    A lot of you will probably disagree with me, especially since it’s well known much of what I love about WordPress is the fact that I don’t have to remove features. The problem is where WordPress started from has determined what kind of product it will be. But let me step back.

    When I spoke at WordCamp Miami, I said that the kind of WordPress user you are defines the future you will have with WordPress. What we are before WordPress is what makes us use it the ways we do, and the way we use it makes us who we are today. That makes sense, I hope. What we are is what makes us do what we do.

    So WordPress started as a blog. This means that no matter how many times we say “It’s a CMS and you can use it for anything!” it still shows blog at it’s heart. I use it for a store, it’s great at it, but there are aspects that remain bloggy. Similarly, MediaWiki was an ‘encyclopedia’ first, so while I know people who blog on it, it’s made for that cross-referencing. Certainly plugins can make these products fit the bill but at their base, you’re talking about the fundamental core of a product.

    Step back again.

    This is something I think is totally okay.

    I don’t buy a scooter and get upset it’s not a motorcycle. I don’t buy a tank and get upset that the Fiat has better gas mileage. I understand that each tool has its place, and while I certainly can tow a trailer with the Mini Coop, I’d rather use the truck. And that’s what I mean when I say WordPress shouldn’t be everything.

    If I was to use WP as a wiki, and I have, I end up disliking the edit/comment relationship. Regressions are easier with revisions, but prelinking pages and moving them is easier with MediaWiki. Image uploads? Easier on WordPress, as are updates (and don’t get me started on extensions), and html editing in a Wiki can make me drink. At the same time, I have a more flexible template situation, where I can have one that formats a whole page or just bits of one in easy, repeatable ways.

    Both projects have a lot to learn from each other. Both should steal bits from each other. But I think both should be separate because I will always have places were WordPress is a better fit than plain HTML or a wiki or a gallery. Oh, yes, I still use plain HTML in some places. I use Reveal.js for slides. I experiment and find the right tool for the right job.

    Step back again. I got new furniture on my birthday, and it was flatpacked. That means it came with a couple allen wrenches. You know the crappy Ikea L-shaped thing?

    Allen Wrench

    Right. After I put together one chair I announced “Fuck this” to myself and got my ratcheting screwdriver with swappable bits. There was one for this size, I switched to it, and finished three more chairs in the time it had taken me to do one. The tools were similar, but clearly different, and one was better than the other. One was easier, though, in that the chairs came with the less perfect one.

    It seems clear cut, doesn’t it? The one I bought was better than the one they gave me. Duh! That’s how I feel about software. Sometimes what I have isn’t right and I have to go get that other one. But I’m willing to experiment, to try, and to be wrong in order to get to what’s right. And ‘right’ means right for me and how I want to use it, not you, which is why WordPress has a bajillion plugins that do similar things.

    There is not one right way to skin a cat. So why do you think there should be one right CMS?

  • When the Fork Breaks

    When the Fork Breaks

    One morning I awoke to see that one of the lead developers on an open source product was leaving because of ‘creative differences.’ Those are my words. His were a little more angry and frustrated, because it was clear these differences were in the direction of the product. He felt stifled and restrained, saying that the grip the original developer had on the product was at odds with allowing the community to develop it going forward, and he was tired of the fight.

    So he forked it and moved on.

    Cover of Maurice Sendak's

    Regardless of what product this is (and really it doesn’t matter), the decision on my end is whom should I follow?

    On the one hand, this is the lead dev who has applied most (if not all) of the patches I’ve submitted. On the other, the original dev has been working on this for over a decade. Then again, the jump to making this a product I wanted to use happened when the new devs, including the forker, came on board. And the original dev is clearly facing a case of founderitis, where there’s his way or the highway, and not accepting the fact that open source products develop in their own life.

    Taking a deep breath, I do not mean to trivialize the issues here. When angry-making things happen, they happen for more reasons than we can see, and we know that there are always, always, two sides to the issues. At the same time I am not a part of the angry and it’s not my business to delve deep into it, save to come to a place where I can make my educated, thoughtful decision.

    I do have to worry about the stability of both products. How much was this one dev (or these few devs) the cornerstone of the product? Of the features added, whose do I use and like more? Of the ongoing philosophies, which do I more align with? How easy will it be to support the separate version? Do I think this guy is up for it?

    None of this is easy! It’s a jump of who do I trust more, and much of it is a gut feeling. I review the code, I match the changes, and I base my choices on what makes me feel better. But … what about when I’m not a coder? It’s even harder. I have to wait and see which is better, which devs jump with, which users I respect join forks, and even then I know if I wait too long, it’ll be hard to move.

    I moved my photo gallery from a home grown site to Gallery2 to ZenPhoto. I know the pain of hating the changes in a product. I know the pain of forking. But even so, I still can’t tell you how to make that call because even I don’t know.

    All of it depends.

  • Reset the Net Gotchas

    Reset the Net Gotchas

    All my domains will not be HTTPS by the end of 2014.

    Sorry. It’s one of those things that just isn’t (at this time) something I can pull off. If I only had one domain and everything was subs, I could get one wildcard subdomain cert and be done with it. But with the number of domains I have it’s not feasible. Which brings me to what I think one of the major issues with our desire to protect the net is… But let’s step back!

    Yesterday, as you may have noticed, was Reset The Net day. It was a call to action, much like we did when we went dark one day.

    Now on this site, I’m using the Internet Cat Signal, which cleverly updates itself as I need to alert people to crap like this. The tldr is that the NSA is spying on us. I leave that plugin on all the time, it fires up when there’s something people need to know. It doesn’t slow down my site, and I hope it brings awareness to folks who otherwise have no idea about this stuff. About 75% of my traffic on this server can be described as people who don’t know about any of this.

    What have I done for this? The recommendations are to use HTTPS, HSTS, and PFS. Since HeartBleed, I enabled PFS. This is a non-logical sort of thing to do, in that few people seem to explain how to do it. On my box, which uses WHM, it was pretty easy. In my WHM Panel, I went to Apache Configuration -> Global Configuration -> SSL Cipher Suite. Then I picked the PCI Recommended suite, not the default, and rebuilt the configuration. Then I went to Apache Configuration -> Include Editor -> Pre Main Include and, for all builds of Apache, added this:

    # Enabling PFS
SSLHonorCipherOrder On
SSLProtocol All -SSLv2
# CVE-2011-3389
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    The last bit lets me support any IE 6 users who visit my store. But as I said, I don’t have SSL on for all my domains. So what are my HTTPS issues?

    The cost is insane. Let’s look at wildcard ssl, which is what you want for *.example.com situations. It’s pretty much $100 a year. That’s not too bad until you factor in how many domains I have on this server. Six family members, six of my own sites (including short domains like helf.us). So that’s either $1200 a year, which is obscene, or $145 a year at the cheapest I could find, and that’s for the simple green lock and no wildcards. For the big green bar, it’s back to around $1000 a year. Oh and I forgot one of my domains, so that’s $164 and $1047. Now I could totally afford the $164 a year, it’s doable with my ad revenue (which pretty much breaks me even at the end of a year) but….

    It’s slower. Look, I get it how it’s important to be secure, but right now, the nginx proxy setup I’m using doesn’t work on HTTPS. That sets me back some since using it has sped up my site considerably. I know how to (and have) set Google Pagespeed to play nicely with HTTPS, so I’d be back to where I was before. This isn’t bad, it’s just not a great experience. Right now I have a secure login, secure email, a fully secure store, and ssh/sftp only, so the only place your data could get ‘sniped’ is when you’re leaving a public comment on my public site, which makes me less worried than I might be. Even my git repo is secured.

    Twig in a net

    Also it’s hard. And no, that’s not an excuse. PFS (Perfect Forward Secrecy) isn’t easy to add to your servers, and it’s way outside the realm of what most people can do. Hell, it’s outside the realm of what I’m comfortable doing. It took until my server had the specs for OpenSSL that will support PFS for me to do it. The point is, this part has to be done by the webhost for most people, and that is a big issue. It’s not easy or fast to upgrade servers, and it’s far, far more persnickety than updating WordPress. It’s complex, and you have to think about everyone on the server. Again, not an excuse, just a caution that it takes a while to finish up.

    Speaking of WordPress, multisite isn’t great at it. In fact, it’s less great than normal WP. I have two sites with SSL right now, ipstenu.org and store.halfelf.org. Ipstenu is only SSL on the back end, but even with that, there are inconsistencies. First, all the links are HTTPS, so when I click on “My Sites” the link to NON HTTPS sites are using HTTPS, which doesn’t work. Also if I made a new domain, it defaults to HTTP and not HTTPS. So I have to edit that manually. This is annoying, thought not insurmountable, and I know it’s something being worked on.

    In the end, the absolute biggest reason I’m not switching to HTTPS is that the only person who needs secure communication are the people logging in or the people buying things, and I’ve taken care of that. For the rest of you, know that my store is secure, my logins are secure, and if you’re commenting on the site, for god’s sack, don’t post anything you don’t want people to know!

    I’m sure in a few years if not months all this will change, but this is where I am today. The racket with SSL certs costing that much needs an easier solution, and then the rest will fall into place.

  • It’s a Piece of Cake

    It’s a Piece of Cake

    We’ve all bought furniture you had to put together ourselves. It’s the Ikea way, we can save money by putting in sweat equity, and get ourselves something less expensive and a little faster than waiting for it to be built and delivered and installed for us. Also we have a feeling of satisfaction. I felt that when when I hand-built my wood arrows for a slightly larger cost up-front but a lower one long term. It was worth not just the experience to me but the result.

    When it comes to working with new software, it’s much the same way. We come to it for all those reasons (price, desire to learn, speed) and many more, but we have to build up the experience in a product to have the comfort and expertise to become masters of it. See, by making my own arrows, I know more about how they work and how they’re put together and why certain things happen. The head of your arrow is too heavy because you used a heavier point? That explains why the drop rate is so high! The glue used to attach the point is uneven and heavy? That’s why it wobbles! I know how they were put together, now I have a cause/effect understanding to my arrows.

    Learning something new is always easier the second time. But when someone else tells you how to do it, you get the impression they feel that it’s as easy as pie. But it’s not to you. When I had to write a new plugin to act as a CDN for DreamObjects, I was frustrated. I threw the code out a dozen times, I burned it and started over, I forked and knifed and otherwise fought with things. And then, through all my frustrations, I finally understood and was able to write was was needed. When I went back to add a feature as requested, since I now understood how it worked, it was easy.

    Part of the issue is that the second time, you’re not creating new neural pathways, you’re just using the ones you’ve got. They may be newish, but they’re not created out of nothing, which means you have a chance to follow your own footsteps. Much of this is exactly why I blog a lot about how I do things and how they’re created. If I walk first, you can follow and go “I like this, but I want that…” and make a fork in the path.

    In and of itself, that’s how WordPress works. It’s made a pathway for you to ease your blogging and site maintenance, but it’s also allowed you to see the trail and blaze your own when you need, while still having some of the familiar inside. At the same time, when things go weird, or people want a new feature for WordPress, it comes back to the innovators and trailblazers to determine how to create something out of nothing.

    Skateboarder kick-flipping the board

    Code is art. It’s creation. It’s hard. When people say “It should be easy to do this…” I wonder if they’ve ever tried to follow a new recipe, or if they’ve forgotten what it was like to learn to master a new video game, or even driving. All the easy things have already been done. We’re into the world of the complex, much of which we’ve done to ourselves, where to add one new, simple thing requires in depth knowledge. We’ve raised the bar on the entry to new code, which is a problem we’re all aware of.

    But.

    Once you get over that bar, once you’ve done this one time, once you’ve designed one site, or edited one page in HTML, the next time is a little easier. You don’t lower the bar, you build a step to make it easier to jump that bar. Even if it’s learning a new email app, or how to use your phone. No matter how intuitive a thing is, you still have to learn it!

    So you have to keep trying and keep working until you too can say “It’s a piece of cake.”