Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Works

  • Critical Math

    Critical Math

    In this downtime of little new TV and a need to distract once in a while, I proposed we watch all of S1 Critical Role (which I really only half ass watched until Percy died and came back). So on Thursday at late Saturday nights we watch old-school Critical Role. Sometimes we sneak in another episode but basically we’ve been grinding through.

    The other day we got to Omens and had to pause while we argued about math.

    We’d hit a point where Matthew Mercer was rolling for an absent Ashley Johnson. She was the cleric and he rolled her healing spell which restores people for 4D8+5 hit points. Matt got a total of 20.

    “Oh,” says my wife, disappointed. “Below average.”

    I mused aloud, “I know the average of 2D6 is 7, but I forget the math.”

    This led to an old argument about the law of averages and statistics, which is to say there is a one in eight chance of rolling an eight (8) on any given roll of a 1D8. No matter how many times people say the dice are good or bad, you have the same chance every time. Flipping a coin 100 times will give you roughly 50 heads and 50 tails. Over time, the wiggliness of Xeno’s Paradox will keep the numbers from a true 50-50,but the point remains you will always have a 50% chance of tossing a heads or a tails.

    Related to this, though, are the odds of two heads in a row. The problem with the math is a combination of fairness and a concept known as “the Gambler’s Fallacy.” It’s also called “the Monte Carlo Fallacy” because of the time it happened at Monte Carlo. See if the odds of a heads is 1 in 2, then the odds of heads twice in a row is 1 in 4. Three in a row is 1 in 8, because you double it on down. Four in a row is 1/16, and five is 1/32, and this goes on.

    And this confuses people because even if the odds of flipping a coin to heads 20 times in a row is 1 in 1,048,576, this does not change that the odds of flipping heads for #21 is both one in 2 and 1 in 2,097,152. To bake your noodle a little more, if you’ve flipped a coin 20 times for heads, the odds of flipping the 21st to be tails is … also 2,097,152.

    This is because we’re looking at two different things here. The probability of a heads or a tails will always and forever be 50%. Period. The odds of rolling a Natural 20 on 1D20 will always be 1/20th (5% for those wondering). Those will never change. This is Bayes’ theorem in action.

    We all get screwed up about this because we believe that fairness (i.e. the permanent 50%-ness of the toss) means that previous failures (or successes) will change the probability of the next toss. It won’t.

    Let’s say we’re rolling 1D20 and it’s a fair roller. Our goal is to get a 20 and the probability of that is 5%.

    But what about the odds of rolling a 20 at least once in 20 rolls? Well that’s 64%.

    There’s a 95% chance of not rolling a 20 (or any other given number) but again that doesn’t change. Every roll you have a 95% chance of not rolling a 20 and a 5% chance of rolling a 1 or a 20 (unless you’re Wil Wheaton or Taliesin Jaffe). But this makes us ask another question. If there’s a 64% chance of a critical success (i.e. a 20) in 20 rolls of 1D20, does that change if my first roll is a non-20?

    Kind of. It’s 62%.

    Yes, it went down. Why? Because you have fewer chances to win! So the odds of a critical drop every time you roll a non-critical. And frankly this explains half of Wil Wheaton — he’s rolled so many non-critical, the odds are astronomical for him to actually roll one. On the other hand, his capacity for rolling 1s makes him the Joe DiMaggio of Failure for D&D. Sorry, Wil.

    This is exactly the same kind of argument my father made back in 2016 (see Hot Hands And Playoffs from 2016). And I came to the same conclusion. Wheaton and Jaffe are what we call outliers.

    An Aside: For anyone who’s confused, Wil Wheaton (yes Wesley Crusher from Star Trek, also a great writer, a gamer, and a generally amazing human) plays D&D. He has an incredibly capacity to fail his rolls, to the point that a term was coined: Wheatoning (see also the math on Wheatoning). Opposite this is Taliesin Jaffe (an actor, director, voice actor, an all around cool guy) who has a bizarre talent at successes. At least, he did as Percy in Series 1 of Critical Role, with a dice called “The Golden Snitch.” This die was later stolen. Long story. Taliesin still rolls crazy high, so most Critical Role fans see them as the opposite ends of the spectrum.

    Whew. Okay that was a lot of math to tell you that while people want to think “If I roll a non-20 10 times in a row, the odds go UP for my next roll to be a 20!” and the truth is that the odds go down. There is no universal mathematical law of fairness, just of averages.

    Back to the Critical Role episode in question. So Mercer rolled a 20 for 4D8+5. That’s pretty normal for Ashley Johnson (she has a tendency to roll below average, but not to the point that you think she’s cursed like poor Wheaton). At the time, I couldn’t remember the math, but I remembered the experiment, which was that the majority of the faces on a d6 add up to 7.

    You may be thinking “Mika, there are only three: 6 + 1, 5 + 2, 4 + 3.” and that’s true but it’s actually 6 because the inverses are true. But ask yourself how many possibilities are there with 2D6? There are 11. (2 through 12, you can’t roll a 1 on two dice). And 3 of the 11 are a seven so that’s 27% odds of a 7?

    No. It’s 16%. Again we’re talking about frequency versus probability. There are 11 possible outcomes, but there are 36 possible variants. You always have six chances to get a 7, one to get a 2, and one to get a 12. This means that to get the probability (i.e. the odds) of rolling a 7, you have to take the frequency of getting a 7 (again, that’s 6) and divide it by the total number of frequencies (36). And 6/36 is 16.67%.

    Here’s a table to help:

    Dice RollFrequencyProbability
    212.8%
    325.6%
    438.3%
    5411.1%
    6513.9%
    7616.7%
    8513.9%
    9411.1%
    1038.3%
    1125.6%
    1212.8%

    It’s annoying to think that you always have two sets of probabilities, but if it helps we’re talking about likelihood versus probability. The likelihood of rolling a 7 on 2D6 is 16.8% (rounding up). The probability is 1 in 11. With one die, it’s always a flat sameness (likelihood of rolling a 20 is 1 in 20, so is the probability).

    We’ve gone around a bit. I know. Here’s the fun stuff. Before arguing math stuff, my wife says “Oh just add up the opposite sides of a die.”

    In my defence I never looked.

    A quick check on this and we learned some really hilarious factoids:

    1. She’s right (12+1 = 13 and 2d12 is in fact average 13).
    2. This works because the math is “highest number on the die plus the lowest number equals the average of two dice of the same face.”
    3. On standard dice the 1 and the high number are opposite (6 and 1, 8 and 1, etc).
    4. All the opposite sides add up to the average.
    5. On a D10 this breaks because the 0 is opposite a 9, which is technically highest and lowest, but they add up to 9 (or 19, D10s are weird). The average is 11.
    6. One of my D8s is misprinted and has 8 opposite 7. It was the first one we checked..

    Of course the first die we checked happened to be the misprint. The purple die in the photo below is buck wild and all wrong.

    Two eight-sided dice. The off-white one (properly) shows a 5 below the 8, the purple shows a 3.

    This is the only die in that set (in fact, of all our regularly used dice) that has been misprinted. And while technically the change in weight (different numbers are different sizes and have a different amount of paint on each bit) means the die rolls wrong, it’s not statically significant for me to worry much. Dice have a standard set so that numbers can be trusted. Also it makes math easier for people. The average of 2D20 is *drumroll* 21.

    Let’s go back to Ashley Johnson. Mercer rolled a 20 on 4D8+5. Is that below average? Oh yes it is.

    The average of 4D8 is 18 because 2D8 = 8 + 1 – 9 times 2 is 18. Add 5 and the new average becomes 23. a 20 is 3 points under. But at least you can’t roll under a 9!

    Bonus Section

    The wonderful thing about Math is you can see parallels. Once you know 2D6 is 7, you can start to jump. 4D16 is 14 and so on. But… what does ‘6 + 1’ mean. How would you get there?

    Me I look for patterns. 6 is the maximum of one die. One is one-half the number of dice rolled. Then it stands to reason that 4D6 is going to be 6 plus something with 4, right? 6 plus 8 is 14, so is that our pattern? No because going back one means “6 plus 2 is 8” and that isn’t seven. So how did we get the one? One is one half the number of dice…

    DiceAverageMax + DiceMax + 1/2 Dice
    2D676 + 2 = 86 + 1 = 7
    4D6146 + 8 = 146 + 2 = 8
    6D6216 + 6 = 186 + 3 = 9

    None of those are right but … Do you see the patterns?

    First the average starts at 7 and you add 7 for every 2 dice you add.

    We need to add something to a six, but it has to factor in with the number of dice. So how do we get to that one again? We know that the only way to make a one out of the first example (2D6) is to divide the dice by 2. For 2D6 we’re adding 2, which means what plus 2 gets to 14? A 12. And what is 12 divided by 6? A 2…

    Hang on then. We have a possible pattern!

    ( maximum score of one die * half the dice rolled ) + ( half number of dice rolled )

    DiceAverage( Max * 1/2 Dice ) + ( 1/2 Dice)
    2D67( 6 * 1 ) + ( 2 / 2 ) = 6 + 1 = 7
    4D614( 6 * 2 ) + ( 4 / 2 ) = 12 + 2 = 14
    6D621( 6 * 3 ) + ( 6 / 2 ) = 18 + 3 = 21
    8D628( 6 * 4 ) + ( 8 / 2 ) = 24 + 4 = 28
    10D635( 6 * 5 ) + ( 10 / 2 ) = 30 + 5 = 35

    Bingo baby! We have our pattern! But does this work for odd numbers? It must for the formula to be correct…

    DiceAverageForumula
    1D67( 6 * .5 ) + ( 1 / 2 )
    3D610.5( 6 * 1.5 ) + ( 3 / 2 )
    5D617.5( 6 * 2.5 ) + ( 5 / 2 )
    7D624.5( 6 * 3.5 ) + ( 7 / 2 )
    9D631.5( 6 * 4.5 ) + ( 9 / 2 )

    Yep, the math keeps working!

    And this, friends, is how you reverse engineer a formula.

  • Bummer Of A Birthmark, Hal

    Bummer Of A Birthmark, Hal

    I gave a talk in 2019 at WordCamp NYC about what happens when you’re the target. Anyone in any form of a ‘leadership’ or visible role of authority in any community has had a bad day where they woke up and found out everyone hates them.

    Not that they’re actually doing anything wrong, but people are targeting them for perceived slights. Regardless of right or wrong, all anyone wants is for their phone to stop pinging, their email to calm down, those Facerange and Twooter groups to stop attacking, and maybe everyone could have a beer.

    I have absolutely been there before. For the last decade I’ve worked with the support forums and plugin review teams in myriad roles, including representing those teams to the community. I’ve had a lot of bad days. The good news is I’ve learned that are things you can do to protect yourself and to alleviate the problems.

    It Is/Isn’t Your Fault

    If you’ve been in any sort of leadership or front-facing role, you’ve probably gotten this at least once. Someone has a bad day, maybe they got banned, maybe they got fired, maybe they just failed on their own. Whatever the reason, it’s YOUR fault. They shouted at you, they screamed in person perhaps, and they left you shaking and a little scared about what the heck was going on and what do you do?

    Before I jump into how to protect yourself, which will be the majority of this talk, I want to stress something. No matter what, these situations are not ever entirely your fault. Any time something like this happens, it’s from a breakdown in communication, and that speaks to both sides.

    However. You do have to take some responsibility here for your own actions. If you don’t, you’ll find yourself here again and again, over and over, and that’s really stressful. So when these things happens, yes, reflect on what you did, but also keep in mind you didn’t do this alone.

    Regardless of fault, you have a right to protect yourself. This isn’t an inalienable right. This isn’t a law. This is my firm belief that you have a right to take measures to protect yourself from people who have gone crazy on you. It doesn’t matter if it’s your fault or not, it matters that you should protect yourself.

    What Happened?

    In order to understand how to protect yourself, you need to be aware of what you did. That’s why I said it’s your fault. You did, or you were perceived to have done, something. Keep a hold of that word, perceived, because it matters a great deal. If people think you did a thing, it has the same net effect on their actions, but drastically changes your emotions.

    More than once I’ve woken up to my Twitter mentions and emails filled with people losing their minds about how evil I am. In 2018 it was all about Gutenberg. To be clear, I was accused of deleting bad reviews on the Gutenberg plugin. Since I hadn’t been doing that, it took a lot of stress and reading to figure out why the mob was actually mad at me. In one case, it was a developer who tweeted, at-ing me, complaining it was unfair that Gutenberg had reviews removed, but he couldn’t get his one-star’s removed. That one tweet, for some reason, infuriated the masses and I had DMs and @-messages demanding I explain myself.

    I had to ask myself “Did I actually do this?” Did I actually delete reviews in a way that could cause this reaction? This was false and I knew it, because I had not deleted a single review about Gutenberg. However due to my history as a forum moderator, the finger was pointed at me. Here, what I had done was act as a moderator of some renown at some point in my past.

    Now that I knew what was going on and where it started and that I didn’t do anything, I had to uncover what actually happened. I’m still a forum admin, so I logged in and looked at the posts and I could see who had moderated what. And then I privately pinged those people and asked for details. In talking to the other moderators, I determined that the removal of Gutenberg reviews were valid. The 1-stars were made by sock puppets, which is to say fake accounts made by people to unethically alter a star rating. It happens a lot.

    Now What?

    Okay great, now what? Now it’s time to take action and decide what to do about these people. You have two options though. You can respond to them or … not. They both have a lot of pros and cons, but there is one universal truth you need to know going in: Whatever you chose, to reply or not, you will be wrong.

    There is absolutely no way to ‘win’ or even come out ahead here. You just can’t. If you reply, people will hate your answers. If you don’t, people will claim it’s proof. There’s no safe course here. So you need to make sure you understand why you’re doing this.

    Why You ReplyWhy You Don’t Reply
    Reply if you want to have your say in the matter. That’s it. It doesn’t matter if you’re right or wrong, or if you’re apologizing or not. You’re trying to have your chance to talk. By replying you’re opening up the doors for a discussion. Don’t pick this option if you don’t want to talk to people!Don’t reply if you know it’s a muggs game and you’ll just waste time arguing with people who’ve made up their minds about you. Not replying feels like a safer choice, except it eats at you so much. You’re going to hear people rip into you over and over, and you will have to stick to your guns and not reply.

    And if you’re still not decided, remember that sometimes you can’t reply. That usually happens when you’re aware of a bigger issue that’s preventing public disclosure, or you’ve signed an NDA, or your company asked you not to… Those are really hard because you absolutely cannot engage with people when this happens. You have to suck it up.

    There’s one middle road here. You apologize. This is really hard, though, because no matter how you do it, someone will grab on your word choices and use them as proof one way or the other. Usually it’ll be how they prove you’re terrible.

    It is a good rule in life never to apologize. The right sort of people do not want apologies, and the wrong sort take a mean advantage of them.

    P.G. Wodehouse, The Man Upstairs and Other Stories

    How to Apologize

    I have three rules for how to apologize. Those three rules have served me well, because it reminds me to level-set that no matter what I say, I’m not going to come out ‘ahead’, and I should expect nothing at all in return.

    1. Be respectful
    2. Be sincere
    3. Expect nothing

    There are some things you can be mindful of. Don’t use ‘if’ statements, like “I’m sorry IF this hurt you…” Take ownership of the consequences, regardless of your original intent. It doesn’t matter why a thing happened, it matters that you actually apologize for what happened. You can use “But”, just be mindful that it’s not for making an excuse.

    You still should consider an apology when you’re not the reason for the drama. However this gives you a little room, because now you can use those weasel works. “I’m sorry you feel this way.” Notice the feel part? That should normally be avoided. Here, we want to use it because it’s actually the only thing you can claim auspice over. You acknowledge their emotions as valid. Which they are.

    The follow up to that is you need send them to the right people. “I’m sorry you feel this way. You should talk to X about that. Here’s how…” This is not the equivalent of sending someone to your manager, you’re just getting them to the right people. Oh, but be a mensch and tell the other person what’s incoming.

    And remember: forgiveness is not the point

    I know this is hard to swallow. When you apologize, you never do it in order to be forgiven. Never. Ever.. If you are, then you’re going about it all wrong. You apologize because you hurt someone. It doesn’t matter if you meant to or not, and it doesn’t matter if you can fix it or not. It matters that someone is hurt, and you did it. It’s up to them to forgive you if they want to, but you owe them a sincere apology.

    And just so we’re clear, I’ve screwed this up too. Just as recently as last spring. It’s going to happen. No one is perfect. Try not to do it again.

    Practical Defense

    Now that you’ve done some ‘active’ things, you need to take the steps to protect yourself. These are hard because it starts with not looking at it.

    Don’t look at what they say about you. Its in our nature to want to know what people are saying about us, but I’m here to tell you not to look. Don’t look. Ignore the comments on other forums and blog posts. Walk away from what’s out there.

    If you do look, document. And there will be things that come at you regardless. You’re going to want to keep a record. I have a spreadsheet with the title and date of every single email someone sent regarding an altercation with Plugins. 300 emails a month, on average, for three months. It was painful to record, but I did it to have a history of his behavior. Which is still going on.

    Are you getting emails? Block them. Did they make a secondary account? Block that. Did they make 69 accounts over multiple email providers and rotate through the accounts to try and talk to you? By the way, yes, that happened. You block them all and you report them. You keep doing this.

    Put their emails in your comment blacklist. Don’t dismiss this. If you use Jetpack contact forms, you can use the blacklist to block them from that. IP block if you have to, though I don’t recommend that. Do what you can stop them from getting to you. If you can’t turn off comments (like I did here), then I recommend requiring all first-time comments be approved, and using the Comment Probation plugin.

    What about social media? If they’re ‘friends,’ I recommend you unfollow and possibly mute. There are people in WordPress whom I’ve muted, because we don’t get along and will argue about everything. It’s not worth it to fight, so I block and I mute very fast. This is for my own sanity because emotional attacks hurt worse.

    It someone calls you names, it hurts. If someone attacks your choices, it hurts. Well when someone continues to belabor a point, argue past the point of sense, and absorb hours of your time, they’re hurting you. You are allowed to ask them to stop and leave you alone. Of course, this doesn’t often work.

    The Warning Signs

    As many people will tell you, asking someone to stop, even a simple “I don’t want to continue this conversation here, please email X,” can result in unexpected explosions. This is an escalation in behaviour, as someone is demonstrating a distinct lack of respect for you, and human decency. Usually this is because they’re hurt too and lashing out, and it’s hard for people to look past that.

    Bear in mind, a threat doesn’t just mean “You better not walk down a dark alley alone” — and yes, someone said that once. Sometimes a threat is “I sent a package to your office.” Now, I bet nearly every non-male reading this just nodded. For those of you who didn’t, let me elaborate.

    When an online conversation crosses into the ‘physical world’ (for lack of a better term), it’s a major red flag. If you’ve been tweeting or emailing someone, and they send you, say, an apology letter, or email a photo of their company apologizing, you need to worry. This is because they’re attempting to play to your emotions.

    When they make that next step, though, claiming to send you flowers, that’s when you need to get a hold of authority figures and friends. Fast. I will warn you, if the person making the claim is out of state or out of country, it’s very hard to get legal help. You can, but it’s hard. If you work at a specific location, make sure they know. Make sure people you live with are aware. Anyone you think might be targeted, you need to warn.

    There are a number of micro-aggressions that indicate this behavior, from Sealioning to Gaslighting. But that’s a talk in and of itself. What you should hang on to here is that you need to trust your gut. Women, people of color, queers, any minority, we’re pretty in tune with that bad feeling that a conversation is going to go sour. Trust that. If someone turns to you and says “Hey, this person looks like they’re escalating,” then you should listen.

    Get Help

    I said it before, let me say it again. Give your teams a heads up. I had someone follow me all the way to my company, and we had to get legal involved because of threats expressed. I’ve even had to have a security officer on site for a WordCamp talk because someone went far enough that I felt concerned for my physical safety. These aren’t jokes. These are people who have lost the ability to see reason.

    You need to tell people in charge. If you’re afraid to tell your boss, you can try this with them or your HR rep or a trusted co-worker:

    I’m sorry to bring some personal issues into work, but there’s someone who has been harassing me, and I think they’re going to bring it into the workspace.

    No template is perfect or nuanced enough to handle all situations, and if you need help figuring out how to tell your employers, grab a trusted friend and ask for help.

    Beyond warning people you work with, get help. Ask for what you need, even if you know it’s the wrong person to ask. They may know who to talk to. I needed a new feature built into WordPress’ tool for plugin reviews to blacklist people so we stopped getting 30 emails in a day in our inbox. Speak up. Your teammates and friends should have your back. And if they don’t listen, go louder and over their heads as high as you need to. Go public if you have to.

    Practical Defense

    Even if you do all this, you have to keep in mind that once you are pointed at as ‘the bad guy’ people will go bonkers. They will be obsessed with every single thing you do. And this means you cannot bait them. Look, I love a good subtweet as much as anyone, but for the duration of this drama, you must not poke the bears. Don’t even drop a hint. While being harassed by said the aforementioned serial emailer (we’re up to 1000 emails now by the way), I complained about someone else, my cable company as it happened, but he took it to mean I was talking about him. It sucked.

    This is the scary thing, and the reason you’ve got to walk away from them. When they get obsessive, reading thousands of tweets deep or dredging up a forum post from before you were a moderator to prove a point, they’ve gone past sense and into obsession. This is terrifying. Which is why you’ve got to put your shields up.

    I want to point out the specific things you can do here. These are generally easy to do from a technical perspective, but not emotionally.

    Twitter

    First you de-friend. If they’re not a friend, you mute. If they escalate, you block. Some people you will jump right to a block because they’re just so wrong. But do it and walk away. The nice thing about a block and a mute is that it prevents you from reading their tweets at all.

    Turn off Twitter notifications for young accounts and people who don’t follow you. Use the quality filters. Disable DMs from people you don’t follow.

    If somerone attacks you or is vulgar, report the tweets and block them. Blocking an account you’ve reported will increase the chances that Twitter will actually do anything. Also ask your friends to report and block anything else they made public. It will help.

    Facebook & Instagram

    So I hate Facebook for a lot of reasons, and this is one. See, pretty much all you can do is build a wall. Facebook cares more about selling your personal information than protecting you from harassment. All you can do is lock your account away and block people. Report, yes, but if my wife’s death threat is any hint, they will do nothing.

    Still, I recommend you report content. You need to report the individual posts as well as the user account.

    Also curate the hell out of your friends. If you can’t remember why you friended them, it’s a good time to un-friend.

    Everything Else? You set your account private and block judiciously. You don’t have to worry about Google+ any more, but lordy, I promise that was a nightmare trying to block people. Snapchat is pretty ephemeral, things don’t stick around long, so it’s not an easy place to manage but still report and block.

    I have to mention this because we use Slack for WordPress.org work. And here, there is only one thing you can do when someone’s harassing you. You need to find an admin. Go into the Slack group and click “Customize Slack.” Then pick “About this workspace”. Click on the “Admins & Owners” tab. Ping one, explain the tl;dr and make sure you have logs of your harassment. Good luck.

    On a forum? Ask for moderator help. If this is an in-public ask, keep it simple. “I need a moderator. Someone is harassing me. Who can I speak to about this?” If you’re on WordPress.org’s forum, tap the ‘report topic’ button after you post and a Moderator will be alerted. Or come to the #forums slack channel and ask for help.

    I Hope You Never Have to Do This

    I really do. I hope none of you ever have to do this, and that your takeaway is “Gosh, I should make it easier for people to protect themselves on my systems!” And if you are going through this, protect yourself as best you can and remember, just because you’re the bad guy doesn’t mean the other person is a hero.

  • Shortcodes Aren’t Leaving Us

    Shortcodes Aren’t Leaving Us

    In a recent post, someone asked:

    We have this scenario a lot:

    Lorem ipsum some text [shortcode]affected text[/shortcode] more text, all within one parapgraph.

    How can this be solved with Gutenberg?

    Quick answer? It won’t.

    Just like [shortcode] that outputs a single content, or [shortcode text="affected text"], there will remain a need for singe, inline, in context, shortcode for a while.

    I know it’s confusing. This is because there are different kinds of shortcodes for different purposes. Some, yes, will no longer be needed as much.

    Shortcodes for Inline Content

    This is the easiest one to understand. Think about videos. Or my example of inline editable blocks. Those are a very clear one to one. If you’re inserting a shortcode (or an embed) on it’s own line today, that will be ‘replaced’ in time with a block.

    Embeds are already supported, by the way. If you create your own embeds, they too are automatically blocked.

    Shortcodes for Layout

    This is harder to understand, since it’s not fully ready yet. But if you’ve used a plugin or a theme that told you to use a lot of shortcodes to make a two column layout, guess what you’re not going to be doing anymore in the future? That’s right, using shortcodes. Instead, we’re creating listicles, tables, how-to directions and more.

    Example of Yoast SEO’s How To Block — coming soon. (Credit: Yoast.com)

    Their looks a lot better than my basic blocks, but it shows you what we can do and how great we can do it. Those simple and complex layouts will become blocks, where we will be able to actually see what it’s supposed to look like. This includes the Gallery shortcode we all know and love.

    Shortcodes for Text Insertion

    And finally we have the ‘classic’ block. This is the sort the poster was asking me about. Guess what? Nothing’s going to change with those any time soon. Oh, I’m sure eventually someone will take my inline-editable-block concept and make it so when we add the shortcode, it’ll adjust the text accordingly right before our eyes.

    And really, if we look at the concept of [shortcode]affected text[/shortcode] we realize how much more we can do already with Gutenberg. What are we affecting the text with? We can already make it bold. But can we make it blue? Not yet. But I can see this coming soon.

    But right now? Those inline shortcodes, in the middle of your block, are staying put.

  • Shortcodes vs Blocks

    Shortcodes vs Blocks

    One of the things that Gutenberg changes for everyone is the concept of shortcodes not being absolutely necessary anymore. 

    Shortcodes Today

    One of the nice things about WordPress is that we can use shortcodes to insert dynamic content into our posts. For example, I could use [ copyright ] and have it echo © 2025. And when you have inline dynamism, that works great.

    One of the other cool things you can do is to have an embed like [ embed height="400" width="600"]...[/embed ] to embed a video:

    Yes, you could just paste in the video URL, but this is a demonstration of a shortcode as a sort of block. And speaking of blocks…

    Blocks Tomorrow

    In Gutenberg (which this post was written with), you can keep using in-line shortcodes and even add a shortcode as a block:

    An example of the Shortcode block.

    To a degree, that works well. But there are other options with Gutenberg.

    First, you can see this in a normal paragraph block. Adding options to the sidebar:

    An example of the sidebar editor, with options and the empty additional css class.

    This allows you to edit the various options on the right sidebar and, thus, change the customizable aspects of the block. For many shortcodes, you can keep that interface and have everything be perfectly functional. Have a block that shows user information? Put a dropdown for the users on the sidebar, and so on.

    Inline Edits

    The other options is an integrated block. For example, here’s my example of a review block, with text fields and dropdowns to allow you to edit in situ.

    An example of a block with dropdowns in the block itself.

    In my opinion, this is a more fluid interface, as you can see example what you’re doing and what it’s going to look like.

    How Will You Use The Future?

    There are still hurdles to overcome with Gutenberg, but as we step forward, we’re getting a better look at an integrated editor that gives you a lot of that desired ‘What you see is what you get’ experience.

  • Types of Related Posts

    Types of Related Posts

    At it’s heart, related posts are the drive to help people find more content on your site. They serve no other purpose than keeping people on your site by piquing their interest in your words.

    But what if I told you there were multiple types of related posts for WordPress?

    Categories and Tags

    The first type of related posts are really just organization. I have three main categories on this site: How It Is, How It Works, and How To. I also have a million tags, like everyone else. If you wanted to read my thoughts on how things are, or rather why they are, you’d scroll through the category of “How It Works.” If you wanted to see everything I wrote about SVGs, you would check out my tag of ‘svg’ or possibly ‘images.’

    The point here is that categorization is a type of related posts. It’s entirely manual, but it’s the best way to say ‘These posts are like each other.’ And they have a fatal flaw. You see, if I wanted to read all the “How To” posts about SVGs, WordPress doesn’t easily cross relate. That is, I can’t list all the items in a category and a tag.

    Which is why we have …

    Related Posts Plugins

    There are two main types of plugins for this. There are the services, like Jetpack’s related posts, that scrape all your posts, toss them into a database, and use some complex algorithms to sort out what is and isn’t related. The other sort scan your posts locally and figure the same thing out.

    So which is better? Well. Jetpack requires you to trust Jetpack, or whatever service you pick, with your data. For some people, this can be a deal breaker. On the other hand, if you run it locally, you’re at the behest of how fast your site runs. For example, if it scans your posts live and you have, say, 300k posts, then that could be really slow. Or if it makes it’s own database table, how often is it going to update and cross relate?

    By the way, the 300k posts is not an exaggeration. That’s a site I looked at recently.

    Alertnative Relations

    There’s a secret third option, actually.

    I called it Semi Related Posts, and while I did it across post types, you could use the general logic. The concept is that instead of letting your site try and divine relations, you could manually connect them. It does require more upfront work, but cross relating posts by hand gives you the ultimate control.

    Of course, you’ll note that I did automate this as much as I could. I’m not crazy you know. If you can find a way to do that, maybe code a way to list 4 other posts in the same category and tags as this post, then you’ve automagically automated the simple.

    Until you hit that 300k post limit. Then you’ll have to rethink things again.

  • CORS – Not Beer

    CORS – Not Beer

    I’ve been struggling with the idea of remote loading SVGs. There are a lot of problems with this, mostly due to the DOM structure of how your browser loads an SVG file.

    What’s an SVG and the DOM?

    Scalable Vector Graphics, or SVG, is a special XML file. It’s generally used like an image, like JPG or PNG, and contains vector graphics. This makes it smaller than PNGs and scalable without resolution loss. Pretty nifty for icons. In fact, better than my beloved Fonts.

    This is a part of the Document Object Model, or DOM. In the file, you tell it how you want the content to render. It’s why an SVG can be so powerful, having all the code you need inside a small file. It’s also why it’s so dangerous. Specifically if can contain Javascript code, which can be embedded and hidden in an image. And that can do a lot of damage. If you’re not paying attention, you can upload an SVG with javascript that runs code on the user’s browser. Bad times all around.

    Making this worse, if you use <img> tags to embed the SVG, many browsers will execute the code. Even today. Yeah… Not really a good thing.

    Embedding SVGs externally has a cost

    If you want to include an SVG file in your web page, you can use that dangerous <img> tag, but you can also use <svg> code right in the document. The problem there is that requires the SVG to essentially be pasted into the code. For PHP, you can use code like file_get_contents() (which doesn’t always work remotely) or if you’re WordPressy, wp_remote_get()

    The catch there? They’re slow if you list, oh, 69 images on a page. You can, of course, use <img> tags and that loads the SVG remotely, perfectly happily. If you’re sure about your SVGs, this is okay. You’re just going to lose one big, super big feature about SVGs.

    You can’t use CSS to edit them (color, resizing, etc) anymore.

    And that, my friends, is a big problem.

    Javascript End Run

    I wasn’t willing to compromise speed or flexibility. I’m particular like that. So I looked up how you can use javascript to hack the DOM. I quickly found SVGInjector, a fast, caching, dynamic inline SVG DOM injection library. Installing and configuring was easy buuuuut…

    You saw that but coming, right?

    Right.

    It didn’t work. Because of CORS.

    What the heck is CORS?

    Cross Origin Resource Sharing, CORS, is that magical thing that says “Hey you can’t run this resource remotely, yo!” Generally it’s related to Fonts (if you’ve ever tried to embed your own fonts from your own servers, you’d have run into this). I happened to hit it on SVGs, and basically the server where I host the icons wasn’t allowing my servers (local or otherwise) to load the icons.

    Thankfully! I use DreamObjects, and you can totally set up CORS on DreamObjects. You can do it on Amazon S3, and I think all the various CEPH-esque services let you.

    The catch here (hah you saw that coming, right?) is that not all clients let you do it. Lucky for me, I have s3cmd on my laptop (you should too if you’re going to work with S3 type services – it’ll make your life easier). Installing is easy, and you just have to make a .s3cfg file (DreamHost has some instructions).

    Once that’s set up, you can make your rules file like this:

    <CORSConfiguration>
    <CORSRule>
        <ID>Allow My Icons</ID>
        <AllowedOrigin>https://www.example.com</AllowedOrigin>
        <AllowedOrigin>http://www.example.com</AllowedOrigin>
        <AllowedOrigin>https://example.com</AllowedOrigin>
        <AllowedOrigin>http://example.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedHeader>Content-*</AllowedHeader>
        <AllowedHeader>Host</AllowedHeader>
        <ExposeHeader>ETag</ExposeHeader>
        <MaxAgeSeconds>86400</MaxAgeSeconds>
    </CORSRule>
    </CORSConfiguration>
    

    and then you can set (and check) your CORS:

    ipstenu@Uhura:~$ s3cmd setcors Development/example.com/cors-rules.xml s3://my-icons
    ipstenu@Uhura:~$ s3cmd info s3://my-icons
    s3://my-icons/ (bucket):
       Location:  us-west-1
       Payer:     BucketOwner
       Expiration Rule: none
       Policy:    none
       CORS:      <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><ID>Allow My Icons</ID><AllowedMethod>GET</AllowedMethod><AllowedMethod>HEAD</AllowedMethod><AllowedOrigin>http://example.com</AllowedOrigin><AllowedOrigin>http://example.com </AllowedOrigin><AllowedOrigin>https://www.example.com </AllowedOrigin><AllowedOrigin>https://www.example.com </AllowedOrigin><AllowedHeader>Content-*</AllowedHeader><AllowedHeader>Host</AllowedHeader><MaxAgeSeconds>86400</MaxAgeSeconds><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
       ACL:       lezpress: FULL_CONTROL
    

    And now you can embed your SVGs remotely.