Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • We Should Free All WordPress Plugins and Themes

    We Should Free All WordPress Plugins and Themes

    No, I don’t mean give them away for free. But put a pin in that, because this idea begins and ends with FAIR.

    If you haven’t yet heard about the FAIR Package Manager, the idea is to rethink how software is distributed and managed in the world of open web publishing. FAIR focuses on decentralization, transparency, and giving users more control.

    And yes, I’m one of the first Technical Steering Committee’s Co-Chairs.

    When I say we should free the plugins and the themes, I mean something I asked myself almost a decade ago…

    The (Initial) Question

    I remember being on an airplane flying to Japan when I first asked myself this question:

    What would the WP world be like if we democratized the extension ecosystem?

    Mika Epstein circa 2015

    Believe it or not, that note moved to a document, which grew over time, collected all the risks and rewards I could think up. I had logical trains of thought that ended with a failure. But I kept at it. I kept scribbling notes and refining the ideas, until I felt like I had a solid frame.

    Sometime in the spring or summer of 2024, I sat and wrote it as a proposal that I had planned to present to folks on the Meta team as a future path for WordPress.org to stop hosting all the world’s plugins and themes, and instead make it a hell of a lot easier for people outside the wordpress.org services to host their own while still remaining findable.

    The World Before

    20 years ago, the world was a different place with regards to the internet.

    Remember, in 2003 Mike and Matt forked b/2 to make WP, and in 2004 MovableType decided to change their license, and in 2005 Git was invented.

    So let’s set the table remembering that when WordPress came out with Plugins and Themes it was 2004 and back then it was pretty rare for people to host other people’s stuff. That was actually the problem .org was fixing! Don’t have your own SVN setup? Only have $8 a year hosting (those were the days)? Don’t have a way to save all your versions?

    Welcome to the WordPress extension system!

    The (Current) Problem

    While WP solved the problem of 2004, 20 years passed and everything changed. Everyone’s computer has SVN and GIT now (more or less…), and everyone can host code on GitHub or GitLab or even roll their own pretty easily.

    It’s almost like WordPress paved a road for self hosting being spread across the developer landscape. Not only can creators of content host their own websites, devs can host and manage their own updates.

    And WordPress created a new issue of their own making: a gate. There are rules about what you can and cannot host, how you can behave, and frankly … I say this as one who was the Gatekeeper for too many years, that gate is a necessary evil.

    By hosting code and content from other people, WordPress.org places itself in harms’ way. They became responsible for how everything was portrayed and published on the plugin/theme search pages, and that gate had to have rules to protect itself and ensure its continued existence. Like trademarks. You have to be vigilant because places like Facebook will try and shut the whole directory down if they decide it’s infringing.

    That gate has become a hinderance to the democratized usage of WordPress.

    To get around the rules of the gate, people host their own code now. Sure there are a couple options (EDD Updater, GitHub updater, there’s a plugin self-updater out there as well). But because of that gate, they aren’t findable. This hurts WordPress. It stifles growth, it makes it harder for people to make their living on WP, and that is a net loss for everyone.

    My (Then) Proposed Solution

    WordPress.org should stop hosting non-official Plugins and Themes (including Akismet) and instead host the following:

    • Example Plugins (hello dolly)
    • Core Plugins (Classic Editor, Classic Menus, HealthCheck)
    • Core Themes (twenty-*)
    • A directory of other plugin and theme directories

    That last one is the crux of the whole matter. We give hosting back to the developers (just like we gave hosting to the content creators) and then we welcome in their content without liability.

    The thing was, I knew damn well this is something that WordPress.org would fight me over. Stop hosting? Make that radical of a change to completely rewrite how we access code? Distribute everything and own nothing?

    An uphill battle to say the least.

    So, like I did every time I opened that doc, I re-read it, made some tweaks, ran it though and AI on a whim and cleaned it up even more, and I closed it.

    The FAIR Future

    This brings me back to FAIR.

    Sounds like it was made for this proposal, huh?

    I cannot take credit. It’s lightning striking the same place twice. But that makes sense, doesn’t it? No, I’m not talking about how WordPress and I share a birthday, I’m talking about how I absolutely couldn’t be the only human on the planet with this idea in their head.

    Naturally I dove in. I helped writing the docs, translating High Geek explanations into Corporate Lingo, pitching and refining ideas, collecting information from the developers who were far better at these things than I am, learning about AtProto.

    When I was nominated to be on the TSC, I sat with my wife to discuss the implications and risks of accepting. There was a very real possibility this could destroy my career, and I’m a developer looking at 50 while being female. Finding another job, if this went badly, could become impossible.

    But I have a poster. “Flynn Lives.” For years it hung on the wall across from my desk, and I would look up at it and remember the line. “I fight for the users.”

    I started helping in the WP forums to help the users. I joined plugins for the same thing. I ran plugins with the dual view of fighting to make things easier for users and developers. And I failed, trying to do that. But I’ve learned and grown and changed.

    In order for WordPress to move from being that joke to “just a blog” CMS that ‘real’ developers mock, to grow the ecosystem and help everyone make money, to get even bigger while still giving back to everyone, distribution is key.

    Democratize Distribution

    FAIR is at step one of the plan.

    Today, the plugin can disconnect you from WordPress.org for updates (which has the added benefit of more data privacy). There’s only one distribution source right now (thank you AspirePress! none of this is possible without you) but it proves you can do this. It’s got some work left to do and we welcome everyone’s eyes and hands to help. It is very much an MVP release (something I stressed over and over during the dev cycle, to keep folks out of the weeds).

    Next is the part where we build out the system to hand the keys to the developers. No more AppStore and rules. Push what you think is right to push.

    Will some people abuse that? Of course. Someone will push weekly updates so you’re always being notified. Someone will cover the admin panel with ads. Those things happen today, and the plugin review team cannot keep up because there are more devs than reviewers.

    But there are things we can and will do to help and protect users, to empower developers, and assist the hosting companies and more. Everyone benefits from this future.

    We have a plan, and we hope you come with us.

    Other people collaborating with FAIR have blogged as well:

    NB: Currently Flynn Lives is on loan to my barber for his art wall, and instead I have Nichelle Nichols and Carrie Fisher.

  • When It’s (Not?) Burnout

    When It’s (Not?) Burnout

    I took 2020 as a break from speaking at conferences, live for obvious reasons, and online for a couple different reasons. It took me until November to get my home office set up in a ‘non-embarassing’ way so that I didn’t feel like I was showing everyone my mess when we video’d. Also I was exhausted and realized how close I was to burn out after the last four+ years of stress and travel.

    But there has been one other thing. I’d talked to a number of friends. I’ve broken down sobbing after a coworker mentioned what was going on. I’ve had longs talks with therapists and experts in this sort of thing. The issue wasn’t my workload, it wasn’t even the work I was doing. But I absolutely was burnt out.

    … But it’s not for why you’re probably thinking. I’m dead ass burned from being harassed.

    Harassment

    The largest contributor to my burn-out is an ongoing, over two years, harassment.

    A year ago I gave a talk in NYC about how to deal with being attacked online, and the tools you can use to protect yourself. What I didn’t mention in detail in that post was what has been going on since November 2018.

    Back then I was watching the Macy Parade (like I do every year), waiting for the oven to heat up, and cleaning out the emails for the plugin review team, when I got pinged by a forum mod. A plugin developer was being cruel to users, making weird threats and claims, and said volunteer wanted to know what to do, since that person had a flag on their account saying “If there are any guideline violations, report to plugins ASAP.” So I threw the turkey in the oven and pulled up the records.

    What I found was a series of minor issues, but all repeating. The developer was asked (twice) to change their plugin name to be less spammy (ex. “The world’s greatest slider plugin! Greater than anyone has known! Used by millions!”). There were also multiple emails reminding them not to ask to contact people off the forums.

    There was also a strange email from a couple months prior. A woman had emailed the plugins team about this developer, saying that after she left a bad review she was harassed by them on Facebook. At the time, we issued a final warning about behaviour (which is why the flag in the account existed). I had forgotten about it being related to this developer, as it was about their other plugin, but also we get a hundred emails a day, and I don’t memorize everyone’s drama.

    In looking at that, and the post the forum mod was worried about, I saw the parallels. This was very obviously repeat behaviour, and at the time I was pretty sure that the developer was account sharing (multiple people using the one dev account), which meant not only did they not understand the message about not being unkind, but they were not making sure everyone who worked for/with them did either, and they didn’t understand basic security (there’s no need to ‘share’ accounts on WordPress.org — you can make new ones and ad them to your plugin as support reps after all).

    This meant I did what I hate doing. I closed their plugins, locked the accounts, and emailed them saying that they were banned for repeat abusive behavior. After all, they’d had multiple warnings.

    In retrospect, I should have seen this all coming.

    Megs of Logs

    At this point I’ve amassed megabytes of logs on this drama. I’ve written up a nearly 30 page document (with citations no less) of everything that’s happened before and since. I thought about listing everything they did ‘wrong’ here but honestly it doesn’t matter if I list out everything. That was all ‘normal’ poor behaviour by developers. People make mistakes, and many times they really just do not grasp how serious things are even when the email says “This is your last chance.” Which means I know I have to be the bad guy to tell people “Hey. This ends now.”

    Now, banning people, especially existing developers, is not a common thing! It’s not un-common or rare, but it’s not like I do it every day. Around 4 people a year get banned following a final warning. Usually it’s only one person each year (though due to people being people, it may involve multiple accounts — we still consider that one). More often, people get insta-banned for trying to use the directory for malware. Once in a while someone will be banned without warning for lying about being previously banned, but usually we catch those pretty quickly these days. Even so, it’s not an every month thing, or even an every season occurrence! The majority of people get that final warning and stop and rethink their choices. That’s normal.

    What was abnormal is what happened after they were banned.

    Between November 21st and the 27th, the Plugins team received over 30 emails. The first few replies were replied to in kind, pointing out that they had their fair chance (and a couple extra) and they squandered it. At that point, emails were not replied to for 24 hours, when they were informed again as to their numerous violations, and asked to stop emailing or their actions would be treated as harassment.

    The emails did not stop. 21 more were sent following that caution.

    Yes that means over 50 emails in a 6 day span. Probably closer to 100, since we only tracked them by subject rather than by how many replies they got.

    On the 24th, they tried to bribe me by sending me money via PayPal (it was refunded and reported — and yes, this is why generally I don’t like when developers send me a donation, though I understand most are not trying this). The message asked me to ‘forgive’ them and rescind the ban. At that point I blocked their email on all my personal systems and went on my merry way.

    Instead, they thought “Well she blocked us on one email, let’s use a different one!” and found my old, only used for Google events, account. By the way, none of those personal emails were ever provided to them. It’s not hard to guess what my email on Gmail might be, though.

    On November 27th, a threat was made. They emailed saying they prayed to their god to “take away all your name, fame, respect, wealth everything” and more.

    And then it escalated…

    Yeah some of you are thinking “Wait, THEN it escalated?”

    • From November 24th to the end of the year, 77 separate email chains were sent, using 3 separate emails.
    • In 2019 there were over 600 separate email chains from 126 separate email addresses.
    • 2020? 34 separate email chains.
    • 2021? Only 3 email chains, but it’s only February.

    So yeah, 2019 was rough. My Dad died in the start, and this developer had the gall to say Dad’s death was my fault, as I was being punished by their (the developer’s) god. Yes, that really happened.

    I did a lot fewer talks in 2019 because I was coping with the world without my dad, and in 2020 …. well. We all took an in-person break, and I took a virtual one as well, because I was tired of prepping myself before talks.

    See, every time I would go to a WordCamp, I had to prepare myself. What will I do if they show up? They had made, after all, ‘threats’ to come to California, and they’d already sent physical items to my office. So how would I handle it? The odds of them getting to the United States, given our then administration, seemed unlikely, but what if… What if?

    I rehearsed, I practiced not being alone, I made sure at least one trusted person knew why I was nervous. My wife and I talked about strategies. But online? What if he saw something on my backdrop that let him figure out my home? What if he tracked me? What it he did something to put my family in danger? It was all too much to bear, so I simply didn’t.

    Somewhat related, my office knew and went way above and beyond what I had any reason to expect to make sure I felt safe there. I love those people.

    So … where are we now?

    The developer still emails, on average twice a month now. We’ve sent a cease & desist (which was repudiated) and I’ve spent a lot of time literally ignoring everything that comes in. I do have a list of all the various claims made, and all the email subjects. I stopped tracking the content of the emails in mid 2019 because they were so outlandish that I couldn’t even anymore. I mean, does anyone think Alexandria Ocasio-Cortez cares that someone in another country is angry they got banned from a website?

    Effectively? I am still being cyberstalked and harassed. And my god, it’s draining.

    I sat here, thinking ‘is this even a good idea? It’s just going to make them be bigger annoyances”

    After how disastrous 2020 has been? I think it’s right to step up and say “Hey, so this shitshow happens, and people are out there who are going to make it their mission to make you miserable. You’re not alone.”

    This is me, walking back into the fire because I’m refusing to let it make me smaller.

    What I want?

    It’s super simple. I want it to stop. I want them to accept that they’ve burnt every single bridge a human can burn, short of physically attacking me, and now, even if anyone accepted their apology, we cannot unban.

    There’s no way to know they won’t start this up again, or use this as the freedom to be a bigger harm to the community. There’s no way to walk back from this level of harassment. And if that means I have to shoulder this to protect everyone else? Well. I’ll do it, but I’ll do it my way, which means I post this. I share to the world “This is a thing.”

    And this sucks. I hate telling someone “Buddy, it’s over. You’re done.” But they are. Even if I overstepped or over-reacted, 700 emails, physical packages, cards, threats, accusations of killing people, etc … how do you go back and say “Oops, I was wrong” and expect everything to be okay.

    It’s not, because it can’t be. Things don’t just go away and get better because you said you were sorry. I do believe they’re sorry, but I think they’re sorry because they got caught and punished. They aren’t sorry they did harm (if they were, they’d have stopped). Right now, they’re at the point where their argument is “We will stop hurting you when you do exactly what we want.”

    And that, I simply cannot do. Not just because I’m standing to protect the rest of the WordPress.org users, but for the principle of the thing.

    What I want? I want them to stop trying to contact me in any way, shape, or form. I want them to accept the (painful) fact that they made a massive mistake and acted in a harmful manner. I want them to be grown ups and walk away.

    Sadly, this appears to be something they cannot do.

    It’s totally Burnout

    This absolutely is burnout.

    I’m socially burned out in a lot of ways. While I had some phenomenal support from WordPress, from my work, from my friends, from professionals, it was exhausting to have to deal with this. Legally? There isn’t much I can really do. The persons involved don’t live in the US, so our laws are not in play here. International harassment laws don’t really exist. There’s nothing the police can do to stop it unless they show up in the US (which is highly unlikely).

    At best, I can file complaints (which I have) and block their contacts (ditto). I can also be proactive, look them up, find out everything that’s them, and block them before they contact me (did that). I’ve done a lot more than I list here, by the way. I don’t want to tip my hand.

    People have done everything I could possibly expect from them, and more, but … it’s still going on.

    And yes, this is part of why Plugin Team emails went anonymous.

    It’s absolutely, 100%, burnout.

    And about speaking at events?

    I don’t know.

    The last two years I just needed a break from all that to process how I felt about the situation. I knew I was tired, but that isn’t really how I feel emotionally. The last year was so hard for everyone, so brutal for us all, that having it sit on top of the pain of loss meant I never really got the chance to process. I don’t feel like it’s been two years since Dad died, I feel like it was yesterday.

    What I feel is anger and annoyance and a lot of ‘damn it to hell.’ And I am filled with defiance.

    Now that there’s a little less stress in my life (and most of ours), and with the hope that people in charge will be held accountable for their seditious actions, I feel like I’m freer to say that this happens. This happened. This is happening.

    Soon, hopefully, I’ll feel like I can safely do interviews and talks again.

    Why did I post this on my Tech blog?

    The world is angry right now. Everyone’s at their limit for coping, and for most we’re well beyond what our brains can wrap around. Half a million dead in the United States alone? It’s nearly unimaginable. And I think we’re letting our anger get the best of us.

    I posted on HalfElf and not my personal me-blog because in tech, we can easily forget there are other people on the screen. I knew, when I banned this person, that I was harming a human. I felt I had run out of other options to get them to understand that they were doing harm to the world in general, and I didn’t want anyone else to get hurt. This is not an excuse, though. I hurt someone. I hate that I did it. I hate that I have to. But there’s literally no way to stop someone from hurting others without hurting them in some way. At least not that I’ve found.

    But if I banned someone from a physical location, I could get the cops to do something (in theory, I know). I could get legal help. I could have security escort them from my location and be within my rights.

    Online?

    We don’t build our tools to handle harassment. We just don’t.

    If someone harasses you on Twitter, or Facebook, the ‘solution’ is to turn your account private, because these people will just make more and more accounts. We can’t block by IP, because they can use VPNs. We could ban all VPNs, but that has a negative impact (just for an example, I can’t edit Wikipedia when I’m at my office because we have a firewall and VPN).

    Looking at WordPress, how would you stop someone from harassing you? You make use of banned terms and plugins, but did you know most contact form plugins don’t have block tools? Logically it’s so if someone’s accidentally blocked from commenting, they can get a hold of you. But most don’t even have this as an option.

    So I post this here to put a human face on the damage being caused by our own negligence, and to make us more aware of the monster we’ve created.

    When you write new code, think about how it can be abused. Think about disrupting harassment. Think about allowing people to protect themselves. And, above all, if someone tells you this is going on? Believe them. I was lucky. Everyone believed me. Most people are not.

  • There Are No Top Influencers

    There Are No Top Influencers

    It’s that time of year where people post their ‘top X influencers’ for whatever they happen to be blogging about. It’s not a secret I hate those lists. In fact, I ask to be left off of them entirely.

    All Lists are Incomplete

    No matter what, no matter if you list 100 people, you’re going to leave someone out. This is a huge problem because those people will be hurt. The common complaint you hear is that a list cannot possibly list everyone, and that’s exactly the point. You know from the start you won’t have everyone listed, so you’re just going to pick the people you like best. And this is because…

    All Lists are Biased

    A couple years ago I saw a top-40 list that was 97.5% male. That means there was one woman on that list. Equally bad, there was only one non-white person on the list. They were not the same person, which meant this list left off someone who should have been terribly important since she led a major WordPress core release that very year. Leaving off hugely qualified people because of your unconscious (I hope) bias means you further work against the progress to be found with representation. And really that points to the next problem….

    All Lists are Personal

    If I was to list the biggest influences on, say, WordPress for me, I would include my father and my wife. To his dying day, my father emailed me a PDF and asked me to upload the content to his blog. My wife constantly asks me for help remembering the rare parts of WordPress. It’s that kind of experience that drives me. They influence me every day to make things easier for the non-technical. Another major influence are my co-editors on LezWatch.TV who ask me things that I feel should be obvious but clearly are not. Which means …

    All Lists are Pointless

    My mother is a huge influencer in my life. But you’re not going to get anything from following her. The developers I follow are ones who speak and talk in ways my brain has no problem following. The designers have taught me how to visualize (something I’m terrible at). The political wonks aren’t just an echo chamber, they’re thoughtful and educational. I follow a Sappho bot because I like her poetry. But none of that, not one thing, will help you get better at development or WordPress or anything really other than knowing I’m a human who likes a lot of weird stuff.

    We’re Solving the Wrong Problem

    What’s the point of these lists anyway?

    I can only come up with a couple reasons people make them:

    1. Currying favour with the people on the lists to make them feel important
    2. Lists are easier than actually writing a post with content

    That’s all I’ve got. And that brings me to my point.

    No One is a “Top Influencer Anyway”

    The person who influences WordPress the most is probably someone you never noticed.

    People tell me I should be listed and I point out that my ‘influence’ is not seen by the majority of people who use WordPress. They never see a plugin review or the work we put into making things safe and stable for them. And that? That is as it should be! How many users can name the release leads? Those names don’t matter to them, and they shouldn’t.

    Dad never cared if Nacin or Helen or Mel or Matt lead a release. He didn’t even care that I know them. He cared that WordPress worked and did what he needed.

    Isn’t that what we all care about? Not the personal aggrandizement of a few select individuals, but of the collective success of the WordPress project.

    Make Lists Matter

    If you want a list that matters, make a list of the best talks/blog posts/event-things you experienced in a year and explain how they influenced you. Tell people about what you learned and how you use it. Explain why things matter.

    But lists?

    Come on, we can do better.

  • On Behavior and Respect

    On Behavior and Respect

    I’ve had an interesting week with WordPress. It’s been bad enough that I have to preface this post with a note.

    I have no plans to quit WordPress at this time.

    Good Faith and History

    This morning, I woke up thinking about a statement I picked up from Wikipedia. Assume good faith. I like that. I try to do it. The concept is simple and direct. Don’t assume everyone’s evil, instead assume they do mean well, but sometimes they may have trouble expressing it properly.

    And while I do believe that most people don’t mean to be evil (there are exceptions…), I think that more people remain concerned about themselves over anything else. And this self-involved nature causes problems like happened recently, with choices certain companies made to self-promote in ways that other people found offensive and harmful.

    So when I think about ‘good faith’ I do it with a look back to the previous actions someone (an individual or a company) has taken. How have they behaved before? Have they constantly shown poor choices? Is this a first? What happened the last time I tried to talk to them about it? Did we have a discussion? Did I get 15 emails in a row, alternately being called names or being begged to give them another chance?

    That means I find it strange to watch people use the concept of ‘Good Faith’ to argue that they don’t look at people’s past actions to judge their current ones.

    I’d like to think that my consistency would be something people would use to judge my actions, but I’ve learned people whom I’d trusted don’t. And yes, that’s sad. It’s depressing to find out people would rather jump to outrage and pointing fingers and blaming me than taking into consideration 10 years of work.

    Respect and Doubt

    Respect is both given and earned. You give people respect for a position, under the assumption they deserve it, and people either live up to that respect and thus earn more, or they don’t. But when you have an unknown person, you start from assuming good faith based on the hope that they have legitimately earned the position.

    Obviously when you know someone, hung out and had dinner, your assumptions are based on more than that. And if someone has a public history you can turn to, you can use that to base your assumptions.

    That’s not what happened to me this week. Instead, I found out people actually assume bad faith, because perhaps my opinions are different than theirs, or because I saw something in a different way. It felt like “Assume good faith, but only if you’re on my side.” And that? That is sad.

    I imagine how different things would have been to say “Hey, y’all. Mika’s been really careful about using her power here for five years. Give her the benefit of the doubt.”

    Instead, people said I was seeing things that weren’t there. I was playing a victim. It was all in my head. There’s a word for that: gaslighting. God help you if you call them out on it.

    Damage and Care

    It’s in a week like this where I totally understand why so many people have been quitting WordPress. People have worked hard to do good for a community, without any expectations of compensation, but they find out their opinions are dismissed and their word discarded or minimized. They feel disrespected, and it’s worse when they feel made fun of by the community they’re trying to help.

    Some of them have chosen to walk away from WordPress, and I fully support that choice. To do anything less would be like telling someone that the beatings will stop once morale improves. It would be cruel and unkind to dismiss their feelings, and it would mean I’m not listening to them and have no empathy for them.

    Also I’d have to be blind not to see it, because it happens to me all the time. This week? People I thought I knew assumed the worst in me. They didn’t give me the benefit of the doubt and, when I asked what I’d done to deserve that, they said I’d done nothing. They said they were just being fair and hearing all sides.

    In other words all the work I’d done, being consistent and fair, acting carefully and listening to everyone was pointless. In the end, they were just going to dismiss all of that and jump on the bandwagon with everyone else.

    And it was more than one person I’ve know for about a decade who did it.

    For a while I wondered “Did I really mess up here?” And then I asked myself if I’m told I did nothing to be not-trusted, but I was going to be anyway, was there a possible positive outcome here?

    Empathy and Power

    It really boils down to empathy. If someone says “Hey, this hurt me.” and your reply is “Yeah, I don’t see that” then you’re dismissing what they said. And it’s not just because I get treated badly that I have empathy, it’s because my parents, my family taught me to have empathy and care about the strangers as much as I cared about myself. We don’t live in isolation, we live in a community.

    You can see why I call myself a Socialist, right? I care not just about the people I know, but the people I don’t know. I think about the impact my choices have beyond me, and given the amount of power I wield, that has a lot more weight than you might think.

    Oh yes, I have an insane amount of power, and it scares the hell out of me. I could destroy a company with a click. I could insta-ban people for wrongs. I could close plugins for every single security and guideline mistake. I could publicize exactly what specific people did to get permanently banned. Worse, I could spread fear and doubt in the entirety of WordPress, just by closing a plugin.

    I don’t. I handle the majority of that quietly, on the books but privately, because I assume good faith in everyone, even people who make massive mistakes. And because I consider the negative impact to the community in general before I take an action.

    How much trust do I erode in WordPress as a whole with what I do or say? How much damage do I cause? How many people do I hurt? How many people will this person hurt if I permit them to carry on as they have been? Will their uncensured actions damage the reputation of WordPress? Will the community forgive a mistake?

    That’s what I think about, every single day, before I approve, reject, close, or open any plugin.

    Alone and Together

    If you look at some of the people who’ve left the WordPress Community recently, you’ll see a trend. They feel alone. They feel like they’ve been tasked with ever increasing, insurmountable, chores, and they have no support or backup.

    I feel that way too. It took months to be taken seriously about a problem, to the point that serious action was taken. Months, in which I questioned myself. Was I seeing something that wasn’t there? Was my value so little that I’m not worth taking the time to address this problem?

    To put it in perspective for you, someone told me that my father’s death was my fault for banning them for abusive behavior.

    When you look at it, you’d wonder how I could ever doubt myself. Well, that’s what happens when people don’t step up and ask how they can help. And certainly I could have been more vocal about it, but at the same time, it illustrates the invisibility problem in our community. People are hurt all the time, and no one is looking out for them.

    Should I have to scream that someone is hurting me for it to be seen? There’s no oversight in all things, but there’s also no clear way to ask for help. How much worse would this have been if I didn’t have support from people in the community, people in places who could (and did) help me?

    What about everyone else?

    Unending and Critical

    Now look back at Slacks and Blogs and Twitter. You know which ones I mean. Read what people are saying and assuming, and ask yourself “Is this making a welcoming environment?”

    Far too many of us have used our critiques as excuses, without caring for the damage they cause. Dismissing people’s pain. Not offering honest and sincere apologies. We hide behind the veneer of “I’m just passionate” or “I’m being critical.” And instead of discussing the idea, we sling ‘understandings’ like accusations, and we cut at people for disagreeing. We assume the worst and treat people shamefully.

    And worst of all? Our comrades allow this to happen in their backyards. They won’t remove a homophobic ‘joke’ comment because clearly it’s not meant sincerely. They will allow someone to be called a powerless puppet. They give space for hateful comments that barely even have a veneer of merit.

    We’ve stopped encouraging meaningful discourse and regressed into screaming across the aisle that the other person is wrong. We believe our way is the only valid way, and we will tear people down, all the while claiming we’re doing it for the greater good.

    And yet people can look at all that and not see the pitchforks and tiki torches.

    Comments are Disabled

    There’s a reason I disabled comments and mute and block people on twitter with ruthless abandon. It’s not that I don’t want to hear different voices, it’s that it’s stressful to be attacked all the time. It makes a person physically ill. Certainly it’s made me that on more than one occasion.

    I don’t leave comments open, I don’t engage with certain community news sources, I left many Slack groups and I don’t offer comments when asked very often. You see, I can either do good work for the community, do my best and keep things safe, secure, and as fair as a human can, or I can wade through toxicity.

    I decided to do good work.

    I would like to think that a decade of it would allow any perceived missteps of mine to be taken with a grain of salt and a sip of trust. I will still believe in the inherent goodness of people, and their ability to make colossal mistakes. I will still accept an appology when sincerely given.

    But I will not forget and I may not forgive.

    Then again, forgiveness should never be the point of your apology.

  • Being Aware about Safe Spaces and Self Care

    Being Aware about Safe Spaces and Self Care

    One of the things people complain about is that I will walk away from a conversation that’s going nowhere. This extends to my worklife, and of course my WordPress work. Related to this, I will also choose to not engage with argumentative demands like “Why did you do X?” on places like Twitter and Facebook.

    This is often considered to be cowardly, an admission of wrongdoing, avoidance, or proof I’m not “up” for the job. Sometimes people jump into the special snowflake argument (that is: I am one) or that I’m too sensitive and need a safe space.

    Okay, let me explain why I don’t defend myself, or even generally reply to people who demand explanations.

    Social Media is Unsafe

    I like social media. I like reading thoughts and replying, expressing my own short form feelings, and so on.

    But by its open nature, social media is incredibly dangerous. Anyone can talk to anyone, and if we’ve learned anything from recent days, there are a lot of naive people out there who fall prey to any con man who walks up and tells them it’s not their fault their life sucks.

    It also lends itself to a mob. And mobs are the most dangerous sorts of people. They’ve fallen in truck with a group and they believe everything they’re told. Worse. They are regularly aggressive when they face adversity, and they take justice upon themselves. This means, should you ever happen to upset one of them, you will end up with a mob on your doorstep. Or your DMs.

    A Place For Everything

    Recently, a plugin developer made what should have been an innocuous question. Why was a post moderated. This is the sort of question I get a lot, and in general I press mute and ignore it, because if you want to ask me a question about plugins, there’s an email address you already have. Press reply. And if you want to ask about forums stuff, there’s a channel on Slack.

    The problem here was in the hours leading up to this, he’d also spoken with people about another plugin. This plugin happens to be contentious for many reasons, including overmoderation of bad reviews. Someone decided that one and one meant four, and I was the fault of the reviews being removed.

    I think that if you have questions about a team, you logically ask the team. Or the team management. When you ask someone whom you presume to be the point person on Twitter, you run a risk of a public misfire. You also run a risk of signaling to the mob who their new target is. Which is what accidentally happened that day.

    Angry People are Stressful

    If you’ve ever tried to reason with someone who’s angry, you’ve probably reached a point where you thought it was better to bash your head in than try to explain facts. When you get a mob, it’s even worse. The people start out super angry, they refuse to accept any viewpoint but their own, and they make you angry too. This begins a vicious cycle where you overreact, they get angrier, you get angrier, and bad decisions are made.

    It goes without saying, I’m not exempt from this. I make bad decisions when under anger and stress, same as pretty much everyone. While I strive not to, this is nearly impossible, and that is when I will disengage. Because I can tell I’m not going to be reasonable, and that would be harmful.

    But what changes when you’re the end stop of a team? When you’re the rep and you have no choice but to make the decisions and the hard calls and continue to try? Well, you draw a line about where you will have those conversations. And you draw a line about with whom. Like saying “I won’t do this over Twitter.”

    Say No, Even When You Feel Bad

    The main reason I won’t have a conversation about why decisions are made on Twitter is that there is no accountability for actions.

    Anyone can make an anonymous account and troll people, telling them off for perceived slights. But to take your regular, daily use account and step up to ask a question, in the official location for those discussions, takes courage. More important, it takes a quality of human that will accept responsibility for their actions.

    Most of the time. The odds are at least higher that people will be willing to discuss when they come into a discussion room. Obviously not always, and unlike Twitter I can’t mute or block people who are incapable of accepting ‘no’ as a valid answer.

    Because you see, the main reason I don’t want to have the conversation on Twitter is that I worry you’re going to out yourself. That you will embarrass yourself when I say that leaving a review on the moderators in a plugin review is not appropriate. Or if I explain “You made multiple accounts to leave 5 star reviews on your own plugins.” Or worse, when I have to point out that “You called the moderators Nazi c***s.”

    None of those are made up.

    Emotional Labour

    There’s one more thing.

    When someone walks up to me and demands I explain myself to them, they place a burden on me. Literally they ask me to defend my actions. While the word “explain” is in there, it’s not what they mean. What they mean is for me to justify my actions and choices.

    Usually when I attempt to explain the situation, or if I suggest the one they’re comparing to isn’t the same at all, I get called defensive. Or I’m trying to hide the point.  And I’m expected to do it with a smile. If I call someone out on their inability to reason, I’m a bitch and making excuses. If I’m polite and respectful, I’m hiding something.

    Simply put, if I can’t have a civil, reasonable, conversation with them about it, I’m not going to waste my time. No matter what, they’ve made up their minds going in.

    Now, I will note that after some time doing this, you can tell who is going to be a stubborn jackass and who is not after about two passes. I can tell, on Twitter, from their previous tweets. That’s why I’m quick to mute and block. It’s not to silence them, it’s to sufficiently ignore them and not spend energy on someone who begins a conversation from a place of disrespect.

    None Of This Changed Your Opinions of Me

    If you’re reading this, you’re probably a regular who knows you’re getting an opinionated, open minded, person who looks as intently at herself as she does everything else. In order to be truly honest, I have to be honest about myself, who and what I am, and what I say. 

    The other person who’s reading this probably came from a link someone gave you, following a discussion about my flaws. Let’s be honest, I’m a big fat target for those posts on Twitter, Facebook, and other various blog sites around the planet.

    You both probably got here and thought “Yep, she’s exactly what I thought.”

    Funny how that works.

    I’ll leave you with this relevant article about why YouTube stars are heading for burnout:

    Lees began to feel a knock-on effect on his health. “Human brains really aren’t designed to be interacting with hundreds of people every day,” he says. “When you’ve got thousands of people giving you direct feedback on your work, you really get the sense that something in your mind just snaps. We just aren’t built to handle empathy and sympathy on that scale.” Lees developed a thyroid problem, and began to experience more frequent and persistent stretches of depression. “What started out as being the most fun job imaginable quickly slid into something that felt deeply bleak and lonely,” he says.

    The Guardian 


  • Context is Everything

    Context is Everything

    In the uptick of automated scans, we come to the place where we realize it’s not just the quality of content that matters in our success, but the context.

    Context in Content

    When you write content, the body of your work depends on the literary context of the words. Writing about technology on a non-tech site requires you to step back and explain the tech in a little more detail than you normally might. For example, if I were to post about shortcodes here, I would not bother to give you the history of what they were or why they’re used. I would trust you to know those things, or be ready and able to research them.

    By contrast, when writing about code used on a journalism site, and explaining we had a nifty new shortcode to do a thing, I absolutely would take time to explain. I would not expect my readers there, who care about the goings on of television, to understand about the weirdness of a shortcode. At the same time, I may not need to delve into details quite so much. I could just say “We have a new, faster way to add whatever, which will make it easier for us to report on X.”

    In short, I consider the audience when I write the content. I write contextually.

    Context in Code

    When it comes to writing code, there is a similar mindset. The code should make sense contextually and be consistent. If you’re using underscores for filenames, always use underscores, just to give one example. But this goes further than having a same prefix or formatting (tabs or spaces, eh?). It also means that when data is processed, it should be done so contextually.

    If you have a form, and you allow people to enter data to send to you, and that data is saved to a database, you have to sanitize the data. That’s a no-brainer for every developer worth the time of day. Never save unsanitized data, and sanitize as early as possible to minimize the possible damage. But deciding how best to sanitize can be tricky. PHP comes with stripslashes() for example, however consider that PHP says this:

    An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it was on by default before PHP 5.4), and you aren’t inserting this data into a place (such as a database) that requires escaping. For example, if you’re simply outputting data straight from an HTML form.

    In other words, you shouldn’t use that to save data. Thankfully in WordPress (and Drupal and everything else) there are many ways to sanitize your inputted data based on … you guessed it, context. You don’t sanitize a URL as a plain text field, and you don’t sanitize an HTML form as a filename.

    When you write your code, sanitize, validate, and escape it contextually based on what it is.

    The Bottom Line: Context Matters

    This is the thing that automated checkers can’t quite do. They don’t know what the input is supposed to be unless you tell them, so they can’t verify your sanitization as well as a human can. Even grammar checkers can’t tell you when it’s okay to use slang and when it’s not, when you’re trying to explain a new concept.

    In the end? We need humans.