Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • The Trouble With Libraries

    The Trouble With Libraries

    I’ve had the same argument over and over, to the point that people follow me here and complain that I suck. You’re welcome. I’m going to spell out the issues, as I personally see them with frameworks as plugins. If you want to talk about this in so far as it applies to the WordPress plugin repository, please read this post and keep the discussion there.

    The Problems

    Problem 1 – Users have no idea what the ‘library’ plugin is for.

    Most users understand “I have an add-on for WooCommerce, I probably need Woo.” They do not always understand “I have plugin Slider Joe. Why do I need Advanced Custom Fields?”

    Problem 2 – We don’t have true ‘dependancies’ in WordPress

    I think everyone can accept that’s a problem. We literally do not have a perfect way to require things. Look at Themes. If you try to delete a parent theme, you get warned there are children around. We don’t have that for plugins. We probably should.

    Problem 3 – Users are responsible for something they don’t understand.

    By having a library as a plugin, the onus of version compatibility and updates is now on the person least likely to understand it when it breaks: the user. They have to update the library, and your plugins, every time there’s a new version.

    Problem 4 – Frameworks and libraries can no longer break backwards compatibility.

    This is hugely restrictive, by the way. With a framework-as-plugin you can’t break things because you (the framework developer) are responsible for all the plugins that use your framework. If you break how things work from V1 to V2, and one of the myriad plugins a user has doesn’t work on V2, and the user updates your framework, you broke things. True, this was always the case, but at least the plugin contained the library and could use it’s own version.

    Problem 5 – Plugins will still break.

    I have to say ‘still’ because we have one version of the problem today, and we’ll have another tomorrow. Right now, if four plugins include the same library, and they’re all different versions, we don’t have a clear and perfect way to know which version of the library the user will get. Tomorrow, if a framework is a separate plugin, there’s absolutely no assurance than every plugin that requires that library has been tested with the version the user has install.

    The Options

    Today we really have two.

    Option 1 – Frameworks are plugins and users have to install them.

    This means all new plugins that include said framework have to remove it and change it to a require. All existing plugins should be contacted and told to change their code. Some users will complain about installing ‘extra’ plugins and some developers will lose users (it’s already happened).

    All developers have to put in this requirement themselves, possibly using a library like TGM (until we have dependancies). Also all developers have to ensure they, now and forever, keep up with the frameworks and ensure compatibility as well as proper alerts if a user removes the framework by accident. Their code has to break elegantly if the user doesn’t upgrade the library. Your plugin takes advantage of the latest feature in a framework? Awesome. Make sure your plugin checks “If this feature exists, use it” and fails gracefully if not.

    Option 2 – Frameworks that are not ‘functional’ frameworks, but really libraries are treated as all libraries are with all projects, and included separately.

    Developers have to code the calls to the library, making sure that the ‘right’ version is included no matter what someone else includes. Developers also have to update their plugins when a library updates. though if they properly handle the code calls, they don’t HAVE to. They could use namespaces and cleverly call use MYPLUGINAWSSDK as /aws/AWS/foo/bar instead, so their version is what’s used. They’ll probably want to code in a failsafe “If a version higher than mine is used, show a warning.”

    The Solution

    Looking at the options we have today, we have to ask “Which is better?”

    Neither. They both suck for developers. They both suck for the users. They both frustrate everyone. I have heard arguments from the same number of developers for each option. Some developers want to include the ‘core’ or a framework in their plugin because it’s ‘better’ than requiring another plugin. Other developers want the other plugin so they don’t have to be responsible to update the library.

    There is, clearly, an argument to be made in both cases. There isn’t a win here. Personally, I think once a framework or library exists as a plugin in the .org repository, you should remove it from your plugins and require it. Of course, good luck figuring out how to do that in a sane way without breaking people. The best I came up with was have a period of time where you keep the library while using TGM or something to require the other plugin. Make an alert or notice to tell users to install the requirement. Keep that for a whole major version. Then, on the next major version release, drop the library.

    With all that in mind, we have to ask this instead “Which option annoys users slightly less?”

    That’s – libraries as libraries, not plugins. The one where the users don’t have to know (or care) about it anything except “I have plugin X.”

  • The Big Picture

    The Big Picture

    Decisions, Not Options

    WordPress’s core philosophies are what has allowed it to be extendable, supportable, extensible, and surpass 25% market share.

    One of WordPress’ hallmarks is a massive plugin repository and the ability to extend WP to do pretty much anything. Instead of making the core software huge and bloated, filled with aspects the majority don’t use, WordPress decided to follow a path of ‘decisions, not options.’ With that, the onus is on the developers to deeply learn and understand the implications of any and all changes and additions to the core software. We’re encouraged to separate our personal feelings from what is best for the project and the users.

    We need to think about the big picture.

    I Fight for the Users

    I often say this when I’m in core meetings about ideas for changes that will impact users. Generally these are visual changes, like moving a menu or adding in a more obvious button. When we, as developers, make a decision, we need to have the big picture in mind. Do most users need to decide what quality of image compression to use for WordPress? No. Not because they don’t care, but because the information to explain it is overwhelming to many.

    Recently WordPress increased the default image compression (you’ll see it in WP 4.5). In the proposal, an incredible amount of research went in to figuring out what settings would be best for the majority of users.

    Will the minority, the photography site runners, be possibly upset? Yes. But when we look at the big picture (ironic, I know) we remember that most people will only notice that their sites are loading images faster.

    It’s Okay To Be A Minority

    Most of us started using WordPress and were the majority. We were the target audience and the people it aimed at. Over time, the ways we use WordPress become more and more specific, and suddenly we have at least one way where we are unique and special. We no longer ‘just blog’ on WordPress. We sell our wares, we write novels, we build communities.

    We are, suddenly, a minority in how we use WordPress. This makes it harder and harder to keep the big picture in mind. We are, as humans, inclined to see ourselves first and put our own needs first. Our websites need these things, therefor they are the most important aspect of the upcoming changes in WordPress.

    This isn’t true, of course. But we lose sight of the big picture very easily when the changes impact us, and it tends to make us concentrate on the wrong things.

    I Prioritize the Users

    I speak up for the users in developer meetings when they’re not there.

    I think of them first.

    When I make a change, when I design a change, it’s for the users first. Even when it inconveniences me, even when I feel it’s not the perfect solution for my plans, I consider that what I’m making only is what it is because of the users.

    The big picture is that users make the software what it is. Putting them first in as many things as possible makes it so that they can trust me when I make a decision. When I say “No, this would be better for you as a user but not for your safety.” I know I can say it from a place where I’ve earned the respect and trust of the users.

    You cannot get to that place of trust without putting the users first in all possible things.

    The big picture is bigger than just you, who wrote the software, and you, who used the software. The big picture is all of us.

  • Cooking as a Dev Skill

    Cooking as a Dev Skill

    My friend Dan asked if I’d be talking about cooking as a dev skill for WordCamp Minneapolis.

    While I won’t be making that camp this year (sorry folks), I thought I’d take a moment to talk about cooking as a dev skill. Or rather, what cooking teaches you about developing a website.

    Know What You Want to Cook

    You can’t just decide to throw things together until you’ve been cooking for so long, and you’re an expert at winging it. Most of the time, we pick a recipe we know, or feel we can follow, and decide what we want to make. We have to temper this with what we need to make. If I’m making dinner, I need protein and vegetables. If I’m making a pie, do I need the pie or do I just want something sweet?

    Websites are the same way. We pick the site we want to make before we start building. When you go into making your site, you have to know what you want the site to be. You also have to know what you need. I need a web presence (it’s 2016, yes you do), but I don’t need a video and an interactive game and all the bells and whistles.

    Check Your Ingredients

    Open the door to your refrigerator and make a list of what you have. Look at the recipe. Do you have what you require to make this dish? If you’re ordering out, you get the meal pre-made. When you’re making it yourself, you need to make sure you have salt and butter and tofu and eggs.

    When we talk about webpages, we talk about the code behind it. Can you design something out of nothing? Do you have the tools with which to do so? Can you write javascript and PHP and HTML? These are things you need, these are your ingredients. They’re also going to be your libraries like Backbone and React.

    Mise En Place

    In cooking, setting up everything beforehand makes the entire cooking experience better. I’m terrible at it, but I’m doing my best to get better, because once I’m prepared, everything flows and I’m less of a whirling dervish. The setup doesn’t just keep you organized, it keeps you real. It lays everything out and sometimes, when you look at 10 pats of butter, you may think about maybe cutting down a little.

    Speaking of those libraries, make sure you have only what you need. The whole Backbone repository is over 5 megs. The one file you need is 69kb. Use only what you need. The more individual pieces you need, the more you should scrutinize them. Did you really need all that in the first place? Do you really need eleven css files for options of display, or should you make a basic one and let people build what they want?

    The Cake Will Collapse

    You’re going to mess things up. You’ll burn the caramel, overcook the pasta, underboil the egg, and so on and so forth. These mistakes are okay. As Julia Child said it, “No on will ever know!”

    Do I even need to say it? Your code will fail. A lot. In weird ways. You may spend an hour wondering why WP-CLI fails, only to remember it’s WP_CLI instead.

  • Apple Does the Right Thing

    Apple Does the Right Thing

    People died. While we can easily get lost in the implications of preventing deaths and understanding why a mass killing happened, there is one fact we’re left with.

    The FBI have asked Apple to write a backdoor into the iPhone code to allow the FBI to brute-force entry into an iPhone.

    What is Brute Force?

    Quite simply, it means trying passwords over and over again, until the right one is determined. At its heart, it’s trial and error, and you can program it into another computer. We call it brute force because rather than trying to intellectually deduce a password, it’s done via direct effort.

    Why does this involve Apple?

    You can set your iPhone to, after 10 incorrect passwords, wipe itself out. After three (3) wrong passwords, the iPhone makes you wait a little. I’ve set my phone to wipe on 10 incorrect passwords since if someone has my phone and can get in, they can also get access to my banking information.

    With a 4-digit passcode, there are 10,000 possible permutations. With 6, this increases to 1,000,000.

    The Ten most common passcodes have probably been already tried. And if you want a fun read, check out Why repeating a digit may improve security on your iPhone’s 4-digit lockscreen PIN.

    What did the FBI actually ask?

    I have read a copy of the summary (this is not the full 40 page ruling) and many of the news articles. The best I can summarize is this:

    Tuesday February 16th, 2016, a magistrate judge in Riverside, California ruled that apple had to provide “reasonable technical assistance” to the government to recover data from an iPhone 5c. This includes bypassing the auto-erase function (the one that happens after 10 bad passwords) and allowing them to submit an unlimited number of passwords. In order to do this, the FBI wants a special version of iOS that only works on the one iPhone.

    Apple has five days to respond if they believe that compliance would be “unreasonably burdensome.”

    Yes, it says that the FBI is asking to break into one iPhone, but the only way to do that is to write a system that could be used to backdoor any iPhone. This is because Apple intentionally wrote their code so that they couldn’t get at your data. Apple has no way to dismantle or override the 10-tries-and-wipe feature. Only someone with the passcode can do it.

    Is that technically possible?

    Of course. There’s no real question about that. It won’t be easy (so ‘unreasonably burdensome’ may or may not apply here). And to be honest, the technical possibility of this is not the issue either.

    Does this mean ‘anyone’ could do this? Yes, but it’s unlikely. This sort of hack is an OS-level one, which means the software needs to be signed by a key only Apple knows, unless there’s some other vulnerability in the phone. You can introduce a vulnerability by jailbreaking the phone, of course, but for the most part we don’t know if you can hack it from the outside like that. Signs point to this not being probable. But if it was going to happen, Apple would be the best company to try. They’re the ones who would know best.

    I want to stress: I believe anything is technologically possible. Human cloning? You bet! Hacking my iPhone? Sure thing. I do not believe these things are easy, or even probable, but they are in the realm of possibility.

    Why did Apple Say No?

    Apple did say no. They said it publicly in a Customer Letter on their website. And they said no, not because these things are hard, but because they are dangerous.

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

    […]

    Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

    The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

    The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

    You can read the whole thing for yourself, but in essence Apple is saying that by allowing the FBI to insist on this, they can use it as leverage to demand anyone’s phone be unlocked similarly. Keep in mind, while this case is certainly above board, do we really trust our government to always have our best interests in their hearts? Where can we draw a line between a known criminal act and a suspected one? Do you think they will never apply this to a case with tenuous links to an actual crime? We’ve already had wiretapping issues (Watergate, need I say more), and frankly the US government hasn’t gotten much better. And once the US has managed to allow this, many other countries will use this as their reasons to do so.

    Also you can’t uncork the lamp. Once the genie is out and this is possible, it will be given out to other agencies and someone will reverse engineer how this works. Other countries will get their hands on this. They will use it against innocents. We know this is truth because it already happens now.

    Privacy and Freedom

    I’m going to give you the quote you’re expecting. The Ben Franklin one:

    Those who surrender freedom for security will not have, nor do they deserve, either one.

    From a technical aspect, the hurdles faced to hack into a cell phone make me feel safer as a user. It makes me feel better to know that the FBI are failing to break into my little iPhone.

  • Impostercide

    Impostercide

    This is not about my plugin of the same name.

    For my first ‘real’ adult job, I was asked if I knew what WinINSTALL was. “Its like WinImage,” they said.

    I had no idea what they were talking about. I thought I was applying for a software testing and deployment gig, and that sounded like images. I’d like to say I told them the truth, that I wasn’t sure what that specific software was for. I didn’t. I bluffed. “WinImage? Sure. I know that one.” And then I rattled off what the job description had said. “It takes snapshots of operating systems in order to collect all the changes to know exactly what software did when it was installed. Right?”

    Could they see I knew nothing? I guess not, because they hired me. And I had no idea what that actually meant. Sure, I understood the concept, but had no idea what I was really getting into, so I bluffed. I talked around the subject, hitting the technical points I did know and, in doing so, got hired. And I was scared for years that one day someone would realize I didn’t know jack.

    We all start out not knowing, and when we get to the point that we do know, we feel that those early bluffs mean one day, someone will find out, we’re liars. That we know nothing. Learning to deal with the fallout from that one interview has been a years long process. It set the tone for my tech life, my life in general, because I’d built everything on a lie. The lie eventually became truth, but trust me that doesn’t make you feel any better.

    When I started speaking at WordCamps, I was terrified because of that lie a decade before. Why would people want to hear from me? I had nothing to say that other people hadn’t said. The second and third times got much easier, but I still get scared. I’m scared now! When I wrote my first eBook, someone said something hurtful. He said “Why would anyone buy your book? They can just google and find that out themselves!” But I wrote it, sold it, and even made a sequel. That was really hard to do because I was facing people telling me things were worthless.

    Imposter Syndrome stems from our self doubts. It comes from the place where, like me at twenty, we bluff a little bit in order to get our foot in the door. It’s worse when, like a lot of people these days, we don’t have college degrees. We feel every day that someone will realize we know nothing. Let’s take a deep breath. There’s no magic cure to say “Do this and you will never again have these fears” — I have them all the time. Every time I take on a new role or task, I worry I won’t be able to succeed, and I can trace it back to that niggling fear from that day I bluffed. So I fake the confidence I need to stand up here. But I also remember these facts.

    Fact One: Everyone’s bluffing about something.

    We all do it. We all do it. If someone says they never exaggerate or bluff about their abilities, they’re liars. Hold on to that thought, because we all want to be seen as better than we are. It makes us feel good.

    Fact Two: Some people ARE smarter and/or better than you are.

    There’s at least one person out there who is smarter than you are or better than you are at a thing. That’s just a statistical reality. The different between them and you, however, is that you are here. You showed up. You’re here. It’s okay. The only way to get better and smarter is to keep doing things. So step one is show up. Accepting the fact that you’re not the best is hard, but as soon as you do, the constant fear to be best starts to fade a little.

    Fact Three: Sometimes it’s just in your head.

    Anyone who has a mental illness, be it depression, SAD, anxiety, can tell you this. Sometimes you get hit by a feeling of nothing and you don’t want to leave the house. You may stop answering your parents’ phone calls. You may just get really quiet. Or maybe you have a manic phase, or maybe just being around people hurts. This is all complicated and messy. But when that sort of thing happens, it can take a lot of time to remember to understand your brain and what you’re doing and when it’s you and not the world. You have to constantly judge things and ask yourself if your looking at things reasonably.

    Sounds like I’m speaking from the heart, huh? When this happens to me, I rely on my friends. I ask them if I’m being irrational, if I’m just feeling self-doubt, or if there’s a real reason.

    Fact Four: Just because it’s all in your head doesn’t mean it’s all in your head

    You all saw or read Harry Potter, right? So in the last movie, when Harry’s in the weird limbo place and meets Dumbledore again, he asks if their conversation was real or if it was all in his head. Dumbledore points out that just because it’s all in his head doesn’t mean it’s not real. Just because you know you have a mental illness doesn’t mean that your feelings aren’t real. Separating the two isn’t easy. It helps to have friends who can spot-check you. Of course, most of my friends work in WP, and I don’t want to embarrass myself in front of them. Welcome back, Imposter syndrome!

    Fact Five: It’s okay to say you don’t know

    That’s hard. That one always makes me think “Oh god, they’ll fire me because I don’t know this basic thing.” It’s not the case. If it is, well you would have hated working there anyway. You have to be able to able to learn. You need that freedom. You need the freedom to fail and experiment and say “I don’t know this.” But. You have to hold up your end of the bargain.

    Fact Six: It’s not about what you know but how you know

    If I’d been honest in the beginning, I might have started in a better place. If I’d just said “Nope, never used WinInstall but I’m willing to learn!” I could have set myself up different. Today, I don’t know much javascript. I’m still a bit touchy on sql. But I know how to know. I know how to google. I know how to research. I know how to learn. I’m okay with looking foolish for not knowing because I know I can’t know everything! I take notes, I document, and I learn. And the more I learn, the less I fear my own self.

  • Representation of Code

    Representation of Code

    There’s a great many things to be learned from the drama of the recent Code of Conduct proposal. A great many people have demonstrated why one is needed, why ‘Just act professional’ is not a tenable long term solution, and why some people are exactly the sort of person who will fall afoul of the new guidelines.

    After all, who would really argue that these guidelines are ‘bad’:

    Examples of unacceptable behaviour by participants include:

    • The use of sexualized language or imagery
    • Personal attacks
    • Trolling or insulting/derogatory comments
    • Public or private harassment
    • Publishing other’s private information, such as physical or electronic addresses, without explicit permission
    • Other unethical or unprofessional conduct

    But that isn’t what it brought to my mind. The needs of a Code of Conduct are myriad, and the phrasing is complicated. It should be, at once, easy to understand and abide by, while being comprehensive and difficult to abuse. It should prevent rules-lawyers from gaming the system and min-maxing the hell out of their abhorrent behavior, while still permitting people to speak their mind. Anyone who’s played a table-top game with ‘that guy’ knows that pain.

    As I tweeted:

    Today PHP is learning that individuals bear the weight of representation of their groups.

    This is something everyone in a minority group has known for a long time. Not to throw politics into the mix, but compare the different reactions to the Baltimore protests of 2015 and the Malheur National Wildlife Refuge occupation of 2016. Consider the way some people are painted as ‘he should have known better’ and others are just ‘misunderstood.’

    One of the things I hate about WordPress is that I am now and forever representing it. Yes, forever. If WordPress is still around in 30 or 40 years, I will be representing it. If I leave it or say “Well I hate X” about it, I will reflect back on WordPress and my words will likely be taken and twisted around and contorted to mean something.

    Now and forever, I represent things that I am and things that I do. If I act like an ass online, it reflects on my company. A coworker of mine told a joke on Twitter and was subjected to attacks from someone who found it offensive. Whether or not the joke was tasteless, it reflected on him and our company. It doesn’t matter if the company endorsed it or not, nor does it really matter what our CEO may or may not have said regarding the situation. It matters that we represent myriad aspects of our life all the time.

    To give you a short list, I represent women, lesbians, LGBT as a whole, married people, childless families, Jews, Californians, Chicagoans, Canadians, Americans, caucasians, and please double the list and add ‘in tech’ to that. We haven’t even touched on things I work on and participate in the community like WordPress, Wikipedia, MediaWiki, Ada Camp, Hugo, Jekyll, PHP, ZenPhoto, etc etc and so on and so forth. Oh and DreamHost, the bank I used to work for, and possibly the guys I worked for before that. Then there are the games I play (D&D, Pern, WoD, etc).

    I don’t get to ‘stop’ being those things. Even though I’ve not played a MUSH in almost a decade, to some people I will forever be known as a MUSHer. And some people may change their opinions on me just hearing that. But also some people will say “Oh, she acts like that because she grew up on a MUSH.” And worse, “If she acts like that, then all MUSHers are assholes.”

    Look. We know it’s stupid. We all know that a person isn’t the sole representation of a thing, and yet we spend our lives looking over our shoulders because we will now and forever be what we are identified as being.

    It was hard for Leonard Nimoy to be Spock.

    Nimoy is so synonymous with his half-Vulcan alter ego that fans revolted upon seeing the title of his first memoir, “I Am Not Spock,” despite Nimoy’s insistence that behind the name was merely a nuanced explanation of the distinctions between himself and his character.

    When we think of him, we think of Spock, the role that made him famous. And it took him years to come to grips with understanding that he was now and always will be Spock to many of us. It’s a hard thing to accept, that you will forever represent yourself, a job you had for three years and a handful of movies, and that no matter what, whatever you say will reflect back on that.

    WordPress, PHP, those are our Star Treks and we are Spock.

    Live long and prosper.