Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • Rant: Chrome is the New Nanny Browser

    Rant: Chrome is the New Nanny Browser

    Part of my job is to look at possibly naughty and dangerous sites. Usually Chrome gives me an ‘are you sure?’ warning before I look at a hacked site, and I understand why. But see, my job involves me going to known hacked sites, seeing what’s going on, reverse engineering, and fixing. So yes, Chrome, I need that ‘I’m sure’ option.

    Lately Chrome hasn’t been giving me an option. It’s been saying no.

    So I went to the documentation, Can’t download files on Chrome, to find out how to turn it off and I was annoyed.

    If you don’t want Chrome to show you download warnings, you can turn off your phishing and malware protection setting. Turning off these warnings will also turn off other malware and phishing alerts:

    I want phishing protection!

    Actually what I want is Chrome to say “This download may harm your computer. Don’t download it if you have auto-expand or auto-run on for downloaded files. Are you sure you want to download this?” and default to NO.

    And no, I’ve not figured out how to do this yet.

  • OpEd: Community, Community, Community

    OpEd: Community, Community, Community

    Lately there have been a lot of talk about the issues within various communities. It might be the shit storm over in Reddit land, it might be the drama in WP World. It doesn’t actually matter for the purposes of this post.

    Poisoned Well

    As my friend Helen asked recently:

    Do you ever feel like the entire internet has been taken over by trolls because I feel like I’m drinking from a poisoned well right now.

    I do.

    All the time. Always have. People have always used the internet as a way to let out what they’re feeling without filtering it through their humanity first. They hide behind anonymity, or the simple shield that they can’t see the faces of the people they bully and humiliate. They see it as ‘just good fun’ or ‘just letting things out.’

    My friends know I feel that way too. But I always ask them “Can I be unfiltered? I need a rant.”

    The Internet Is Broken

    What we’re facing is the endemic brokenness of communities as a whole and their sewage spewage.

    As my friend JJJ remarked (specifically about a subject but it doesn’t really matter for the purposes of this post):

    … I’m waiting for a “things are broken” post …

    J-trip, I know I’m not the person you’re asking for the post from but, yes, things are broken. Things are badly broken. Things have always been broken. We’ve always been at war with Eastasia. Things are broken because we, as humans, are broken. The online communities we tout as being fundamental to the growth of software development and that bind us together, closer, as humans, is broken because humans suck.

    What’s broken isn’t PHP or Reddit or WordPress.

    What’s broken is us.

    And we remain broken because we don’t fix things.

    Let’s Fix It

    Fixing isn’t easy though.

    Unlike your ‘in person’ community, an online one is incredibly diverse.

    At the same time, we need to stop giving it a free pass simply because it’s online. Treat it with the care and love you would treat the people who come together to shoot arrows or sew or watch a baseball game. This is a community and we need to treat it like that.

    Remember that what we do in public, and yes the Internet is totally public, reflects on who we are because it is who we are. Behave with integrity and honesty and be yourself. If that self reveals itself to be a bad person who does mean things and doesn’t care about the outcomes, then deal with the outcomes.

    Stop pretending that there are no repercussions just because you’re online. Stop thinking that you can get away with being mean just because it makes you feel better. Start caring about people as people, online and offline.

    And then there’s the hard thing. Stop letting people get away with it. We all fear the cry of censorship, but there will come a time when we have to stop killing ourselves. It’s our choice to keep the hatemongers among us, and it’s our choice to tell them to change or leave.

    Make the right choice.

  • It’s Okay To Write Bad Code

    It’s Okay To Write Bad Code

    We all write Bad Code.

    We all write insecure code.

    We all can learn.

    When I posted about bad code, a reader remarked he’d done those things when he was new. So did I! So does everyone. We learn by copy/paste and seeing “Oh! Hello World actually worked!” Those are wonderful moments where we high-five ourselves and feel like we’re learning something cool.

    Everyone makes mistakes. Everyone writes bad code. Everyone misses something. These are all parts of the learning process. So

    Bad Code Educates Us

    When we write bad code, and someone calls us out on it, we learn something. Negative reinforcement is a terrible thing, but those lessons tend to stick with us better than the best positive ones. We remember the feeling and we do anything we can to avoid it again.

    Bad Code Humbles Us

    We’re not perfect. You’d think we don’t need a reminder, but our egos can get the better of us. We start to think we’re awesome and know everything and are always right. We’re not perfect. We’ll never be perfect. Don’t use this as an excuse to write sloppy code, but be aware of your inherent imperfections.

    Bad Code Inspires Us

    When I see bad code, it reminds me to be better and do better. It goes back to the education thing, but really it’s the desire not to be shitty that inspires us to do better. The positive feedback loop being what it is, we really want to be better and have that feeling.

    Bad Code Entertains Us

    I have a site where all that exists is code that ‘breaks’ your site. It’s funny in a way, to learn how to do things by doing it wrong. When I see how far off I was and how bad it was, I laugh. Because in being educated and humbled and inspired, I find the delight in the universe again and laugh.

    What Do You Learn?

    What do you learn from bad code?

  • Rant: We’ve Forgotten Nettiquette

    Rant: We’ve Forgotten Nettiquette

    When I was new on the interwebs, people told me things like “Don’t bump your posts” or “Don’t nag people.” I took those lessons to heart, and even though this new online message board thing was awesome and addictive and a great way to talk to people all the time, it introduced us to a new/old problem of instantaneous gratification.

    While the world is a 24/7 place, and people are working around the clock to make cool things, it’s really hard for people to understand what being ‘polite’ means in these instant times. But I get poked on email, then in a Slack chat, then on Twitter, then on Facebook (where few people can access me at all), and even G+ when someone decides they need to get in touch with me ASAFP.

    Since the Core Rules of The Net have been lost on many of us, here are some rules for you:

    Respect Downtime

    Every time you ping someone more than once in three days about the same thing, you’re probably hitting them on their downtime. People need breaks. Just because I’m active on Twitter, talking about comic books or music, doesn’t mean I’m available to talk about debugging your website.

    Respect “No”

    If someone tells you “Not right now.” or “Please ask someone else.” there is only one, proper, reply. “Okay, sorry about bugging you.” And you walk away. (You can ask “Sorry, who else can I ask?” of course if you really don’t know, but people bugging me actually do know if they think for a moment.)

    Respect Priority

    I got news for ya. You’re not my priority. Oh I do understand the importance of you and your work and that it’s very much on your radar. But you’re not always at the top of mine. I have to make my priorities in my own order and sometimes I can’t tell you about them. It’s never a case of being dismissive, it’s always a case of having a lot to do and having to sort things in an order than I can maintain. It really sucks when you’re not the priority, but it’s the world we live in.

    Respect BRB/Later

    Sometimes I’ll be working with someone in chat and my wife will ask me a question that need a now answer. Or she’ll want to go out. And if we’re not working on a ‘save the world’ thing, I will likely say “I need to go take care of my personal life. Can we pick this up at another time?” I will work out when that other time is, but people should respect that space. Similarly, if I type “Hang on, I have to deal with a thing.” then maybe I’m talking about a bathroom visit, or maybe my cat lit the other cat on fire. Either way, someone taking a long time to reply is not cause to have hurt feelings. We need to have time to think, time to process, and time to put the fire out on the cat.

    Respect ME

    Look. This should go without saying, but respect me. Respect what I say to you and when and where I say it. Respect me as a human and as you would want to be treated. If I say “Stop being so pushy, you’re not making it easier for me to do XYZ” then stop being Gordon effing Ramsey and give me a moment. If I ask you not to communicate with me about something on a specific channel (like asking me long WP questions on Twitter) then respect that. It’s totally okay to ask me “Where can I ask you for help with…?” but it’s not okay to assume that I’m going to want to be all WordPress all the time everywhere.

    I happen to like other things and so do you.

  • Internet Abuse

    Internet Abuse

    I try not to make this site about my personal grievances about people and attitude, and only about my code, but it does come back to code many times.

    “I thought you knew what you were talking about. Never mind.”

    That was actually said to me, about three years ago, when someone realized my name, Mika, was a woman’s name and not the male ‘Mike’ he’d thought it was. This was after pages upon pages of testing and debugging. The moment someone corrected him as to my name, and gender, he stopped listening to me. At the time, WordPress was my hobby, and so I decided he wasn’t worth my time anymore and walked away.

    Then he followed me ‘home’ and emailed me saying women like me should stop trying to do tech support, and just find someone who knew what they were talking about. I deleted the email, blocked his email from my inbox and my blogs (using Sitewide Comment Control), and moved on.

    If you need a reminder of the abuse and harassment we face daily, please read about the ping-pong theory of tech world sexism or No skin thick enough: The daily harassment of women in the game industry. In both cases, the content may upset you.

    The problem is that I can’t tell you how to deal with people who want to chase you off the internet, and if you should or should not fight them. I can tell you how to prevent them from getting further into your life once you’ve decided that you’re done with them.

    I talked about this at WordCamp Minneapolis earlier this year, and the steps to Detoxify Your Website remain valid. In fact, those are my best methods for self protection. I use them today, not just when people are mean to me but when I know I cannot be nice to them. Some people rub you the wrong way and you know you’re going to lash at them. It’s okay to prevent yourself from talking to them.

    That’s how I deal with them.

    Don’t Reply If You’re Angry

    If I’m angry I tell them “Hey, you’re making me angry right now and I can’t talk fairly about this, so I’m walking away. I promise I’ll come back, but I need to cool down.” If they follow me after that, they get blocked and I don’t go back. Respect people who need to step back and cool down. If it’s not a situation where I have to reply, I reach out to my friends in the same arena. “Can you talk to this person for me? I’m too angry to be sensible.”

    Set Boundaries and Stick To Them

    I’m very firm about this with plugins. If I emailed you a plugin thing, like I had to close your plugin, asking me to update you on Twitter or Slack doesn’t actually do anything except annoy me. Yes, Aaron, we’re friends and yes, that still annoyed me. The real reason replies to plugins take time is that I don’t have a TARDIS, so unless you can invent one, it’s best to give folks at least 48 hours to reply. But replying to an email and then pinging me on Slack and Twitter is the equivalent of the phone call “Hey, did you get my email?”

    I totally get that the subject is important to you. It’s important to me too. But you’re not helping me. So I draw a line and say “Hey, don’t ping me about the email. Reply to the email. I’ll read it and reply back.” That’s my boundary. I like it. It lets me cool down if I’m mad (see the previous note).

    Don’t Feed Trolls

    Lara Littlefield taught me a great phrase. “This makes absolutely no sense.”

    To quote her:

    I will reply “this makes no sense” to any comment that expresses misogyny or racism.

    That’s my new reply. I’m using it. If someone drops into misogyny, racism, or anything of that ilk, they generally do it in a way that shows me they’re not going to listen. It’s like Godwin’s Law. Once you’re at the Nazi place, conversation is over and you’re not getting anything good about it.

    That makes absolutely no sense.

    Have People To Vent To

    I bitch to my friends when I’m angry. I start with “I’ve very pissed off, it’s not at you, but I need to rant.” And guess what? My friends will let me bitch. They let me complain in language that is inappropriate and not well thought out. They give me a free pass to say horrible things. They let me get it all out. And then they help me be constructive.

    You guys are pretty cool.

    But it only works because I start with where I’m at and what I need. Sometimes they ask “Do you need to rant or do you want help figuring out what to do next?” Sometimes I don’t know, and that usually turns into “Rant away, Mika, and we’ll see what comes next.” Find those people. Keep them in your life.

    Don’t Air Dirty Laundry

    If you have a fight with someone, don’t plaster it all over the news. I’d say ‘and don’t subtweet’ but sometimes it helps. The real thing is that you don’t want to hurt your friends. Friends can be pretty vile to each other when we fight, so remember that you are friends, and try not to destroy things. Don’t blog post or comment about how so and so sucks. Don’t say the horrible things in public if you can help it.

    You can’t go back from that.

    The internet remembers.

  • Name Collisions

    Name Collisions

    Many many years ago I played MUSHes. One of the games was PernMUSH (which apparently is inactive now). PernMUSH took place on the world of Pern, and you had the chance to be a dragon rider. Which was kind of the Thing to Be ™. One of the ‘quirks’ of the game was that every character had to have a unique name, and so did each dragon. When I started playing, I didn’t really understand this. Today I know that it’s because of name collisions.

    A “name collision” is a problem not solely endemic to computers, but it comes up there an awful lot, whereby you must have a unique identifier to know what each ‘thing’ is. For example, in WordPress every post has two unique identifiers. It has a post ID, which is a number given to the post when it’s stored in the database. If you use ‘ugly’ permalinks, you’ll see this as example.com/?p=123 – that 123 is the post ID. But if you use pretty permalinks (like I do here — example.com/my-cool-post/) then you have to have only one ‘post’ with that name.

    You, literally, cannot have two posts with the same ID or name. Makes sense, right?

    On PernMUSH we had everything have a unique ID as well as a unique ‘nice’ name. But then when dragons were introduced, you had to give them unique names as well. This was not for frivolous reasons nor pretty special snowflake ones. While it was perfectly understandable to have a hundred rooms named “Bedroom,” the code for the dragons allowed them to all talk to each other and send private messages. They were, basically, our cell phones. Dragon Ath had to be able to talk to dragon Bth, and in order to ensure that worked properly without everyone having to type dtu #12724=message we had to have the code written such that someone could type dtu bth=message and that meant each name had to be unique.

    This would have been fine and dandy as it was except for one small problem. PernMUSH wasn’t the only MUSH based on Pern. There was also a game called SouCon, which took place on the Southern Continent. And transfers between the games were allowed. This added in a wrinkle that now PernMUSH and SouCon had to be sure that everyone on both games had a unique name and dragon name.

    It was quickly determined that they wouldn’t bother with human names. If J’cob on SouCon came to visit PernMUSH, which already had a J’cob, then SouCon’s J’cob would use a different name like Jy’cob. But for whatever reason it was decided that the dragon names on both games were going to be unique. Thus the “All The Weyrs List” was created. That list (which still exists at dragons.pernmu.com ) was a mostly honor system site where you would email in your ‘hatching records’ with who’d impressed and to what dragon and what color and who were the parents. The list would be updated. Then the next time anyone had a hatching, they’d search that page for the dragon names they wanted to use. If the name was there, then then couldn’t use it. Done.

    Of course this wasn’t perfect. Anything based on the honor system is bound to have a few bad eggs. After 10, 15, 20 years, the ability to give people the name they ‘want’ starts to chaff against the tacit agreement not to repeat a name. At some point, I know some games gave up and let people have whatever name they wanted, and transfers could cope.

    What does all this have to do with anything?

    On the WordPress.org servers, where we list all the plugins approved by the team, each plugin has a unique slug that cannot be changed. I have a plugin called Impostercide, which has the slug of impostercide and it’s the only one. No one else can submit a plugin with that name. For the most part, this worked fine. If someone else wanted to make a plugin with that name, they were free to do so but it just wouldn’t be on WordPress.org and that was okay.

    Then we shot ourselves in the spirit of making life easier. Today WordPress updates your plugins and themes by using an API that calls back to the wordpress.org servers. That API check sees if Impostercide on your install of WordPress is older than the one on wordpress.org and, if so, alerts you to update. You press a button and your plugin is updated. It’s magic. It’s gold. It’s great. If you’re that person who wrote your own plugin, not on wordpress.org, you can hook into the update code and have it update from other servers. It’s brilliant.

    Except what if you’re that person who has their own plugin named Impostercide? The obvious answer is that you can just rename your folder and off you go. That doesn’t fix the thousands of people who just upgraded themselves to my version, though. They’re having a bad day. Also what if someone submits a plugin called impostercide-two? Now you have the same problem all over again. Other people will tell you to bump the version to something the real Impostercide will never use. But again, that doesn’t hold up since what if Impostercide does?

    The actual fix is to tell WordPress not to check for updates for that specific plugin.

    The awesome Mark Jaquith posted about this in 2009. You can code a plugin to tell WordPress to not check for updates for it. This does put the onus on people who are writing the plugins not hosted on wordpress.org though, which is and isn’t fair. There’s a movement to allow a new plugin header to prevent these things in trac ticket 32101, which boils down to the idea that if those non-org hosted plugins can flag themselves as ‘I’m not from .org’ then the API stops trying to update them.

    I think that it would be a good idea to have an easy way for people to flag their plugins as not being hosted. The alternative would be an honor system method, where everyone registers their plugin slugs and all submissions to wordpress.org is checked against that. But that falls apart quickly the day one person forgets to do it. With a way to easily kill the API check, we can allow non-org hosted plugins to very simply protect themselves, and their users, from being stomped on.

    As for the risk that someone might edit their own locally installed copy of Jetpack to have that header because they’re tired of updates, well, we can’t stop you from shooting yourself. I just hope people are smart enough to understand that you don’t edit core and you don’t edit plugins and you don’t edit themes. You make child themes, you use other plugins, and you use filters and hooks.