Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • Post Editing Is Broken

    Post Editing Is Broken

    By now I’m sure most of you have seen Gutenberg. And I’m sure you all have a lot of opinions about Gutenberg and why it’s absolutely not needed. You may also have read conversation about how we totally need Gutenberg, and it’s part of the long view of the future.

    I’m going to tell you something that may be difficult to accept.

    We need Gutenberg because post editing is broken.

    The Visual Editor is Limited

    The current visual editor, which uses TinyMCE, is incredibly limited. It’s awesome, as you can make a WYSIMWYG (What you see is mostly what you get) post, but it can be really hard to get layout and design flow to look ‘right.’ And if you want to insert custom content, you’re left using embeds or shortcodes.

    I love shortcodes. But. They’re weird and complicated and no two work exactly the same way. People don’t always document them, they’re not discoverable, and they can be incredibly obscure to use. Which ones take input and which are nested and so on.

    This means that advanced customization of post content is left to templating engines in those page-builder plugins, which either have to re-jigger the whole screen (like Gutenberg) or utilize a complex nesting of shortcodes (like that other plugin you’re thinking about). Neither is a great experience for users, especially when no two page builders work the same way.

    The HTML Editor is Cryptic

    If you’re not a developer or someone who read the original HTML 2.0 spec book (hardcover, y’all), then HTML may be a beast you don’t understand. It’s complicated, it has a lot of weird quirks, and you’ll hear people tell you to use tables (or not), or use divs (or not), or only troglodytes use spans and colors.

    Basically it’s confusing unless you know HTML, and that means if you’re not an advanced user or a designer/developer, you’re screwed. You’re expected to learn a whole new suite of complex arcana just to make a table with today’s WordPress. Or you use a plugin and then you find out the semantic HTML it used was problematic, and you have no idea how to fix it.

    Anyone who supports end-users who know MS Word and not WordPress have dealt with this drama. It’s real, and WordPress is still struggling to address it. Which is why we have Gutenberg in the pipeline.

    Gutenberg Isn’t Perfect

    None of this is to say that Gutenberg is perfect. I’ve had experiences with exactly how hard it is to wrangle. Building new blocks is crazy hard if you’re not using simple reusable blocks like my favourite spoiler block:

    If you want to make a complicated nested block it’s frustrating. You have to decide what flavour of Javascript you want to use and how to build it. Let’s be honest here, folks, it’s tough to be a developer in this new land.

    And as a user it’s no picnic either. It’s a lot of change and kicking yourself out of old habits and into embracing the new. Which we’re all generally terrible at. You have to shift from a fundamental concept of “Big Chunk of Content” and into “Smaller Blocks of Content.” Meta boxes and data like we add with ACF and CMB2 isn’t perfect yet either. Heck, I can’t even customize my Jetpack sharing with Gutenberg yet.

    But. As we use Gutenberg and as we inch forward, we start to see the progress. I can still insert tables via HTML inside a Gutenberg post. I can build (or hire someone to have built) a block to tweak things to my heart’s content. Things may be hard, but they’re possible.

    You Must Break a Bone to Set It

    When I was 11, I broke my arm. And I remember the feeling of abject horror when the doctor told me they’d have to break my arm again in order to set it. I used some language they’d never heard from a child my age. And it hurt like hell. It was the most pain I’d been in my young life.

    My arm never worked the ‘same’ way afterwards either. Oh sure, I could do pretty much everything, but I had to compensate and learn new ways to do other things. I don’t have full rotation in my wrist still, though it’s much better, which meant I had to change how I did certain motions. Like typing, that hand rarely rests on the keyboard. In short, I had to adapt. 

    The current editor is imperfect and broken. In order to fix it, we must shatter it and move forward. It hurts, it’s a struggle, but if we push each other, we can do this. Continue to criticize the things that are missing (not being able to hide taxonomies from use, for example), but do so in a way to help it forward.

  • Bad Faith Names

    Bad Faith Names

    One of the things about Open Source is we can name things whatever we want. This comes with a great amount of responsibility though, since we have to both come up with unique, memorable names that make sense and respect everyone else.

    Respect is a funny thing with names. For example, in order to respect my friend Tracy, I wouldn’t name my company LYKES Inc, because that would be very similar to her company of YIKES Inc. But also I know she’s trademarked the domain, which is a smart choice, and that means I have to respect her trademark as well.

    Speaking of Trademarks

    When it comes to trademarks, everything’s a little messier too. 

    This isn’t about not naming your plugin “Google Analytics.”

    This is about when you own a trademark and people are infringing on it, and how you can chose (or nor) to behave.

    This is about being cocky.

    There’s no other way to explain this, but a romance novelist trademarked the word ‘cocky.’

    No, this isn’t a joke. Since 2015, for a number of reasons, the word ‘cocky’ has been super popular with romance authors, and one of them decided to trademark the word. In 2018 she applied for, and got, a trademark on the word. Not just the word mark (which is like Pepsi’s trademark on the word and the font), but also the actual word cocky, as used in romance novels.

    And then she did exact what you’re thinking, and she decided to sue everyone else who was using it.

    Trademark Bullying

    Fallen Hopkins said her reasoning was her users. “I receive letters from readers who lost money thinking they bought my series. I’m protecting them and that’s what trademarks are meant for.”

    When you hear it that way, it does sound a little sensible, doesn’t it? She wanted to help her readers be less confused that “The Cocky Cowboy” isn’t a book in her series “The Cocky Series” (in which there is a book called “Cocky Cowboy”). She kicked the author of “The Cocky Cowboy,” who renamed her book “The Cockiest Cowboy To Have Ever Cocked” and now I’m a little in love.

    Now most of the time you can’t actually do that! I mean, I could name a book “Catcher in the Rye” if I wanted to, because you can’t copyright book or story titles. What you can do is the title of the book as it pertains to non-book goods and services, as long as the goods aren’t the book. With a trademark, if I have a book series, I can trademark the series name (see “Harry Potter and …”), but not a single individual title. Until I make a movie.

    But more to the point here, Hopkins was being a damn bully by deciding she was going act in bad faith.

    Yes. It’s legal, but it’s bad faith.

    Bad faith is simply you doing something that is legal but you know it’s the bad thing to do.

    That’s not a legal definition, by the way. If you look it up in a law dictionary, it involves the intent to deceive, which is a weirder thing. The real question is why is this legal? Right? Why would someone possibly be able to trademark cocky!?

    Turns out, it’s actually not hard to trademark a common word if you do it right. Take Apple, for example. You know, Macintosh the company? apple.com? Right, they trademarked Apple, but only as it relates to computers. I can name my car company Apple Cars if I wanted, but I better keep away from self-driving cars, eh?

    There’s a catch to all this. If you’re in the USA, you may be aware of the First Amendment. You know the one? Well there’s a doctrine about all this that basically exists to stop trademark law from stomping all over our rights. People build careers on this stuff, so the short version for you is that folks who are chapped about this have a damn good case against her doing this maliciously, and getting the trademark overturned.

    The problem is they need lots of money, which they don’t have. We’re talking about a bunch of indie e-book authors, after all. They may not have money but they have the internet, and they’ve been using it to savagely take down Hopkin’s reputation.

    You really should never piss off people who are good with words.

    Cockygate Doesn’t Hold Up

    The good news in all this is the trademark’s being canceled. The bad news is that someone else with deeper pockets probably has a great idea now and is going to be an even bigger problem for people later on.

    People will get confused. People can’t even tell differently named web hosts apart, so of course someone will think “Joe’s Google Analytics for Sports Sites” is an official Google plugin on WordPress.org (seriously someone did). They just don’t read and think, and all the trademark protection in the world isn’t going to help them out.

    But think about how you’re approaching this. Ask people to change the display name of things, and ask them to make sure it’s clear they’re not related to you. And when someone gets confused, point out “That plugin/app doesn’t have my trademark’d logo, so you can see it’s not mine. Sorry about the confusion, here’s mine.”

    If you’re interested, read Vox’s explanation on cockygate and please, don’t be a cock when you’re protecting your trademark.

  • Consent and Awareness

    Consent and Awareness

    GDPR.

    It’s the bane of many headaches for many web developers, web admins, and in general anyone who uses the internet.  If you’re reading this, it’s probably a headache for you too. So let’s have a real, non-lawyer talk about what’s going on and why you need to care.

    Notice: I’m not a lawyer. This post is not legal advice. Please read the EU GDPR Information Portal and research your specific situation.

    Everyone Needs to Care

    If you thought this only has to do with people who use eCommerce products, think again. The centre of the GDPR is data privacy. That is, the right to have your data removed from websites, when you want. The point to all this is if you have a website, and people visit, you need to care because the following reasons:

    • You have ads on your site
    • You allow comments
    • You use custom avatars (Gravatar)
    • You track visitors (Jetpack, Google, etc)
    • You embed content (Twitter, YouTube, etc)

    Does any of that sounds like you? It sounds like pretty much every public website in existence. And congratulations you need to care about GDPR.

    What You Need

    There are a lot of moving parts here, but the pared down version is this:

    • Know what 3rd party services you use
    • Know what your CMS tool tracks
    • Have a privacy policy
    • Have a way for people to request data deletion

    The first two are surprisingly complicated because, in the case of WordPress,  you might be tracking a lot more than you think. Remember all those things I mentioned above? They all are common situations where your CMS might be tracking people. But what if I told you that a lot of plugins you use also add on tracking? Or record more data than WordPress knows about?

    Like. I wrote a plugin that adds in the IP address used to register an account to the user meta. This means WordPress now records more data. Thankfully that gets deleted when you delete a user account, and it’s generally covered under the broad disclosure that you track users IPs (which every website does). But I have to make sure people who use the plugin know that, and communicate to others.

    That’s a very simple example. Take a plugin that logs user activity for, oh, let’s say security. Now you have to tell everyone about exactly what it tracks (browser information etc) and what you use it for. And you get to figure that out for every single plugin you use.

    This won’t be easy. Unless you read every single plugin you use, you’re going to be at the behest of developers who may not be aware of exactly what they need to disclose.

    Privacy Policies Are a Must

    Every site should have a privacy policy. While for most smaller blogs, the odds are low that anything will happen, you should have one anyway. The problem is that no one can tell you exactly what yours needs to have. I try to cover the four basics:

    • Terms of Use: all the things you agree to by using this site
    • Data Collection: what situations result in my tracking your data, including details on 3rd party services regularly used
    • Data Usage: what I do with data and how long I keep it – also how to request it
    • Policy Changes: a CYA that they’ll likely change

    There are a lot of details in those four sections, especially the Terms, which exculpate me if I get information wrong, allow me time to handle a DMCA, and a whole lot of things. And yes, it’s super daunting, I know. I mean, the privacy policy here isn’t half as robust as some of my other sites.

    The Bottom Line

    You can distill all this into consent and awareness. People need to know what they’re getting into on your site (or at least be able to know – you can’t help people who refuse to read). And you need to understand exactly what your site does. You need to be aware, as a website owner and a user.

    All those terms you ignored when signing up for Google Adsense and Analytics? Now is the time to knuckle down and read, because you need to cover that. All those extensions (plugins and themes) you added? Read up on them too. If they don’t explain what they do with data, ask the developers.

    Developers? Step up. Document exactly what data you save. If you allow for the saving of different kinds of data, based on what the user picks, explain that. But you have to tell people what’s being saved and how to delete it. Most CMS apps now have tools to hook into to aid deletion, so research.

    GDPR kicked in four days ago, but it’s not to late to fix things.

  • FUD: The Sky Is Not Falling

    FUD: The Sky Is Not Falling

    Every day it seems like there’s a new Zero Day vulnerability about our websites. SSL is being deprecated, PHP is out of date, the CMS we use has a critical vulnerability, security isn’t all that safe, and OMG we’re all going to get our identities stolen and our lives hacked.

    Making matters worse are those myriad security tools we use to keep ourselves from getting hacked or attacked, and they alert us to horrible things. I say worse because they terrify people without actually explaining and educating them, so the uninformed users come running to complain the sky is falling. And when those people are told an answer by other experts, they don’t know who to believe.

    Can you blame them?

    Responsible Disclosure

    It’s four years now, and Nacin’s post about how security is nuanced is still required reading.

    The problem we face is that telling the world about a security issue is complicated. We definitely need to tell people who are responsible for fixing it, and in a perfect world we should trust that they’ll push out that fix in a reasonable time frame. We also should be able to trust they’ll tell the appropriate people.

    But who, exactly, is the appropriate person to tell about a Drupal patch? Not the hack, the patch. In a different light, who are the right people to tell that a new security fix for an operating system has been released?

    There are millions of users. How do you get to all of them quickly, with the right amount of information so they can understand how important this patch is to them, and how quickly they should apply it?

    Enter Security Companies

    Many companies make their milk and meat off being the people who monitor and announce security releases. There’s nothing wrong with this. In fact, I laud them for being a much needed service. With so much data flowing, it’s important to have a service that can help users winnow down what’s critical to them and their setups.

    But… That’s not what’s happening.

    Security companies face the same problem we do. There’s just too much data, and it’s being updated all the damn time, and there’s no way to keep up with all of it. Which means that they do what I tend to do when I’m trying to explain things to a wide variety of people. They simplify as much as possible.

    The problem with simplification is that you have to skip over things and leave out the nuances that help people understand what’s actually going on. They have no idea what they actually need to worry about. And we’re back to zero.

    To Know When To Worry …

    You have to actually understand context to know what to worry about.

    There’s literally no other way around it. There’s no shortcut, there’s no cheat sheet, there’s just knowing what your site is doing.

    Let’s taken OpenSSL as an example. Back in 2014, a serious issue called HeartBleed was discovered. The bug was phenomenal in that it allowed people to steal and read secure data. If you ran a website, this was a massive issue. For your webhost.

    Was it a huge issue to you? Well. Maybe.

    A lot of people sounded the alarm and declared this a crisis, and we should all grab our web hosts and asks what they were doing and when would we be fixed. And the rest of us said “Hang on. Webhosts are aware. See if they have an announcement, which most will, and if they say they’re working on it, trust them.”

    Sounds like I’m passing the buck, but the reality is that unless I’m using my site for privileged data (like a private blog, or a store), then the odds are for my individual site … I don’t need to panic. Especially if I use unique passwords and take regular backups.

    This doesn’t mean Heartbleed wasn’t a huge problem, and that I didn’t want to see my host putting this as their number one priority, but it means that I’m aware of the risk (private data being stolen) and the likelihood of it happening (moderate to high) and the level of risk. That last one is the most important.

    What’s the worst that could happen, today, on this site if someone stole private data? Well. They’d see my password maybe, and some draft posts, and have access to my API keys for a couple services. Nothing I can’t fix relatively quickly. They can’t log in to those API services and they can’t destroy my life.

    If I was still running a store (like I was at the time of the initial vulnerability), I paid close attention to the fixes being released and the moment one was out for my system, applied it. But there was no need to panic or rush about. I understood what was going on.

    If You Don’t Know …

    If, however, you have no idea how it all works and what it means, then I recommend the following checklist:

    1. Do I have good passwords?
    2. Do I have good backups?
    3. Does my web host have a reliable track record for fixing this stuff?
    4. Do I run any private/privileged data on my site that could be dangerous to release to the public?

    If that last item is 4, then I better be paying my host (or an expert) a lot to protect me ASAP. If you’re still on budget web hosting, it’s time to move up to something managed, or hire someone to manage for you.

    Otherwise, if the first three are all ‘yes’ then I’m not going to panic. I’m going to trust in the experts to do their job.

  • Organization

    Organization

    In September 2005, Lorelle wrote what I consider to be the definitive piece on tags vs categories. In 12 years, my opinions have not changed and I still feel her explanation is correct. That said, there is room for improvement at scale.

    The Gist

    Her advice boils down to this:

    • Categories are a table of contents
    • Tags are index words

    By this we mean that categories are the high-level, big ticket items, and tags are the smaller, more precise terms. This is, I feel, the heart of understanding the two.

    Further down, Lorelle states that at around 25 posts, a tag is ‘big enough’ to be a category, and that if a category dominates a blog, it should perhaps be a separate blog. And that’s where I disagree.

    On Beyond Zebra

    When she wrote her post, the concept of custom taxonomies was barely a gleam in someone’s eyes. Multisite was still WPMU, and a separate installation. Today we have the ability to add our own taxonomies (either in category or tag styles) and we can create a network of related sites on our own. All we need is a little more technical know-how.

    When we add on custom taxonomies, we afford ourselves a new way to classify posts, so to the above I would add this:

    • Custom Taxonomies are critical but exceptionally unique index words that must be grouped together

    Okay that was long, I know, but a Custom Taxonomy is in essence a new subdivision of your site. You can either make it a new table of contents or a new index … or a combination of the two. It’s a little wild, especially when you factor in custom post types.

    Overwhelming Category? Custom Post Type!

    Instead of making a new blog when your category gets too large and unwieldy, I would recommend making a new custom post type. If I use my helpful example of LezWatchTV, we currently have three custom post types: Shows, Actors, and Characters.

    While we could have made them into posts, and used categories to index them, having them be their own post type means instead of a table of contents, I’ve made an appendix. This gives me access to all the cool WordPress features, like archives and sorting and organization, but it does so outside the realm of posts which restricts crossovers. Unless you’re really clever with cross-related content.

    A custom post type keeps it all on one blog, but separates them like your laundry.

    Too Many Tags? Custom Taxonomy!

    If you find yourself having too many tags, it’s time to consider a custom taxonomy. Again, pointing to LezWatchTV, actors have two custom taxonomies: gender identity and sexuality. While those are the same as we use for characters, by having them separate and only applicable to the actor post type, we are able to give a list of all trans female actors with a click. In other words, we’re using WordPress’s native features.

    But if we look at the custom post type for TV shows, we have a lot more taxonomies, including two that are constantly being added on to: nations and stations. Every time a new station airs a show, we have to add it in. And there, as of April 1, we end up having 29 nations and 168 TV stations.

    Which brings up the next problem, and one that Lorelle does indeed address, but not the way I would.

    When Tags Go Rogue

    Can tags still go too large? Yes. Oh my lordy, yes.

    Recently I saw a site that used unique tags on every single post. I physically flinched when I realized that.

    You see, they had around 30,000 posts and 48,000 tags, and for the life of me I couldn’t understand why until I read the site and looked. For every single post there was a commensurate tag for the post title and the date. After 365 dates they thankfully started to repeat, so you might have 10 posts for the march-25 tag. Except they weren’t consistent and someone else used 25-march and now you can see the rabbit hole fall into infinity and beyond.

    Now that said, I have 168 tags for TV stations, each TV show has one, maybe two if they’re lucky or weird, and some tags only have 1 show listed. Others, like ABC, NBC, and CBS, have around 60. Do I think any of those are ‘too large’?

    I don’t. Because the number of 25 posts to a tag only holds up at a smaller scale. With 100 to 200 posts, yes, that starts to make sense. At 600 to 3000 posts, suddenly having 198 posts tagged with “Bury Your Queers” doesn’t sound so out of place. It’s about the percentages, somewhat, and also the use-case.

    If I know people are looking for a smaller tag (say they really want to see the 10 shows that have the ‘Fake Relationship’ tag), then for the purpose of this site, it’s important. On the other hand, if only one character was tagged cougar, I might not keep the tag as it’s too small to make the data useful.

    Optimal Organization

    There is no magic number of tags to categories to custom post types to taxonomies. It all comes down to understanding the goal of your site, the way users look for data, and what is maintainable to you.

    In the case of the site with 48k tags, I would have them delete all the date ones, as well as the ones with the same names as posts, and stick to using topical tags. After all, if a tag is only used once, or duplicates some feature already found in WordPress, it’s perhaps not the best idea.

  • A Name is Not A Description

    A Name is Not A Description

    One day, you found a app or plugin or add-on for something. It was a feature you always wanted, did exactly what you needed, was well written and supported. It was that panacea of perfection. You loved it. Then you had a computer crash, or a house fire, or moved, and you forgot what the name was. All you could remember was the name was something about what it did. So you decided to Google for it, and quickly found a billion things that fit the bill.

    SEO vs Generic

    When you’re naming your product or company, you work very hard to think of a name that encapsulates what you are, what you do, and what makes you unique. For example, you don’t name yourself “Shoe Company” and expect people to be able to find you. With very few exceptions (and really only No Name comes to mind), if you want to stand out, you pick a good name where you are prominent.

    This directly relates to SEO, and people’s ability to find you. Ever used Apple Pages or Sheets and tried to Google something? Like “How do I make Pages Templates” perhaps. You often feel damn lucky when you get the right result immediately:

    A google search that has useful results!

    But you’re not Apple, are you? So if you named your product “Foods,” you’d probably have a devil of a time getting ranked so people could find you in search!

    Unique vs Memorable

    Take a look at WordPress. Pretend you’re looking for a slider plugin. Hush, just come with me here. Now. You remember a really cool slider plugin, but all you remember is it was named something like “Best Slider Plugin.” Yeah. You ain’t gonna find it. Probably ever. But what if you were looking for a lightbox plugin, and you remembered the name as “Foobox Lightbox” … Hang on a second. That’s one you’re going to be able to find. It has a unique name, but better than that, it has a memorable name!

    The only reason Apple Pages actually works is that Apple is huge and also the fact that most of us Google “Apple Pages whatever” and not just “Pages.” It’s the same with the Apple Watch. It’s nice they call it “Watch.” We call it the “iWatch” because we have to be able to find it, and they picked stupid generic names. Being Apple, they can get away with it.

    To their credit, the name is memorable. It’s not unique, but you will remember it. Even if you remember it as “That stupid Pages app Apple made.” You remember Microsoft Word, but you also will remember WordPerfect, and possibly WordStar. But if you listed four Twitter apps, could you remember what differentiates each one without looking? Definitely unique names, like Tweetbot and Twitterific, and certainly memorable, but in the wrong way.

    Names vs Descriptions

    Many people make a common mistake. They remember the tools they use on their computers, like “TextEdit” and “Notepad” and they think that in order to be found, the name must be short and descriptive. That’s why we get Notepad++ and iTerm. To an extent, this works. LastPass and OnePassword are going to be memorable and unique and descriptive names. But the longer a product, or suite exists, the more likely they are to corner a market and make it harder for the little people.

    Let’s go back to WordPress. You’ve made a great popup plugin and you want everyone to know it. There are roughly 500 plugins that use ‘popup’ or ‘popups’ as a tag. There are 2500 or so plugins that show up for a search on ‘popup’ in the directory. Besides the fact that you really should use the ‘popup’ tag in your plugin, there’s no way in the world you’re going to get your new popup plugin to the top of the list in a day.

    But … users don’t look for ‘popup’ or even ‘best popup plugin.’ They look for something else. “WordPress popup plugin with call to action on page exit.” They may simply that to “wordpress popup plugin call to action page exit” but they’re going to look for what they need. And they’re going to remember the plugin named “Wait Don’t Go! Popups” that has a nice plugin description of “Grab your visitors’ attention one more time before they leave your page forever.”

    Humans vs Robots

    Putting a million buzzwords in your product’s name, the description, and the URL aren’t ever going to make you popular. The only thing that does is bring people in the yard. If they see your website is fill with upsell and hyperbole, they’re going to walk right out again. If they see features and explanations and proof that you are, indeed, the bees knees, they’ll stay. If you have a catchy or unique name, they’ll remember and recommend you to their friends.

    And then, then you will be a success.