Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • Packaging Code

    Packaging Code

    I love that people do it. I hate that they don’t review it.

    The number of projects I review, only to find that the author ran a tool like Grunt to combine files, but forgot to go over what the result was is fairly high. And this is a problem when you consider how many times I have to tell people “Your submission still has demo files, test scripts, and other files that aren’t applicable for distribution.” What happens is that people use the very cool auto-scripts and never stop to make sure that everything’s right. They make sure the code works but they don’t remember to clean up the package.

    So let’s talk about what should never be in your plugins for WordPress.org

    Deployment Scripts

    Now I know a lot of people use scripts to copy their code from GitHub to WordPress’s SVN repo, and I think those scripts are great. They’re helpful, they speed up development, and please keep them out of your plugins. Your script should include a note not to distribute itself. I understand why, when you link us to the GitHub default zip, those scripts are in the review package, and that’s okay. But I do sometimes run a sweep through the repository to see how many people are accidentally including those SH files in their plugin packages. You’ve got to remove those. They don’t matter to the final product and without them, your plugin will be smaller.

    Demo Folders

    Here’s the thing. They don’t matter. A lot of awesome 3rd party tools come with detailed demo files and extensive things you’ll never need. Those demo folders also tend to be where you’ll find all sorts of crazy things like Google Analytics tracking, calls to external resources (like jquery’s JS files), and more. Your users will rarely, if ever, need that sort of thing. They generally don’t notice it, unless you code it into your plugin, at which point you’d be better served by making it look like WordPress.

    Test Scripts

    Your test scripts don’t need to be in your plugin. They’re cool, to make sure that the code is going to work before you push it, but that code doesn’t need to be in the plugin on my site, does it? No it does not. All automated tests should be separate from your plugin code files. People don’t need to see the Travis checks in the code on their sites. If they’re developers, they’ll go look for them at your code’s home, after all.

    Compressed and Uncompressed Files

    Pick one. You don’t need both. When you’re talking about a framework or a library, it’s fine to pull in a minified (but not p,a,c,k,e,r compressed) version of the file as your own version. If there’s no need or plan to edit that file (and there shouldn’t be), you can make the plugin smaller. Of course, I feel that if the JS is all of 7 lines, for goodness sake, it’s fine to leave it all human readable.

    What Else?

    What do people leave in plugin or theme packages that drive you up the wall?

  • I’m Fine With Envato

    I’m Fine With Envato

    I just don’t use ThemeForest.

    Look. I think Envato is actually pretty awesome. They’ve made a way to help people monetize development within WordPress. I’m all about that! I want to see people making a living from WordPress and I want people to be able to succeed and make WordPress even better. A number of people I know who are currently successfully running their own WordPress related business got started over there.

    So why don’t I use their products? I haven’t had a need to. I don’t use WooCommerce either, or their themes. There’s nothing wrong with that. But there is a ‘problem’ with Envato, or rather there’s one with ThemeForest, and it’s the same problem as we have on the WordPress.org plugin repository.

    The last (and possibly only) time I mentioned them, I said I had an issue with their lack of upgradability. If I buy a theme or a plugin, I can’t easily get updates. I’m stuck on the old way of download when I get an email. There’s no way to do it easily from inside my dashboard. This is a problem of our own creation. Ten years ago, that was normal. Today, we have a reasonable expectation to easily upgrade WordPress, it’s themes and plugins.

    I happen to know Envato’s working on it, so I still look forward to their solution.

    But they have the exact same problem as we have with the WordPress.org plugin repository: crap code.

    You see, there’s only no practical difference between the WPORG repository and ThemeForest and how it handles reviews except they actually may be checking on every upgrade. If you didn’t know, ThemeForest does review things. But they do it exactly like we do! They read the code, they test it, they look for evil things, and they approve or not.

    Theme review on WPORG is a tighter ship than plugin, for a few reasons, but frankly I doubt the overall quality of code on WPORG (plugins) or ThemeForest is all that different. We’ve had some pretty insane vulnerabilities in plugins, after all, and the WPORG repository doesn’t have a great way of dealing with them. But to say that you don’t trust ThemeForest because the code quality is bad while simultaneously using any free plugin from ORG is naive at best.

    The constant problem we have with plugins, and one they have with ThemeForest themes, is that we allow a lot of different types of code. In being liberal like we are, we can allow for a lot more creativity and expression and, well, art. The downside is that there’s a practical limit to what a human being will be able to catch. We’re like the TSA. We try, but we’re fighting a loosing battle and that’s why we’re always going to miss things and we’re always going to be running behind and cleaning up.

    And worse they have the same problem with any code they yank. How do you upgrade everyone? When is it right and safe? When is it an overstep? Weighing security risks with information with compatibility is complex. For the WordPress.org repository, we have a long way to go before we’ll be able to push minor security updates like core can… at least not without a lot of fear and consideration. We’re on the road there, though, so one day you may wake up to a plugin magically secured on your site.

    Oh and as a reminder? If you see a WordPress.org plugin hosted that is insecure or doing evil things, email plugins@wordpress.org with the plugin URL and all the possible information about how it’s insecure. If you know how to hack it, please tell us exactly what you did. You make it faster for us to sort things out.

    For Envato, you can report these things via their Helpful Hacker program.

  • Why I (Still) SelfHost

    Why I (Still) SelfHost

    The other day I saw the notice that Google was banning all explicit adult content from blogger.

    Outside of the irony of remembering when the post’s author (Violet Blue) had her content deleted from Boing Boing back in 2008, she’s actually pretty uniquely qualified to talk about the difference between censorship and removal. For the record I think that it’s a pretty crappy thing to do and I don’t like it. But as I often say, my beliefs are pretty straight forward:

    I do not agree with what you have to say, but I’ll defend to the death your right to say it. ~ Voltaire

    Is It Censorship?

    Let’s be clear on this. The change to Blogger’s Adult Content Policy is pretty straightforward.

    Starting March 23, 2015, you won’t be able to publicly share images and video that are sexually explicit or show graphic nudity on Blogger.

    Yes, this is a change to their Terms of Service (which they reserve the right to do at any time), but is it censorship for them to say “We don’t want hard core stuff on our servers”? That’s like saying a country music station on the radio is censoring heavy metal. No, they just don’t want to have it on their servers. Google’s said they don’t want that. They don’t want to do business or make money off of things they find morally distasteful.

    Frankly I think the whole planet’s hang ups about sex are laughable. The majority of adults I know have consensual sex and like it. I do know a couple asexuals, and I know people who have reasons why they hate sex. I also know people who hate peanuts. It’s about the same thing for some of them (one has a traumatic peanut in his ear story that resulted in surgery and hearing loss). Sex is normal. It’s what everyone does and no one talks about (thank you George Carlin). So grown ups wanting to Google for information about the sex they want to have? There’s nothing wrong with that! There’s nothing wrong with kids looking that stuff up too. We used to hide in the back of libraries, looking things up when we didn’t feel comfortable asking our parents.

    The argument that they’re not ‘censoring’ they’re just enforcing their guidelines falls flat when you remember that the definition of censorship is defined as acting as a censor. So yes, I think Google’s censoring, but in this instance they’re within their right to do so. That doesn’t mean I think it’s right, but I’ll support their legal rights.

    Is It Discrimination?

    One of the sites hit up by this is a site where porn stars play D&D. I kinda like that site. It amuses me to no end and is how I learned about this change. They had just posted about how they’re leaving the escapist. They were talking about discrimination and general asshattery and non-inclusiveness. Their site may be punted off of Google’s Blogger service soon for being ‘adult’ by nature.

    I’m actually not sure about that. But I really have no idea why their site is considered ‘adult’ in the first place. I’ve never read anything about sex there except this:

    I’m Zak, I live in Los Angeles. Most of the people I know here are women I know from being a porn “actor”–so they’re porn stars and strippers. So that’s who I play Dungeons & Dragons with.

    First of all, I want to play with them because the game looks fun, but mostly I don’t recall ever reading adult or explicit content there. So of course I started thinking about how they could be making it harder for people to read about things that help them understand themselves. A lot of people sort out what they’re interested in by quietly reading stories about other people who had similar issues and thoughts and feelings. While Google’s only said they’re punting “sexually explicit” content, that’s a really slippery road.

    I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description [“hard-core pornography”], and perhaps I could never succeed in intelligibly doing so. But I know it when I see it, and the motion picture involved in this case is not that.

    That quote is from United States Supreme Court Justice Potter Stewart, used to describe his threshold test for obscenity in Jacobellis v. Ohio in 1964 (the film being Louis Malle’s The Lovers). We’re allowing, and trusting, Google to define what is and is not explicit. And this means that it becomes a case by case value judgement. Are two women kissing ‘explicit’? It gets messy really fast.

    Is It What I Expected?

    Yes. I totally expected this.

    Google to punt all explicit blogs? Haaaaaaaaave you met WordPress?

    I meant Self Hosted WordPress, James. Yes, WordPress.com also restricts and censors your content. It’s their playground. I will, till my dying day, support their right to do this. They don’t want to do business like that, fine. I wouldn’t argue the French restaurant that servers pomme frites needs to serve a hamburger or some chutney. That’s their business choice and it just means I can’t use them.

    But it brings up the main reason why I still self-host.

    As someone who self-hosts, I still have to be aware of the Terms of Use for my webhost, but generally that provides me a lot more freedom. I have a legal contract and a leg to stand on. As long as I don’t violate that, I’m good to go.

    And of course I work for a company who would host anything, as long as it’s legal.

  • What Themes Get Wrong

    What Themes Get Wrong

    I neither create nor review themes. I can fix a theme and edit one and hack one, but I don’t design them because I don’t visualize that way.

    But boy do I see a lot of themes doing things in a way I can only describe as wrong.

    Packaging and Requiring Plugins

    A lot of themes do this, and I can understand why. If you make a theme that’s meant to be a store, then of course you want it to be used with an ecommerce plugin. That makes sense. But then we have to think about the drama of Revslider or TimThumb and we have to question the themes that throw every feature into their code. Part of development is maintenance. This is an accepted responsibility and, in the case of plugins, we’re all used to upgrading them for maintenance. The same isn’t true of themes. People hate upgrading their themes, and it’s the fault of themes themselves, doing things wrong.

    Forcing Users to Edit Files

    The first week of February I lost my mind at a theme. I had found a user who had run into a mod_security error. They were trying to edit their theme via the WordPress theme editor and hitting save tripped the scanner. Why? The code in the functions.php file was phrased in a way that spooked the scanner. We walked her through SFTP, which worked, and I helped review the security rules to see if we could safely change them. But then I asked her why she was editing the files directly.

    She wanted to edit her footer, to remove the ‘powered by WordPress and Theme’ line, and the only way was to edit the file.

    That couldn’t be right, I shouted at my screen, but I tested and used the theme and was stunned. Yes. The theme was written in a way that the footer wasn’t editable unless you could code and use a hook to unset the action and make a new one. Even just a simple child theme wouldn’t help because the footer was handled in a function and not footer.php

    No wonder users edit themes. But then it got worse.

    Forgetting About Cache

    The top line in the header.php was a forced setting to create a new PHP session. There are a few problems with this. In many cases, having PHP sessions causes a cache to not serve cached files because the forced session tells it that the particular visitor is meant to have a unique sessions and its trying to honor that. The other common situation is that the first person makes the cache with their unique data, and all subsequent visitors get that cached data. Neither is desirable.

    Why do people do it? I presume because when they built their features, they wanted to make sure each user got an individual view. But sessions are a cheap and dirty way about it. Sadly so are cookies, which a cache will either ignore in order to serve cache, or honor and slow a site down.

    People remember to test a theme for speed and features, but so often they forget to test for cache.

    Un-WordPress Designs

    When a theme makes its own custom interface, it’s harder for users to know what to edit and where. It’s the kind of cognitive dissonance that happens when you’re reading a book or watching a tv show and suddenly everything feels wrong. Like if Harry Potter and Dolores Umbridge started dating. Right. That’s how uncomfortable it is to see a theme with its own custom design for the admin pages.

    Let WordPress be WordPress.

    Accessibility

    I don’t meant on the front end. I mean did you know that there are very few themes that, on the back end, are fully accessible to the blind? It’s just not something people think about and it’s the worst thing a theme can do to the world. You may think that only a small part of the world is blind and you may not worry too much about such a small potential user base. But look back to the previous point. The less you design like WordPress the worse it is for users. All users.

    What Do You See?

    What drives you batty?

  • Don’t Be Rude (Except When You’re Not)

    Don’t Be Rude (Except When You’re Not)

    Don’t be rude with devs (hello Mika)

    A mysterious person named John posted that as a comment to a post about WordPress suffering from the inventors dilemma.

    I replied ‘Hello John’ and added “(I’m sure many people feel I’m rude though I have no idea why John does.)”

    From there on, many of my friends replied that I wasn’t rude. Or in the case of Brianna, when I said I was rude on occasion, she replied:

    “on occasion” seems like the perfect amount to me.

    When two people are passionate but have opposing views on a situation, one or the other is always ‘rude.’ This is just what it is. Rudeness is something that is very situational and subjective. We’re talking about a world where we put our hearts and souls on the line with our code or our problems and, sometimes, someone comes back and says “No” or “That’s the way it is” and they’re rightly annoyed.

    This does not mean they were rude.

    Except that it does.

    I try very hard to be polite, especially to people doing me a favor or providing a service, and I try very hard to respect their time. I try to remember that just because someone is terse doesn’t mean they’re angry with me, they’re probably just trying to get through their day. I try to thank people (especially when I call in to anything insurance or travel related). I try to remember they’re people.

    But I know that, when you’re talking to someone who has deep emotions, who feels a great amount of fire in their heart for something, the opposition or the speed-bump can be met with great ire and angst. The person who says ‘no,’ which frankly is my job many times, is the enemy. They’re against you because, clearly, they’re not for you.

    Except that they’re not.

    Am I rude? I’m sure that, on occasion, I come across to someone as rude. I’m sure that sometimes when I bang out a fast answer, my brusqueness is perceived as disrespectful. I’m sure that my unexpected replies feel like a breech of etiquette. And maybe sometimes they are. I don’t always phrase myself perfectly. I’m not patient enough all the time.

    But I’m not a rude person. I’m always coming from a place where I’d like to help people and educate them. I’m generally a smiling, nice, person. When I’m not able to be that me, I shut myself up at home and read and write, I go for a run, I play ping pong, and I blow off steam. You will rarely see the angry, inconsiderate, insensitive, mean, me. That Mika exists, but she’s not allowed to come out and play. The closest you’ll get is if I feel the need to come to someone’s defense. Like calling my friends or coworkers vile names.

    This doesn’t mean I’m a nice, wonderful, polite person. It just means I’m a person, like you. I’m sure I’m rude. I’m sure I’ve pissed people off. But unless I’ve told you so, it’s unlikely I’m actually being intentionally nasty to you. Maybe I was trying to be serious when you were being a little silly. Maybe I was silly when you needed serious. Communication issues happen. We should try to learn from then and move on.

    When we’re thinking about a world that exists primarily in text, our communication woes become more important. The majority of my work with other people is in email, instant messages, and once in a while, video chat. But mostly it’s text. This means I cannot read your ‘tone’ easily. When I know someone well enough, I can hear their voice in my head. Like I read Otto’s email saying “Here’s the thing…” and I know his intonations. When I see Jan message that has “Hah!” in it, I know it’s the somewhat self-deprecating amusement of the universe. When I see James’ “Nooooo!” I know he’s making like Darth Vader. I bet I can even tell which face Jen’s making when her email consists of “Mika.” Sorry about that.

    But these are people I know and work with. Figuring out which emotion is behind a sentence of “You’re not doing that right.” is hard. Was I mean? Was I terse? Was I frustrated? Was I brusque? Maybe I was just tossing that off as the shortest way to explain something. It’s hard to tell. And because it’s hard to tell, it makes the online world of open source development fraught with headaches.

    The best advice I can give you is that if someone says “Can we start over?” to take them at face value and start over. It’s so very easy to go down the wrong path for too long that you get lost. Remember it’s okay to let go and start over.

  • Rant: Worse than a Popup

    Rant: Worse than a Popup

    I hate popup ads. Everyone does. You’re trying to read an article, perhaps on your phone, and these inline popups show up and obscure the content with ads for things you don’t care about.

    We hate them more when they play music.

    We hate them more when you can’t click on the tiny X on a phone.

    But I have something I hate even more than that and it’s Apple’s fault.

    You see, I use Safari sometimes to read on my phone. This is all well and good until I scroll on a slow site (probably slow because of their abuse of javascript laden social media toolbar crap that we didn’t care about to begin with) and my finger accidently brushes an ad. And then the ad opens the App Store to ask me if I want to download some idiotic game.

    I take deep, calming, breaths and then I close out of the App Store, go back to safari, and I leave the page. Most of the time the article remains unread.

    And why is this Apple’s fault? After all, the fault should lie with the idiots who thought that the best idea for a mobile site would be to have a bajillion ads.

    This is Apple’s fault for two reasons:

    1. There’s no way to tell Safari not to open these
    2. There’s no ‘are you sure?’ message from Safari to let you decline

    In fact, in all my research, the only thing you can do is to clear the browser cache and set Safari to only allow cookies from Current Websites Only. But as Apple warns you, that may cause issues with other sites.

    This can be fixed! Apple can simply make it an option (hidden) to hide this. But also you website designers and developers, if someone says they don’t mind the popup ads and lightbox garbage on the mobile site, I want you do to me a favor.

    Say no.

    The web won’t get better unless you make it better. Please don’t make a website you’d hate too.

    Oh and those ‘cool’ floating sidebars with the tweet links? They look terrible when you zoom in on the teeny tiny text on your website.

    Stop it.