Tag: essay

Smart Servers

I upgraded the server that runs this site. Well, I should say I transferred from a traditional VPS on CentOS 4 32 bit server I’ve been on since 2009 to a CentOS 5, 64 bit, fully managed Smart Server.

What’s a Smart Server?

You know this whole cloud hosting thing? It’s like that, but not. I had serious concerns about the cloud. Certainly I was worried when I heard people running WordPress MultiSite had weird issues with caching and things not syncing up when new server slices were made. Reason enough to hold off for me. But then my host says “We have these in-between servers.”

LiquidWeb Smart Servers are kind of like Cloud Servers. First, I’m the only person on my server (which is a step up from VPS), and I have a set amount of bandwidth. I’m charged per-day, too, so if I need more CPU/Memory for a couple days, I only get charged for those days. That’s really nice. There’s a lot of normal ‘cloud’ features too, like I can spin up new images on the fly and use them (maybe 30 minutes total to do all that).

Yeah, 30 minutes. Thinking about how long it took to just migrate from host2 to gamera(Gamera (ガメラ?) is a giant, flying turtle from a popular series of kaiju (Japanese giant monster) films produced by Daiei Motion Picture Company in Japan. Created in 1965 to rival the success of Toho Studios’ Godzilla during the daikaiju boom of the mid-to-late 1960s, Gamera has gained fame and notoriety as a Japanese icon in his own right.), being able to move things around on the fly with only an hour of outage is nothing. When I moved my three WordPress sites, they took about an hour or so each (give or take). When I moved my forum with a 4gig database, it took about eight hours. We made jokes about how it was the size of Liechtenstein.(The problem with a 4gig database is when 400megs is in one table. Takes a long time, no matter what you do. The file copied over fast, but the exploding of it took long enough for me to nap.)

None of that was why I upgraded/moved though. The real reason for the upgrade was that my server’s been having weird issues, and most of my research said it was because I was on CentOS 4. I couldn’t upgrade SVN, I couldn’t upgrade PHP for much longer, and I was sure that come February 2012 (when CentOS 4 is EOLd) I was going to be increasingly in the cold. So I made a list of everything I’d ‘done’ to my server, all the upgrades and tweaks, and I went for broke.

For the most part, I can’t tell the difference between my old VPS and my new smart server other than the speed (much faster). What I did notice, and didn’t like, was that the memory tends to run ‘hot.’ With nothing going on at all, it was hitting 90% usage. With nothing going on for my old site, it’s at 50% (and normally hovered around 60-70%). Gamera definitely runs heavier, though I’m still using the old caching. I did have to up PHP memory to 64megs, from 32, after I ran into weird issues on one site, but for the most part, I’m in a ‘It Just Works’ state of mine. Oh and I will very much need to sort out external SSL, since everything’s on one IP now, and you can’t use multiple SSL like that.

Yet I’ve still not answered the question. What is a Smart Server anyway? Thankfully LiquidWeb isn’t the only site using this designation.

We know what Cloud Server is, and we know why it’s good. It’s flexible, it can add on memory and diskspace as I need it, and take it away if (when) I don’t. I’m charged for what I’m using, not a blanket ‘This is what I need on my worst day’ sort of deal. But the problem there is a lot of people actually need that flexibility but don’t have the brainpower to handle running their own server. Two years ago, I didn’t, that’s for sure. In fact, two years ago, Cloud scared me. But, just like VPS.net came up with Cloud Shared Hosting (which I jokingly called Cloud for Dummies), LiquidWeb and some other said that some of us really need a VPS, but we’d like some of those cloud features too.

This is the middle ground. Too many places were looking at Cloud Dedicated hosting, which is expensive, and not something we all need, and then was also that race to the cheap hosting. I pay $60 a month for my hosting, and it’s worth it. I know, it’s a lot of money to some people, but think on this: If I pick up the phone right now and call Tom, my sales guy, or Benny, the tech I know pretty well, they’ll take the time to help me. And if I call the 1-800 number at 1am? Someone is there who speaks English and knows what I’m talking about.(Not that I don’t love OffShore support, I know I love the ones at my office! Many of them are fantastic in their fields and well worth the price of admission. But too many companies force these intelligent people to stick to a script, and don’t teach them the hows and whys of the code, the company, and how to work with American customers. If you’re going to support Americans, you must learn how to deal with them, for better or for worse, you learn to deal with your customers. And yes, that means being fluent in their native language, and their technologies. This holds true for India, Mexico and that moron from Nebraska who wanted me to go into the registry on my Macintosh. AT&T.) So while I’m willing to pay more for someone who will bail me out, I’m not willing to pay more for something I don’t use. Like extra minutes on my cell phone, I don’t like to pay for hypothetical ‘in case I get the Digg effect or Matt links to me again’ CPU and memory.

While a Cloud Server would handle all that, it also requires consistent and constant management. You have to know what to expect, and be ready to go. Those of us who do all this as hobbies or as a side-gig don’t have the time. Also, sharing resources in the cloud makes some of us sketchy. The whole reason we self-host anyway is that we want to be in control. Cloud sharing started to sound a lot like Shared Hosting, which has issues of it’s own. Resource contention is s concern, as are bad neighbors. The cloud is great for hosts because it shares everything, and complicated for users because we don’t want to share.

It sounds a little repetitive to call this Cloud Light. In fact, it feels really repetitive to say “This is like a VPS, but with Cloud Add-ons.” Part of this is because understanding what the Cloud is, after decades of the old way, is hard for our brains to wrap around. For most of us, the cloud doesn’t matter. In fact, it barely matters for me. The cloud is really what the internet has always been to most of us: ephemeral and mystical. Don’t let the smoke out of the cloud, or your website will crash! See? You don’t know anything more than you did before, now do you?

The Cloud is synonymous with the Internet for many people, and I think the future of it is aimed that way. For me, having the ability not to be tied to hardware and to add on more space, memory and CPU as I need it is invaluable. Being priced reasonably for those things also makes me pleased. The Cloud gave me freedom, but a Smart Server gives me even more: the freedom to control my destiny on my server. And that’s just cool.

So what’s the downside? There are some.

Understanding memory usage has been the big issue. I mentioned before that Gamera uses 90% of the memory, normally, and after my database crash I came to understand why. See not being tied to hardware means I’m not tied to hardware memory either. So linux, being linux, uses up all the memory it can. I watched, and when I start doing more intensive stuff, like importing a 4G database, the memory dropped to about 75%, and then bounced back up to 80-90. This is what it’s supposed to do! When it starts running out of memory, it goes to swap. Now on the traditional VPS, this was bad. Swap meant you were ‘out’ of memory and about to crash. On a Smart VPS, this is okay. My swap sits around 10% right now until I clean it out.

Cleaning it out is where things get weird. Smart VPS memory doesn’t clean out. If I hot-swapped my memory, some genius at MIT sorted out I could actually read data off the memory. Of course, if you have the physical access to my server I have other problems. But swapping memory, well that means the computer swaps data to the hard disk and back to your RAM as needed. I’m not entirely sure how this all works, and I’m doing some research now (and asking the tech from last night for info he said he had about all this). As for the crash… My database crashed on Saturday because the table was 600mb, and the space I’d allocated for swapping like that was 400mb. Liquidweb’s support moved the SQL temp drive to a place with more space to allow for that and everything started working again.

SSL was pretty straightforward. I bought an extra IP, since it’s cheaper and easier than sorting out multiple domains on 1-IP for SSL for only two domains. The other domains don’t need SSL yet, so they can wait until WHM catches up with SNI and other weird acronyms you don’t care about.

Basically, I’m very happy. I’ve even started to forget it’s something novel.

24 October, 2011
SEO Doesn’t Auto Post Anymore

I don’t auto post to Twitter, Tumblr, Facebook, Google Plus or LiveJournal. I stopped about a year ago, and since then, I’ve stopped crossposting to everywhere except the places I actually frequent. That’s not to say I don’t skim Tumblfeeds (the spam monsters than they are) or check in on my LJ communities. It means that I no longer have any code that automatically posts to those places when I make a new blog post. Any time you see a link to my posts on another site, made by me, that means I took the time to log in and fill in the data by hand.

Why? Well, I’ll jump around chronologically and tell you that a pair of articles hit my feed recently. First, one about how “3rd party APIs […] are punished in Facebook’s EdgeRank algorithm” (Source: Edgerank Checker — Does Using a 3rd Party API Decrease Your Engagement Per Post?) and the second, which linked back, said that pages that auto publish lose 70% of ‘likes’ and comments. (Source: Insider Facebook — Study: Auto-Posting to Facebook Decreases Likes and Comments by 70%)

Both of those back up what I’ve always said about SEO and HEO. If you want people to come to your site, you have to engage with them. That means you need to interact, not spam, and converse. Find out what they like and how they like it. They hammer home a point that was obvious to many of us old hats know, but many young bucks ignore. You have to be in touch with your readers, and no automated system in the world can do that for you.

Now, certainly, I use tools like Google Analytics’ Campaign feature, and Crowdrise, to help me determine what posts of mine are popular, when and where, and attempt to comprehend the why of it all. It’s a very fuzzy science. I know I hit paydirt when my @-replies on Twitter are coming so fast I can’t keep up, and my comment-feed is burning a hole in my screen. But until we perfect an AI that knows, before I do, what I want, we’ll never have one that can predict accurately what we need to do to make our sites popular. And we all know that popularity is the end game.

Popularity has a strange converse, though. For example, you may think that auto-tweeting your blog posts is a great idea to get the content out there and read. This is true, but I found that the more I auto-tweeted, the more splogs came to my site! That’s right, I was increasing the attack of content scrapers, and tweet bots that spam, which in turn decreased any SEO benefit I might have acquired. Sucks, doesn’t it? Thankfully, manually crafting a quick tweet, and taking the time to phrase it right, got me more traction than anything else.

The other massive downside to auto-posting on social networks is that you rarely get to make the post look the way you want to. I want to pick which image I’ve attached to be the thumbnail, and I want to make sure my custom excerpt (which I always write) is picked up, and I want to maybe put in an extra explanation on G+, but not on Tumblr or Facebook, and … you know, I want people to know I’m thinking about them.

There is a huge desire to share everything with everyone. To tell your friends in one social network the same things you tell them in others. And for self-promotion, this is big as well. But as the media is learning, a blanket advertisement like you see on TV doesn’t work so well anymore. How many commercials can you remember well? I can remember the Old Spice guy and the Most Interesting Man in the World (also a couple weird phone commercials), but we don’t always remember the products, nor do we actually always buy the product being advertised. I don’t use Old Spice or Dos Equis. Still, blanket ads are hard to land, since you don’t know who’s going to read your site. Similarly, blanket ‘Hey look at me!’ is hard to make efficient, because you’re not reaching out to your audience and making them a part of your process. You’re shouting at them, not talking with them.

What about those of us who aren’t advertising. If you’re crosslinking just to share with friends, an automated system seems fine, except these are your friends and don’t you want to be personal with your friends? Don’t you think they deserve the time and effort of a real ‘Hey, this is what I’m up to!’ instead of a blanket letter? Wouldn’t it be nice to say “Bob, I thought of you when I wrote this because of that conversation we had about …” Or if you send it to a group of your friends and Bob’s, then Bob feels great because you’ve brought him into the conversation and your friends know you think about them.

The funny thing about this is I also stopped scheduling posts. I used to set posts up to run once a week, minimum, even if I was going to be off line. Now, because I want to interact with people, I post them only when I know I’ll be around.

The next time you see a social media post of mine, linking back to a blog post, know that I took the time and effort to link it. If it’s styled pretty, I did that on purpose. I try to make it personal and not just slap a link up, and I think that effort shows, and comes back to me in pageviews, comments and likes.

17 October, 2011
GPL Freedoms – Yep, Porn’s Good!
Did you know you can use WordPress for a porn site?

Did you know you can use Drupal to show autopsy pictures?

The freedoms of GPL don’t just extend to the software itself, but to how you use it. See, most of the time when we talk about GPL freedom, we’re talking about how you’re free to take the code and turn it into a monkey if you want to. But lately, there’s been an effort to remind people that part of GPL also means we don’t restrict your usage either.

WordPress has a link to ‘Freedoms’ at the footer of all admin pages, and that duplicates the Bill of Rights found at WordPress’s Philosophy:
WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, consider this as the WordPress “bill of rights”:
- The freedom to run the program, for any purpose.
- The freedom to study how the program works, and change it to make it do what you wish.
- The freedom to redistribute.
- The freedom to distribute copies of your modified versions to others.
Drupal doesn’t spell it out as clearly, but given that they have fetchgals, which can pull in thumbnails of porno pics (if I read that right), I feel confident to say that Drupal doesn’t care what you use Drupal for. Joolma! puts a lot of stock in people using their product for their communities and nowhere did I find note of a limitation of what you cannot do.

The point is valid, however. You can use WordPress, Drupal, Joomla! and pretty much any GPL software for whatever purpose you want, moral or immoral, legal or illegal. This is interesting when you compare it to most EULAs, like Microsoft Office:

7. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the features included in the software edition you licensed. Microsoft reserve reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
[…]
• use the software in any way that is against the law;

GPL doesn’t tell you that you can’t use it in a way that’s illegal, and perhaps Microsoft only does to escape a potential lawsuit for someone saying “Aha! You used Office to draft your Mainifesto!” We live in over litigious times. Open Source, by telling us ‘Do what you want, it’s not our beef.’ removes themselves from those issues cleanly and without ass hattery.

One of the tenets of American Law is our freedom to speak our mind. Part of being an American Citizen is that you have the right to defend your beliefs, no matter how much I oppose them, and so long as no one breaks the law, that’s fine. I can ask you to leave my house if you do it on my private property, and you can ask me to leave yours. But if we meet on the street I cannot have you arrested for that. I will defend your freedoms just as you must defend mine, regardless of any agreement or lack there of.

This applies to Open Source because I have the right to use WordPress, Drupal or Joomla! in ways you may find distasteful. As long as I’m not violating the agreement of my ISP, the laws of where my server is located, and the laws of my nation, I’m allowed to call you names, insult your heritage, and show nudie pics of pretty girls. On the other hand, I cannot publish your personal information (it’s a violation of invasion of privacy) and I cannot post naked pictures of you without your consent. Actually, my webhost won’t permit and naked pictures at all, so there’s that.

So when you see a site run by WordPress, Drupal or Joomla! that’s doing something you hate, there’s very little you can do about it. Report it to their webhost if you think it’s breaking the law, but otherwise celebrate people in their freedom.
10 October, 2011
BuddyPress Overkill

For a lot of people, BuddyPress is overkill. Personally I love it, it’s great to make your own ‘Facebook’ or ‘Ning’ type site. But there’s a time and a place for everything. BuddyPress’s intention is to let you build your own social network. This means that it’s a Big Dog type application, that it has a lot of bells a whistles. And while you certainly can install it and only activate a few, if you’re only doing it to use one of those things, it may be overkill.

I’m going to take this one by the numbers. Or rather, by the features listed on BuddyPress’s site!

I need to stress, since some people miss the point of these posts, that if you’re only going to use one feature of a product this big, you should reconsider if it’s the best use of your time. If you only want to use one for now, and plan to grow, that’s different altogether. In each of my examples, I’m presuming that the user plans to only use that one specific feature, and I will address alternatives.

Activity Streams

This is actually my favorite thing about BuddyPress. If you post in a blog, or a group, or a forum, all of that gets pulled into ‘Sitewide Activity.’ That’s right, every last bit of your site is on one big page! Now, if you’re only using WordPress as a blog (no groups, no forums, JUST a CMS/blog), you’d think “I want this because I want a page that lists all my comments from all my posts!” To an extent, you’re right. There isn’t a better way to do this! Or is there?

There’s already a widget in the default WP install and theme for ‘Recent Comments’ which shows all comments, right? And there are plugins that can show Recent network wide comments too. So if you’re really lazy, why not use Widgets on Pages and call it a day?

Extended Profiles

If all you need is fancy profiles, BuddyPress is way overkill. In fact, for super cool profiles, most people use a plugin to extend the defaults! What’s the alternative? There are a lot of profile related plugins in the WordPress repository, and it just matters what you want. Personally, I’d caution against using those default Yahoo/AIM ones in our current profiles, as they may be going away. By the way, many of those profile plugins can add in extra fields to use on registration as well, like Cimy User Extra Fields.

Local Avatar

This isn’t a promoted feature of BuddyPress, but I’ve seen a lot of people do this. Yes, BuddyPress can let you use local avatars for your users, this is true, however so can plugins like Add Local Avatars. Frankly, I’m a proponent of Gravatar, since it works, and much like YouTube, I’m no longer responsible for you uploading nudie pics. Keeps legal brouhahah off my back.

Friend Connections and Private Messaging

While there are plugins like Private Messaging for WordPress out there, I have to hat-tip BuddyPress for a fully integrated front end PM system. This is one of the moments where, hands down, I would seriously consider using BP just for one feature. Ditto Friend Connections. I’ve just never seen its equal, and since the odds are most people would be using it for both friends and PM, it’s a great reason for BuddyPress.

WordPress Blogging

I don’t even know where to start. Someone insisted the only way to use WordPress for blogging was to install BuddyPress. It was a moment where I wanted a button to press to make a giant mallet jump out of his monitor and bash his head in for not reading. (By the way, you also don’t need MultiSite to use BuddyPress anymore. It works just fine with single site.)

Groups

This is tricky. Part of me wants to say ‘Just make a page and let people comment’ because, to some degree, that’s all a group really is. It’s a fan page (ala FaceBook) which shows posts in reverse order. Like a P2 blog. Which means that it’s not insurmountable to make a single page for your site that behaves that way (or a subsite running P2 if you went the MultiSite way). But is that the best way?

Forums

If you just want a forum, just install bbPress. Nuff said. Now, knowing that bbPress 2.0 is now a 2.0 plugin, and that BuddyPress is still on 1.2 (I think), and that the import from bbPress 1.x to 2.0 is a bit iffy, I would really be cautious about using bbPress if I know I want to upgrade to BuddyPress in the future. Connecting the bells and whistles are interesting.

What about you? What reasons have you seen people use to justify BuddyPress when it was clearly overkill?

2 October, 2011
Risk Theater and Open Source Testing

We make multiple test environments and platforms, testing with hundreds of users. We perform stress tests (how much traffic can my site take?), and have an obscene amount of checks and balances to ensure that only code that is good makes it into the file product. We have teams who question every change asking “Do you need this?” or “What’s this function for?” We audit every update process and ensure that our work is as good as we can make it. This is all done, we say, to reduce our risk. Our software, we insist, will be better if we do all these things.

But the failure rate has not dropped.

Initially, when a product is released, there’s a spike of failures. We didn’t anticipate that, or this didn’t work like we expected it to. Those are not classified as ‘failures’ but as kinks to be ironed out. Six or seven months down the line, we’ve released another set of itterations to fix the worst offenders and our failure rate drops to a comfortable rate where, most of the time, everything’s fine.

What if I told you that one in five IT projects was a success?(Source: Statistics over IT Failure Rate)

What if I told you that all your myriad checks, balances, testing, forms and CYA dances didn’t make anything less risky?

What if I told you it was all Risk Theater.

Of course you can do things in a less risky way. If given the choice between dismantling a bomb in a nice quiet room, where you have all the time in the world and a blast shield, or doing it on the back of a van while being shot at and you only have 30 seconds, everyone would point at that room and say ‘Less risky!’ And they’d be right. The problem with risk is that there are often, if not always, external forces that perpetuate risk.

We have to ask ourselves “What is risk?” We can look at it mathematically. Risk = {si, λi, xi} – and most of us have no idea what that means. Risk is not a magical number that says “Defusing a bomb is this risky.” Determining risk is how we discern how likely something is to happen, and from that, what is the likelihood of an unwelcome outcome.

Too often risk is defined as risk = likelihood * consequence and safety = 1-risk

This can misinform: acceptable risk is a consideration of likelihood ANDconsequence, not a simple multiplication with safety as the additive inverse of risk. Acceptable risk and safety are normative notions, changing with situations and expectations, and must be assessed accordingly. (Source: Woody’s Perspective – by Steven A. “Woody” Epstein)

Risk analysis, for all it’s a mathematical discipline, is just that. A discipline. That means the numbers matter far less than you think they do, and if all you do is look at the numbers and say “But we’ve predicted a five point uptime!” then you’re ignorant of the truth.(A five point uptime refers to the claim people make of providing 99.99999% uptime. The five 9s after the decimal point are feel-good numbers/) The trick to it all is that variation is something computers are phenomenally bad at handling. Look at your computer. It’s what can be best described as a ‘brittle’ system. If you throw something a computer’s never seen before, it tends to react poorly, because unlike the human brain, it can’t adapt or improvise. It can’t know “Oh, you meant ‘yes’ when you typed ‘yea’” unless some programmer has put in a catch for that. On some systems, it may not even know the difference between an uppercase Y and a lowercase y.

Variation is nature. It’s reality. It’ll never go away, either. The point of risk analysis is not to come up with that number to say ‘By doing foo, we are x% less risky.’ The point is to look at the system and understand it better. The point is to learn. The act of explaining and defining the process, whatever it is from changing a tire to pushing software to a few hundred servers, is what makes a process less risky. You understand what it is you’re doing, and you can explain it to someone so they too can understand it, and now you know what you’re doing. The numbers will come, but they’ll also change over time due to variation.

We mitigate our risk by understanding, testing and documenting. But just as you can never have 100% uptime on a system (you have to upgrade it at some point), you cannot excise risk entirely. On the other hand, we cannot ignore the need for testing.

A woman named Lisa Norris died due to a software error, caused by a lack of testing. All the safety checks, the manual monitoring and brainpower failed because the automated system wasn’t tested. Prior to the automated system going online, the old way was for people to manually transcribe medical dosage. This was felt to be ‘high risk’ because there was a risk of transcription error. However nowhere in the incident report were any ‘manual errors’ noted, prior to the automated system being used. We can assume, then, that any manual errors (i.e. transcription errors, the risk the system was meant to abrogate) were caught in-flight and corrected. The automated system does not appear to have ever been tested with ‘real world’ scenarios (there’s no documentation to that affect that anyone investigating the situation had found). If they had run simulations, testing with data from the previous, manual system, they may have found the errors that lead to a woman’s death. (Source: Lisa Norris’ Death by Software Changes – by Steven A. “Woody” Epstein)

There remains a possibility, however, that even with all the testing in the world, that the error that led to Miss Norris’ death would have been missed. So how do we make testing better? As long as we’re only testing for the sake of testing (i.e. it’s expected, so we do it), or we follow the standard test plan, we miss the point of dry testing. Even people who stick by their ridgid test scripts are missing the point.

Open Source software, however, gets the point.

You see, we know we can’t test everything, and we know that we’re going to miss that one variation on a server where code that works a hundred times on a ninety-nine servers will fail on that one where it has a tiny difference. And yet, if a million monkeys banging on a million keyboards could write Hamlet, then why can’t they fix software? They can help cure AIDS, we know. Crowd sourcing knowledge means that you let the monkeys bang on your data and test it in ways you never imagined it being used. No longer driven by a salary (and that really does lock your brain in weird ways), the monkeys (and I’m one of them), cheerfully set up rigs where we can roll back quickly if things break, and start just using the iterations of software, coming up with weird errors in peculiar situations.

We always talk about how we want to lower the bar and make products more accessible to more people. Make it easier for them to use. In order to sustain that model, we need to embrace the inherent risk of software and teach the users how to correctly perform basic troubleshooting and report real errors. To often we write our code in a vacuum, test it in a limited fashion, and release into the wild knowing there will be a second release to fix things. As development matures, we push out more changes more often, small changes, so people are eased into that new thing. We step out of isolation and embrace the varations of how our product will be used.

Now we need to get our users to step out of their isolation and join the monkeys. We can’t make things better for everyone unless everyone is a part of the improvement process. We must ease these users into understanding that every software product is ‘in progress’, just like we taught them to accept that all webpages are perpetually ‘under construction.’ Our dry tests will never be complete until we can determine how to safely bring them in. Maybe we make smaller changes every day, like Google does with Chrome, such that they never notice. Or maybe we ask them to ‘check the box to join our test group and get cool features before everyone else!’ But we must do it, or we will fall behind in giving the users what they want, and giving them a solid, safe, secure product.

Until then, we’re not analyzing or assessing actual risk, we’re merely players in risk theater.

27 September, 2011
Oversight and Responsibility

I was actually asked by a handful of people what my thoughts on this were, and while part of me is loath to wade in(I’m loathe because someone will accuse me of being pro-WP or anti-Devpress, and ignore the fact that I’m a Devpress affiliate or that I don’t work for WP. I don’t pretend to know all the answers, or the reasons, but I know what bothers me.), I agree it’s something that affects the open source community. Personal attacks aimed at me will be deleted.

I’ll let WPCandy sum it up:

Yesterday I posted about DevPress’ offer of free memberships to any WordCamp attendees, provided the WordCamp organizers are legit and contact DevPress about their interest. A number of organizers showed interest in the comments of that post, and WordCamp Philly organizer Doug Stewart announced the deal for attendees on their blog.

Then, last evening, WPCandy was contacted by Andrea Middleton, who took an administration role with WordCamp Central earlier this year. Middleton notified WPCandy that the WordCamp guidelines (specifically the part on fundraising), WordCamp organizers should not allow companies that are not sponsoring their event to do giveaways at a WordCamp.(Source: WPCandy – Devpress deal for WordCamps is against WordCamp Central Guidelines.)

They cover the situation pretty well, but the comments on WPCandy and the twitterverse is what has upset me, greatly. This whole mess was blown out of proportion and could have been handled quietly and maturely off book, without any of the name slinging and pointy-fingers that I’ve seen.

What went wrong?

WordCamp Philly should have said “Let’s double-check about the rules, because this is a grey area.” They made a perfectly understandable human ‘gaff’ and assumed it was cool, because we all know Devpress is cool and GPL and basically awesome.

Devpress should have said “I want to give things away at WordCamps. I’ll ask the head honchos at WordCamp and find out what I need to do!” They too made a perfectly normal mistake, assuming that WordCamp Philly would do any needed due diligence.

One of the many things I’ve learned working for The Man is that people see a server on fire and always assume someone else has reported it, right up until you run in with a fire extinguisher and shout at them.(That’s a true story.) I always quote Lord Buckley here: If you know what to do and you don’t do it, there you bloody well are, aren’t you?

The right thing was to look before you leap and not assume. People made mistakes. They could have kept it all off the funny pages, too, by being patient. WordCamp telling WPCandy “Hey, sorry, not so much kosher.” was a polite heads up and WPCandy, being journalistic in inclinations, ran with the story. Devpress’s rep was, understandably, frustrated and upset at the smack down and at the slowness of resolution, and it showed. But as a ‘formal’ statement, his email is the example the need of a bit of PR.(This mess is in part why I don’t consider websites like WPCandy (and certainly not this site!) to be journalism. There’s an attitude and (supposedly) ethics to which journalists abide and a code to follow about how to handle this. One of them is that WPCandy’s email should have explicitly stated that Justin’s response would be posted on their blog. I studied journalism for a year, and I know I’m not a journalist!)

Who is right? Devpress or WordCamp?

A lot of ‘right and wrong’ ties into my last two big posts, about legality and morality. I’ll put it plain and simple for you: If you’re going to have a WordCamp, which is sanctioned and branded by WordPress, then you are obligated, legally and morally, to abide by their guidelines.

The rest of the bitching is commentary. If you don’t like WordPress’s rules and regulations, don’t use them. It’s just like the theme and plugin repos. If you don’t want to follow those guidelines, then you self-host, and as long as you abide by GPLv2, everyone’s happy. But WordCamp is run by WordPress, and they get to make the rules. No one’s stopping you from making ‘BlogCamp’ or whatever you want. You could probably even get away with using ‘Word’ in the title, though you would be wise to make it painfully clear that it was not a sanctioned WordPress event.

WordCamps are an extension of WordPress.org and the WordPress Foundation, which means that they are not community ‘owned’ products, though they are community driven. Maybe people are forgetting that, at the end of the day, the responsibility for WordCamp, and WordPress, is not us. We’re the result, and the reason, but not the responsibility. If WordPress vanished tomorrow, we could fork it and move on, make our own forums, and actually be okay. But right now, we’re all taking advantage of a free product. We give up our time and our efforts for something that doesn’t directly make us money.

Why isn’t the community in charge?

That points right back to the heart of the issue for me. The community isn’t in charge because it’s not a Big Dog. At the end of the day, every project needs someone to stand up and say “This is what we’re doing.” We need a big dog, someone to be in charge, and someone to draw a line. A lot of people have made noise that this should be a person the community votes on and approves. I disagree.

WordPress was never about ‘community’ in that sense.

The community doesn’t provide oversight to the plugins, the themes, or the forums on WordPress.org. Sure, we volunteer our time, but we don’t all have trac commit privileges, do we? We are not where the buck stops for this, and we have to keep that in perspective. You can tout all you want about doing what the ‘community’ wants, but the community provides ideas, suggestions, dreams and hopes. Someone else looks at the bottom line and says yes or no.

That’s really very freeing to me. That makes it easy for me to say ‘You know, I really hate this new thing.’ and I don’t feel like they’re going to revoke my license. As long as I keep it all in perspective and remember that I don’t have to like it, but as long as I play this game, thems the rules, and it’s okay. You can support the tool without loving every aspect of it, and no one says otherwise.

The responsibility of oversight belongs with WordPress, not you or me, and the fall out does too. A community has trouble being in charge like that because oversight ‘committees’ rarely work to anything but mediocrity. As it stands today, WordPress is benignly governed by a company who listens, pays attention, and respects us, even if they don’t do everything each individual wants, and they keep their eye on the scope. (Perhaps by comparison, you should read up on the growing pains Drupal’s had recently. Not enough oversight there, perhaps, but I have to study more about their entire situation to know for sure.) If everything goes great, we ignore our overlords, and when we don’t like something, we vilify them.

Why are you so mad about this?

The vilification.

I’m upset to see people being mean to each other. People are blaming each other, calling names, and pointing fingers. Of course this is a situation that makes people angry and emotional, but if we’re running a business, we don’t get the luxury of doing that publicly anymore. You no longer speak for yourself, you speak for your group.(I run a fan website for an actress. Every single time I speak my own speculation about the TV show she’s on, someone assumes I know something secret and am not telling them, or I’m hinting at what’s to come. I no longer am able to speak for me the fan because of this. Trust me, I know how daft it is, and I hate it.)

But the problem is I see a lot of name calling aimed at one person alone. That really bothers me because it looks like people are attacking a person and not remembering that the WordPress Foundation manages WordCamps. NOT the community. NOT the sponsors. NOT you or me. Hell, not even the volunteers who are doing the work!

The Foundation.

If you have a problem with WordCamp and the WordPress Foundation, do the right thing and take it to them.

Most importantly, we need to be patient with each other. You don’t change the world in a day. Sure, we’re used to a fast paced world, where decisions are made on a dime and the whole status quo changes in the time it takes to svn up. But things still need to happen with thought and understanding. We have to look at the whole situation. And that’s why with responsibility comes the need to have oversight.

13 September, 2011