Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • Secure Mindsets in Plugins

    Secure Mindsets in Plugins

    At WordCamp Europe last week, I talked about the basics of plugin development. Since I had a mixed bag of experiences, I decided not to actually write a plugin in the class, but instead I took Hello Dolly and edited it. I discussed how the plugin worked, that an action called a function, which returned a value, and showed the interconnectivity. In this way, the attendees could understand the big picture of how code comes together.

    But at the end, with five minutes, I touched on an important aspect of plugins that Hello Dolly doesn’t do much with, because it doesn’t have to.

    I talked about security.

    Past You

    In the past, you probably done insecure things. Have you ever left your car unlocked in the driveway while you ran the groceries inside? We all do things that are insecure or unsafe. This is normal. Similarly, we have done insecure code. In the past, all of us, when we begin, we write code to perform actions without thinking about how it will be used globally. We don’t worry about safe, we worry about functions.

    There’s nothing wrong with this. We are often focus driven designers, fueled by passion and desire, so we want to do and not worry about the details.

    This Morning’s You

    That said, when we do work in that way, we get ourselves into trouble when we ignore security. We assume people will only use the code in the right way, because it’s obvious what is right and what is wrong. I try not to say ‘obvious’ or ‘simple’ when talking about code or interfaces, because they are absolutely never, not once, obvious or simple. When I got my Apple Watch, the UX of Force Touch wasn’t obvious to me. It’s not simple now, since it can be a bit touchy, but it’s not difficult.

    In the same vein, we all know that users do weird shit. Really weird shit. They put text in fields that should only gen numbers. They put numbers in for email. They copy paste without thinking. And you know that. You’ve seen it.

    The Right Now You

    Having read that, you’re hopefully thinking “how can I make my code secure?”

    When we talk about basic security, we mean four things:

    1. Validate your data
    2. Sanitize what you save
    3. Escape what you output
    4. Verify a human meant to do it

    That’s it. Make sure a date is a date and an email is an email. Make sure you save the data in a way that doesn’t put other data at risk. Remove any possibly dangerous characters from what you show to users. Always make sure someone meant to do the action. WordPress has over a dozen Sanitize and Escape functions to help make sure you save the right data and it has nonces to help make sure you save when you should.

    They’re very complex, but at their heart, they do those four things.

    Future You

    The you of tomorrow will appreciate the you of today, if you remember to never trust your data. People typo. People make mistakes. People do bad things on purpose. All of that just happens. And if today, you learn how stop those bad things, tomorrow’s you will look back on you with love and thanks. Your users will thank you. Your next future will love you even more.

    Security isn’t just https and good passwords. It’s a mindset to remember that anything passed to your code might be attacked. It’s a mindset that good users do bad and dumb things. It’s a mindset that mistakes happen. And it’s a mindset that being aware of the whole of your code, how it all comes together, must always include validation, sanitization, escaping, and nonces.

  • SEO and URLs and Indexes

    SEO and URLs and Indexes

    The question of the day. “Does having all your posts indexed on the main page of your site cause the highest SEO value to be in your main domain name and not the individual posts or categories?”

    No.

    What is your homepage for?

    As a reminder, you don’t have to have all your posts listed on your main page, or any page when you get down to it. When you don’t we call those ‘static sites’ but really what we mean is “A non-newspaper site.”

    Yoast talks about this with regards to what they call homepage SEO. As Michiel notes in that post, the point of your homepage is to load fast, explain the purpose of the site, and direct people to where they need to be.

    Where Is SEO Value?

    The SEO value in your site is not going to be in the homepage or the category pages. It’s not in the archive pages either. The value of your site is found in your important content. We call this your flagship or cornerstone content. Those are the pages you want to drive people to, to get the most out of their visit.

    There’s a lot of good advice about how to make good content like that, from CopyBlogger and Yoast and more. But the point they all make is that the mead and meat part of your site is the content and not the index.

    Do index pages lose SEO?

    Again. No. Look. I get it. The real question is “Will sending everyone to my home page screw up my cornerstone SEO?”

    No. That’s not how it works. If people are looking for “your website topic” then yes, they will end up on the home page. And if your home page is a constantly rotating list of pages, then yes, they will see links to some deeper content.

    But that doesn’t hurt your SEO. Google will rank your cornerstone pages properly because they will rank higher. They will have more specific content. They will be your centers. So spending all your time coming up with fancy ways to get rid of content that is underperforming, hiding it and removing it, it’s just a waste of time and energy. Of course that’s a bit of a different topic.

    Your homepage won’t hurt your SEO

    Listing your recent posts on your home page doesn’t hurt your SEO. Actually it helps a little to have a ‘recent posts’ section. But no, having the posts lists doesn’t hurt the SEO. Your site will be just fine. Don’t make weird CPTs to shuffle things around.

  • Calm Under Pressure

    Calm Under Pressure

    A friend remarked she was impressed I was able to stay calm under the abuse slung my way. I have a secret.

    I’m Often Very Angry

    I’m not calm. I’m often quite irate and I froth and I rant. Some of my friends hear those rants. The complaints about how can people be that myopic and obtuse run rampant. I also do on occasion see red and feel my blood pressure rise and I want to reply to people so angrily.

    I really do. I want to scream and use all caps to emphasize that lying to people, trying to trick them, or otherwise doing bad things makes them bad people. I really want to shake some people to make them see they’re hurting themselves more than anything else. Some people I want to take their computers away because clearly they’re too immature for even free plugin hosting.

    That’s My Secret

    If you saw the movie The Avengers, then you may recall a moment when Bruce Banner said he controlled the Hulk by always being angry.

    The trick of that is its simplicity. You see, if Banner could only control the Hulk by not getting angry, then he’d lose. But by accepting his anger and being always angry at the state of the world, at his situation, and so on, he doesn’t have to control the anger anymore. He has to control his temper. That is, he controls his response to anger, but he allows the anger to happen.

    It’s Okay To Be Angry

    We all get angry. We see people doing stupid things and we get mad. But we have a choice in how we respond and react to those things. You can’t stop yourself from being angry, but you can stop yourself from being an uncontrolled Hulk when you’re angry.

    Seeing people not care about others gets me madder than anything else. Be it cutting in line, stealing, abuse, or the government. Or, yes, plugins. I get pissed off. I find that lack of humanity, lack of humanitarianism, to be appalling and disgusting.

    But I don’t lash out and hurt people (at least not intentionally) when it happens. I try to educate, to discuss, and to communicate.

    We Have A Choice

    We usually have a choice on how we react. There are, of course, situations where we are not in control of ourselves, where we react before we can control. Trauma triggers cause that in many of us. But where and when we do have a choice, we must remember our humanity. We must chose control.

  • While Not Being Consumed

    While Not Being Consumed

    I get painted as a bad guy a lot. I’ve been called names, everything you can think up. I’ve had my gender, sexuality, appearance, and ability all mocked and derided. And most of this has happened since I took up the role of a volunteer in WordPress.

    Creation, Editing, Fitting In

    As a writer, which is how I’ve always seen myself first, I’m used to the ruthlessness of the editing process. I’ve seen papers torn apart and painted red with corrections and commentary. Why this? What are you saying here? I understand the reason for ripping apart creativity to find it’s heart and crux and meaning. Art for the sake of art is different than art for the sake of consumption, after all.

    But instead of a career in the arts, or journalism, I had a different path. Out of college I went to work for a bank and quickly learned how to fit myself into the cog of a machine. I had a role and a life that did not encourage innovation and uniqueness, but that of interchangeability. And in that work, I began to understand the reason for patterns and the similarity.

    I’ve always been fascinated by patterns. I liked to see how the number went from 09 to 18 and 27 and obviously the first number goes up while the second goes down, and isn’t math cool? Seeing the pattern in the work at the bank taught me that while we are all creating and inventing, what we make has to be used in many different ways, and they all need to talk to each other. So we have to make sure all the little cogs and wheels interlock properly.

    It’s Still Creation

    I like to watch the behind the scenes parts of movies. It’s why I prefer to own physical copies. I have watched all the extras for the Lord of the Rings movies. That’s why I know Tolkien disliked when people were obsessed with his work. Because he was not obsessed. He liked what he did, but it wasn’t the end of the world if people didn’t care for it. He made something neat to tell the story he wanted to tell

    Often we as developers fail at this. It’s not entirely our fault. We’re told that what we do is engineering or science, and we forget to stress the creative aspect of inventing that which has never been seen before. We forget progress is forged by dreams. And that’s why, when you see a one star review of your work, it flays you open, leaving you chained to the rocks for the crows to eat your innards. You gave fire to man, and this was your reward?!

    Let’s breathe. What Tolkien didn’t seem to understand was that he had created life. He had made a world so amazing and vibrant, people saw it and wanted to be a part of it. Similarly, when we create code, we give life to others.

    The Good, The Bad, The Ugly

    I’ve gotten the greatest compliments on my work in the form of someone telling me it helped them achieve their goals. People have started businesses, found success, and made something of themselves, all because of something I did.

    But more often, or at least what I remember more, are the names and the anger and the harassment. The people who stalk me down on Slack and Twitter, demanding that I pay attention to them right now and that they are the most important thing… while being angry when I do devote that time, but that my answer is not what they wanted.

    Remember Your Self

    Originally I titled this post “When you’re evil for doing good.” Really that didn’t touch on the real feeling I have about this. Because at the end of it all, I sit and look at the work I’ve done and I ask myself “What was this for?”

    I have a strange life. I have a job that is essentially trying to keep 26% of the internet safe from itself. So my answer for “What was this for?” has become a question of itself. “Is this going to make it better or worse?”

    When I come to decisions, like to tell someone we cannot host their code because they have lied and broken the guidelines too many times, it always comes from this place. Will I make things better for the majority or worse? And in that moment, I ignore the other question. “Will this hurt me?” Because the answer to that is “Yes, probably.”

    “Honor is what you know about yourself.”

    There’s no way I can make hard decisions and not get hurt. There’s no way I can do it and not hurt others. But I sit and I remember my self. My inner self that wants to make things better, safer, and as fair as possible. I remember the me who wants to say “What I do makes the internet better.” And if that comes at a personal cost, well. I will know this.

    I have integrity.

    I have honesty.

    I have empathy.

    As long as I have those, and as long as I do my best and keep learning and becoming better, I will be doing the right thing. And I can live with being ‘evil’ when I’m doing good.

  • Why I Write About What I Code

    Why I Write About What I Code

    I was asked this the other day. Obviously sometimes I write about technology in general, or software I find and like, but a great deal of the posts here are about how I figure things out. And the reason I do that is, simply, it makes me a better writer and a better coder.

    Want to write better?

    There’s nothing that will make you a better write than writing. You will learn your voice, your tone, and your flavor of writing only if you write. It doesn’t matter if your writing is bad at first. By writing more and more and more you will only get better and better at the process, and more comfortable doing it.

    Getting into the habit of writing, where it’s an every day occurrence in your life, is imperative if you want to write better. It’s a talent, yes, but it’s also a skill. And if you don’t practice skills they get rusty. If they get too rusty, they break and you give up.

    Want to code better?

    The fastest way to get better at code is to read and review other people’s code and try to figure out how they did what they did. The reason I can continue to think as sharply as I do about plugin reviews is that I do it every day. Every. Single. Day. I look at 30 to 100 plugins, review the code as written by just as many developers, reverse engineer what they’ve done, and I start to understand better. I peer review people’s code, day in and day out.

    But nothing makes you a better code than coding. Obviously. And yet there’s one thing most people miss. You see, the critical review of your own code is absolutely necessary if you want to become a better coder. And in the absence of peer reviewed code, the best thing to do is rip it apart yourself.

    Can you explain your code?

    That’s it. That’s the magic. If you can explain your code, why you did what you did, why it does what it does, then you are at the step of critically reviewing your code. The number of times my code has improved because I’ve blogged about it is uncountable. As I write my post, I find myself typing “I used the function X because…” and I stop. Why did I use that function?

    It’s in the questioning of my own actions that I begin to understand my own internal logic. You know, the part of your brain your parents and teachers helped you form. Those early days of logic where you learned fire was hot and one plus one was two, you also developed your own style of thinking.

    Can you explain why?

    My father likes to tell me I used to do my math backwards, from left to right, before my school taught me otherwise. On occasion, I still do it that way because I want to look at my math from a different perspective. Talking about why I do that changes my understanding of the process. The solution was always the same, but the process of getting there is vastly different.

    When I talk about why I chose the path I did, I do more than just verbalize to myself what I’ve done, I teach someone else that there’s an answer and there’s a way to their answers as well. I’ve shown a path.

    I write to understand myself

    Above all else, I write to understand myself. Only by doing that can I improve at anything.

  • Will You Help Me Sell My Plugin?

    Will You Help Me Sell My Plugin?

    I get asked this a lot. It comes with the territory, but people ask me to help them monetize their plugins all the time. And my answer is always the same.

    No

    As much as I am a strong advocate of people making money off of WordPress, and as much as I support plugin and theme devs in their work, I’m not out here to help you run your business. While I do spend time thinking of ways to get people to pay for services and software, I don’t prioritize it, and most of my ideas are just that. Ideas.

    Really what people are asking for is my ideas and my free work. And to that, I say no.

    Business Help Isn’t Free

    If you wanted to hire me to help, to look at your code and to assist you in coming up with business strategies, based on my experience in the WordPress world, that’s a different matter. That gets a ‘no’ because I don’t have the time to dedicate to that work. I have a full time job that I do like, and I have some volunteer work I enjoy, and I have a very addictive side project. Since I enjoy being married, I don’t take on extra work right now. I don’t need the money.

    But the point here, if you can’t tell, is that yes, I would expect you to pay me for my work.

    I’m No Good At Sales

    Of course, keep in mind the fact that I’m a terrible salesman. I don’t like exaggerating what a product can do, I don’t like even suggesting a lie. I downplay. And that’s because I don’t like it when people promise the moon and only deliver low Earth orbit. I want realistic goals and possibilities. Can you do anything with this plugin? Sure. But it comes at a cost and I feel people should know that cost.

    I’m Hard to be Bought

    Everyone may have a price, but my price is rarely money. I know this sounds weird, since I said I expect people to pay me for my work. You see, asking me to do you a favor for free doesn’t really happen. But also, asking me to do you a favor for pay won’t happen.

    And by this I mean reviews.

    I’ve been asked, many times, to review people’s themes and plugins and post about it here. And in general, I say no. I review the things I use and like because I use and like them. I’m driven by usability. If I like your ‘thing’ and I think people should hear about it, I’ll talk it up. If your thing is free or for sale, I don’t care. What I care is if your thing was what I needed and wanted, and I liked it.

    I Won’t Help You Sell

    That’s not my deal. It’s not my deal on this blog. I’ve never been bought off for a review, I’ve never been asked “Would you review this product of mine?” unless I’ve already been known to use it. And even then, I’ve told people “You don’t want me to review it. I like it, but you have some bad bugs.”

    I’m honest. I’m direct. I’m incurably truthful.

    You probably don’t want me to help you sell your stuff, but if I really like it, I may anyway.