Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • How (Not) To Ask For Help

    How (Not) To Ask For Help

    I wrote about this once in I’m not a coder and I need help! It’s come up again.

    I was a bit torn about posting this, given that it’s a guy acting like a real jerk in public, and I’m still pretty sure his problem is that he doesn’t understand what we’re saying. But. I think it’s good to have a concrete example of how you don’t ask for help on a forum.

    The story so far: WordPress 3.2 was released on July 4th, and we knew there would be some minor issues. Most of them are related to the fact that WordPress no longer supports IE 6, PHP4 and MySQL 4. Before it was released, I decided to be proactive and take the lessons learned from 3.1 and make a Troubleshooting Master List. I posted to the forum mailing list and got advice from everyone there. As soon as 3.2 was let loose, I posted and started checking the forums.

    Then I found this guy.

    Yes, I did get really annoyed/upset with this guy. Full on anger. My face went hot and I felt myself typing furiously. And I deleted what I’d written at least a dozen times in order to keep as cool as I could. I knew I was mad, I knew I was writing in anger, and I backed away. That’s why my replies got shorter and shorter until, finally, I walked away and let the rest of the community hit him with a brick. I did come back the next morning and close the post, but only because it had become impossible to help the guy. And yes, I would have left it open to help him. It’s what I do.

    So taking the cue from his post, let’s run down the ‘what NOT to dos.’

    Cursing

    The actual title of his post is Upgrade to V3.2 and my site is f**ked. Except he said ‘fucked’ but we modified that. The URL still says it. Just don’t do that. It’s rude. If I have to explain why it’s rude, you need more help than I can give. And I say this from the point of view of a foul mouthed tart. There is a time and place to swear, and the free support forums ain’t them.

    Mouthing off

    Even if you’re not swearing, there’s a huge difference between being polite and being a cretin. People are taking time out of their day to help you. Treating them like they’re worthless and insulting them is not a good thing to do. Being polite, even when you’re very angry and upset, is hard. I’m aware of this. But that doesn’t excuse your behavior. You’re the one who decided to show your fanny. It’s like what they say on Reality TV. The people being filmed will blame the editing, and the editors will point out ‘We didn’t MAKE you pee on Joe Bob there, you did that on your own.’ Yes, selective quoting and editing can make you look worse, but frankly, you’re the one who put it out there.

    Not taking the time to read

    I think this falls under ‘Not taking the time to think.’ We told the guy multiple times ‘You need to reset your plugins.’ We linked him, multiple times, to directions on how to do that when you can’t log into your back end. Three times he complained that he couldn’t get to the back end of his site before he finally up and said he wasn’t going to.

    Most of the issue was that while we told him what to do, he was blinded by his own interpretation of what we meant. He would have been better served by simply saying ‘I don’t understand what you mean by FTP’ … except he did.

    Not following directions

    This is really simple. If you’re asking for help, you’re assuming the people who answer know more than you. If you refuse to follow their advice, you’re done. Seriously.

    Getting derailed

    You may have noticed how he started picking on my language (I used ‘seriously’ twice, and apparently that was too many times), my nationalism (I’m a dual-citizen as it happens), politics (Afghanistan), and so on and so forth. A lot of energy was wasted by his anger and the resulting attitude from it.

    The entire reason I did not snap back and point out where his gross assumptions were wrong is because it was not productive. It would just make him madder (yeah, think about that for a second) and make the situation more volatile. Don’t feed the fire.

    It’s NOT all about you

    I cannot stress this enough, every single volunteer on the WP forums knows and understands exactly how important your site is to you. I have this problem in my day job too. I work with hundreds of very important people (they actually are – the office would come to a standstill if any one of them broke). They are all incapable of understanding that everyone is just as important as they are. I have been known to snap at people and point out that more than one VIP is having a problem, and I am working on the issue, but if you’d like to tell them that YOU are more important, go for it.

    No one ever does. They usually shut up, which tells me that really they’re like a kid who fell down on his tush. He’s fine, just crying for effect. You may think that the squeaky wheel gets the oil, but you forget about the boy who cried wolf. At a certain point, we stop listening to you until you come in with a broken wheel.

    What else?

    Obviously this list can’t be exhaustive (I’d run out of internet before I ran out of examples). The real basic rule is ‘Don’t be a dick.’ Everything else is an extension of that.

    If you’re helping someone who treats you like crap, you’re allowed to walk away. At work or at play, you don’t have to deal with it. Just walk away. Of course, at work, you need to tell your boss, and on the WP forums, I tend to email or ask people directly to step up for me please and thank you. In fact, watching the community get my back in that post was both pleasing and very sad. I was sad it had to happen, and I remain sad that he couldn’t be helped.

  • Understanding Zero-Day

    Understanding Zero-Day

    If you run a website or work with computers much at all, you’ve heard the term ‘Zero-Day Exploit’ and you probably had no idea what that meant.

    At its heart, a “zero day” attack or exploit is one that happens before any of the developers are aware of it. It’s pretty straight forward, in that the attacks take place in that window of opportunity between code release and code patch. Logically, you’d think that all exploits are ‘zero day’ because a programmer would never release a product with known vulnerabilities. Right?

    Wrong.

    We already accept the fact that human beings are not perfect and thus, by extension, neither is our code. We cannot make every product work on every setup, otehrwise there wouldn’t be browser and OS wars. Keeping that in mind, we have to accept the fact that there will always be security holes in code. And sometimes we developers are well aware of them, but consider them acceptable risks. brorwser wars - by Shoze This means that when a vulnerability is plastered as a zero day, the question becomes ‘By whose calendar is this a zero day exploit?’

    If you found a zero-day flaw in a product, the ethical thing to do is privately communicate with the product developers ‘Hey, if I do this, I can get access to THAT.’ At that point, the product developers should take the time to craft a fix and quietly push it out to everyone. The public often isn’t told about this until the patch is written and available, and even then, details are withheld a few days so that, during the critical time it takes everyone to upgrade, people aren’t exploited further. This also allows people to apply one patch instead of 17, as multiple fixes can be wrapped up into one install.

    Of course that’s a perfect world scenario. There are multiple cases of exploits being announced in the wild before a fix has been made. Sometimes it’s a case of an over enthusiastic reporter, but also sometimes the people who report the bug get mad at how long it takes to fix it, and release the information in order to speed up the process. There are unprintable words for those fools, and the fact that they can’t understand how they’re making the situation worse is sad.

    By its nature, an exploit no one knows about is the one you can’t protect yourself from. That’s why vulnerability disclosure is such a touchy subject. Sometimes the fixes are really easy, but more often they’re not. Like a vulnerability exploit in your car is the gas tank. Anyone can walk up, unscrew your fill cap, and pour in anything they want. That they don’t has more to do with the fear of retribution than anything else, but they certainly could. Also vulnerable? Your mail. I can’t tell you how many times I see the mailman leave the cart on the sidewalk while she goes in to deliver our mail. Someone could steal the mail, but rarely does that happen.

    In 2008, there a DNS cache poisoning vulnerability was discovered.(ZDNet – Has Halvar figured out super-secret DNS vulnerability? by Ryan Naraine | July 21, 2008, 2:12pm PDT) The details of the exploit itself are inconsequential to this story. When the vulnerability was discovered, the folks ‘in charge’ asked for a thirty-day embargo where no one would ask about it or talk about it, to allow the code to be patched and deployed. This radio-silence would end with a news release and explanation. This did not work as well as one might have hoped. (ZDNet – Vulnerability disclosure gone awry: Understanding the DNS debacle by Ryan Naraine | July 22, 2008, 7:09am PDT) People accused the organizers of performing a bit of media hacking (i.e. social hacking) and spinning the news to make a bigger impact for themselves. Essentially, they claimed there were no altruistic reasons to keep the lid on the issue.

    When you seen a report of a zero-day exploit, the important thing is not to panic. Firstly, check to see if there’s already a patch. Secondly, remember that just because you’re vulnerable does not mean someone’s spiked your gas tank. Thirdly, accept reality for what it is and know that you’ll be impacted at least once in your life, and that’s okay.

    If you know how to recover from this, you’re better off. But that’s another topic.

  • Introducing HEO

    Introducing HEO

    We all know that SEO is ‘Search Engine Optimization.’ I humbly suggest we pay better attention to HEO – Human Experience Optimization.

    After you spend hours and hours optimizing your site for search engines, you should sit back and think about how the humans who are reading your site. This should be blindingly obvious to everyone, but more and more we hear about how you should make your URLs SEO friendly, or your post excerpts/slugs/format/meta-data the best to get highly ranked in Google. At a certain point, you’re missing the goal of a website.

    A website is not for search engines, a website is for humans.

    Humans like to be able to find what they want relatively painlessly. They like to know when something was written (or when whatever it’s about took place). They like to be able to search, sort, surf and select. They like to know weird things. It’s your job to make sure that when a user hits your site, they stay.

    Fonts

    I’ve mentioned before that font choices matter on your site. Perhaps the most important thing to remember about fonts is that people have to be able to read them. A lot of sites make their fonts very small, which force viewers to hit Ctrl-+. This is one of Jakob Nielsen’s pet peeves. Users should be able to control their font size, but you should also set your font starting size to something legible.

    Imagine my surprise when I went to a site and saw this:
    Example of a site with teeny tiny text

    I had to zoom in to read. That font is set to font: 11px/13px "Lucida Grande"..... Just by changing it to 12px/20px it was easier to read, but to make it a perfect starting point, it should really be 14px/20px. You’ll need to balance on your font choice with the size, though, as too-thick and too-thin fonts are equally painful for people to read.

    Colors

    I’m in my mid-thirties with the best worst vision you’ll find before someone gets classified legally blind (that said, I have fantastic night vision). I cannot read black backgrounds with white text for more than a few seconds without getting after-images. I’m not in the minority of the world. There’s a reason books, eReaders, newspapers and magazines tend to print dark text on light backgrounds, and it’s not just the cost. More people can read that setup. On top of that, don’t use background images. The busier the background, the more difficult it will be to read and you’ll draw the attention away from the text.

    The colors on your site need to be easy to read, and not strain the eyes.

    Layout

    Did you know that users tend to read to the left? This sort of flow makes sense when you consider that most languages are read left-right. Jakob Neilsen points out that people spend “more than twice as much time looking at the left side of the page as they did the right.” (Jakob Nielsen’s Alertbox, April 6, 2010: Horizontal Attention Leans Left) Not only that, but people actually tend to read pages in a pretty distinct F-shaped pattern. (Jakob Nielsen’s Alertbox, April 17, 2006: F-Shaped Pattern For Reading Web Content)

    So how do you best layout your website? I tend to think people read content better if it’s on the left, so I put the body of my text left and the sidebars right. I also take into account that newspapers and magazine break up text into columns for readability reasons, and set a fixed width to my site. That choice is somewhat controversial among my friends, but I like to look at the iPad and Kindle for examples as to why you want to not allow forever-width pages. Monitors are big, browser windows can be huge, but in the human head, eyes are spaced in a certain way. Making your page’s content too wide is a drain.

    Page Length

    There used to be a concept of ‘The fold’, which was basically that people didn’t scroll down on webpages in the early days of the web, so if they didn’t see your important content on the top half of your page (i.e. above the fold), they weren’t going to see it at all. It’s 2011. People know to scroll down a page.(Jakob Nielsen’s Alertbox, March 22, 2010: Scrolling and Attention) But you still need to make sure your site has the most important content ‘above’ the fold.

    Where’s the fold these days, though? Monitor size is a lot more variable today than it was in 1995, and the break-point on a page is getting pretty difficult to figure out. Unlike a newspaper, where the ‘fold’ is pretty obvious (unless you’re the Chicago Sun Times), you have to take a pretty good guess at where the ‘top’ of your site is. Oddly, this is a lot easier with the iPad, which currently is my benchmark for ‘the fold.’

    Keeping that in mind, page length matters! I try to keep each post no more than 1200 words, because of human attention span. If I happen to dip longer, I’ll consider breaking the post into multiples.

    Permalinks/URLS

    Samuel Wood (aka Otto) said it simply:

    Humans care about dates. Leaving a date identifier (like the year) out
    of the URL is actually de-optimizing the site for humans.

    Not everything should have a date, mind you. Resources like WikiPedia or other sites that act as repositories for static, timeless material (like a book), certainly do not need date stamps. Deciding if your site needs to include the year in the URL (like I do here), or not at all (like I do elsewhere), is something you need to think long and hard about. If you’re making a ‘traditional’ blog, or a newspaper, or some site that acts as a repository for time-based information, the answer is simple: Yes you do.

    In addition to sorting out if you need dates or not on your site, you have to think about the post format. I’m a huge proponent of pretty URLs, so I tend to lean to custom crafted URLs. On WordPress, I always review the permalink and, if I think it could be better shorter, I do so. MediaWiki defaults to whatever you want to name the page and puts that in as your page title(Oddly you can only override this with {{DISPLAYTITLE:Custom title}} , which has weird results in searches.), but WordPress uses the ‘title’ of your post and makes that your page title.

    Permalink Example

    This is pretty easy to change, though. Just click on edit and make it shorter (which I strongly suggest you do in most cases).

    What else?

    I could go on and on. Like how you shouldn’t use too many ads (and whatever you use, they shouldn’t be bigger than your post content!), don’t use flashing images/text, and keep in mind your audience! What are your hot-button topics for making your site human friendly?

  • The Truth In Presentation

    The Truth In Presentation

    By now, the internet knows about how the Gay Girl in Damascus was a hoax and Paula Brooks of Lez Get Real is a straight man. These aren’t the first people to be caught ‘faking it’ to tell a story. In fact, both Tom MacMaster (‘Amina’ from Gay Girl in Damascus) and Bill Graber (‘Paula’) claimed to do what they did with the best intentions. They had seen the way gays are treated and felt that, as men, their point of view would be dismissed. Where this crosses the line from ‘best intentions’ and wanders right into out and out deception, however, is where they begin lying to cover their tracks.

    Look, this isn’t new. George Eliot (who wrote Silas Marner) was a woman. James Chartrand of Men with Pens fame is actually a woman. George Eliot did it to protect her personal life, James Chartrand did it to make a living. (Her story about the whys, hows and repercussions is pretty awesome.) There’s a long history of people using pen names, and a lot are mentioned in Carmela Ciuraru’s new book Nom De Plume: A Secret History of Pseudonyms.

    Pretending to be someone else is draining. You’re constantly aware of pronouns and speech patterns. Do I sound like who I am supposed to be? I’ve done it before as a social experiment in college, to see if someone can ‘fake’ being a man online so well that no one would know.(Of note – this was in the early 90s, so things were pretty new then.) I did it so well that, when I carried on doing it for a few more years, there was a hilarious point where I was flirting with my girlfriend (she knew the truth behind the ‘character’) on a public forum, and someone felt it was important to tell me that she was both taken and a lesbian.(This may be why so many people think I’m a man online… I guess I ‘write male.’)

    Using a pen name is something we all accept and can understand. It’s when you delve into the complete fake persona that the world gets a little hinky. ‘Paula’ was a deaf lesbian, who had a girlfriend, kids, and a father who answered the phone and ‘interpreted’ for her (most people think the ‘father’ was actually Graber). At some point, ‘Paula’ killed off her girlfriend. And ‘Amina’? She told in depth details about her parents, how she hid in secret rooms (ala Anne Frank), and how most of her family had to leave the country.

    These people became deceitful when they crafted complex dramas for their fake lives, and wrapped in layers upon layers of excuses and explanations as to why they can’t meet you.(My excuse is the truth – I’m really shy and nervous around meeting new people.) The bigger the lie, the more likely they are to get caught. ‘Amina’ was caught because her blog claimed she was arrested and no one in Damascus could find information on her.

    And this is where the technology aspect of the drama unfolds. This becomes a post about technology and not just a rant about deception when you realize how careful you need to be to keep up the lies. If ‘Paula’ left a comment on my blog, her IP address would be logged. If she, subsequently, said ‘I’m in Amsterdam this week and…’ I could look at her IP and sort out where she really was. If she was using something like The Tor Project (aka Onion routing) to hide her location, I would be suspicious.

    Thankfully, for people like me who spend time worrying about impersonators, you can peel back the onion layers of Tor and deduce who people are. Currently, there is no 100% reliable way to back-trace an IP through all the Tor layers, but simply the use of it on common, casual sites would be enough to raise eyebrows and some risks.(If you’re really interested in tracing Tor/Onion users, read Practical Onion Hacking) In 2007, a German blogger acting as a Tor providor was arrested because someone used his service to download child porn.

    Why would someone want to use Tor at all? Tor is great for doing things you aren’t supposed to be doing, and while a lot of the time that means impersonation, trolling and general internet asshollery, it also can be used to allow information to be posted from places where a repressive government doesn’t permit, or where it would be socially unacceptable if you were found out. Like if ‘Amina’ had been real, her use of Tor would make sense. If you really were a persecuted lesbian in a hostile environment, you would use Tor to make your blog posts so the local government couldn’t track you down at your house. Assuming they don’t know how to hack a Tor setup.

    Besides the technical aspects, there’s a lot of social engineering that goes on behind impersonation. ‘Paula’ turned herself in after constant questions from the news(I should mention that the Paula Brooks story is even more intricate and crazy than originally though! Bilerico reports on the inconsistencies and the more we learn the less we seem to know about the ‘real’ person behind Paula Brooks.), but ‘Amina’ was found out only after red flags were raised when people tried to help the poor arrested girl. In both cases, there were enough holes in their stories that people began to question the ‘facts’ as well as the motives. There is a difference between using a pen name to protect yourself (or to advance your career) and creating a whole persona. The difference between James Chartrand and someone like JT LeRoy is that James didn’t create an elaborate backstory, James just wrote under a pseudonym. It’s most likely that no one ever asked if James was really a man, they just assumed. There are a lot of ways, legally, to do that. Get a good lawyer you can trust, and they can act as your proxy in all things. Now no one has to know.

    Law & Order has done a couple episodes based on this phenomena. Some are about the people who use plastic surgery to hide themselves, another on the woman who hired an actor to ‘play’ her male persona and was betrayed, and so on and so forth. It makes for good TV, I’ll admit, but the truth is that all of those people were found out, and many times before their ‘death.’

    I think the most ironic thing to come from the whole mess is this:

    In the guise of Paula Brooks, Graber corresponded online with Tom MacMaster, thinking he was writing to Amina Arraf. Amina often flirted with Brooks, neither of the men realizing the other was pretending to be a lesbian. (Source: Washington Post – ‘Paula Brooks,’ editor of ‘Lez Get Real,’ also a man)

    Between the technical and social engineering weaknesses, using a pen-name to craft an entirely new identity is something that can get your credibility shot. There’s a reason we leave false identities up to people like WitSec or the CIA. It’s hard, and the costs of being found out are devastating.

  • The Redistribution of Apps

    The Redistribution of Apps

    Mac is going virtual. They’ve finally agreed they’re a hardware company (yay) and they’re trying to make it easier to install software. No longer will you go to the store, but you will logon to the App Store and download. Apparently the App Store is already bigger than Best Buy. The big news of the month was iCloud (and iTunes Match), where you can sync your data across multiple devices. Wirelessly. Okay, that is pretty cool. But the announcements didn’t get everything right.

    The concept of mobile redistribution of applications is not a new one, but Apple, as always, is attempting to do it more elegantly than before. At the very least, the ability to sync (for free) my documents among multiple devices at once is worth the price of admission. I like to write on my iPad and my laptop, after all. While iCloud isn’t out to the public yet (Lion, the next OS 10.7, comes out in July, so I would expect iCloud by Christmas), we can speculate on how it will handle the sharing of more than just data.

    Here’s what I think they need to have to make this a winner:

    Torrent-style downloads

    I have two laptops and three iOS devices. That means I have to run upgrades multiple times, and some of these are pretty big. Do you know what happens if your net craps out in the middle of a 200meg download of iOS 4? You get to start over! The new Lion OS is a 4G install, and it’s a disk-less revolution. Great, that means it’s cheaper ($30 vs $130), but that also means I have to download it for each computer I need to upgrade, and I have to pray my net doesn’t blow up in the middle. Which brings me to…

    Backup to Disk

    I know we’re going diskless, and that’s great, but if I legitimately buy a product, I should be able to sneaker-net if I want to. Frankly, it’s going to be faster than downloading if I have to upgrade more than 10 computers. I won’t bottle neck things with 10 concurrent 4G downloads all at once. While you can’t really do that with the iOS stuff, I wish I could use one download for all my iDevices. Of course, with the new idea of AirDrop we could…

    Copy Between Computers

    Why not come up with a way to flag up to 5 computers as your ‘home network’ and, if they’re all on the same IP range, let them share installs? So I download Lion, and then AirDrop it to my other computer. Done! To a degree, it looks like iCloud will be able to do this, but it seems to only be for data. For photos, music, documents, etc that’s great. Those aren’t all of what I do. I write code. What about webpages I work on? I like to have those backed up too. In fact, the best way to do this would be….

    iCloudShare!

    If I have a Time Capsule, why not let me store all my installers there, register my computers on TC, and then have a local repository of my paid for installs, so I can download them at any time? Think of it as having your own personal little cloud where all your stuff is there, and then when you want to re-install, off you go! Mind you, I already know from experience that if I restore from backup between computers, I can copy over all my apps and preferences. With the new iCloud they’re working on this for iOS apps, which is something they certainly can do. Then you can bring in ….

    MyCloud

    The real replacement for MobileMe would be MyCloud. Work with ISPs so you can plug a Time Capsule (now renamed Cloud Maker) into your network hub, and it automatically makes it so you can connect your registered computers no matter where they are. I would restrict full backups to LAN (local area network – i.e. only at home) only, but you can sync docs and whatever else you want no matter where you are (like DropBox, only at home).

    So what do you say, Apple?

  • Responsibility, Responsibility, Responsibility!

    Responsibility, Responsibility, Responsibility!

    So you’ve put your blood, sweat and tears into a site. You finally made it popular. You have regular visitors who comment, retweet, like and share your stuff. You’re getting traffic and the ads are actually paying for things! Everything should be smooth sailing, right? Wrong.

    Last year, I touched on the Dangers of an Unchecked MultiSite. While that was specific to the trials and tribulations of WordPress’s (then new) feature of MultiSite, it hammered home the lesson that you, who runs the site, are responsible for what goes on there. There’s a reason I have a comment policy on this site and a terms of use. I am aware of my responsibilities, but I don’t take responsibility for everything.

    You have to look at your website like a business. If you ran a business, you would be responsible for whatever crap your employees looked at on-line, how they used their phones, etc etc. If someone uses your services to do something illegal, you’re responsible. That’s why you have to sign your life away in blood. Not that anyone reads that stuff for most things, but you do agree to not break the law when you install your operating system, for example.

    At the end of the day, when you’ve made a site, you become responsible for the content (with some exceptions). You’ll note that the Terms of Use for this site have a pretty hefty bit of disclaiming going on, and outright says I’m not responsible for the contents of any message (i.e. comment). That’s a mostly legally safe claim to make, and I’m being up front saying ‘Hey, if someone’s a dick in the comments, that’s on them.’ Later on I say I reserve the right to delete anything I damn well feel like, and I do, but the point is I’m still responsible for your antics!  That’s why a big part of running a site is moderating the community.

    If someone makes a comment you (or your visitors) deem to be offensive, it’s in your best interest to quickly take decisive action.  Make a choice, pick your stance, and stick by it.  Don’t waver or feel guilt. This is your site, your responsibility (there’s that word again). If it makes you understand it better, this is your job. The easy part of the site is building it, the hard part is maintaining it. For those of you who just spent months getting your site to look just right, the idea that something is harder than that may be daunting.

    First you put in the sweat equity to make the site. Then you spend hours researching and writing posts. You’ve already found out about how much time you have to put in fighting spammers. Now here I am telling you that you get to spend even more time and energy keeping the community of your site going. It’s okay to hate me. I actually spent more time these days keeping people in line and tending to them than I did anything else a couple years ago. That’s the real reason a lot of sites go in for moderating teams. It’s a lot of work to keep track of everything. Since then I’ve turned to what I call ‘community moderation.’ Plugins like BP Moderation (for BuddyPress users) and Safe Report Comments let your visitors flag posts for you to come back and review.

    Regardless of this, there remains one person responsible for this site: Me. I’m responsible for what people who have accounts do here. I’m responsible for what I say and what they say. I’m responsible for your comments and the ads on this site. Everything here is my responsibility and I take it seriously. To carry it up a level, if your site sells a product, you are responsible for all of that product.

    Recently there was a kerfluffle when Joost de Valk announced that his SEO plugin was being infringed on by WPMU Dev. Of course there was a public rebuttal by WPMUDev and a response to the rebuttal. Even WPCandy stepped in.

    Before everyone gets het up about this one, I honestly don’t care who’s right or wrong for the purpose of this post. My opinion, and yes, I have one, doesn’t matter.

    See, no matter what else, at the end of the day, a company is 100%, totally, unequivocally, responsible for their own products. Full stop. Everyone can agree to this (and as far as I can tell, everyone does agree on this point). No matter what, WPMU Dev is responsible for their products. No one is arguing this. The fact that they pushed a flawed product that slipped through their checks and balances is the point. They can’t blame the developer without blaming themselves for not checking his work. Regardless of if they failed to check the plugin, or forgot to tell the developer to always attribute his work, or whatever it may be, the company who hired the developer assumed all responsibility for the work which was then pushed forth in their name.

    They weren’t the first people to make this sort of error, and they won’t be the last. Making the error, in and of itself, is monumentally stupid, but you know what? We’ve all been there. We all take responsibility for these screw ups. It’s horrifying, the first time you realize you’re responsible for something that you’re not in control of, but there you are. You run a company. Sometimes things go wrong in ways you never predicted and should have, but didn’t. In 2009 Microsoft yanked code they’d stolen. I know, stealing is a dirty, hot-button word, but that’s what it is. PC World says it right:

    Third parties or not, though, Microsoft is responsible for making sure its software isn’t stolen, and it’s simply not doing the job. (Microsoft yanked code they’d stolen – PC World)

    Think it’s just software? Think again. Last winter, a small magazine called Cooks Source lifted someone else’s work, wholesale, and put it in their magazine. The author was attributed, certainly, but not compensated. When the author found out, she contacted them and asked for a $130 donation to the Columbia School of Journalism. She got a pretty awesomely horrible reply, and posted it on her livejournal. From there, the Internet exploded. (If you go to http://illadore.livejournal.com/ you can see the crazy first hand.) How far did it all go? Well the magazine is no more, after the Internet got their hooks in it. People called up the advertisers to tell them that Cooks Source was a plagiarist, and more than one advertiser bailed. Then it turned out they’d stolen multiple articles from multiple sources, non paid, and photographs as well. Let’s not get into the website, which had stolen content all over the place.

    It’s your site. It’s your name. You are responsible. Make all the excuses you want, but it doesn’t exculpate you from that role.