Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: essay

  • What They Don’t Tell You

    What They Don’t Tell You

    I wear a lot of hats in the Open Source World. I help teams. I represent and direct others. I herd the cats of software. I allow my name to be known. People talk about how we’re doing a good job, working hard, working together trying to make things better. They talk to you about the wonderful feeling of success that comes with releasing a product. They tell you about the joy, the friendships, and the community.

    Well. Here’s what they don’t tell you.

    They don’t tell you about the bad days.

    They don’t tell you about the week you will spend being blamed and slandered and lied about in blog posts and on Social Media because people know half of thing.

    They don’t tell you about the fact that you can’t speak up and defend your actions because it’ll make things worse.

    They don’t tell you about the subtle misogyny that makes you wonder if it’s there at all.

    They don’t tell you about the gut churning nausea you’ll feel about turning on your email and watching wave upon wave of hate-mails come in.

    They don’t tell you about the dick pics and come ons.

    They don’t tell you that even when you can explain yourself to your friends, you’ll have to make sure they know not to speak up on your behalf because it won’t help.

    They don’t tell you that you can make it worse by being outspoken.

    They don’t tell you that crying will make people feel they’re right.

    They don’t tell you that people won’t even consider that their words cut you to your very bone.

    They don’t tell you that even if a great many people respect you, it doesn’t make you feel any better.

    They don’t tell you that someone will say ‘it’s all in your head.’

    They don’t tell you that you will have to wait it out.

    They don’t tell you that you will have to suffer.

    They don’t tell you that the phrase “Just joking!” doesn’t ease the wounds.

    They don’t tell you that even with all the support in the world, there are days you will feel absolutely, 100%, alone in your community.

    All those good and wonderful things? They’re true. And I wouldn’t change the past if I could. Contributing to open source has enriched my life in many ways. It’s taught me more about myself that I could have imagined. It’s taught me how much I can stand and take though. It’s taught me that sometimes, somedays I will stand with my name and my work being spoken ill of, with my actions being second guessed and criticized, and I will have no succor or recourse.

    I will have to stand there and take it and wait and say nothing and do nothing except the best I can do.

    What’s the point of this? There isn’t one. This post isn’t a cry for help or a request for my friends to come to my defense. It’s a reminder for all of us that these things happen, and there will be days we feel worthless. Where we feel beaten down and angry and that we want to cry or do something and we just can’t because we know in our hearts it will make things worse.

    But maybe the point is this.

    I feel that way too. Everyone does.

    So you’re not alone at all.

    Comments on this post have been disabled.

  • The Time and The Place

    The Time and The Place

    It was the day of a big release. A major release. A release that had been announced weeks, if not months, in advance. Everyone who was anyone knew that today was the day. So why not publicly drop the news of a major issue with the project in the middle of that release?

    It was the middle of the development meeting. Everyone was talking about issues with a part of the project. They were deep into the hell that is debugging and backtracking and arguing if things should be fixed or simply noted. So why not ask for help about an issue one user was having?

    This is not about WordPress. Well. It is and it isn’t. It’s about understanding who you are, where you are, and what’s going on around you. It’s about awareness and acceptance. It’s about being a part of something greater than yourself.

    This is about common sense.

    In Festivus, there’s a time and a place for the airing of grievances. In Judaism, we have a time and place for atoning for sins and forgiving others. While you certainly can do these things at any point in time, the purpose of having set and established periods for them is to prevent people from being derailed, to stop breaking the flow.

    The time to report a security issue (which should never be ‘in public first,’ IMO) is not the middle of the release meeting. The time to report petty theft is not while your Manager is giving an announcement. The time to tell everyone that Beyoncé’s video was better is not while Taylor Swift is on stage giving her acceptance speech.

    Those moments are rude, inconsiderate, and disrespectful.

    It doesn’t matter if you’re right or not because yes, Single Ladies was a magnificent video and Beyoncé was robbed, it matters if the right people will be able to address the issue without causing harm to everyone else.

    No one is more or less important than anyone else. Saying ‘everyone’s special’ is just another way of saying no one is. As painful as that can be to hear, it’s true. Instead of arguing that ‘us’ are more special than ‘them,’ which is purely subjective anyway, we should look at the magnitude of the work we do. Who will be harmed by the choice to publicly state something now?

    The good of the many often is more important than the good of the few, or the one. That doesn’t mean you should not confront people in public. It means you should not do so recklessly. It means that you should not speak up without consideration of who you are, where you are, and when you are. It means you must be prepared to accept the consequences of your actions.

    If you decide the best place to speak up against a politician is at his rally, you must accept that you may be throw out. You must accept that protests may end with your arrest. You must accept that being vocally against a decision or an action may result in you being publicly talked back to and possibly shunned.

    At the same time, you cannot be afraid to do these things. You should speak up against wrongs. You should speak up against bad decisions. You should tell your manager that they’re making a bad choice. But you cannot do those things blindly or ignorantly.

    It’s human nature to want to be a part of a group. We’re herd animals. We like the safety it affords us. We like the security. We crave it. So when we achieve acceptance into an ‘inner circle’ we want to protect our standing and not be cast out, and that can cause a bit of a Status Quo mentality.

    Some members of the group will always be the ones to shake things up. They will be the ones to speak against the majority, to stand up and say “This is wrong and here is why.” They’re the ones who are brave enough and strong enough to accept the consequences of their actions. They don’t walk into a room, interrupting everything and everyone, to announce something. 

    They don’t get a free pass, however. They accept the consequences. And the effective ones make sure that when they choose to speak up, they do it in the right place, at the right time, with the full respect given to their group and community. And if they don’t, well again, they know what they’re getting into.

    I can’t tell you to speak unafraid. That would be incredibly unrealistic. But I can say to speak boldly and to think about the consequences of your actions. And I can tell you to ask. “Will there be a post-mortem of this deployment where we can talk about improvements to the process?” Ask. “I know this is a meeting, and I apologize for interrupting, but I have a security issue. Where would be the right place for this?” Ask.

  • Dog Shaming Disclosure

    Dog Shaming Disclosure

    You’ve probably seen this. A dog with something around their neck saying “I ate the carpet.”

    We think that it’s funny because the dog often has no real idea what they did wrong, and we’re embarking the absolute absurdity of the moment. At the same time, we’re terrible people because we’re mocking a creature who can’t understand what we’re doing. So we’re pretty shitty people.

    This is not about any one specific company or group or person. This happens weekly. I see people tweet and post and point fingers in public well before they ping people privately or directly. I see people come into Slack and announce “This is vulnerable!” I see people post in forums the same thing. Some of these people don’t know any better, but worst is when they do know better.

    While we bandy about the need for responsible disclosure of security issues, and the need for quick resolutions, I feel that we are often too quick to point and shame and accuse. We want to get the news out about a problem so fast, to get people’s eyes and attention, that we forget about the humanity behind the product.

    Also we forget how hard we hit.

    Public Embarrassment

    When someone screws up in public, they are shaming themselves. Like the Olympic diver who belly flopped, or the hurdler who ran right into the first hurdle, when gaffs are televised world wide. They go on YouTube, they’re tweeted and pointed at for years. We will remember them for a long time. But that is embarrassment someone has done to themselves. People are people and release press notices too soon, push code early, and make mistakes. When someone does it to themselves, it’s galling and embarrassing, and they feel terrible. Their friends tell them it happens to everyone, and to learn from the mistake and do better next time.

    Public Shaming

    On the other hand, there is the ‘friend’ who publicly shouts that someone screwed up. They are metaphorically hanging a sign around someone’s neck and saying they suck. To the world. Now yes, they screwed up, but a human’s natural reaction to that is anger, pain, and a lack of desire to fix it because they’ll just screw up again.

    To make this more simple, public shaming creates a bad environment. It discourages innovation with fear.

    Responsible Disclosure

    Two years ago, Andrew Nacin talked about how security is nuances.

    There will always be individuals who want everything to be fully disclosed, and there are some great arguments for that. I’m not trying to sway you one way or the other. But if you’re trying to do the right thing — you’re doing full disclosure in the interest of users, possibly even providing a patch or steps to mitigate — working with the vendor is a good way to ensure you haven’t missed anything.

    Unlike Nacin, I do want to sway you to one side. I want to sway you to the side of communication.

    If you find a security hole in a product, the first reaction should be to reproduce it as best you can, write up exactly how it can be exploited with examples and Proofs of Concepts, and then contact the developers/vendors about it. Give them some time to reply. Ask them what they would agree a reasonable disclosure timeframe could be, talk and negotiate what would make sense for the product, the situation, and the developers. I want you to think about when releasing the information will harm the fewest people.

    Being responsible means thinking beyond the simple “This should be fixed for people.” It means “This should not put more people in danger.” It means you have to look at the big picture. Is it reasonable to expect people to update right away and, thus, you can release full disclosure with the update, or is it more realistic that it may take a while? What about bundled products? Will they get the alerts timely or not?

    Forget First, Embrace Most

    But above all else, we have got to stop this behavior of ‘First!’ Because that’s what’s going on. People are in a rush to be the first to report a problem or an issue, and in doing so they forget who they’re doing this for. Forget being first. Start caring about the people you’re posting the information for. Is this helping the most people?

    Publicly dragging someone through the muck, starting a witch hunt, just because they screwed up doesn’t help anything. It makes for an unhealthy developer community, and it makes for user base that cannot trust the developers.

  • Balancing Information and Monetization

    Balancing Information and Monetization

    One of the many ways in which newspapers are failing online is in monetization. We have very few options, when you get down to it.

    1. Ads
    2. Subscriptions
    3. Donations

    No company can really survive off donations, so the question really becomes how do we balance ads and subscriptions? Many newspapers have tried the simple tracking method of allowing people to read X number of articles before informing the reader they have to pay. Others throw up splash ads before the article is posted. And another one shows only some of the article before requiring registration.

    They’re all problematic.

    Users ignore the ads, they don’t register, and they walk away instead of reading. The issue for the user is that they want as few barriers as possible between themselves and the news. They want to pick an article, click the link, and read. To be inundated with ads and signup popups is annoying, and I suspect the attrition rate is abysmal.

    This only gets worse when ads get ‘clever’ and make it hard to find the X to click out and get away from them. They trick users into clicking the wrong thing, which only annoys them more. Plus ads can slow things down on mobile, which is increasingly the way for things to go.

    Recently I caught myself thinking that one way to encourage registrations in WordPress would be to have the post content ‘disappear’ after X days, unless the user was a member. Of course, that wouldn’t work for all sites, as not everyone wants to register on People.com. Also the old, archival news on The New York Times are things that really only the deep diving researchers (and weird net denizens) are after. Considering we can all go to the library and look everything old up on Microfiche, why do we have to pay for everything old?

    So what should be limited?

    How about we start with that cesspool of the internet: Comments. This is a double edged sword. If you allow open comments on a news site, consider requiring registration for them. This will allow you to more easily track and ban assholes. Sure, they can make new accounts, but in doing so you can follow them and block them. A win for everyone. Also you can track people who false-report bad people. Spam catchers will stop most bots from signing up at all.

    In addition, you can turn off comments for older posts to non-paying users. After 45 days, only paid up members can comment. And make sure you don’t offer refunds if the guidelines are violated. If haters are gonna hate, make ’em pay for it.

    Aaron Jorbin - Haters Gonna Hate
    Aaron Jorbin – Haters Gonna Hate (by Helen)

    As for what content to restrict, it has to be more granular than just time. Take an election year. All articles about Hillary Clinton and Donald Trump should be readable. But read-only. No comments on any of them. Be realistic. Someone famous dies? Unlock all their posts so everyone can read all about them. The Olympics should have historical, important, events unlocked, but at the same time you don’t need every little detail.

    This would be a tremendous amount of work, don’t get me wrong, but the days of assuming the internet is free money are long over. If we want people to pay us for content, we have to make it worthwhile.

  • The Need for Mobile Speed

    The Need for Mobile Speed

    I took the train from NYC to Montreal, which I will never do again. It was too long, too uncomfortable, and customs actually made the TSA preferable. But while you ponder that in your back brain, I want you to consider this as well. The internet on the train sucks.

    For the first time in years I was back on pre-smartphone speeds. And the problem with that is I was in a world that expected 3G or faster speeds. Here’s what would not load:

    • Twitter
    • Facebook
    • Tumblr
    • Most news webpages
    • Anything with video

    Here’s what I could do:

    • Text

    That was a pretty shitty smartphone experience. As I sat on the train, I wondered why it was so shitty. Didn’t we build everything to be mobile first? Wasn’t the point of the responsive systems to make it faster? Turns out we didn’t.

    One of the things we do well in the modern web is device detection. If I’m on a mobile device, everything’s cool and perfect and my sites will load for that device. There are PHP libraries like Mobile Detect and Detect Mobile Browsers], but what they’re really doing is device checks, not mobile. Knowing what kind of device someone’s on lets us customize a web experience to that device, and that’s all we tend to do. We put in the hours to check “Is this a mobile device?” but not where we should be.

    Of course, that’s really hard to do. Apps like SpeedTest and TestMy.net work alright, but when you’re traveling by rail, your speed is incredibly variable and confusing. One minute I’d have 4 bars, the next 1, and then I’d drop from LTE to 3G and worse. Oh, and don’t bother asking about the WiFi. It was a joke.

    Somewhat related, I travel a lot for work. I recently did a 12 day run to NYC and then Montreal, where I was in hotels most of the time. Hotel Wifi is a spotty thing. Either they charge you up to $40 a day for the privilege of their shiternet, or they give you free wifi that loads everything but images. Trying to work from hotels is a hit and miss proposition as well. I can connect, but as soon as I hop onto my VPN, everything drags.

    Then we have conferences. I’ve yet to go to a tech conf where we didn’t kill the Wifi, or nearly so. While that’s kind of our faults for leaving on our various automated updaters and DropBoxes and the like, there isn’t a ‘Conference Wifi’ mode on laptops to say “Hey, I’m on a bandwidth so don’t do the automated background things please and thank you.” This is, by the way, why my presentations are always on my local box as well as online. I assume the wifi will die.

    In all cases, as soon as the internet quality drops to slow, our experience online crumbles. We simply haven’t built most tools to work in a one-bar world. And much of this isn’t a solution we can easily grasp. Even the big guys, who have servers built for stress and speed, are slow in these situations. Because we assume too much. We assume minimum connectivity.

    The race for faster wireless service is on, but we should step back and look at the simplification of our sites. If we can make a low-speed version that is as fully featured, we should.

  • Blocking Together

    Blocking Together

    Out of GamerGate, the amazing Randi Harper created Block Together which allows you to block everyone associated with the nasty parts of the whole mess.

    To use it, it’s two steps.

    1. Sign up on Block Together
    2. Click on the link to @randi_ebooks’s list and press subscribe

    That’s it. Once you do that, you’ll automatically block the masses. But this goes far further than Gamer Gate. By making a blocklist of your own, you can manage the people who regularly harass, offend, or otherwise make your life on Twitter miserable.

    I’m a firm, devoted, supporter of freedom of speech. I also defend my right not to listen to someone I don’t want to hear. I don’t have to listen. Those blocklists can be incredibly useful to share with people, like your friends and people who face similar harassment, so you can protect yourself.

    Sharing your block list

    If you choose to share your block list with friends, Block Together will create an unlisted, unguessable URL to access your block list. You can share the URL by email or Direct Message if you want to keep it private among friends, or you can tweet the URL if you are okay sharing your block list publicly. You can always disable sharing from the Settings page. If you do so, the URL to access your blocks will be deleted forever. If you choose to share again in the future, you will create a new, different URL. If you choose to disable sharing, you need to separately remove any subscribers you no longer want, on the Subscriptions page.

    Many people find that they don’t want to share their block list because they find there are accounts on it they don’t remember blocking, or that aren’t particularly abusive. This is partly because Twitter, for a long time, did not offer Mute. So if you wanted to stop seeing a merely unfunny account that gets frequently retweeted, blocking used to be the only fix. Now Twitter offers Mute, so you can Mute those accounts instead. Block Together makes it easy to remove them from your shared block list with the ‘Unblock and Mute’ button on the My Blocks page.

    I don’t public share my list. I have shared it to a few people, but since I block rather than mute people, it’s very easy for people to take offense at me putting them on the list. To me, blocking someone means “I don’t chose to have conversations with you in this manner in Twitter.” There are companies of friends I’ve blocked because they follow me to Twitter after a conversation on the Plugin Repository team.

    Actually for me, most of my blocked people are either people who have violently responded to social activism tweets, people who tweet me thinking that’s a faster way to get their plugin approved/reviewed, people who are implicitly aggressive towards me without taking the time to learn the whole story, concern trolls, and passionate people who have gone overboard.

    Yes, I block people who ping me about their plugins. My Twitter account is not the right way to address those things. Neither is Facebook. People who cannot respect the fact that I’m not working 24/7 don’t deserve my attention. I block them, and all the begging in the world won’t change that. I block probably faster than most people would consider ‘fair’ but it’s my Twitter account, not theirs, and I have a way I wish to control access and information. I need a reason to block people, but I’m not required to explain that to everyone.

    But if I make that list public, people would probably use it as leverage to harass me more or treat me worse. They have in the past. It’s the double edged sword where I want to help my friends but I need to protect myself. For now, my list will be private to people whom I know well only, and who won’t take it as offensive.