Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: hosting

  • Entry Level Hosting

    Entry Level Hosting

    EarthLink-web-hostingI’m going to preface this entire post with a statement that may annoy my boss: I don’t care who you pick for a webhost, I care that you pick the right host for your needs. With that in mind, I won’t be naming hosts by name.

    But explaining what that means is complicated and weird, so let’s go through the ‘entry level’ hosts and what all this means for you, but also for your clients. After all, part of helping people get set up on a new webhost means actually helping them figure out what they need, and getting it installed

    What is an ‘Entry Level’ Host Anyway?

    The basic definition here is the smallest, cheapest, least robust hosting you can possibly get.

    In general, this is where we all start. We need inexpensive hosting because we don’t know how much the site we’re proposing to build is going to need. To be honest, I detest being asked to ‘spec’ something with regards to hosting. “How much do I need to run a community site for..” Couldn’t tell ya. In fact, really, no one can tell you. It’s like “How much gas do I need to drive from Chicago to Cleveland?” I did it on one tank in my car, but my cousin stops three times. It’s got to do with gas milage, engines, traffic, and weather (gas expands and contracts, etc etc).

    So starting out entry level for most of us is just fine. In fact, I recommend it. They can run as low as $4 a month, though I tend to point out “You get what you pay for.” Otto once said “Look here, if you’re paying less than $300 a year to run a website, then why bother? How serious are you about your website anyway?”

    Paying $50 a year for a website is the cost of about 12 lattes from an overpriced coffee house. It’s around five pounds of decent-to-good coffee beans. It’s just over one tank of gas for a larger car. If your website is your life, and not a hobby, this is too cheap. And yes, I work for a company who has low cost hosting. The hosting is not the only cost, though, so when I say “Spending $300 a year is reasonable.” I’m not just talking about the host. We’ll get to that in a second.

    What am I paying for?

    The basics. Space on a server with access to the internet. PHP, SQL, email, and some sort of ‘control panel.’ You’ll pay around $8-10 minimum for a host with cPanel or Plesk. Less if they made their own (or have a deal). You’ll also have limits, even if they say ‘Unlimited,’ and let’s talk about that for a moment.

    Unlimited does not mean there are no rules, so put your shirt back on. In general, unlimited means “We’re not going to give you all sorts of nit-picky rules about how many images you can have, or how much CPU you can use, because those things are nigh impossible for you to understand. Instead, we’re going to make sure you don’t do things that will crash the server, and if you do, we’ll tell you.” So while there are no ‘limits’ there is ‘monitoring.’

    Someone is going to say “Then there are limits!” and in a way, yes. But the trick is those limits change based on your neighbors. Allow me to explain with an analogy. When you’re in college, it’s okay to be noisy at weird hours at the frat house because the acceptable noise level is higher. When you’re living in an apartment in the city, though, suddenly you have neighbors who work the night shift, and you have to be quieter. Shared hosting, the cheap seats, are very much where you need to be quieter, respect your neighbor, and don’t do your laundry at 2am.

    In addition, you’re paying for server and service support. Email not working? PHP needs upgrading? Those are things your host can, and should, do for you. Got a weird question like “Is httpd.conf set up with AllowOverride All or AllowOverride Options All?” A good host will have the answer! They’ll help you get to your error logs and maybe, maaaybe, if they’re not super busy, help you read them.

    What am I not paying for?

    Rock-solid Backups. Dear holy monkey socks, please make your own backups. I cannot stress this enough. Look, here’s the deal. No one cares about your data more than you do. Okay? So when you find out that some plugin you’re using doesn’t sanitize data, and Bobby Tables signs up for your site, you don’t feel like this schoolboard:

    Exploits of a Mom

    Why? Because if you have a backup taken every day, you can restore and only lose a little data! Then you can perhaps convince Mrs. Roberts to be so nice as to help you figure out what went wrong. But regardless, your data, the important stuff, is safe.

    Also, you’re not paying your host’s support people for consultant level work, you’re paying them to keep your webserver up and running. That means if PHP, SQL, email and the like are working? Hey, your website sucking is actually not their problem. Now, most hosts are nice and will bail you out a little, but they won’t be coding your site, and surprisingly to many, if WordPress gets hacked, they won’t reinstall for you. There’s a line here. If your server is hacked, most hosts will fix it. If your webapp is hacked, often they will not. So some of your $300 a year may end up going to someone like Sucuri for a bail out ($89.99 a year? It’s worth it).

    soluzioni-web-hostingFinally you’re not paying them to have an opinion. This is weird to say, but I get a lot of emails at work asking me for my opinion on their site. “Does this look okay?” You know … I don’t know, and to a degree, I don’t care. You really don’t want my opinion on your penis appreciation website (not a joke), and that’s okay. You’re also not paying the host to make your design prettier. Again, not consultants.

    But .. How do I know this is all right for me?

    Entry level is barebones stuff. And that’s not bad, it’s just what it is. Be prepared for it, and one day you’ll outgrow it… but that’s another post. Entry level is right for you if you’re new, if you want to get started and play around, if you want to learn. It’s great for beginners, and unless you get that nastygram from your host telling you that you crashed the server (which yes, I have had happen to me), you’re fine on it for a long time!

    Should you run your company’s entire business off shared hosting? No. This is the basics, and expect to run the basics on it, and little more.

  • DoS/DDoS and You

    DoS/DDoS and You

    Attack! Attack!To a lot of people, you say ‘DoS’ and they think MS DOS, that old command line tool we used to control Windows.

    DoS stands for denial-of-service attack and DDoS is distributed denial-of-service attack. It’s a fancy way of saying ‘Someone’s hitting my server with a hammer so hard, it can’t get up.’ Sometimes you can cause an accidental DoS, like by embedding an image from your server into a public Google Spreadsheet.(Which would have happened to poor Panos when he self-attacked.) And sometimes other people will do it to you by hotlinking your images.(Which is why we block that, children.) Even the scanning people have done for TimThumb can look like an attack.

    Some people like to say that this sort of attack is new, that the Internet used to be good and kind and safe. In the 90s, I remember clearly accidental DoS attacks happening when a site was so popular, having over 500 people log into it at once would crash it. And once it was learned that this happened on accident, it was used as a weapon. Even before then, you could demon dial a number over and over again, until it crashed. I probably just showed my age, but the point is we could always take down a site via overwhelming it, it’s just easier to do it now and not get caught. Picture a thousand people all coming and knocking at your door, or ringing your doorbell, over and over and over.

    So now that you have a general idea of what a denial of service attack is, what can you do about it? If you’re on shared hosting, not a whole lot. The vast majority of ‘good’ fixes for this sort of thing has to take place on a server level. It’s sort of like trying to prevent your house from flooding when a water main bursts. You can put up sand bags, but until the city turns off the water, or diverts the flow, you’re probably going to lose.

    A lot of people suggest blocking by IP address, or using a tool like Bad Behavior to stop the trouble making bots. The problem with this is the troublemakers are still ringing the doorbell. Not as many, perhaps, but quite a lot. I’ve said this many times. IP blocking is a bad idea. Yes, blocking by IP address can work, it’s amazingly powerful, and it’s easily circumvented. The TOR Project is consistently lowering the bar for people to get a new IP even faster than the old days, when I could just re-dial my modem. This is a great thing for groups like Anonymous, and annoying for anyone who has to fight the hidden masses. While I fully support your freedoms, I also retain the right to defend mine, and sometimes that means I have to dig in and sort out how to handle the crazy.

    The first thing you can do on Shared Hosting is protect yourself against hotlinking. I don’t know how many times I’ll have to say it for the world to pay attention, but linking directly to images on someone else’s website, unless they specifically say it’s okay, is bad. I firmly feel hotlinking is theft of services (bandwidth) as well. Please don’t do it. Every half-baked host in the world now supports mod_rewrite, so grab Perishable Press’ ultimate anti-hotlinking strategy and protect yourself.

    Mr. ProtectionAnother useful tool is applying the http:bl (HTTP Blacklist) to your server. That sounds like a lot of work, but the payoff is surprisingly awesome. You see, catching more flies with honey is easy when Project Honey Pot tracks all the naughty people. Naturally there are a few WP plugins for that. In addition, if you just need to punt people who are trying to hack you, I would use the 5G Blacklist 2012 by Perishable Press. Combine that with Bad Behavior and most script kiddies are turned away without you having to fuss.

    That may seem a little contradictory, since I don’t advocate blocking IPs. There’s a subtle difference between you running around blocking every IP for every jerk, and using a well supported tool to do so. When you get around to blocking IP ranges, you shouldn’t be trying to block individual people, but the robots.

    If you get hit anyway, the thing to do is contact your webhost and start a dialogue. They’ll be as helpful as they can, and if not, may I suggest Liquidweb as an alternative? I pay more because I get great service. A good host will take a look at what’s going on and tweak their servers to help carry the load. A good host will help you tweak what you can. Of course, their DOS service runs about $500 a month and I don’t know about you, but I can’t afford that. The little guy has to survive too. Thankfully the other reason I support Liquidweb is that I, as the little guy, get fantastic support. The point is you need to have a good rapport with your host. It’s like they’re your landlord. Respect them, and they come fix your dishwasher ASAP.

    Sadly, at the end of it all, the only thing to do about a DOS attack when you’re on shared hosting is to wait it out. Shared hosting is great for what it is, but if that kind of downtime is cutting into your bottom line, you need to consider moving up to the next level. Remember, if this is something that earns you your living, treat it well! It’s like your car. If you make your living driving, you put money into preventative maintenance, and a VPS (or dedicated server) is very much the same. You can only get out of it what you put into it, so put the effort in to make it secure, or hire someone to do if for you. There’s no shame in hiring a mechanic, after all.

  • Speed Up Your Site

    Speed Up Your Site

    FasterThe majority of what I do to speed up my website is on the server level. In 2009 I moved to a VPS, and just last year I switched to a Smart Server. I have access to install APC, to tune MaxClients, and to upgrade my PHP whenever I darn well want to. And I regularly use these tools to fine tune my server so it’s lean, fast, and efficient. 75% of why my domains run this fast under this much stress (I have two fan sites, they get hammered), is that I’ve done all this work, including some of the stuff I did on DDOS prevention.(My CT_LIMIT is set to 75 right now, and that seems to be the perfect balance. The only people hurt are some silly people in Brazil who like to open 100 pictures all at once. I’ve explained why this is bad.)

    However, not all of you have access to the server to make all those cool tweaks and changes to speed up your website. If you’re on shared hosting (and there’s nothing wrong with that), you can’t edit httpd.conf, you can’t always edit php.ini, and you sure can’t upgrade PHP on your own. Don’t worry, there are still things that you can do!

    The first thing you should do is understand that the more complicated your site is, the slower it’s going to be. So if you want a site with all those bells and whistles, you have a lot more work to do than a simple, plain, site. These are the tradeoffs we must accept in all things.(The exception being, perhaps, cookware. I have some awesome Lodge cast-iron pots and pans, and they’re pretty expensive for their simplicity. Then again, they’re made with such amazing skill and precision, they’re not ‘simple’ to make. So YMMV.) Reduce the complications and things run faster. You have to have a balance between ‘everything’ and usability. If your site is sexy as all get out, but slower than a truculent five year-old on a family walk, then you’re doing it wrong. That doesn’t mean you need to have the world’s most boring site, it just means you have to start learning what it is that makes your site slow. When you look at themes and plugins for a site, remember the more you have, the slower things may become, so use them wisely.

    My favorite tools to show why a site is slow are YSlow and PageSpeed. YSlow is a browser add-on you can use with Chrome, Firefox, and every other commonly used browser. Except for IE. Once installed, you simply go to the webpage and run the tool to get a scan of your site. You get ‘graded’ on an A through F scale, with F being the worst, and the grades are computed based on a fairly understandable methodology.(See FAQ: Grading) Page Speed is Google’s version, and I prefer it, but only because I don’t have to install anything to do it, and it gives really good explanations of what’s wrong. There’s also Web Page Test, which is great to find out if your site flails on different browsers, as well as giving you accurate speed breakdowns.

    Here are three of my sites, all installed on this server, scanned by YSlow:

    And here are the same three as SiteSpeed:

    I’m not going to go through every option, most of them are self explanatory (put the CSS at the top and JS at the bottom). Instead, I’ll explain the weirder ones that you can tweak yourself, and some that you can ignore. If you’re using a tool like W3 Total Cache, you actually can configure most of this directly in the tool instead. For what it’s worth, I did ‘fix’ my scores with both sites and I’m now in the 90s from Page Speed and .. Well not so much with YSlow. The two disagree on how much ‘weight’ to give various errors. Page Speed thinks minification is low priority, and doesn’t judge you about a CDN. It also understands that you can’t gzip what you don’t own. If you use YSlow, make note of what you score poorly in, and fix those as best you can.

    Things I Ignore

    When I get complaints of too many HTTP requests, that just means I’m calling ‘too many’ JS scripts and stylesheets. YSlow doesn’t say which ones those are, which isn’t actually helpful to the novice. If you click on ‘Read More’ it just explains why this is bad. The idea here is that you should have one CSS file, but realistically, any dynamically generated site is going to have more that one. Especially when you consider I’m calling some from Google, Facebook and Twitter for my sharing buttons. While this does slow your site down, unless you have 20 stylesheets on your own site (again, I’m not counting the ones on other domains), it’s not that big of an issue. If you minimize what you have, and combine as much as you can, you’re going to be okay.

    I also totally ignore any scores related to my CDN, or rather the fact that I’m not using one. Yes, a CDN will make your site much faster, but I don’t think this is applicable for everyone, and I generally ignore that value.

    Finally I ignore suggestions to use cookie-free domains, but that’s because I’m running WordPress, and it needs cookies.

    Things I Fix in .htaccess

    You can fix most expires headers errors, but only the ones that relate to your site. When I look at a scan for one of my domains, I see that the items my site loads that don’t have Expires headers are a flash module from PayPal, Google’s +1 javascript, a banner, and two gravatars. Those are all items that, yes, can slow my site down, but they’re outside my ability to fix! And in the case of gravatars, I don’t want them to Expire too soon, since they may change. I’m going to, again, ignore this.
    YSlow - Add Expires headers (F)

    Why wasn’t my server listed? It’s because I added Expires headers to my site. Obviously. The easiest way to do this for your site is to put the following in your .htaccess file(If you’re using WordPress, Drupal, or any web app that has it’s own .htaccess rules, remember to put these above the section for them! It’s important.):

    <ifmodule mod_expires.c>
      <filesmatch "\.(jpe?g|gif|png|css|js)$">
           ExpiresActive on
           ExpiresDefault "access plus 1 year"
       </filesmatch>
    </ifmodule>
    

    What this will do is turn on Expires and set to to today plus one year. Now this isn’t actually the best way to do it, as it leaves out a lot of variables, but for most people, it’s good. Keep in mind, the further you set out this expires, the harder it is to change any files! For example, if I upload a PNG with a 1 year expiration, and then upload a new version, no one will see it (unless they flush their browser cache). Don’t set this further than a year, and only set it for things you know aren’t changing often.(You’ll notice WordPress sourcecode has your JS and CSS files saved with ?ver=x.x at the end. This lets you work around the expires, as when you change your CSS, it changes the version, and thus, pushes the changes down to your users.)

    Cache-Control is the half-sibling of Expires, and lets you specify what files should be cached and for how long. The Ask Apache site has some great examples, as this is what I generally use:

    # 480 weeks
    <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header set Cache-Control "max-age=290304000, public"
    </filesMatch>
     
    # 2 DAYS
    <filesMatch "\.(xml|txt)$">
    Header set Cache-Control "max-age=172800, public, must-revalidate"
    </filesMatch>
     
    # 2 HOURS
    <filesMatch "\.(html|htm)$">
    Header set Cache-Control "max-age=7200, must-revalidate"
    </filesMatch>
    

    The ‘must-revalidate’ tag is what makes sure your webpages changes actually get picked up quickly. Nothing’s worse than editing a typo, and not having it fixed for your readers!

    Related to that is ETags, which is a bit weird, but this too is something you can tweak. If you disable ETags, everyone has to trust your cache and that gives you a lot of control. It sounds easy, but there’s a reason we should be using ETags for some situations. My sites are using a pretty complex rule that was set by W3TC for me. It sets my Cache Control and ETag, generating the rules I need. If you just want the basics, though, AskApache’s Speed Tips: Turn Off ETags will get you there. For what it’s worth, a small site doesn’t need to worry about this too much.

    If you want to grab my default .htaccess starter, here you go!

    download TXT file

    Things I Fix via CPanel

    You can also speed up your site by enabling gzip. I’d say I left it off on purpose to show you the error, but the fact is I forgot to turn it on when I moved to a new server. If you have cPanel, this is stupid easy. Log in, go to ‘Optomize Website’ and turn it on.

    gzip

    Doing improved a lot of results on my site, though it didn’t want to consider three of my .js files gzipped for some reason, though it did on other domains on the same server when I changed it. I’m not terribly concerned at this point, since I used the HTTP Compression Test (from What’s My IP?) and it says I’m compressed.

    Things I Fix with Elbow Grease (or Plugins)

    Minification. If you view the source of this site, it’s ugly. Everything’s all crammed up without line breaks, and finding anything is a hassle. That’s because I minified my content. If you don’t have a plugin or add-on for your site that can do that for you, you’ll need to do this manually, via Minify CSS and Minify JS. It’s more of a hassle to do that manually, since it’s hard for you to edit later. After-the-fact compression can slow your site a little, but it’s easier to maintain and still faster than non-minified code. Now I use W3TC, which has a minification tool built in, but there are other WordPress plugins that do the same thing.

    The Rest

    There are a lot more tips and tricks to getting your site running faster. I mention W3 Total Cache (W3TC) multiple times because it works great. There’s also WP Super Cache, which I prefer for smaller hosts and shared servers. W3TC is very, very, very complicated, so be warned. WP Super Cache isn’t a ‘lesser’ tool, it’s just different, and I advocate using either one if your site is moderate to large.

    If your site is small, you really can get by with just minifying. There are a lot of minification plugins out there. Images can be reduced in size by compressing them more via Smush.it (there’s a plugin called WP Smushit for WordPress). Many people have also suggested using a Lazy Load plugin, like jQuery Image Lazy Loading, which loads images on demand. I like it, but it slows my site down, and doesn’t work well at all on ones with a lot of dynamic images. I may be using it wrong.

    Anyone can take advantage of a free CDN, Cloudflare has a free plan.(Caveat: I don’t use CDN, nor have I looked at Cloudflare in depth.) They claim to protect you as well as speed things up, and I’ve heard interesting (good) reports on it.

    Many people advocate using plugins to tune your database, but I really don’t like using a plugin for that. You can optimize your database with a cron job instead, or even just do it manually now and again, if you think your site is sluggish. For WordPress I limit my revisions and empty my trash more often with two lines in my wp-config.php:

    define('WP_POST_REVISIONS', 5);
    define('EMPTY_TRASH_DAYS', 5 );
    

    When all else fails and nothing you can do speeds up your site, take a look at your server. If the server itself is really slow, all the time, and I mean you can hardly get your email, ask your host if you can be put on another cluster. A lot of shared hosts are oversold, since not everyone needs all the space and power. It makes sense, but some hosts monitor the status of these servers and move people around if they become bad neighbors, while others wait for you to notice. Opening up a line of communication with your host is always a good thing. Remember, you’re paying these guys! They should be willing to help you out, or you should leave and get a new host.

    At a certain point, you’ll notice that the only ‘fixes’ are to throw more money at it, buying a better host, better themes, better tools, and so on. And that’s simply a fact of life. You can’t live forever on ramen and hot dogs.

  • WHOIS Tells All

    WHOIS Tells All

    WHOIS?This most often comes up when someone is suffering content theft. Invariably, someone will see their hard written prose on some scammy person’s site, and want it taken down. This is, sadly, harder to do than we’d like. Basically you have to find the site owner, contact them, ask them to take the stuff down, hope they do it, and when they don’t, go up to their webhost. I’m not going to get into the copyright issue, and just assume you know not to attack someone over links to your site (not illegal), rss feeds pulling excerpts from your site (ditto), or quotes (really?). If you don’t know what is and isn’t copyright/content theft, then you’re not ready for this yet.

    Assuming you are, how do we do find out who owns a site?

    First, remember that when you see “Powered by WordPress” in a footer of a site, it is not, in fact, hosted by WordPress. This site says “Powered by WordPress” but it’s hosted by Liquidweb. Now if you see “Blog at WordPress.com”, then yes, it’s hosted by WordPress, and you can easily report the site. The same is true of Blogger, who also has a way to report copyright theft. Many of these ‘hive’ hosts do that.

    LiquidWeb doesn’t, though. So, pretending for a moment that I’m a dirty thief, how do you find out who I am, my email, and get your content removed? And when I don’t answer, where do you go next?

    Start With WHOIS

    Your first tool is called ‘WHOIS’ and does exactly what it sounds like. It tells you ‘who is that.’ Network Solutions has a free whois lookup tool and if you were to search for Halfelf.org you’d get the following:

    Registrant ID:bf39ab1b08df1394
    Registrant Name:WhoisGuard Protected
    Registrant Organization:WhoisGuard
    Registrant Street1:11400 W. Olympic Blvd. Suite 200
    Registrant City:Los Angeles
    Registrant State/Province:CA
    Registrant Postal Code:90064
    Registrant Country:US
    Registrant Phone:+1.6613102107
    Registrant FAX:+1.6613102107
    Registrant Email:28a9f8aa493149b1a58ff9b4c51e0bcd.protect@whoisguard.com
    

    It goes on and on, but you may notice none of that is actually … me. That’s because I pay a wee bit extra a year for my host to hide my personal information via whoisguard. I do it becuase I had some idiot track me down to call me about how I wasn’t updating my website enough (a different site), and I now have a restraining order against him.(This is a true story, and yes, he called my house. I no longer have that number for a reason, and frankly if you even think about doing that to someone, get a grip! It’s harassment. For the full story, buy me a drink.) Now that said, the last line I listed is Registrant Email and that email actually works! It’s a real email that will forward messages to me.

    So step one with these things is email that address and hope the person answers. But when a week goes by with no reply, what next? Sadly, some people never check those emails, or they think you are spam, and ignore it. Thankfully, WHOIS will still save you! Scroll down to the name server entries!

    Your nameservers are what translate your domain to the server IP address, and, as a rule, they have to point to where your server really lives. Generally speaking, a nameserver will give away either the registrar (i.e. who you registered your domain with) or the webhost (who you host with).

    Mine are:

    Name Server:NS1.IPSTENU.ORG
    Name Server:NS2.IPSTENU.ORG
    

    Doesn’t really help, does it? I mean, that just says ‘ipstenu hosts ipstenu!’ Here’s what I used to have:

    Name Server:NS1.LIQUIDWEB.COM
    Name Server:NS2.LIQUIDWEB.COM

    That would have been much more explanatory. Thankfully you can use Who Is Hosting This? and run a search for any domain (like http://www.whoishostingthis.com/halfelf.org), even if they have their own name server, and you get this:

    Well thank goodness we have some information! Look up LiquidWeb, and you can contact them. “Hey, this evil Half Elf is stealing my stuff!”

    I prefer Who Is Hosting This to ‘Who Hosts’ becuase if you look me up on the latter, you get this:

    Not useful (though accurate). If you keep getting nested domains, you have to keep digging until you find the end of the rabbit hole.

    Really the best thing is always going to be whois, and once you get used to looking at it, it’s really not that scary. At the same time, I strongly suggest people invest in Whois Guard, or some other ‘protection’ to stop annoying people from getting their personal information. You don’t need the hassle of being listed in a phonebook.

  • GPL Freedoms – Yep, Porn’s Good!

    Did you know you can use WordPress for a porn site?

    Did you know you can use Drupal to show autopsy pictures?

    The freedoms of GPL don’t just extend to the software itself, but to how you use it. See, most of the time when we talk about GPL freedom, we’re talking about how you’re free to take the code and turn it into a monkey if you want to. But lately, there’s been an effort to remind people that part of GPL also means we don’t restrict your usage either.

    WordPress has a link to ‘Freedoms’ at the footer of all admin pages, and that duplicates the Bill of Rights found at WordPress’s Philosophy:

    WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, consider this as the WordPress “bill of rights”:

    • The freedom to run the program, for any purpose.
    • The freedom to study how the program works, and change it to make it do what you wish.
    • The freedom to redistribute.
    • The freedom to distribute copies of your modified versions to others.

    Drupal doesn’t spell it out as clearly, but given that they have fetchgals, which can pull in thumbnails of porno pics (if I read that right), I feel confident to say that Drupal doesn’t care what you use Drupal for. Joolma! puts a lot of stock in people using their product for their communities and nowhere did I find note of a limitation of what you cannot do.

    The point is valid, however. You can use WordPress, Drupal, Joomla! and pretty much any GPL software for whatever purpose you want, moral or immoral, legal or illegal. This is interesting when you compare it to most EULAs, like Microsoft Office:

    7. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the features included in the software edition you licensed. Microsoft reserve reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
    […]
    • use the software in any way that is against the law;

    GPL doesn’t tell you that you can’t use it in a way that’s illegal, and perhaps Microsoft only does to escape a potential lawsuit for someone saying “Aha! You used Office to draft your Mainifesto!” We live in over litigious times. Open Source, by telling us ‘Do what you want, it’s not our beef.’ removes themselves from those issues cleanly and without ass hattery.

    One of the tenets of American Law is our freedom to speak our mind. Part of being an American Citizen is that you have the right to defend your beliefs, no matter how much I oppose them, and so long as no one breaks the law, that’s fine. I can ask you to leave my house if you do it on my private property, and you can ask me to leave yours. But if we meet on the street I cannot have you arrested for that. I will defend your freedoms just as you must defend mine, regardless of any agreement or lack there of.

    This applies to Open Source because I have the right to use WordPress, Drupal or Joomla! in ways you may find distasteful. As long as I’m not violating the agreement of my ISP, the laws of where my server is located, and the laws of my nation, I’m allowed to call you names, insult your heritage, and show nudie pics of pretty girls. On the other hand, I cannot publish your personal information (it’s a violation of invasion of privacy) and I cannot post naked pictures of you without your consent. Actually, my webhost won’t permit and naked pictures at all, so there’s that.

    So when you see a site run by WordPress, Drupal or Joomla! that’s doing something you hate, there’s very little you can do about it. Report it to their webhost if you think it’s breaking the law, but otherwise celebrate people in their freedom.

  • Basic Troubleshooting Is Still a Must-Have Skill

    Basic Troubleshooting Is Still a Must-Have Skill

    How low is too low?

    I wish I could say that lately I’ve noticed people asking ‘dumber’ questions on support forums, and while I do firmly believe the world’s IQ drops significantly between Thanksgiving and New Years, that’s not the problem here. People aren’t getting dumber. The problem is that the better people get at making software, the lower the technical requirement becomes.

    Look at email. Back when it was elm or pine, you had to really know what you were doing to get in and send mails. Then we got a couple GUIs, and you could keep all your emails on a floppy disk (which we all had a million of, thanks to AOL), carrying them around from computer to computer, Mac or PC. Everything to do with computers has this curve: First only the hard core programmers can do anything. Then the tech-savvy users, who are usually friends of programmers, get in on it. Then the smart kids who play with stuff. Then their family. Then everyone. Then your grandmother.

    By the time your grandmother gets around to things, it’s easy to use, easy to understand and friendly. This is, inherently, a good thing! To make the transition from geek toy to something usable that will change the world, you must make the entry barrier low enough for anyone with a reasonable amount of brain-power to use it. Twitter’s a great example of this. It’s easy to sign up, easy to use, easy to understand. Like anything else, you can get overwhelmed by the data influx, but that’s true of all technology. The telephone, for example, suddenly brought in the ability to have your dinner interrupted. It brought change where everyone has a phone. Of course, now we all have cell phones, but the idea remains the same.

    So when I look at support forums and people are having trouble installing software on servers via FTP, I put my head in my hands. Sometimes this stuff is supposed to be hard. We can all use phones, but we can’t all fix phones or even build them. And that’s okay! We all have skills. Twitter would probably be something hellish to install on your own website, but to utilize their site? Not so bad! And again, that’s okay.

    If you want to host your own website, you’re going to have accept this fact: You will need to be a smart, technical savvy, person.

    There. I said it. Yes, you can totally be too uneducated to run a website. Here, I’ll go all the way! You CAN be too dumb for WordPress!

    But let me stress this one more time: IT’S TOTALLY OKAY TO BE TOO STUPID TO RUN YOUR OWN WEBSITE!

    See, people get hung up on this. They forget that there’s a huge difference between running a website and posting news to your site. The line between a webmaster and a blogger is blurry for a reason, and that’s what’s causing all these headaches. Back in the day, if you wanted to run your own site, you had to be a webmaster. Now? Not so much.

    A webmaster is generally someone who thinks ‘Oh, sure, FTP, SSH, and SQL, no problem.’ They may prefer something like phpMyAdmin versus command like mySQL calls, but the most important thing is that they’re comfortable troubleshooting. A webmaster is the person who looks at an error, immediately looks it up (if they don’t know it off the top of their head), goes to forums, skims posts, reads what others have tried, and is willing and able to try things like a reverse DNS check. A webmaster makes backups so, at worst, they’ve only lost a day of work.

    A blogger is a writer. A creator. Someone who can make content. A blogger looks at a sunset and creates a haiku. A blogger takes a photo of a naked man on a bicycle. A blogger tells you the drama of returning an unwanted present, or about how her son wants to wear a dress on Halloween.

    And still, every day, I see people who don’t understand .htaccess asking for help with errors on their websites. I see people who complain they can’t auto-update their site from the inside, because FTP is too hard. I see people complain the magic 5-minute WordPress install is too hard. And I think that, perhaps, we’ve lowered the bar too much. If we’re at the point where the non-technical people are complaining it’s too hard to do something that is, by it’s nature, a technical thing, then we have a problem.

    This problem is compounded by webhosts who, in order to make money, want to make it ‘easier’ for you to run a blog, so they have auto-installers. They lower the bar. Then we have web-apps (like WordPress) which let you install, from within the app, plugins and themes. This means that someone could create a site just like this one, without ever touching FTP or SSH. That also means when things go wrong, and they will, you’ve got someone stranded, crying that this ‘easy’ application sucks, you’re terrible, and whyyyyy meeeeee!

    Every single person who’s ever worked support just started nodding their head and reaching for a drink.

    So here’s the deal. Yes, you can become smart enough to run your own website, but before you jump into it, think about how long it took you to get comfortable with your computer. How long was it before you could email, link videos, and save MP3s? Do you know how to make folders in your email app? Do you know that emailing 200megs to someone will piss them off? Did you need a book, or someone to sit by you and teach you all this? Are you comfortable googling errors and applying fixes? More to the point, are you willing to get your hands dirty and make mistakes?

    If you want to run a website community, you may need to break down and hire someone to do the heavy tech lifting for you. Just like you would want to hire someone to create cool art, or decorate your house. Sometimes you just need to grab an expert. Remember you can’t get something for nothing. Either invest the time and money in learning, or in someone who already knows it all and can support it for you.

    Apropos of all of this, Google has a new site called Teach Parents Tech. Lowering the bar. Again.