Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: mailbag

  • Mailbag: Being Rejected Is Good

    Mailbag: Being Rejected Is Good

    Do you talk at every WordCamp you go to?

    Nope.

    You probably wanted a longer answer. I suspect the real question is “If you apply to speak at a WordCamp, are you always accepted?”

    Nope.

    Looking at the numbers, I speak at just over half the WordCamps I attend. I apply to about 75% of them (yes, sometimes I intentionally do not apply, it’s nice to just go to a camp). I’ve been specifically asked to apply to a couple, and I’ve been requested to speak (no application) at two I think (one I did not manage to attend, sorry).

    But I’ve applied to multiple WordCamps and not been selected to speak, like WordCamp San Francisco 2014.

    It doesn’t bother me much.

    Oh, it bothers me some, since I don’t often get to find out why. Sometimes I do. I like when I do. But looking at WCSF 2014, I assumed I was a long shot. I’d spoken at the last two, there were a high number of applicants, and lets be honest, we should get some new faces in there. I also don’t think I submitted the best application, but it was rather obligatory that I do submit, so I did.

    Still, it’s good to get that rejection email, especially when they do tell me things like “We already had X number of speakers apply about Foo, and you’re not local.” I love hearing that one. Yes, pick local! The generic rejections, like from WCSF (I swear I’m not picking on it) makes sense when you consider the mountains of submissions. Same with WordCamp NYC. I submitted twice, once something I picked and once was something they posted as ‘Talks we’d like.’

    That’s my magic sauce for speaking, by the way. I ask what kind of talks they’re looking for, or what the theme of the WordCamp is. A WordCamp based on security should have a security themed talk. A WordCamp with a high number of bloggers and community runners probably would benefit from a talk about dealing with the community. Not everyone has a wide range of topics they can talk about, of course, but it’s still good to broaden your own horizons and talk about what both makes you comfortable and what doesn’t.

    The rejections I learn from. I try to ask what about it wasn’t right. What did people want and not get, what did they not want. This works well with my job, because I’m supposed to be keeping in tune with how people are using WordPress, and being rejected means I learn where I’m wrong.

    Does it hurt? Of course. ‘Losing’ in any sense of the word is painful and uncomfortable, and all the time I tell you that you can learn from it doesn’t make that feel any better. But what will make you feel better is next time. Because if you do learn from it and become better at what you do, then you will speak at an event, or stand up and do a thing, or simply succeed, in whatever way you mean for that to be. And not much feels better than that.

    My father told me once that you lose more than you win, and losing hurt worse than winning felt good. He’s right. And that hasn’t changed in my life one bit. What has changed is that I appreciate the winning a whole heck of a lot more, because I’ve lost.

  • Mailbag: Wrong Robots

    Mailbag: Wrong Robots

    I got an odd email from ‘Yan’ who, amidst the odd hate and sexist filled remarks that apparently I don’t like people in the WP community, had a legit question:

    Seen your post:

    But… Your actual robots.txt does not reflect the content of the article. Hmmm…

    Well. That was almost 2 years ago. And it never reflected the content of this site. I don’t care if this site has it’s images snagged. I have anti-hotlinking protection in my .htaccess anyway. It’s my other site, my massively major huge gallery with 10G of photos that I protect.

    That brings up a point that many people miss about this site. I’m not always talking about what I do here. For example, I talked about making a slide-up bit of code that duplicates WordPress.com’s follow tab. That email setup isn’t here and it never will be. I’m not particularly worried about my followers’ ability to find the sidebar email registration box there. This is a site for slightly more technical people.

    However, the site that code is on is a site visited by luddites, primarily. They want their news about their thing in a way that is simple, straightforward, and easy. They need a reminder. Also they share links on social media a lot, so making a slide-up that auto-pops when you come from Facebook or Tumblr or Twitter was the right choice to make sure people knew what was going on and how to sign up. It’s had amazing results.

    There are lessons I learn from running multiple sites and I bring them all back here to people who would appreciate them.

    Now if people wonder, yes I do think that Google’s still evil for how they hotlink images. Of course, I’d think them equally evil for copying my images. Image search is just a really messy thing. The two options you get for it is that either Google has a copy of all the images on the planet or they hotlink. Even assuming they’re clever enough to protect themselves from duplicate images using some sort of super powerful algorithm, you get those options and each has a problem. If you’ve copied everything, you have to have a file server the likes of which would make the pyramids look teeny tiny, and in both cases you need a database with enough speed to stop us all from running Google Pagespeed tests on Google.

    Am I the only one who does that? Oh. Sorry.

    We’re talking about Google being evil and robots.txt files. The site that I do block Google Images on has a very large robots:

    User-Agent: *
# My stuff
Disallow: /cgi_bin/

# WordPress
Disallow: /trackback/
Disallow: /blog/
Disallow: /wp/
Disallow: /wordpress/wp-admin/
Disallow: /wordpress/wp-includes/
Disallow: /wordpress/xmlrpc.php
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /xmlrpc.php
Disallow: /wp-

# Gallery
Disallow: /gallery/albums/
Disallow: /gallery/themes/
Disallow: /gallery/zp-core/
Disallow: /gallery/zp-data/
Disallow: /gallery/page/search/
Disallow: /gallery/uploaded/
Disallow: /gallery/rss.php
Disallow: /gallery/rss-comments.php
Disallow: /gallery/README.html
Disallow: /gallery/rss-news-comments.php
Disallow: /gallery/rss-news.php

# Wiki
Disallow: /wiki/images/
Disallow: /wiki/bin/
Disallow: /wiki/cache/
Disallow: /wiki/config/
Disallow: /wiki/docs/
Disallow: /wiki/extensions/
Disallow: /wiki/languages/
Disallow: /wiki/maintenance/
Disallow: /wiki/math/
Disallow: /wiki/public/
Disallow: /wiki/serialized/
Disallow: /wiki/tests/
Disallow: /wiki/skins/
Disallow: /wiki/t/
Disallow: /wiki/index.php

User-agent: Mediapartners-Google
Allow: /

User-agent: Adsbot-Google
Allow: /

User-agent: Googlebot-Image
Disallow: /

User-agent: Googlebot-Mobile
Allow: /

User-agent: Browsershots
Allow: /

User-agent: Dotbot
Allow: /

    So yes, actually, I am still using that code. There you are.

  • Mailbag: Tools To Keep Consistent

    Mailbag: Tools To Keep Consistent

    Meg from Ohio (go Ohio!) asks the following:

    You blog three times a week about tech. How do you keep doing that?

    I schedule posts.

    Chris Lema doesn’t, bless him. I started with about 10 posts I had in mind, sat down one day and made myself a buffer, and thought that it would be better to space them out to every other day. It actually started as twice a week, but then I bumped it to M-W-F, and since I’m kind of wordy, I’ve been able to keep up with it. Sometimes I write a post because I solved a problem, which happens pretty much every day, and sometimes I toss out a remark on twitter that people want to hear more about.

    Much of it comes from listening and reading a lot. But I don’t just schedule posts. I use the plugin Editorial Calendar to keep tabs on what my schedule is, when things are being posts, and at what time, because I actually really hate the posts lists.

    Here’s your default posts list:

    The default WP Admin Posts List

    It’s pretty bare bones and functional, but one of the things that’s always bothered me about the whole post list is how useless it is. Don’t get me wrong, it’s a list of posts, and it does that really well. But with the moving target that is what we use WordPress for, it’s become rather frustratingly bare bones for me and it really does impact my ability to get work done when I have to bounce back and forth between multiple screens just to see what the status is, verify I updated everything, and by the way, where are all my posts.

    So, in the grand WordPress Tradition, I enhance it with plugins.

    Admin Featured Image shows the featured image in the posts list, which is really good for one site to make sure I did too set an image and what it is.

    Posts lists with my featured image displayed

    UI Labs I’ve actually forked. I need to remember to ping John about this, because I took his (great) plugin and modernized it. If you’re interested, that code is up on my github UI-Labs repo. It’s slowly being improved to make things a little easier for me and to work on WP 4.0 and up.

    Editorial Calendar, as mentioned before, gives me a great view for what’s scheduled and when:

    A view from Editorial Calendar

    The drag and drop interface lets me reschedule on a whim.

    Speaking of… Schedule Posts Calendar fills a void that has pissed me off for years. Just look at the comparison:

    Schedule Posts by Date in a pretty way

    First, there’s the calendar by the month, then there’s the date, and finally the epic button ‘today’ to let me fast fix posts messed up by the WP iOS app.

    So how do I keep posting so often? You ask questions, I answer them, and I have some tools to make it simpler for me.

  • Mailbag: Have You Ever Split a Multisite?

    Mailbag: Have You Ever Split a Multisite?

    That was the question.

    Have you ever split a multisite? If so, how?

    I wrote about Breaking Up Multisite before, but this was more specific.

    Yes. And it’s a funny story.

    I should preface the story with the reminder that in general when someone asks me how to do it, I casually mention that they can’t pay me enough to do it. This turned out to be inaccurate, as I was paid to do it. One of my first tasks at DreamHost was to take three separate sites and turn it into a two-site Multisite network. Two blogs were merged into one, then the new site was moved to Multisite. We did that with the export/import tools in WordPress. Fast-forward two years (my how time flies, Simon!) and now I’m asked to un-do it. But they only want site now. The main site is being deleted.

    I was actually glad, since this gave me a chance to handle the site properly and upgrade it correctly. I could clean out the old posts and content, re-sync users, tighten security, and undo the nightmare that was our old process. Plus the exercise of unraveling would give me more experience in WordPress shenanigans. And finally, it answered the question of how much you would have to pay me in order to do this (answer: more than most people would).

    It started out as a massive 30 step process, but after running through it a few times, I was able to speed it up into five, simple, sections. I make use of WP-CLI here, but if you don’t have it you’ll want to get interconnectit’s search and replace tool to save you a migraine.

    Bring it Local

    I use Vagrant and I made example.dev for this.

    Then I just copied down all the files from example.com/wp-content/blogs.dir/2/files/ to example.dev/wp-content/uploads-orig/ and did a database dump. Since I use WP-CLI, this was just a wb db export command.

    That was the full database, though, all 64megs of it, and I only wanted the second site. But we’ll get there in a second. I knew I had WP-CLI on my test box, but if I didn’t, I would have zipped the file in order to use phpMyAdmin (which would make it about 6megs). I’m lazy. I like GUIs. Either way, I imported the entire database to my new server.

    I also made a new wp-config.php file while I was at it, for multiple reasons. The one we were using did a check to see what domain you were on, and loaded different database params based on that. It was a cool bit of code, but it was unnecessary here. Making a new config file is easy (for me), and it ensured I had it clean and only set to a single install of WordPress. After all, I’m de-multisiting.

    Fix the Tables

    Of course, I had to clean that database. The first step was simple and I dropped all wp_FOO tables except wp_users and wp_usermeta. That left me with all the wp_2_ tables.

    Next I renamed wp_2_ to wp_ so I could have everything nice and orderly. But there’s a catch there, becuase there’s an option in my wp_options table that has the name wp_2_user_roles. Can you see what’s wrong? I need that to become wp_user_roles and I need to update any usermeta.

    Break out WP-CLI again and run this: wp search-replace "wp_2_" "wp_"

    So nice. So easy. That actually took care of 100% of the issues with the table renames. Were I doing it manually, it would be time for tears in your beers.

    Clean the Images

    With WP-CLI this is a snap:

    wp search-replace http://example.com/foldername/files/ http://example.dev/wp-content/uploads/
wp search-replace http://example.com/foldername http://example.dev
wp search-replace wp-content/blogs.dir/2/files wp-content/uploads

    I ran it like that for a reason. I like to do my searches in order of smallest catch to biggest, and this way it kept my possible gaffs to a minimum. I knew I had to fix all the images and post content, so it was safer this way.

    Clean up Users, Themes, and Plugins

    We had a lot of old, duplicate, users who had no posts or had left the project. I went over everyone’s permissions, dropped them down as low as I could, and removed half the admins. It’s just a good time for that.

    Next I reinstalled themes and plugins. I could have just copied them down, but I reinstalled everything because I wanted to take the time to make sure they were all clean and the latest versions. This is also where I paused to do a security review of everything we had.

    Move it Live

    Well now we’re just moving WordPress like normal. Copy it all up via FTP, copy up the database, run a last search replace to change example.dev to the real, new, domain (which I don’t actually know yet know), and it’s done. If I use wp-cli again, this will be as simple as running this: wp search-replace example.dev newsite.com

    All that extra work I did before pays off here.

    The nice thing about this is that I could have done this and then keep the main site if I’d wanted to. I didn’t, but I could have easily deleted all the wp_2_ tables and just cleaned up the multisite stuff. The headache is I’d have to do this multiple times if I’d had, say, ten sites on the network and wanted to move them all. If that had been the case, I would have only exported the wp_2_ tables and the wp_users and wp_usermeta ones.

    But yes. I have un-multi’d a site.

  • MailBag: Why Do You Do It?

    MailBag: Why Do You Do It?

    Zaman dropped me a year end note. He’s been asking people, interviewing them, for a site, and had three questions about why I do what I do (and a little bit of how). It deserved a public reply.

    1.You have been actively volunteering at WordPress support forum and with your solutions individuals and companies save big chunk of money. Your family and Job at DreamHost are your top priorities. Then your priority becomes the website you run (halfelf.org). You still manage to take out couple of hours to hit WordPress forum. You mention in one of your blog that some people volunteer because they enjoy it and some do it to master skills. What drives you to volunteer at WordPress?

    What drives me to volunteer at WordPress is little more than a bit of technical socialism. I give back because I get back, and it seems only logical and fair and just to make the time to do these things. Admittedly, having my job actually be know WordPress’ ecosystem and keep a good relationship between WP and DreamHost makes this far easier for me than most. But at the same time, I was doing this before it was my job. And I did it because I could.

    I have a hard time explaining the need to give back to people, because it’s something you either understand in your heart or you don’t. Call it a random act of kindness to the universe, I help with WordPress because I can, because I enjoy it, and because it makes me feel good to do it. I won’t deny I get awesome emotional props from doing it, a feeling of absolute satisfaction and pleasure knowing I can help people, but it’s really just that. I like doing it. I make the time for it.

    2.Your insights on halfelf.org are remarkable and the blog “whose responsibility is it” in particular draws my attention. You convey it is the business owner responsibility and not the WordPress core or Webhosting Company to perform due diligence before they install plugin’s. You also call out there is a need for more security experts. Is there a shortage of wordpress security experts in general or in wordpress public support forum?

    Do I think there’s a shortage of WP security experts? No, I think there’s a shortage of security experts in general. I think the masses of people would rather do awesome and create awesome than study security and delve into things. The fact that I can think of a hundred ways to socially engineer going to see a movie for free without breaking a sweat, the fact that someone like Frank Abagnale was able to pull off what he did underscores the issue.

    At our heart, humans want to trust. We want to believe people won’t screw with us. And when you factor in just how complex computers and code can be, of course we have faith that the people who write code are writing the best code to their ability and know what they’re doing. And we have faith that, when a bug or a security flaw is reported, people will fix it as fast as they can.

    WordPress complicates this, since there are so many plugins and themes out there that there isn’t a centralized place to reply a problem. Even if there was, there’s no way to enforce the bug is fixed, and there’s no way to be certain everyone will upgrade. Just look at the nightmare from the RevSlider situation. Once you add in the world of non wordpress.org hosted code, it’s impossible to maintain any control.

    If more developers were security conscious this might be less of the case, but it’s a problem in Open Source. The Heartbleed vulnerability is a prime example of that. One change, missed by many. It’s not just WordPress, it’s how we develop in Open Source. The speed of our work makes issues like this sadly more common and possible. So we need more people who love hacking into things and breaking them and then responsibly passing on fixes to make things more secure. I do feel that Github and sites like it are actually a great step forward. I can file a pull request with a fix and pass on the help in that way.

    This does require hobbyists to step up and be a bit more of a true developer, but they have the most to gain from it in the end.

    3. Examining and reviewing the plugin software may not be possible for small businesses. Do you have a list of plugins that should be avoided or a checklist that should be considered before installing the plugins? I am not asking if you to list here. May be an article in halfelf.org will be very useful for WordPress community.

    I don’t have a list. I can’t have a list. It’s impossible, given the rapidity with which plugins are updated, fixed, released, and closed. It’s just not feasible. I tried, at DreamHost, to keep tabs on plugins like that for about a week. Then I gave up. It would be a full time job.

    And I disagree it may not be possible for a small business to have an audit done on their plugins and themes. They can hire someone. It would be expensive, certainly, but frankly I find the alternative untenable. If you had a physical store, you’d pay to have a security audit once in a while, if only by your security company. This too is a part of running a business. Period. You just can’t dismiss it as ‘not possible’ when it’s your career on the line. Complicated, expensive, and annoying I will grant you. But you have to do it. Even if it’s just once a year, you’re a step or ten ahead from where you were before.

    I’ll say this, however. I would expect someone like Pippin over on Easy Digital Downloads to be reviewing all add-ons he lists on his site. Anything he sells, certainly, but also this big list of free add-ons should be checked for basic security before being listed. In this way, a small company can know they’re reasonably secure with that suite of plugins.

    Are there plugins that should be avoided? Sure. I suggest you avoid anyone you can’t figure out how to contact in case of a security issue, anyone who encrypts their code so you can’t read it, and anyone whom, when you do contact them, blow you off.

  • Mailbag: Where Do I Start Learning?

    Mailbag: Where Do I Start Learning?

    Kenny flatters me (though I think have better hair than Trump) asking this:

    If I wanted to be a millionaire, I’d ask Donald Trump, which is why I’m asking you…What would you recommend as a learning path or in specific resources to gain foundational knowledge and expertise in WP/ hosting? Knowing what you know now and if you had to start from the beginning today, what would you do? Thank you.

    The same place I did when I started.

    I would download WordPress, install it, and use it every day for a while. Understanding how to use the product tells you more about how it works than almost anything else. All problems you have will, eventually be traced back down to code if that’s how your inclined, or documentation, or just plain understanding.

    See, how I got good at WordPress was because I used it, I had problems, and I decided to learn how to fix it instead of relying on the kindness of strangers. If I had to do it all over again, I’d do it the same way because it let me learn at my own pace and in my own way. WordPress was a place where I could (and still can) sit and study how and why things work, ask questions, get answers, and learn from them.

    How did I learn about hosting? Same way. I had problems and I asked my host. “This code I want to use says it needs PHP 5 and my server is PHP 4. How do I change that?” It was really that simple. They moved me to a new server for PHP 5 and I looked up why that was necessary. That was how I learned what a nightmare server upgrades are and why they’re so complex.

    The secret to it all is I never said “It should be easy to…”

    Weird secret, right? Well, how many times have you heard someone say “It should be easy to fix this problem!”

    It’s not. It never is. If it was, we’d be done. It’s always hard or weird or prone to conflicts, which is why that wasn’t a statement I made. Instead I asked myself “Why isn’t this easy?” I wanted to know what made things hard.

    But I’m blessed with a natural curiosity about the world and I want to dig into things to see why they do what they do. This is especially true when I’m trying to use them and they, for whatever reason, don’t do what I want. That spurs me forward into research and reading and understanding and then writing. Eventually I get to the coding part. Because isn’t that how we all learned in the beginning? We wondered and we played and we learned by doing and experiencing.

    If I did it all over I’d do it the same way and use the heck out of WordPress.