Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: management

  • How Many Plugins Is Too Many To Create?

    How Many Plugins Is Too Many To Create?

    That wasn’t the way you expected that title to end, I bet. You were thinking “How many plugins is too many to have on my site” and that’s absolutely not the topic here. No, instead I’m asking how many plugins is too many for a developer to create?

    I Got 99 Problems …

    I think that plugins should be specific. That is, I’m not a fan of a conglomerate of plugins like Jetpack, that do a little of everything. Instead, I like a plugin that does the thing it’s supposed to do, preferably simply and well, and it moves on. That means I often have 20-30 plugins installed on a site, and that’s okay.

    At the same time, as a developer, having to support 20-30 plugins is a drain on my limited resources. Becuase here’s what I have to do:

    1. Keep up with all core changes
    2. Include and test all library updates
    3. Test with every release
    4. Update my readme
    5. Review reviews and support posts to make sure I’m not missing things

    Multiply that by 20 and it’s a lot of work. And is that work I feel like I must do?

    Gimmie One Reason …

    The reality of having plugins for WordPress, or any add on for any project, is that it’s generally thankless work and you will have more bad days than good. That’s true of many things in life, and as depressing as it can be, it’s important to keep an eye on the reality of the situation. 

    Developing software is very analytical art. You create something out of nothing, you design and test and change and tweak, and then present it to the world. Of course those days when people tell you “I don’t like the color” suck, but being humans, we discard that and grab on to the days when someone says “I love the carrot!”

    And the reality of the question at hand isn’t how many is too many, but how many are worth the work and the little reward?

    Bring it Together …

    Lately I’ve been advocating something different. Instead of making 13 separate types of gallery plugins, I’ve suggested people make one plugin for galleries and include those 13 types as display options. The amount of work is roughly the same, but it means I only have one plugin to manage instead of 13 separate readme files to edit and installs to spin up. I also have one place to look for any support posts or reviews.

    Obviously this doesn’t always work. Sometimes you have to split things up. There’s little point it combining a WooCommerce plugin with a NextGen Gallery one (unless the plugin is implementing NextGen with Woo products…). But if you can connect your projects by type, you may find out that there’s crossover. Instead of spreading your user base out over 10 plugins, you can keep them manageable with 5 to 8.

    Working For The Man …

    And what about Jetpack? It’s effectively XX separate types of plugins:

    • Writing
    • Sharing
    • Discussion
    • Traffic
    • Security

    Except when you look at that, it suddenly all connects. When I write I want to share and I want people to discuss. I also want to keep an eye on my traffic and being secure…. Okay that last one might be better off on it’s own, but it’s a suite of related apps. 43 separate apps, but they are all related when you get down to it.

    Which means even if you’re making a plugin for your company, you can probably combine it with other things safely. And that means less access and security concerns for you too, as you only have to keep track of who has access to one plugin instead of 50.

    How Many Is Too Many?

    This is as subjective as all get out, but I’ll say this. Once you personally support 20 plugins for WordPress, take a good hard look at how much time you’re spending and ask yourself… is it worth it?

    It’s okay to say no.

  • Managing User Permissions

    Managing User Permissions

    When it’s just you writing on your site, WordPress user management is incredibly basic. You have one user, you, and you do all the things. If you’re a little neurotic, you have one user who is an editor to write all your posts, and one who is an admin to do the admin things, and you religiously log in as the editor.

    But when you have a site with multiple authors, how do you handle them and their permissions? And what do you do when they leave?

    Lowest Common Denominator

    The most important thing to remember with any CMS or tool is to give users the lowest possible permissions. The people who are admins can do anything so they should be restricted to just the people whom you’ve discussed responsible administration, how to handle things, and who the ultimate top technical boss is. The Roles and Capabilities of WordPress can be very daunting, but the summary is very important:

    • Super Admin – somebody with access to the site network administration features and all other features
    • Administrator – somebody who has access to all the administration features within a single site.
    • Editor – somebody who can publish and manage posts including the posts of other users.
    • Author – somebody who can publish and manage their own posts.
    • Contributor – somebody who can write and manage their own posts but cannot publish them.
    • Subscriber – somebody who can only manage their profile.

    The Administrative

    I strongly recommend limiting your Admin accounts to less than 5. Most people don’t need to be an admin. In fact, the only annoying thing an admin is needed for would be adding new users. Everything else that they can do is, properly, administrative and requires some technical knowhow. You don’t want your copy editor updating a plugin that breaks a site, after all.

    Editors are like your moderators. They can approve posts, edit them, handle comments, and more. They cannot install and upgrade code, however, which is good. Admins (should) have server access, after all, not Editors. If you think of it that way, you may go less crazy.

    The Writers

    Your post writers come in two flavors: Authors and Contributors.

    The difference here is minimal but important. A Contributor cannot publish posts, and more importantly they cannot edit posts once published. That makes Contributor a good role for guest posters, or irregulars. If you need to review and approve every post before it’s live, this is the role for your writers. On the other hand, an Author should be someone you trust won’t go back and make naughty changes to posts after they’re approved and published.

    The biggest ‘flaw’ in Contributors is that they cannot upload files. This can be annoying, I know. If you need more robust tools for your writers, services like CoSchedule and plugins like Edit Flow may be up your alley.

    The Departed

    I don’t mean dead. What happens when your writer quits? You don’t want to delete their posts (probably) but you do want to balance their access with your security. The simplest solution is to make them a Subscriber. This means they can just read and leave comments on your site and nothing more. Their posts will still be attributed to them, but they cannot be edited.

    Of course, it the departure is less than amicable, another solution is to make them a Subscriber, but then change their email and password. If you use Gmail or GSuites, a super quick email fix is to create an alias like blogadmin+username@gmail.com for your users. For example, if the removed user’s login ID is johnsmith then I would create the email blogmaster+johnsmith@example.com and use that to own the ID. This prevents johnsmith from being able to log in and change his password again.

    For cPanel you’ll need to use forwarders and for Plesk you need aliases. Both require setting them up on the server side. Sorry.

    Custom User Roles

    I say this with a heavy heart. Most sites need to stay away from this. The basic five roles will suffice for most situations, and you should really try them for a while before dismissing. Adding in new users roles in WordPress can end with no one having permission to do anything. If you use custom roles, please be very careful and make sure you know how to restore basic user permissions in a pinch.

  • Detoxify Your Website

    Detoxify Your Website

    The following are my speaker notes for WordCamp Minneapolis 2015. The slides are up at https://helf.us/wcmsp2015/:

    There Are Many Kinds of Toxic People

    • The hater
    • The know-it-all
    • The concern troll
    • The Pilkunnussija

    When your site gets popular, you get a diverse group of regulars. Not all are created equal. There’s the hater who hates you all, the one who knows everything, the one who CLAIMS to want to help but really derails you on small things, and then… Well you can google that last one, but the short version is the one who says “you spelled it T E H” in the middle of a passionate discussion about the next season of Sherlock, and Oh my GOD did that really matter?

    You Dread Your Own Site

    Where Did The Fun Go?

    You used to love your site, seeing the comments, checking out what the new people had to say. And now, thanks to those other people, those toxic people, you hate your own site and you’re pretty sure the community is going dark and twisted and you know what it’s time for?

    Cleanse Your Colon

    Keep your Community Healthy

    It’s time to give things a scrub. There are only four steps to being able to survive a successful blog cleanse. If you’ve ever tried those cleanse drinks, you’ll know that it’s not easy to make it through, but you can do this. Just … don’t Google Image search ‘colon cleanse’ please. I regret that.

    Step One

    Forget the First Amendment

    You know the one. The one people always throw out at you, that they have the “right” to say what they want? They don’t. They just don’t. They can shut up now. The site is yours, you bought the domain, you pay for the hosting. The First Amendment has never had any bearing on our blogs so don’t be afraid to delete comments.

    Step Two

    Be Consistent

    If you’re going to clean your site and make sure it’s what you want to be and do and work on, then you need to make your rules and stick by them. If a rule is “no talking about George Clooney’s personal life” then you have to be strict. Keep it solid and don’t waver, not even for yourself.

    Step Three

    Arm Yourself

    WordPress has some built in tools that most people use when thinking about spam, but what if I told you to use Comment Moderation on their key phrases. What if you took the people who slammed you and attacked you and put their emails in the block list? Done. Get them out of your life.

    Step Four

    Trust Yourself

    If you get that feeling, that gut feeling that says “This is about to go wrong” then you need to believe yourself. Trust yourself. Have faith that you know the vibe of the site you’ve been working on all this time.

    WordPress Tips

    • Use the Comment Moderation and Comment Blacklist
    • Use plugins like Comment Probation to monitor new people
    • Watch their IPs

    Outside WordPress

    • Block them from your email
    • Use Twitter and Facebook’s block functions

    Don’t Give Up

    I’ve been wrangling communities online for a long time. I’ve faced burnout and exhaustion and pain. But I’m not alone. I have the other communities like mine to lean on. I have fellow forum mods to ask for backup. I have friends who tell me I’m going too far.

    Don’t give up. You’re not alone.

  • Diving Into Varnish

    Diving Into Varnish

    We use it at DreamPress a lot, and I’m still learning its ways, but with me, the best way to learn a thing is to do a thing. So when I had a random server crash with nginxcp, I decided to play around and see about using Varnish on my server instead.

    Varnish's banner is a flying bunny

    Varnish is an HTTP accelerator designed for content-heavy dynamic web sites (like WordPress). Unlike nginx, there’s no support for SPDY or SSL, which I can’t use anyway unless I spring for another server in front of my Apache box to be a true nginx box. Since I wasn’t getting any benefits out of nginx for those, I’m not too worried about it here yet. Should the world go to SSL, then my POV will change. The Varnish gurus aren’t fans of SPDY as it happens, which I find fascinating.

    Back on point. I’m going to use Varnish as a proxy, which means when someone comes to my server to ask for a file, Varnish will first check itself for a cache and then if it’s found, serve it without touching Apache. Apache is slow. This is good! While nginx can handle static files rather well, I found that where I ht slowness people told me to use a CDN. That’s nice, but I don’t want to right now, so it makes nginx less of a draw. On the other hand, Varnish will fill in the gap where Apache + mod_php == poor static-file performance. And yes, I’m using mod_php.

    Installing Varnish

    First change Apache non-SSL port to 8080. I’m on WHM for this particular box, so I go to WHM -> Server Configurarion -> Tweak Settings and set value of field Apache non-SSL IP/port to 8080

    Next I install the Varnish RPM for RedHat REL6. This can be either Varnish 3x or 4x, but I picked the latest version.

    rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-4.0.el6.rpm
yum install varnish

    Edit the config file – /etc/sysconfig/varnish – and set the VARNISH_LISTEN_PORT to 80.

    Now we edit /etc/varnish/default.vcl with what we want.

    Deep breath. A whole heckuvalot changed from 3.x to 4.x and it took me a couple hours to bang out, since my examples were all from Varnish 3.x. In the end, I made my own fork of DreamHost’s Varnish VCL. Grab my Varnish VCL Collection and I use the wordpress-example.vcl as my default. It’s a whole ‘nother post on how I did that one. A lot of trial and error.

    The default VCL is skewed to WordPress in a specific way: If you’re logged in or have a cookie that isn’t the default WP cookie, or are on SSL, you do not get cached pages. This means my site will be slower for me.

    Configuring Your CMS

    Speaking of WordPress… Here’s the major difference between it an nginx: I need a plugin for WordPress. I took over Varnish HTTP Purge last year in order to fix it (instead of fork it) for DreamPress, and in doing so I’ve added a lot of little tweaks, like a ‘purge all’ feature and a button on the toolbar.

    Oddly, this is the reason I didn’t want to use Varnish. Where nginx just works, needing a plugin means I have to either install and activate for everyone using WordPress or any other CMS on my system, or I have to figure out a way to not need a plugin? Oh, and I don’t just used WordPress. Ugh.

    This is moderately trivial to do with Mediawiki but I came up full short when I looked at Zenphoto. While I don’t post often to it (once a week generally), I do post a lot of data and I need the purge to be done. Certainly I could code in a system for it, like I did with WordPress, using a CURL call.

    But it’s the need to do that for Varnish that made me make faces.

    Not using Varnish

    At the end of the day, while I did get Varnish up and running, I chose not to use it. Yet. I have to overcome some hurdles with other apps not knowing how to play well with purging, and figure out how to command purges like I do with WordPress. You can see I have my work cut out for me porting a WordPress plugin to Zenphoto.

    In addition, I’m not really sure I like the fact that I have to do that. Certainly I can just let the cache expire on it’s own, but that seems to somewhat defeat the purpose of having it be able to handle dynamism as well as it does if it can’t magically detect when my content changes, and the cache needs a bump.

  • Smart Servers

    Smart Servers

    I upgraded the server that runs this site. Well, I should say I transferred from a traditional VPS on CentOS 4 32 bit server I’ve been on since 2009 to a CentOS 5, 64 bit, fully managed Smart Server.

    What’s a Smart Server?

    You know this whole cloud hosting thing? It’s like that, but not. I had serious concerns about the cloud. Certainly I was worried when I heard people running WordPress MultiSite had weird issues with caching and things not syncing up when new server slices were made. Reason enough to hold off for me. But then my host says “We have these in-between servers.”

    smartserver comparisonLiquidWeb Smart Servers are kind of like Cloud Servers. First, I’m the only person on my server (which is a step up from VPS), and I have a set amount of bandwidth. I’m charged per-day, too, so if I need more CPU/Memory for a couple days, I only get charged for those days. That’s really nice. There’s a lot of normal ‘cloud’ features too, like I can spin up new images on the fly and use them (maybe 30 minutes total to do all that).

    Yeah, 30 minutes. Thinking about how long it took to just migrate from host2 to gamera(Gamera (ガメラ?) is a giant, flying turtle from a popular series of kaiju (Japanese giant monster) films produced by Daiei Motion Picture Company in Japan. Created in 1965 to rival the success of Toho Studios’ Godzilla during the daikaiju boom of the mid-to-late 1960s, Gamera has gained fame and notoriety as a Japanese icon in his own right.), being able to move things around on the fly with only an hour of outage is nothing. When I moved my three WordPress sites, they took about an hour or so each (give or take). When I moved my forum with a 4gig database, it took about eight hours. We made jokes about how it was the size of Liechtenstein.(The problem with a 4gig database is when 400megs is in one table. Takes a long time, no matter what you do. The file copied over fast, but the exploding of it took long enough for me to nap.)

    None of that was why I upgraded/moved though. The real reason for the upgrade was that my server’s been having weird issues, and most of my research said it was because I was on CentOS 4. I couldn’t upgrade SVN, I couldn’t upgrade PHP for much longer, and I was sure that come February 2012 (when CentOS 4 is EOLd) I was going to be increasingly in the cold. So I made a list of everything I’d ‘done’ to my server, all the upgrades and tweaks, and I went for broke.

    For the most part, I can’t tell the difference between my old VPS and my new smart server other than the speed (much faster). What I did notice, and didn’t like, was that the memory tends to run ‘hot.’ With nothing going on at all, it was hitting 90% usage. With nothing going on for my old site, it’s at 50% (and normally hovered around 60-70%). Gamera definitely runs heavier, though I’m still using the old caching. I did have to up PHP memory to 64megs, from 32, after I ran into weird issues on one site, but for the most part, I’m in a ‘It Just Works’ state of mine. Oh and I will very much need to sort out external SSL, since everything’s on one IP now, and you can’t use multiple SSL like that.

    Yet I’ve still not answered the question. What is a Smart Server anyway?  Thankfully LiquidWeb isn’t the only site using this designation.

    We know what Cloud Server is, and we know why it’s good.  It’s flexible, it can add on memory and diskspace as I need it, and take it away if (when) I don’t.  I’m charged for what I’m using, not a blanket ‘This is what I need on my worst day’ sort of deal.  But the problem there is a lot of people actually need that flexibility but don’t have the brainpower to handle running their own server.  Two years ago, I didn’t, that’s for sure.  In fact, two years ago, Cloud scared me.  But, just like VPS.net came up with Cloud Shared Hosting (which I jokingly called Cloud for Dummies), LiquidWeb and some other said that some of us really need a VPS, but we’d like some of those cloud features too.

    To the cloud!This is the middle ground.  Too many places were looking at Cloud Dedicated hosting, which is expensive, and not something we all need, and then was also that race to the cheap hosting.  I pay $60 a month for my hosting, and it’s worth it.  I know, it’s a lot of money to some people, but think on this: If I pick up the phone right now and call Tom, my sales guy, or Benny, the tech I know pretty well, they’ll take the time to help me.  And if I call the 1-800 number at 1am?  Someone is there who speaks English and knows what I’m talking about.(Not that I don’t love OffShore support, I know I love the ones at my office!  Many of them are fantastic in their fields and well worth the price of admission. But too many companies force these intelligent people to stick to a script, and don’t teach them the hows and whys of the code, the company, and how to work with American customers.  If you’re going to support Americans, you must learn how to deal with them, for better or for worse, you learn to deal with your customers.  And yes, that means being fluent in their native language, and their technologies.  This holds true for India, Mexico and that moron from Nebraska who wanted me to go into the registry on my Macintosh.  AT&T.)  So while I’m willing to pay more for someone who will bail me out, I’m not willing to pay more for something I don’t use.  Like extra minutes on my cell phone, I don’t like to pay for hypothetical ‘in case I get the Digg effect or Matt links to me again’ CPU and memory.

    While a Cloud Server would handle all that, it also requires consistent and constant management.  You have to know what to expect, and be ready to go.  Those of us who do all this as hobbies or as a side-gig don’t have the time.  Also, sharing resources in the cloud makes some of us sketchy.  The whole reason we self-host anyway is that we want to be in control.  Cloud sharing started to sound a lot like Shared Hosting, which has issues of it’s own.  Resource contention is s concern, as are bad neighbors.  The cloud is great for hosts because it shares everything, and complicated for users because we don’t want to share.

    It sounds a little repetitive to call this Cloud Light.  In fact, it feels really repetitive to say “This is like a VPS, but with Cloud Add-ons.”  Part of this is because understanding what the Cloud is, after decades of the old way, is hard for our brains to wrap around.  For most of us, the cloud doesn’t matter.  In fact, it barely matters for me.  The cloud is really what the internet has always been to most of us: ephemeral and mystical.  Don’t let the smoke out of the cloud, or your website will crash!  See?  You don’t know anything more than you did before, now do you?

    The Cloud is synonymous with the Internet for many people, and I think the future of it is aimed that way.  For me, having the ability not to be tied to hardware and to add on more space, memory and CPU as I need it is invaluable. Being priced reasonably for those things also makes me pleased. The Cloud gave me freedom, but a Smart Server gives me even more: the freedom to control my destiny on my server. And that’s just cool.

    So what’s the downside?  There are some.

    Understanding memory usage has been the big issue. I mentioned before that Gamera uses 90% of the memory, normally, and after my database crash I came to understand why.  See not being tied to hardware means I’m not tied to hardware memory either.  So linux, being linux, uses up all the memory it can.  I watched, and when I start doing more intensive stuff, like importing a 4G database, the memory dropped to about 75%, and then bounced back up to 80-90.  This is what it’s supposed to do!  When it starts running out of memory, it goes to swap.  Now on the traditional VPS, this was bad.  Swap meant you were ‘out’ of memory and about to crash.  On a Smart VPS, this is okay.  My swap sits around 10% right now until I clean it out.

    Trade one ...Cleaning it out is where things get weird.  Smart VPS memory doesn’t clean out.  If I hot-swapped my memory, some genius at MIT sorted out I could actually read data off the memory.  Of course, if you have the physical access to my server I have other problems.  But swapping memory, well that means the computer swaps data to the hard disk and back to your RAM as needed.  I’m not entirely sure how this all works, and I’m doing some research now (and asking the tech from last night for info he said he had about all this).  As for the crash… My database crashed on Saturday because the table was 600mb, and the space I’d allocated for swapping like that was 400mb.  Liquidweb’s support moved the SQL temp drive to a place with more space to allow for that and everything started working again.

    ... for the other!SSL was pretty straightforward. I bought an extra IP, since it’s cheaper and easier than sorting out multiple domains on 1-IP for SSL for only two domains. The other domains don’t need SSL yet, so they can wait until WHM catches up with SNI and other weird acronyms you don’t care about.

    Basically, I’m very happy. I’ve even started to forget it’s something novel.