Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: oped

  • Bad Faith Names

    Bad Faith Names

    One of the things about Open Source is we can name things whatever we want. This comes with a great amount of responsibility though, since we have to both come up with unique, memorable names that make sense and respect everyone else.

    Respect is a funny thing with names. For example, in order to respect my friend Tracy, I wouldn’t name my company LYKES Inc, because that would be very similar to her company of YIKES Inc. But also I know she’s trademarked the domain, which is a smart choice, and that means I have to respect her trademark as well.

    Speaking of Trademarks

    When it comes to trademarks, everything’s a little messier too. 

    This isn’t about not naming your plugin “Google Analytics.”

    This is about when you own a trademark and people are infringing on it, and how you can chose (or nor) to behave.

    This is about being cocky.

    There’s no other way to explain this, but a romance novelist trademarked the word ‘cocky.’

    No, this isn’t a joke. Since 2015, for a number of reasons, the word ‘cocky’ has been super popular with romance authors, and one of them decided to trademark the word. In 2018 she applied for, and got, a trademark on the word. Not just the word mark (which is like Pepsi’s trademark on the word and the font), but also the actual word cocky, as used in romance novels.

    And then she did exact what you’re thinking, and she decided to sue everyone else who was using it.

    Trademark Bullying

    Fallen Hopkins said her reasoning was her users. “I receive letters from readers who lost money thinking they bought my series. I’m protecting them and that’s what trademarks are meant for.”

    When you hear it that way, it does sound a little sensible, doesn’t it? She wanted to help her readers be less confused that “The Cocky Cowboy” isn’t a book in her series “The Cocky Series” (in which there is a book called “Cocky Cowboy”). She kicked the author of “The Cocky Cowboy,” who renamed her book “The Cockiest Cowboy To Have Ever Cocked” and now I’m a little in love.

    Now most of the time you can’t actually do that! I mean, I could name a book “Catcher in the Rye” if I wanted to, because you can’t copyright book or story titles. What you can do is the title of the book as it pertains to non-book goods and services, as long as the goods aren’t the book. With a trademark, if I have a book series, I can trademark the series name (see “Harry Potter and …”), but not a single individual title. Until I make a movie.

    But more to the point here, Hopkins was being a damn bully by deciding she was going act in bad faith.

    Yes. It’s legal, but it’s bad faith.

    Bad faith is simply you doing something that is legal but you know it’s the bad thing to do.

    That’s not a legal definition, by the way. If you look it up in a law dictionary, it involves the intent to deceive, which is a weirder thing. The real question is why is this legal? Right? Why would someone possibly be able to trademark cocky!?

    Turns out, it’s actually not hard to trademark a common word if you do it right. Take Apple, for example. You know, Macintosh the company? apple.com? Right, they trademarked Apple, but only as it relates to computers. I can name my car company Apple Cars if I wanted, but I better keep away from self-driving cars, eh?

    There’s a catch to all this. If you’re in the USA, you may be aware of the First Amendment. You know the one? Well there’s a doctrine about all this that basically exists to stop trademark law from stomping all over our rights. People build careers on this stuff, so the short version for you is that folks who are chapped about this have a damn good case against her doing this maliciously, and getting the trademark overturned.

    The problem is they need lots of money, which they don’t have. We’re talking about a bunch of indie e-book authors, after all. They may not have money but they have the internet, and they’ve been using it to savagely take down Hopkin’s reputation.

    You really should never piss off people who are good with words.

    Cockygate Doesn’t Hold Up

    The good news in all this is the trademark’s being canceled. The bad news is that someone else with deeper pockets probably has a great idea now and is going to be an even bigger problem for people later on.

    People will get confused. People can’t even tell differently named web hosts apart, so of course someone will think “Joe’s Google Analytics for Sports Sites” is an official Google plugin on WordPress.org (seriously someone did). They just don’t read and think, and all the trademark protection in the world isn’t going to help them out.

    But think about how you’re approaching this. Ask people to change the display name of things, and ask them to make sure it’s clear they’re not related to you. And when someone gets confused, point out “That plugin/app doesn’t have my trademark’d logo, so you can see it’s not mine. Sorry about the confusion, here’s mine.”

    If you’re interested, read Vox’s explanation on cockygate and please, don’t be a cock when you’re protecting your trademark.

  • Consent and Awareness

    Consent and Awareness

    GDPR.

    It’s the bane of many headaches for many web developers, web admins, and in general anyone who uses the internet.  If you’re reading this, it’s probably a headache for you too. So let’s have a real, non-lawyer talk about what’s going on and why you need to care.

    Notice: I’m not a lawyer. This post is not legal advice. Please read the EU GDPR Information Portal and research your specific situation.

    Everyone Needs to Care

    If you thought this only has to do with people who use eCommerce products, think again. The centre of the GDPR is data privacy. That is, the right to have your data removed from websites, when you want. The point to all this is if you have a website, and people visit, you need to care because the following reasons:

    • You have ads on your site
    • You allow comments
    • You use custom avatars (Gravatar)
    • You track visitors (Jetpack, Google, etc)
    • You embed content (Twitter, YouTube, etc)

    Does any of that sounds like you? It sounds like pretty much every public website in existence. And congratulations you need to care about GDPR.

    What You Need

    There are a lot of moving parts here, but the pared down version is this:

    • Know what 3rd party services you use
    • Know what your CMS tool tracks
    • Have a privacy policy
    • Have a way for people to request data deletion

    The first two are surprisingly complicated because, in the case of WordPress,  you might be tracking a lot more than you think. Remember all those things I mentioned above? They all are common situations where your CMS might be tracking people. But what if I told you that a lot of plugins you use also add on tracking? Or record more data than WordPress knows about?

    Like. I wrote a plugin that adds in the IP address used to register an account to the user meta. This means WordPress now records more data. Thankfully that gets deleted when you delete a user account, and it’s generally covered under the broad disclosure that you track users IPs (which every website does). But I have to make sure people who use the plugin know that, and communicate to others.

    That’s a very simple example. Take a plugin that logs user activity for, oh, let’s say security. Now you have to tell everyone about exactly what it tracks (browser information etc) and what you use it for. And you get to figure that out for every single plugin you use.

    This won’t be easy. Unless you read every single plugin you use, you’re going to be at the behest of developers who may not be aware of exactly what they need to disclose.

    Privacy Policies Are a Must

    Every site should have a privacy policy. While for most smaller blogs, the odds are low that anything will happen, you should have one anyway. The problem is that no one can tell you exactly what yours needs to have. I try to cover the four basics:

    • Terms of Use: all the things you agree to by using this site
    • Data Collection: what situations result in my tracking your data, including details on 3rd party services regularly used
    • Data Usage: what I do with data and how long I keep it – also how to request it
    • Policy Changes: a CYA that they’ll likely change

    There are a lot of details in those four sections, especially the Terms, which exculpate me if I get information wrong, allow me time to handle a DMCA, and a whole lot of things. And yes, it’s super daunting, I know. I mean, the privacy policy here isn’t half as robust as some of my other sites.

    The Bottom Line

    You can distill all this into consent and awareness. People need to know what they’re getting into on your site (or at least be able to know – you can’t help people who refuse to read). And you need to understand exactly what your site does. You need to be aware, as a website owner and a user.

    All those terms you ignored when signing up for Google Adsense and Analytics? Now is the time to knuckle down and read, because you need to cover that. All those extensions (plugins and themes) you added? Read up on them too. If they don’t explain what they do with data, ask the developers.

    Developers? Step up. Document exactly what data you save. If you allow for the saving of different kinds of data, based on what the user picks, explain that. But you have to tell people what’s being saved and how to delete it. Most CMS apps now have tools to hook into to aid deletion, so research.

    GDPR kicked in four days ago, but it’s not to late to fix things.

  • Hey, Twitter, Why Do You Hate Us?

    Hey, Twitter, Why Do You Hate Us?

    Hi, Twitter.

    I know we fight a lot. You know I report a lot of abuse and harassment, and you do nothing about the Nazis, and we have our differences. But this isn’t about that. I mean, yeah, I’m salty about the Russian thing, but we need to talk about something else.

    We need to talk about using Twitter on a desktop when you have multiple accounts.

    Multiple Twitter Accounts Happen

    I have a legit reason to have multiple accounts. A good one, in fact. I have my personal account, but I have two others for brands I manage. And that means I kind of need to be able to log in to all three at once and wrangle things.

    If you use Twitter on the web, your choices are regular Twitter or Tweetdeck. The latter makes you sign up via a very convoluted process in order to grant access to accounts. Basically, you have to give your ‘main’ account access to the ones you want to manage. It’s not very obvious.

    And there are weird things missing from Tweetdeck. Like … no decent notifications. You can’t tell what you’ve read or when people @ you or anything like that. Not easily. Oh, and there’s no GIF button.

    Finally … with three accounts I get to have NINE columns. Three each for ‘home,’ ‘mentions,’ and ‘messages.’ Thanks. A lot.

    No Great Desktop App

    Here’s my problem. There’s no good Twitter desktop app. Your own app went unloved until you pulled the plug. In a tweet. Nice. Really nice. That leaves me with a few choices.

    TweetBot: I like Tweetbot, except that I can’t see polls in it, and I can’t navigate to embed Gifs. But it has a pretty decent interface. The biggest issue is that you can’t see group DMs. Sometimes keep on top breaks. Sometimes not.

    Twitterific: This is a wonderful app except that scrolling sucks. If you switch to a different account, keep on top stops working, and ⌘↑ (which should take you to the top of whatever you’re on) doesn’t scroll right. Oh and no embedding Gifs. And again, no group DMs and no polls.

    What about TweetDeck’s desktop app? It hasn’t been updated since 2015. The best version I’ve seen is Tweeten but again, I’m back to 3 columns per account.

    What I Want Is Simple

    I want the iOS app, but for the desktop. I want to have the following features:

    1. Multiple Account Support
    2. One visual ‘column’ per account (it can have sub tabs, whatever)
    3. The ability to insert and read polls
    4. Support for multi-person DMs
    5. Notifications
    6. A damn GIF button

    Instead, I get to use Tweetdeck in my browser. At least, until Twitter dumps that too.

  • Let’s Talk, Slack

    Let’s Talk, Slack

    Hi, Slack. You’re the cool product everyone uses to communicate on scale. You’ve introduced a lot of features and aspects that are great. We all like to use you for our non-company work, but I’ve noticed something interesting.

    See. You constantly remind us that Slack is for Business. But you don’t seem to have actually spent enough time in corporate land to understand what that means. So, as someone who worked for nearly 15 years (and recently at that) with The Man, and the last five with a smaller company, let me try to explain to you what mistakes you’re making. Oh, and before anyone asks, yes, I’ve pitched all of this in tickets/suggestions to Slack already.

    Constant Barrage

    Being able to tune alerts on Slack is basically the only way you have to live or die. I can mute channels or group-chats pretty easily, to allow a conversation I need to be aware of, but not right now to carry on around me.

    What I can’t do is mute my really, really, really chatty and annoying coworker for an hour so I can get work done.

    Oh sure, Slack, it’s passive aggressive to just mute Bob over there who knows I love the Cleveland Problematically Named Baseball Team, and wants to tell me something I will care about in an hour or so. But right now? I have a job. And I want to concentrate without your alerts popping up on my screen and showing that dreaded unread icon. And yes, Slack, I could mute everything, but what about my coworker Jane, the nice one who pings me with an apology because she knows I’m super busy, but she has a critical work problem, and I’m the expert.

    Come on, Slack.

    Asynchronicity vs Work/Life

    While everyone in startup land likes to brag about how they work 80 hours a week, the reality is that most business aren’t actually that stupid. We take vacations. We don’t work weekends. We like to spend time with family, go to a sports game, and not  be distracted by the ping of work.

    While you have do not disturb settings, Slack, I can only set them for specific hours. So yes, I do set them for 4pm to 7am, because I actually do have an end of day. But I can’t set my work days, I can’t connect Slack to (say) my Google Calendar and have it automatically detect that I’m out of the office. I have to constantly fiddle and tweak things. It’s a mess.

    Out of Office Messages

    Speaking of this, if I (perchance) happen to forget to mark myself as out of the office, I’m going to get alerts. Fine, that’s on me. But. You introduced custom status messages, which you tout I can use to announce I’m on vacation. Awesome! Now can you make them useful?

    See the problem is I put in “Out of the office until Feb 20” pretty recently, and I thought “My coworkers are intelligent, they’ll see this message and know ‘Aha! Mika is out!’ They don’t. And looking at this, I can’t blame them becuase of two things:

    1. Readability on MacOS is shit
    2. The message doesn’t fully show on iOS

    Don’t believe me? Here:

    Slack Example from iOS
    Slack example from MacOS

    Those are hard to read! And why don’t they auto-alert like a DND message does when someone DMs me? “Mika is currently [status message]” — Oh yes, Slack, I know people like to use those for jokes. Want to stop them? Make them auto-reply. Then people would only use them for real.

    And by the way…

    You’re Ageist

    Let me tell you a story.

    Once upon a time, not very long ago either, I supported desktop software. I received a phone call from someone in the Big Building, aka where the real bankers worked, and she couldn’t use a product because the screen was unreadable. She couldn’t see the buttons or dropdown. I asked her to give me 30 minutes and I would call her back. Quickly I went through a few steps to size and resize the window, and I couldn’t figure it out. I called her back and asked if I could come to her office.

    One 20 minute bus ride later, I’m at the fancy building, going through metal detectors, and I head up to her floor. I apologize for not being in a suit and ask her to please show me her desktop. One glance and I realized the problem was that her desktop itself had been resized. I explained I was going to change the resolution, resize it, and see if that fixed it. I promised I would reset everything.

    Nervous, she allowed this. After all, if I closed a specific window, I could cost the company a hefty bit of money. I very cautiously (without minimizing anything), changed the resolution.

    “Oh, that’s how it was this morning! My coworker was using my workstation.”

    After I head-desked a few times, I checked the app I was responsible for. It was set to take up most of the screen but not all. I resized it, manually, and then restored her preferred resolution. I then wrote down how I did that, how to fix it in the future, and went to give her coworker a stern word that began with “The first rule of using someone else’s workstation is THOU SHALT NOT MESS WITH THEIR SETTINGS.”

    A few years later, when I no longer worked on that team, I got a phone call from her again. “My new coworker is having the weird screen problem I had a million years ago. Can we pay you with lunch to fix it again?”

    Of course I said yes.

    Now re-read those problems I have with you, Slack. Because you’re worse.

    To Review

    I look at Slack, and I look at the problems I have, and I think “If I wasn’t technically competent, I would be lost.” And I realized “I am technically competent and I still get lost.”

    Slack. If you want to make it bigger, if you want big companies and banks to start using you instead of Lotus Notes Messenger, you need to step up your game. Provide business tools, the ones they need to make sure if they’re not available, someone knows who to contact next. Treat people like grown ups with mortgages, not 20-somethings who exist on packing peanuts and internships.

    Basically, Slack, you want the grown ups? Grow up.

  • Thimking About Security

    Thimking About Security

    It's been a while since I last talked about security and WordPress plugins, so I thought it was a good time to do it again.

    still don't use any. But we'll get to that in a minute.

    Don’t Be ‘Stupid’

    My mother is one of the few people I know who has almost completely conquered the will to be stupid.

    Miles Vorkosigan on his mother, Cordelia Naismith Vorkosigan
    Brothers in Arms by Lois McMaster Bujold

    Understanding what makes something secure or insecure is not as obvious as I wish it was. I often say that the trick to being secure is not being stupid. Of course that's easier said than done, and I know it.

    Still, my record holds true that the one time I was hacked, it was from my own stupidity. I knew it was wrong and foolish and I did it anyway. And my guiding principal of security remains a constant reminder "Don't be stupid."

    But what is stupid? Every time you leave your house, you lock your doors, right? You do the idiot walk, as my grandmother Taffy called it. Keys, wallet, phone? Is the gas off? Is the heat on? Are the windows closed? You check the normal things and then you lock the door and off you go.

    Of course, we all have been an hour into an 8 hour drive and panicked "Did I close the garage!?" And for some people, even the simple act of locking the door is an arduous journey of 10 or 30 or 55 checks. In order to say 'don't be stupid' we have take ourselves honestly and seriously, and remember that 'stupid' just means 'don't not think.'

    THIMK

    That was not a typo. Nor was the title of this post.

    While we all make fun of IBM and MAD Magazine, I recall reading "Welcome to the Monkey House" by Kurt Vonnegut, and Ma Kennedy had the sign over her desk. At the time, I was unaware of the MAD magazine spoof on the matter. THINK was a sign folks at IBM had, and THIMK was the spoof.

    When I read it in Vonnegut, and bear in mind I was young and naive, I found it far more compelling than the idea of telling someone to THINK. With the letter changed, it forced me to reassess my assumptions of what the meaning was. After all, telling someone to THINK means, well, think. But telling someone to THIMK is a different matter.

    Eating the Elephant

    You know that old joke? How do you eat an elephant? One bite at a time. Well. That's security.

    I've been a loud opponent of the TSA, the way it's implemented in the US currently. It makes us feel better by making us think (N) that something is being done. And, yes, the TSA has found problems. But their job is to look through a thousand small things and find the odd-one-out. They're looking for the weird.

    When we perform a security audit over anything, be it a plugin or a server, or a door, we look for what we know is likely wrong. When I review a plugin, I look for the common issues. I skim for them, or grep for them, because I know what I'm looking for, and my eyes are trained to find it.

    But then, once I see the major and common issues aren't there, I read the whole thing. I look at the plugin as a whole entity, and I think. What does the code mean? What is it's intent?

    Metaphysical Security

    Without the ability to spy into the soul of the developer and glean an understanding of their raisons d'être, we're left with monitoring actions and making best guesses. And we're going to be wrong from time to time.

    It's no secret that last year, the WordPress security world found a new villain in the despicable people who buy plugins and slip backdoors into them. I saw some complaints that this sort of vulnerability wouldn't exist in [insert your CMS here], except … it will. It can and it will.

    We are all vulnerable because we choose to trust. We trust the developer to have good intentions. We trust the reviewers to be good people and care more about the security and sanity of code than themselves (which is a whole different ball of fish). We trust the ongoing development not to be handed over to evil people.

    That last one is unavoidable. People trust me to review code and react in the 'best' way for the community. But what if someone found my asking price and bribed me? What if I let bad code like backdoors into the WordPress Plugin directory? It would probably get caught, eventually, but still. Even if we locked down plugins to specific users accounts and didn't let anyone but admins (like me and Otto) add users, we would still at the end of the day remain vulnerable to humanity.

    Security Is Ongoing

    The truth is this.

    We are always, every day, insecure and vulnerable.

    Having a website that is your 'life' or career or business or even just a passion-project is dangerous.

    You should treat your website with as much thought and security as you do your own home. Check the gas. Check the lights. Make sure the door is locked. Get a security system. Hire someone to review the site and the server. But take it seriously. 

    Your website is 'you' on the Internet. And it deserves as much care as locking your car and not parking it in a shady part of time.

    Summary?

    Pay attention to what you put on your website.

    Trust no one. Not even me.

  • A Difference of Tone

    A Difference of Tone

    The other day I lamented on Twitter that one day someone would ask me “Why did you use X?” and not “Why DIDN’T you use Y?” in a tech talk.

    Think Different

    When you go into a talk, thinking you know everything about it and what it means, you close your mind. You start by ignoring the possibility that other people can have amazing thoughts and ideas too. You limit yourself. Your preconceived notions color how you think because you limit your experiences to that which you have personally.

    This is much the same as why a number of people seem to lack empathy until they’re personally impacted. That’s why you hear men say things like “I didn’t become a feminist until I had a daughter.” A number of people nod and understand his meaning is that it wasn’t personal. But a number of people also wonder what the hell is wrong with someone not to care about humans in general. Doesn’t that man have a mother? A grandmother?

    Once you allow yourself to accept the simple idea that someone else thinks a different way from you, you open your mind to a new world.

    Hear Different

    There’s a difference between listening and hearing. We all listen. But once you start thinking about what your reply will be, and not listening to what’s behind what the other person said, you limit yourself. I see a lot of people sit in talks and you can tell when they tune out because they’ve decided “I want to know X.” and that will be their question. Instead of writing it down to ask, they block out everything. They concentrate on their reply.

    Notice how I said ‘reply’ and not ‘question’?

    Yeah. There’s a reason.

    Ask Different

    When you go up to ask someone a question based on their talk, you’re not playing Jeopardy. The game isn’t “Phrase my answer like it was a question.” The point is to to ask something to understand a little better how someone else reached a conclusion. It’s the fundamental difference between “Why didn’t you use the Post 2 Posts plugin?” and “What did you use to connect the posts to each other and why?” The first one makes your preference known. It makes an assumption that obviously everyone would use Posts 2 Posts. The second one asks to get into the mind of the speaker, to learn the way another mind works. It assumes the other person is different from you.

    When you ask what someone used, and why, you get an insight into their process, which may help you reflect on your own. You may find new answers, and all you have to do is remove your own ego from the question.

    Learn Different

    The point of this is not to make a speaker’s life easier, but to make yours better. If you change just two small things in how you ask questions, you’ll find you can learn a whole lot more.

    1. Write down the question you want to ask
    2. Ask it without assuming you know the best answer

    You may be surprised how the tone of the ask changes everything.