Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: open source

  • The Self-Perpetuating Myths

    The Self-Perpetuating Myths

    This is your only warning: I’m going to talk about racism and sexism in tech, and there will be some swearing. I don’t mind if you disagree with me, just try to be constructive.

    One brown baby, three white. I blame a lot of things on society.

    We’ve all heard that minorities aren’t fairly represented in certain aspects of society. There aren’t enough women/brown/gay/whatever on boards, or working in a specific group. We all know that girl gamers get grief. How many of you have gotten asked ‘Are you a girl IRL?’ when you play a female MMO character?

    When you look at groups like the Apple execs, it’s white guys across the board. Google? 2/3rd’s white guy. Yahoo!’s surprisingly the same with three out of twelve.

    But that name at the top, Marissa Mayer, is the weird one in all this.

    Pretty recently she left Google for Yahoo! which was a surprise to a lot of people. Right away, the old snark showed up. She used to blog about cupcakes, and was obsessed to the point of making a spreadsheet about frostings. Seriously? What does that have to do with her ability to helm a company? If anything I’d argue that sort of obsessive attention to detail is what you want. But no, people pointed out it was a ‘chick’ thing. Because a man making a spreadsheet to understand the various pros and cons for armor on an MMO is manly, but food’s a chick thing.

    That sounds pretty stupid when you put it that way, doesn’t it?

    Look, we all know that when it comes to brain-work, there’s no difference between what a woman can come up with and what a man comes up with. If you can’t accept that, you may as well just stop reading this blog now. What makes the difference is how we were raised and where our natural talents lie. Just because I’m not a super psycho coder, and prefer to spend my time helping people with their code, doesn’t mean I’m less intelligent than the people who wrote an eCommerce plugin. And yet, people persist in saying I’m in a ‘soft’ technology role.

    I think I look at more varied code than the majority of WordPress users. I review plugins and I’m pretty capable of understanding what is and isn’t a safe and secure plugin. I can look at themes and tell you where your code is inefficient. Where I lack is not in my technical chops but in my desire. How I create isn’t with code, or visual arts, but with words. The fact that I happen to be a woman means nothing. Still, you can’t escape things like the Women in Refrigerators syndrome, or how few women write comics (even ones with female leads, like Batwoman and Wonder Woman). So what’s really going on here? What’s being under-represented?

    From talking to a lot of group ‘leads’ of software projects, things are still skewed to the white guy, and it shows. If you look at a community dinner I attended, the men were the majority. Then you look at what the women/brown were the leads for, and you come up with the disturbing comment I heard that UI and Support are ‘soft’ tech topics, and that sure made me feel pretty crappy. But I know support isn’t ‘soft’ anything. In support you see more code than just what you and someone else write. At the same time, I’ve been told many times that there’s no coding involved with support.

    Edit: Note, the other woman actually was a core-team rep, not UI, which made the comment I heard even stupider.

    A lot of this is a self-perpetuating perception issue: If a group isn’t equally represented, then there’s an issue. If women aren’t 50% of the presenters at WordCamp, you’re doing_it_wrong(), people will say. And yet we know that forcing equality does not actually make things equal. The basic idea of affirmative action makes a little sense “If you have a white man and a black woman equally qualified, pick the person who will bring more diversity to give diversity a chance.” Then again, that sounds really fucking stupid when you say it outloud, doesn’t it?

    Why do people feel ‘minorities’ aren’t represented? Why do people feel equal numbers means equal representation? What makes equality?

    I’ve been involved in technology since I was a kid. My grandmother loves telling the story about how, when I was under-six, I set up her Novation CAT modem, dialed into her IBM server, and entered in all her data so that she could make me french toast. Never once, until I was in my 20s and working for a company, did anyone ever make noise about how I was a woman. My family made no point of it, and neither did my schools, my friends, or the people I talked to online back then. To them, this was not a ‘boy’ thing or a ‘girl’ thing, but simply something that I liked to do. Meanwhile, I was chastised by my peers for being a tomboy, for being the ‘masculine’ one in my relationships (I feel bad, in retrospect, for my ex-boyfriends), and for all those other things where I didn’t fit in with normal. But computers, technology, and everything along those lines were never something where gender-lines were drawn.

    Shannon Eastin - NLF's first female ref.All of that changed when I joined corporate America. Within a week, I knew, yet again, I was ‘different.’ I was one of five women in my area, and one of two technical women (the others were managers, though one was a working manager). I was weird, because I liked technology, I liked to play with things, and I’d research when I didn’t know. The more I moved away from Microsoft, the less overt my social oddity became, but it was still there.

    This behavior does not replicate within the WordPress Community in the same way.

    Oh, it’s still there, don’t get me wrong. If you want to go search through the forums, there are some awesome posts where a guy goes from totally respecting me to insulting me, and the trigger is when someone mentions in passing that I am of the female persuasion. But in the WP ‘core’ team, I’ve never met anything but respect and friendship. Now these guys are, predominately, white men, and just by their nature, lack the ability to know what it’s like to be a woman. That’s not a bad thing, it’s just a fact. I can’t know what it’s like to be brown, they can’t know what it’s like to be a woman. But like attracts like, and it’s not surprising that the leads end up being white males.

    Most groups work this way. You want to work with people you can get along with, so you pick people similar to you that add value to the party. Again, nothing’s wrong with that! Does that mean minorities get under-represented? Yes. And there is something wrong with how we’re skewed, in that way. It’s not really their fault. Like I said, I blame society. I can’t help but see the world as a woman who’s been treated like crap for being a woman, and white amles can’t help seeing the world as anything but who they are either. And I don’t think ‘forcing’ people to be diverse helps at all. It just sets up a whole mess of problems.

    What can Open Source do?

    So far, I think they’re doing it right, and much of that has to do with the need-based drive of technology. We need solutions, we don’t care who comes up with them, so long as they work and are secure. Also, because a lot of these developers are distributed, we lack the inherit problems of sight-prejudice, that is, if you can’t see I’m a minority, you rarely assume I am one. I become judged on the character and quality of my communication. This has drawbacks, of course. The lack of visual cues makes many of us seem like assholes (text is a terrible communication medium, as it leaves the reader to interpret what they will from what they read), when all we are is being direct.

    It could be better, of course, but I don’t feel that forcing integration is going to do that in a way that won’t leave us with lingering animosity. The problem I face is that I don’t know the answer. I see the problem, and I feel, on a visceral level, the solutions we’ve made aren’t working. I rage against ‘Political Correctness’ because as we take away more and more ‘bad’ things to say, we’re left with a neutered society that lacks the ability to express their thoughts. You can’t say retard, lame, gay, or a hundred other words to express how stupid you feel something is, and with understandable reason. But saying ‘drat’ just doesn’t feel strong enough sometimes, and you want to shout ‘mother fucker!’ We lose freedom of expression in our quest to be fair.

    This brings us back to my three questions:

    • Why do people feel ‘minorities’ aren’t represented?
    • Why do people feel equal numbers means equal representation?
    • What makes equality?

    The fact is, I don’t know. I think the answer is numbers, but that feels less right when I say it. It’s both in value of work and volume, certainly, but neither one is more important than the other, when we get around to it. Like I said at WordCamp San Francisco: WordPress would be nothing without the devs, but it would also be nothing without the users, and without the people who offer support. We all work together. And thankfully, for the most part, Open Source gets this.

    My suggestion to minorities, of whom I am two, is that sometimes when we feel we’re being persecuted, or picked on, it’s actually not that at all. We may be reading a personal attack into something that wasn’t meant that way. Take a moment to reason it out.

    My suggestion to the majority, of whom I am one, be careful when you make assumptions. When you look at the world from a place of privilege, it’s incredibly hard to see things from that other perspective. Also take a trip to where you’re the minority. It’s enlightening.

    I call these self-perpetuating myths because they make themselves more important. The more white-guy-only groups, the more white-guy-only they remain, and the more minorities feel/appear undervalued and underrepresented. Like begets like, and so on, until finally all we have is a steaming pile of angry. I leave this open ended, as the development of humanity is ongoing, and I hope in a decade, I can come back and look at this in a new way.

  • Forever Alone No More

    Forever Alone No More

    Forever AloneA lot of us work on projects by ourselves. We’re the ones who build a website, alone. We write a plugin, again alone. When we do colaborate with others in the making of our site and codes, it’s often a cumbersome, kludgy, thing at best. The advent of code management systems like SVN and GIT make the actually coding process easier. Now multiple people can make changes, branch and fork, merge and combine to fix all sorts of problems.

    But web-development, for your personal site, is still in the dark ages.

    Here’s my workfolow:

    • Review changes
    • Open Coda2
    • Edit file
    • Preview changes
    • Push file

    Now that’s a huge improvement since the old days, when I would edit, FTP, and so on. I still use Transmit to run a sync/backup every day before I start editing any files, but that just goes back to my paranoia. It gets harder when you use something like WordPress, because the old days of being able to easily preview your site and how it looks doesn’t exist anymore. That’s part of why the totally incredible Theme Customizer is totally incredible.

    It’s also a little problematic if you share a site. Let’s face it, maintaining a website with other people is a pain. When my fellow site-folk want a small change, they can make it, but I have no way to easily roll that back without comparing my personal backup with the new one, and go make a diff. Sure I can do it, but it takes time, and it’s a hassle. A lot of the time, too, my fellow admins aren’t as good at certain things (like CSS, or tables, or PHP) as I am, and I have to bail them out. In and of itself, that’s okay. It’s why they keep me around and fee me brownies, after all.

    FacepalmHave you ever had someone else make a change while you’re on vacation and call you in a panic, even though you’re on Bora Bora and have no internet, because this ‘one small tweak’ to the sidebar caused the site to go white, and they closed their file-editor, so they can’t control-z?

    A lot of us cowboy code. I sure do. I’m often banging away on my sites in vi when I want to make a fast CSS change. Clearly sustainable for a professional environment, this is not.

    But… What if? What if you had a way to update the code on your site, like your personal mu-plugins or the theme, and make the changes ‘live’ but still have a way to roll back when you accidentally blow it all up?

    And what if I told you that a WP dedicated host has an answer. Yeah, WP Engine figured it out.

    Upfront disclosure: I don’t use WP Engine. I have a lot of non-WP sites on my servers, and many of my sites aren’t using just WP. I have a VPS and I’m very happy with it. But if you want a good host to run your WordPress site that’s the step between your own VPS and WordPress.com, I strongly recommend them. Yes, it’s more expensive than many other hosts, but I am a firm believer in ‘You get what you pay for.’ With WP Engine you get hosting, upgrades, backups, and support for $30 a month. And now you also get Git. They’ve come up with a Git-push-to-deploy method for their hosting platform.

    Did that sound like gobbledygook? Hang on. This actually isn’t something ‘new,’ as the technology’s been around for a while, but this is something new for webhosting and WordPress hosting. WP Engine’s applied it to their servers, making version control possible. It’s like how we’ve always combined version control and staging to make a ‘development platform’ and now you get that in WP.

    Okay, if you’re like me, and a total raw rookie at Git, you sat here and went ‘What the hell is this ‘push to deploy’ stuff?’

    At it’s heart, push-to-deploy and push-to-live is really a fancy, buzz-wordy way of saying this: I have a git branch that is the dedicated to my site version of my code. If I edit that branch by pushing my changes to it, I have created a version-controlled update of my site, which is beneficial in case you need to roll back a change, or pin-point a specific change.

    Okay, maybe that’s still unclear. You’re going to have to take a look at git.wpengine.com to really see how they’re applying the technology. Git, like SVN, is one of those things that makes a lot more sense once you sit down and use it a few times.

    Really, my biggest hurdle is always wrapping my head around git’s application of branches and merging and a decentralized database. It’s complex and powerful. Vincent Driessen wrote a brilliant explanation of a successful Git branching model, complete with diagrams, that explains all this way better than I could. His examples will show you exactly what’s going on, and that a ‘push to deploy’ is really just another sneaky way of using git to manage your changes in a controlled way.

    Don’t get the wrong idea. There’s nothing wrong with being sneaky to control all this, when you get down to it! It’s the perfect-world a lot of teams have been looking for, for many years. Having this built into your webhost, so you don’t have to come up with your own solution, is going to be amazing for small companies that will, over time, have a slew of developers. Someone new comes along? Hand them your primer on naming conventions and merge rules, let them fetch the repository, and off they go. Everything is right there, as safe as your backups.

    I can’t say if this will revolutionize things, but it’s a harbinger of change which web dev has sorely needed.

    Check out WP Engine’s Git FAQ (where they explain all the nitty gritty about handling version control, so if you’re a nutjob like me and want to run aortic, you can), or just read their getting started guide. The directions are clear enough for a Git newbie like me to understand.

    Unlike Capistrano or RAMP, this hasn’t been released outside of WP Engine, but that makes sense as it’s all homegrown and built to their servers. This should be interesting to watch how other WP (and non WP) managed hosts handle the next wave of support.

    Related:

  • The Dangers of Being Uneducated

    The Dangers of Being Uneducated

    This post is dedicated to Rachel Baker, who donated to help me get to WCSF. In lieu of Coke (and a sincere promise of no heckling), thank you, Rachel.

    Like many of these posts, it started with a tweet.

    Just six months ago, a WordPress plugin named RePress, hosted by all4xs, came on the scene. This is hosted at WordPress.org, see WordPress Plugin – RePress, and at the time it showed up, I was seriously worried about it.

    The plugin itself is made of awesome. It’s a proxy service, so if you happen to live in a place where freedom of speech is an unknown quality, you can use your site to serve up pages from other domains and read them, even if they’re blocked. Essentially, instead of going directly to wikipedia.org, you go to yourdomain.com/wikipedia.org, and the content from Wikipedia is requested by your server, not your local IP, so if your ISP is blocking the content, you can still see it. If you’re visual, it’s like this:

    How RePress Works

    This relies on two important pieces to work, however. First, whereever your site is hosted has to have access to where you’re trying to get (that is, if my webhost blocked Wikipedia, this won’t work). Second, you need to know what you’re doing.

    It’s that second point that worries me to no end.

    Look, I firmly believe in freedom of information. Once something has been invented, people are going to figure it out, so giving it to the world to improve upon it is sensible. Patents are just a weird concept to me. To say ‘I invented a thing, and no one else can invent the same thing, and you can only use the thing as I’ve made it!’ just blows my mind. We need to crowdsource our intelligence, share, and improve. It’s the only way to evolve.

    But that’s besides the point. The point is I worry like you don’t know about people being uneducated as to what this plugin does. Regardless of if it’s a good idea or not, it’s a dangerous thing because it has a great deal of power.

    The Pirate BayI have a slightly selfish reason for worrying about it. I work for a company where using a proxy to get to websites they’ve blocked is grounds for being fired. I’m not the only person who has this concern. The worst part about this is if I went to a site that used a proxy, without telling me, I could get ‘caught’ and fired. Oh sure, I could argue ‘I didn’t know!’ but the fact remains that my job is in jeopardy. This is part of why I hate short-links I can’t trace back. A proxy being ‘right’ or ‘wrong’ doesn’t matter, what matters is the contract I signed that says I will not circumvent the office firewall knowingly. Now I have to be even more careful with every link I click, but the uneducated who don’t know anything about this are at a huge risk.

    As Otto would say, we worry about the evil people, the ones who use this proxy to send you to virus infected sites, or places they could hack you. I really don’t worry about them very much. Evil is evil, and people are always going to be malicious. They know what these plugins do and how to use them, so again, my fear is for the uneducated who don’t understand. The people who still open those attachments from usps.com are the people who will be hurt by this. The rest of us will just deal with ‘You work on computers? Mine’s acting funny, can you look at it?’

    My main fear is for the people who don’t really understand how the plugin is dangerous to have on their own site. RePress, in order to prove that their plugin worked, hosted a proxy to The Pirate Bay, a popular torrent site. Near the end of June, BREIN told them to remove the proxy to The Pirate Bay. BREIN, to those of you who are wondering who they are, is the RIAA of the Netherlands. Essentially they’re a Dutch anti-piracy group, and they think that the proxy service to Pirate Bay is breaking the law. It may be. Greenhost, the hosting company behind RePress, and their webhost, is in the Netherlands, and it does fall under that law.(It’s nearly impossible to keep up with all this, but Wikipedia has a nice list of everyone who’s blocking The Pirate Bay, and their status. That’s a real Wikipedia link. In the US, so far only Facebook and Microsoft will edit your links to The Pirate Bay, and only on their services.) As of July 9th, all4xs/Greenhost lost the argument. A court order came in and now there is no more hosting on their site.

    It’s important to understand this Court order only impacts the proxies at Greenhost. There is no action against the plugin itself, and none at any other website using it.

    So why does it worry me?

    Screaming UserI do a lot of forum support, and I can easily envision people getting cease-and-desist orders from the Courts, telling them to remove their proxies. I can see webhosts shutting down sites because they don’t want to deal with the hassle, or because their servers happen to be located in a country where the site being proxied is blocked. And without any effort at all, I can see the users, who don’t understand the risk they’re getting into by running this proxy, screaming their heads off and blaming WordPress because they are uneducated. They’re not stupid, and they’re not evil, they just don’t see the big picture.

    It’s like when I had little sympathy for Blogetery, when it was shut down in June of 2010. They were running an open, unchecked, Multisite, and allowed anyone in the world to make a site, and didn’t monitor their users. Thus, after multiple copyvio issues, and now a terrorism claim, Blogetery’s webhost decided enough was enough and shut them down, impacting around 14,000 people (give or take, I wasn’t able to get the number of splogs on that site sorted out). The point there is that Blogetery screwed up by not taking care of their site. It’s your responsibility to do that, and the less people know about what they’re doing, the more likely they are to screw up.

    I’d be a lot happier if RePress’s plugin page explained the risks. Until they do, I give you my own:

    RePress will let your server to act as a proxy to any website you chose, allowing visitors who would be otherwise blocked by their country or ISP to visit those sites. Please investigate the laws of your country, as well as those of your webhosting company, to ensure you are not violating them. Also remember to review the terms of use for your webhost, and do not provide proxy service to any site (or type of site) that you aren’t permitted to host yourself. If your hosting company doesn’t permit porn, don’t proxy a porn site. While this plugin makes every effort to prevent cross-site scripting, you are expected to monitor the sites you proxy and be aware of their intention. Remember: If you put it on your server, you are responsible for what it does.

    (If RePress wants to copy that and use it as is, or edit it, they have my permission to do so. And they don’t even need to credit me if they don’t want to.)

  • Plugin Licenses, Upsells, and Add-ons

    Plugin Licenses, Upsells, and Add-ons

    This post is dedicated to WPEngine, who donated to help me get to WCSF. While I don’t use them, I think that if you’ve outgrown WordPress.com and aren’t quite ready to host everything yourself, but you still want the plugins and themes, then you should check these guys out. They aren’t cheap, but then again, I firmly believe in paying for what’s important.

    Read the comments before you comment. Otto haz the smartz.

    Phone HomeOne of the many rules of WordPress.org hosted plugins is you can’t phone home. Actually you can, and the rule really is ‘Don’t phone home without a damn good reason.’ To use Akismet as an example, it phones home with information to help verify who posted on your site, and are they a damn dirty spammer. That’s a damn good reason. But phoning home to check “Did Bob pay for a license?” is not. That’s considered abuse of the “serviceware” guideline, and essentially making an API just to make sure a license is okay isn’t okay. Now making money on your plugins is an awesome thing. But when your code is open source and anyone can see it, how do you keep people honest?

    To get down to brass tacks, I’m going to take a little jounrey the wrong way, before I get to some suggestions on how you can provide ‘free’ and ‘pay’ versions of a plugin on the WordPress repository, and not cause any guideline issues.

    Let’s start out with the most common way people restrict you: A license key. If you put in a plain license key check like this, it’s easy to crack:

    if ( $license == "yes" ) { // Licensed! }

    Okay, you say, I want to encrypt things so that I tell someone ‘your license is ipstenuisreallyneatsheismadeofturtlemeat’ but when I look at my code, it shows ‘774ffc4efce8da294dff77f35f75df98‘ instead (that’s md5(ipstenuisreallyneatsheismadeofturtlemeat) as it happens). Wait. We can’t encrpyt code. Or rather, we can’t include encrypted code in a plugin, it’s against the no-obfuscation rule. We’d want to decrypt that instead. So I give you the code string instead and run it this way instead (Just pretend that $options['license'] is a site option.):

    if ( md5(ipstenuisreallyneatsheismadeofturtlemeat) == $options['license'] ) { // Licensed! }
    

    But then I have the problem of anyone can just look and see what’s going on again. You could go the extra step like putting ipstenuisreallyneatsheismadeofturtlemeat in a file and then pull off something like this:

    $md5file = file_get_contents("md5file.txt");
    if (md5_file("test.txt") == $options['license'] )
    

    No LicenseIs this easily decrypted? Yes. Is this easily circumvented by editing the code and removing the if? Again, yes. In fact the only way to really do this would be to use an API on your server to check the validity of the license (which you can’t do if you want to be hosted on WordPress.org anyway – no APIs just to check licenses), and even then I can strip mine your plugin and remove all checks like that. So why bother? Because you want to make a living on your code, and that’s certainly a fair-go! But as Otto rightly says, we can’t stop piracy, so why are we trying? DRM doesn’t work, and reverse engineering hasn’t proven sustainable. Maybe we’re building the wrong mousetrap.

    If we throw the code solutions out the window, because we know they won’t work, where are we left? The next most common thing I see is people offering two plugins. A free, totally open GPL one on the WordPress repository and then a version behind a pay-wall that you would ‘replace’ that free one with. For example, I have a Rickroll plugin, and let’s say I wanted to make a Rickroll Pro version that let you change the video to anything you want, just put in the YouTube URL. I would have a settings page on my free version that pretty much says “Hi, if you want to change the video, visit halfelf.org/plugins/rickroll-pro/ to download.” And now I have to code Rickroll Pro to check if Rickroll (free) is installed and active, and refuse to activate if so. Furthermore, my users have to be told to delete the free Rickroll.

    You know what? That’s a pain in the butt. What if instead I coded a Rickroll Pro add-on. No, I don’t mean ‘add this file to your plugin’ but ‘Install this second plugin, which will add functionality to Rickroll.’

    It’s a second plugin, yes, but now I can have Rickroll free look for Rickroll pro. Not active? The settings page (which I would keep in Rickroll free) would tell you ‘Hey, you don’t have Rickroll pro! Install it and get more things!’ or ‘Hi, you have Rickroll pro installed by not active. Don’t you know it’ll never give you up? Activate it and have fun!’

    Now the code muscle becomes a question of ‘How do I ensure my dependency checks work?’ First, Scribu wrote an awesome plugin dependency plugin, and the only flaw with it, is you’d have to install a third plugin. We don’t want that here, since yet another plugin is problematic. But looking back, that code grew out of a trac ticket about handling plugin dependencies. Now there’s a nice way to check: is_plugin_active()

    if (!is_plugin_active('rickroll/rickroll.php')) {
        // do not activate. Provide message why.
    }
    

    ProtectedYou could go to town with the checks in there. Like if the plugin isn’t active, deactivate the child and so on and so forth. I’m not going to write it all for you (though Otto wrote a lot about it for themes)

    Now going back in your parent plugin, you can run the same check:

    if (!is_plugin_active('rickroll-pro/rickroll.php')) {
        // Rickroll pro isn't active, prompt the user to buy it.
    } else {
       // Include rickroll-pro/adminsettings.php so they can use it
    }
    

    The one last thought I had on this was how to handle pro upgrades. Since I don’t like to upgrade a plugin a lot unless I have to, I’d make it an ‘upgrade both’. In Rickroll Pro I’d set a version constant, and then in that check to see if it’s active call, reference that version. So Rickroll, after verifying Rickroll Pro is active, would come back and say ‘My current supported version of Rickroll Pro is 1.5 and the constant is set to 1.0. You should upgrade!’ Then every time I write a new version of Rickroll Pro, I’d update Rickroll to point to the new version, and when they upgrade from WP, they would get notified about Rickroll Pro needing an update too.

    Probably not the most efficient or effective way about it, but the other option is a self hosted plugin update API.

    Bear in mind, because of GPL, all these hoops and ladders can be circumvented. Your plugin can and will be taken away for free. Don’t fight the pirates with registration circuses, and limit the weight of your code by selling the right thing. It’s a strange idea to think that giving your code away for free will help you earn money, but at the very least, not fighting against the pirates will give you time to write better, more secure, code. And that certainly will earn you more money. Then sell your support, because that time is money.

  • Tiny Tiny RSS

    Tiny Tiny RSS

    Tiny Hippo Had a Tiny Train
    Credit: Poorly Drawn Lines
    The majority of my ‘I am going to learn this if it kills me!’ lessons come from when I’m just dead frustrated with a product. Today it’s Google Reader.

    I like RSS feeds. They work well for me, I like having them sitting there, waiting for me to pay attention. It keeps news out of my email (which is for communication) and makes sure even if I miss a tweet, I see the article later. The world comes to me. This is also a part of my evil ploy to keep myself at Inbox Zero (current status – Inbox has 7 emails at home, 11 at work). I only leave emails in my queue when I know I need to hang on to them for a good reason, and even then I’m likely to save them off line (I use IMAP) to keep anything long term.

    For the last few years I’ve been using Google Reader because I check my RSS feeds at work (Windows XP, still) and home (Mac), and it lets me sync between the two. Google Reader remembers what I’ve read, and I don’t have to re-read things. But recently Google screwed me over, hard, with their inability to update feeds in anything resembling realtime. Specifically, all my WordPress.org feeds were days, if not weeks behind, and I couldn’t force them to update! What was going on?

    At first I thought it had to do with WP’s recent(ish) server upgrade to nginx, as certainly the problem started around that time, so I asked Otto and Nacin if there was a thing going on. Otto replied that there was, but it was Google. See, Google uses PubSubHubbub, which allows for updates in near-real-time. Sounds cool. If it worked. Now before you say it’s clearly me having the problem, it’s not. I asked around, and everyone who monitors WordPress.org related feeds with Google Reader has agreed: the feeds ain’t in real time anymore.

    I switched to another feed reader and, lo and behold, it worked just fine. Well that sucks. Now how can I handle all this? I could use a dedicated feed reader, but then I’m stuck only reading on one computer, which I certainly could do, but it’s 2012, and I like portability. What sort of options am I left with? After two weeks of experimenting and testing with various web-based readers, I decided that Google really was the best of them, and I was depressed. But I wasn’t defeated. I knew, I just knew, that some clever soul felt my pain and wanted to help me out. And I was right.

    Enter Tiny Tiny RSS. Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible.

    Tiny Tiny RSS

    Update daemon is not running.On the grand scheme of things, it’s easier to set up than RSS2Email (which I use on another account on this server), but due to me being on CentOS, which doesn’t really daemonize well for users, I had to cron job my feed updates at first. I set it at 15 minutes, after I ran it manually a few times to catch up. There are a few ‘quirks’ that aren’t as nice as Google reader. Like I have to manually refresh the back to get the read/unread counts to work right, and even with define('ENABLE_UPDATE_DAEMON', false); set, it keeps telling me that the update daemon is off. Turns out I also had to delete the /lock/update_daemon.lock file.

    Meanwhile, I dug further into this and found the pretty easy setup for ‘screen’:

    $ cd /public_html/tt-rss
    $ screen -S updaterss
    $ php ./update.php -daemon
    

    And detach from the screen with CTRL+A+D shortcut. Now someone mentioned that this will ‘break’ if the server is rebooted, so I left my cron job running just in case. I’m happy with cron, if it comes down to brass knuckles.

    I’m happy with this, and it’s only been a couple hours. The actually install process was easy, but this isn’t something I’d suggest if you’re the sort who wants a lot of help and hand holding for an app. I’m monitoring my CPU/memory consumption right now, but it seems pretty minimal, so I’m really pleased I have an alternative I like. My wish list is insanely small:

    1. A ‘click to refresh all feeds’ button, instead of relying on cron/command line(I could probably code this myself, just haven’t yet)
    2. Auto-refresh of the page resets the read/unread counts correctly

    And the ‘fix’ for now for those is cron/cli and refresh the page. So I’ll live, quite happily.

    Tiny Tiny RSS lives at http://tt-rss.org but they’re also on GitHub.

  • On The Segregation of Code

    On The Segregation of Code

    WordPress stores your URLs in the database as the full URL. That is to say all the links to other pages on your site, all the images, use the full path.

    When I changed this site from tech.ipstenu.org to halfelf.org, I knew that meant I’d need to do a quick search/replace in the database. That meant first I searched wp_2_posts for everything saying tech.ipstenu and replaced it with halfelf. Then I did the same in wp_posts (since I knew I’d done some of that). I did this directly in SQL because I can, and I believe in using the right tool for the job. To whit:

    UPDATE wp_2_posts SET post_content = REPLACE (
    post_content,
    'tech.ipstenu',
    'halfelf');
    

    That code searched all my posts and changed the URLs so my images looked right. Now, since I’m using a domain mapping plugin, I don’t need to go in and change wp_blogs, which I would be very hesitant to do anyway. I’d sooner make a new site with the same name (either manually or via a replicator), delete the old one, and use .htaccess to redirect.

    Why would I do all this? Well, because WordPress stores URLs in a non-relative way. The link to my about page is https://halfelf.org/about, not just /about, and that screams in the face of what I learned back when we all agreed that paying for Netscape as a browser wasn’t a terrible idea.

    The real question people are asking is why are we this way?

    There are a lot of arguments, one is that you shouldn’t change your URLs. Another is that WP is written for the user, not the developer. A third is that you’re trying to force your process on a tool, when you should really develop the process for the tool. That third argument is where I live. I believe in being adaptable, while I want all my code to be flexible, adaptable and fluid, there’s a time and place for the flexibility being the code, and the flexibility being me. In the case of URLs, I think the flexibility must be mine.

    In the ‘real’ world, you should never change your URLs, and if you do you always have the old ones forwarding to the new ones. Go on, go to http://tech.ipstenu.org/about/ and where do you end up? That’s because the plugin works. Go to http://code.ipstenu.org/about/ or even http://ebooks.ipstenu.org/ and see what happens. That’s because I forward those (obvious) URLs to where they should be. I know that people can adapt to change, but I can help with them a well crafted .htaccess rule. That’s flexibility in my code.

    When we take another step back and consider the flexibility of code, we muddle that up quite nicely with the flexibility of content. These are different things. Code should be flexible and adapt to any situation you put it in, but you need to be flexible to adapt your content to the situation. Content cannot be considered in the same breath as code, because they are segregated by their very nature. We should be able to pick up our content and plunk it down in any code, and have it work equally well. This argument was fought, and won, by CSS back in the day. So how does this work with URLs? They’re in my content as links, and if I change them, I have to change my content.

    Let’s take the example of building a site locally. Personally, I use a hosts file to make halfelf.loc so that when I’m done building it all out, I export the DB, replace halfelf.loc with halfelf.org, and I’m done. Why do I pick halfelf.loc? If you’ve been here before, you may remember I wrote about Moving Multisite. In there I mention serialization. That’s why. Searching for domain.loc and replacing with domain.org will not break serialization! This is, some claim, a ‘bush league’ maneuver (yes, zamoose, I heard you), but have you ever tried to move an application on your desktop to a new location? You have something installed in Program Files, let’s say, and you want to move that to Program Files/Half Elf? Congratulations, you get to search the whole registry!

    See, it’s not just WordPress. This isn’t an excuse, but a statement of fact. Many applications on the web don’t use relative paths, and they do force you to search/replace things to move to a new location. This is especially the case when you think about how we write links. Some people use the link interface, which if used, could insert variables for ‘base path.’ But some of us use the old fashioned manual way, and now you have to code a really fancy bit to check “Did Ipstenu post a link to myself? If so, I need to change halfelf.org/foobar into [basepath]/foobar so I can update it later if I move.” Certainly it can be done, but it’s actually going to be easier to just search/replace. The ‘more’ you search for, the easier it gets. I actually know someone who did this. He says it was more trouble that it’s worth.

    That really doesn’t surprise me. What all the proposed fixes to this try to do is to force WordPress into working a certain way, rather than customizing a solution. That probably sounded the same to a lot of people, but it’s not. The method by which you move static HTML files around servers is, for lack of a better term, a migration method. When you migrate an application from sys to test to production, you do so because there are a lot of moving parts to test. It’s in these moves that we face headaches with the relative path locations. When we hard code locations into our content, like in a URL, we lock ourselves into that URL, now and forever. But does the content actually matter?

    For me, the real question is ‘What moving parts of WordPress might I be testing that I would need to ‘push’ to my production site?’ I came up with three things:

    • Themes
    • Plugins
    • Content

    I ‘push’ themes and plugins out to a test server and then my production server all the time. I do it for hundreds of different applications a day, and it’s all automated. We never have a problem (unless the code is bad) because we perfected our migration method, and let go of the idea of pushing our content. Our content is not our code.

    Initially, we didn’t replicate content for legal reasons. We have sample data to test with when we’re checking out theme and plugin changes, but we don’t bother with data replication. Realistically we can’t, since the people who are testing things out don’t have the security clearance to look at the content. Because of that, we have to trust that the live data is the live data, and that it’s good. Instead of sweating over the content, we concentrate on copying up, in this case, themes and plugins. Since those may have customizations, we take a snapshot of the database, install the theme, make our changes, and take a snapshot after. Get the diff, and now we know what needs to be applied up. Then we script it. The job will FTP up the files, run the SQL diff (which we’ve already edited for the new domain name if needed, but rarely since we use hosts to point at our dev server instead), and off we go. Same thing for plugins.

    If I apply this to WordPress, suddenly I have but one, minor, headache in moving my code, and that’s the wp_options table, and it’s serialization which includes the URL. I agree, that’s a headache and if I was going to put paid effort to fixing anything about relative URLs, that would be it.

    But I don’t think that URLs for WordPress should be non-relative. Given the alternatives and the possibilities, right now the issue isn’t that WordPress stores the like that, but that we don’t have a migration ‘process’ defined yet. We should stop getting hung up on ‘fixing’ what isn’t broke, and instead start looking at the best ways to move what needs moving. See, once we found we couldn’t replicate our content, we started looking into what needed to be done to protect it, outside of ‘migrations.’ In WordPress, today, the best way is to have your writers submit their posts, and your editors review and publish. You may want to look into groupflow plugins, or do what the Bangor Daily News did.

    The right tool for the write job.(Pun intended.) Moving your content between testing and live servers isn’t needed. Just concentrate on moving the ‘app’ as it were. It’ll work better.