Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-locale.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-locale.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-embed.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-embed.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/html-api/class-wp-html-open-elements.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/html-api/class-wp-html-open-elements.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-block.php on line 1

Warning: Uninitialized string offset 0 in /var/www/drunkenux.com/public_html/wp-includes/class-wp-block.php on line 1

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/drunkenux.com/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the better-wp-security domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/drunkenux.com/public_html/wp-includes/functions.php on line 6114
#51: We’ve Made Mistakes – The Drunken UX Podcast
The Drunken UX Podcast

#51: We’ve Made Mistakes

The penultimate episode for season 2 is here, and Aaron and Michael couldn’t be more excited to share their mistakes with you! Over the years, they have collected their share of oopsies when working on sites, and the real measure of performance is how you respond to those challenges. It’s okay to make a mistake, and everyone will, and this week they offer up advice to help you avoid the same ones they’ve made, and how to confront new ones of your own creation.

Followup Resources

Bad WordPress Habits (7:01)

We’ve Made Mistakes (21:00)

Transcript

The following is a machine-generated transcript of this episode. It will contain errors until it has been reviewed and edited, and we apologize for the difficulty that may cause for screen readers. Do you want to help us speed up our transcribing process? Consider sponsoring an episode.

Merry Christmas and then almost Happy New Year. Aaron, how are you doing this evening? I’m great. How are you? I’m all right. You are listening to the drunken UX Podcast. I am your host, Michael Fienen. Host or Neil. Hello Aaron. Aaron Hill I’ve I have. We’ve commented on the weather a lot when we start this but i just i always fun because it’s always so different at different points in time and you got a foot of snow. Say it’s not awesome there right now is it? This is the drunken UX podcast and it is brought to you by our friends over at New cloud. You can check them out at New cloud.com slash UX. Go check them out. If you need some maps, you need illustration services, you need interactive map platform, whatever.

Braille maps now, right?

That is on the road mapping is being demoed with a couple universities right now. But yeah, 3d printed Braille maps if

I saw some of those at the some tweets from the higher ed web, Twitter’s

it’s pretty cool. My favorite part about it was the someone asking about the colored ones and asking why would why would you do them in color, people can’t see them and it’s a lesson right? Because it’s that idea of Being visually impaired, being blind doesn’t necessarily mean you see blackness, you can sometimes make out color and make out contrast maybe not fine shapes or fine details of things, but there are degrees of disability in that area.

It’s also like wheelchair access ramps, right. Like everyone can use a ramp, right? Yeah. So like, you know, just because you can see doesn’t mean you couldn’t also find it,

I would find the 3d map useful. Everything from motor control issues to you know, reading reading comprehension, learning disabilities, the way we approach accessibility in its entirety, you know, comes back to breaking down those narrow kind of ways that we think about it and test it so

I wonder if very cool with like dysgraphia would find a 3d map more useful. Like if you have trouble like making sense of lines and thing

Yeah. Maybe it’s hard to put yourself in those shoes. My favorite and this has been something it’s actually been on our shortlist, not shortlist, but on a list of show ideas, but dealing with accessibility and dyslexia as it applies to two factor authentication. Oh shit. Yeah. So how many places now that we use to FA for AWS for digitalocean? Your bank for PayPal, you know, for your video game platform battlenet, right, whatever like we use, we’ve got two factor authentication everywhere. But that can actually be a very problematic means of logging in if you have trouble with number order letter letter order so

or like when the sites someone on Twitter recently mentioned how like a banking website wouldn’t let you paste into the password field. So if you have a password manager, something you can’t just like, drop it in there. You have to manually type it

now. A lot going on there, folks. This week we’re going to be talking about it’s a reflective period right where the end of the year we Are all kind of thinking about what’s what comes next what we’re, what we’re doing, what projects we have goals we have, but we wanted to take this week and kind of take a look back on mistakes that we’ve made as developers, some of the problems that we’ve ran into that we have caused and kind of what our response to that is. It’s important right to know that everybody makes

mistakes. Everybody poops.

Everybody poops. And we continue to poop through all of adulthood. And through our twilight years, you know, so it’s not about trying to not poop. It’s about how you deal with said poop and the proper receptacles. This is weird. Please save me from this metaphor and folks where we can if you

would like to talk more about poop and other topics. connected on Twitter and facebook.com slash trunking UX or On Instagrams slash drinking your ex podcast or common chat with us on slack drunk new comm slash slack for the signup. What do you got there, that little class there Michael, I’ve got

a little Glencairn glass here, I broke out my nice scotch glass this evening. It’s a tulip shaped glass. Yeah, as the nomenclature would call. generally used for scotch, you could use it for wine or movement or rum or anything too, but designed, you know, to help funnel the nose of something like scotch up to your nose. As opposed to, you know, we drink scotch out of lowball glasses all the time. But a lowball glass has the disadvantage of allowing a lot of the like the females and things like that to escape. So you can’t concentrate it and if you’re really trying to enjoy, like a scotch from, from Pallet to finish or from those writers So and I don’t use it enough and I wanted an excuse to so here so what do you have in it? This is Dutch jury. Yeah. scotch jury tin. I’ve, I’m on the tail end of a bottle of JIRA. So I thought hey, let’s see if we can finish it. Although now I’m looking at it and I’m like, that’s gonna hurt. But I’m up for the challenge.

I have a it’s a mixture of tequila and it’s specifically Goya brand Jamaican ginger beer. It’s an interesting blend. It’s not bad. I basically I had to like I had this or luggable in 16 and I wasn’t I wanted something miters and scotch tonight. So

I finished off this tequila bottle. There is no such thing as lighter than scotch. You just get a Highland scotch.

I only have one bottle.

fix that. What I’m getting here.

Let’s see.

So there is an article over at specky boy is this on the internet on the internet and I like saying it just because I think the name specie boy is a fun website name to say, lucky boy, it’s the five bad habits that can hurt your WordPress website. Eric carvaka wrote this up and it’s it’s a nice quick read. I think first and foremost, I actually wish he hadn’t said hurt your WordPress website cuz I feel like the advice he’s giving really is it’s just if you do web stuff, here are five bad habits to avoid.

These are good I mean look through them now. They’re they’re good universal. I mean, these are definitely could be generalized to almost any kind of site.

Yeah, yeah. So it’s it’s December. So I thought, hey, let’s mention this real fast little run through these five Bad habits and just say it’s December, take inventory of yourself, take inventory of the work you’re doing or the sites you maintain and pay attention to some of this stuff. And I’m, I’m guilty of many of these. Number one leaving unused plugins installed. For the drunken UX website, for instance, I have over the last two seasons tested some different like podcasting plugins specifically for things like tracking, and like setting up custom post types that will manage that stuff. And when I settled on seriously simple podcasting, I didn’t uninstaller the other ones I turned them off thinking well, I might go back and test it but the reality is i’m not i’m recording plugins for no reason. So I might as well just go in and delete those. So that is my task after we finished recording tonight is I’m going to go delete those.

That’s actually That’s good advice that applies also to like smartphones. If you have Have a smartphone. Oh, yeah, just periodically go through your apps list. And like any app that you aren’t using regularly, or that you don’t really, really need. You know, that coupon app you use once and never again, or like, even like a restaurant, you have their app and you never order from them. You can always install it again later. And they’ll still keep your settings. Yeah, like that’s all in the cloud. But like delete the app from your phone, because every app that’s on your phone is a potential vulnerability. So like, deleting apps that you don’t use reduces your tech surface.

And you have more room for those cat photos. And oh, obviously, yes. Yeah. But leaning on that and, and kind of the rationale behind that is assuming your website is secure. Mm hmm. Never. And now, you know, we’ve talked about this on this show about basic web security and things that go into that. And even in so far as, you know, WordPress security plugins, it’s like it’s worth your time and effort to at least put a plugin in there and use Don’t leave it unused. But use you know, whether it’s I theme security or wordfence, or any of those, do something and be mindful of the alerts you get and set up blacklist options. If you’re so inclined, go into your server and and set up a firewall setup things that take care of, you know, fail to ban and resources like that, that can make sure that people can’t hammer your site or do things just because it’s WordPress and and we think of it as this highfalutin piece of software that’s been professionally made for all these years and it’s so mature and so robust. WordPress has flaws and or new flaws get created as a consequence of new code or things like that. So never assume security is just happening. Yeah, that’s that’s a good way it’s a

this is a really like simple bit of advice. But if you have A site that maybe you’re keeping up, but you don’t regularly check into our update, just go visit it every once in a while and make sure nothing’s awry. You know, like, make sure it’s still running and that your service provider didn’t restart your server and the site didn’t spin back up, or that it didn’t get hacked or any number of other things. I literally while we were recording, I just went into my site, which uses WordPress and I updated it to WordPress 5.3 and updated my plugins and themes. And it’s fine, but like I just realized I hadn’t done that in probably six months.

Don’t let commercial licenses expire. This is a big one. I think for anybody who freelances and what you could be using Drupal. You could be using, you know any number of systems that if you have any kind of commercial licenses a keep track of the schedule they’re on. Make sure you’re renewing them in a timely fashion and that you’re taking care of them. But more importantly, make sure that if you hand sites off, and you don’t take care of them, make sure you tell your clients that they have something to keep up because nothing is worse than we’ve inherited sites before that have been built by somebody else. And we bring it in and it’s running, you know, we do an inventory on it the best we can and things like that. But we’ve had times where the next year rolls around and we get a banner up in WordPress about a license key being expired that was buried in one of the plugins and we just didn’t know like, we didn’t know they were using the commercial because, you know, a lot of those plugins have a commercial version or a free version, right? And a lot of the times you may not even be using the commercial features, but it was included with a package of something or whatever. So make sure you take the time to let other people know if they need to keep track of licenses. Yeah, cuz that can matter as well. You don’t want that Call on January 2 from that customer that, you know, something broke because you weren’t thorough with them. And that only takes a second.

I think just in general, like if you have any kind of recurring cost, it’s good to just to keep that in mind, either like, if it’s a if it’s a small cost, like a domain registration or something, then you should set it to renew automatically if you know you’re going to keep it up every year. Oh, you don’t have to think about it.

I have a story for you.

Okay, good. But I mean, like any kind of cost like that. Just I don’t know if it’s important if you especially if like a production site, depending on it like, Oh my gosh, like, put it on your calendar if you have to.

Yeah, don’t forget the, the sort of step sister to don’t leave unused plugins lying around. don’t install multiple plugins to do the same thing. Oh my gosh, pick one. You know, where I’ve seen this like, as a real problem is with, like social media plugins, sharing plugins. Yeah, somebody wants one that they like the way it works for Twitter, but not other things. So then they use a different one for Facebook, something else or they’re using, you know, a one plugin I’ve seen, like, a page will have the add this bar on it, but then they’re using a second plugin to put links in the footer of the rest of their site or something like Yeah, and I know why it happens. You know, especially if it’s something that site owner has done, you know, not thinking about it. But if, as a developer, you’re doing that, especially making something like sharing buttons making sharing buttons is that’s not worth the plugin, quite frankly, yes of the time. But right, anytime, you know, you could have this problem with SEO plugins. That’s one where, like, if people can’t get 100% of what they want, it’s like a one plugin does 80% of what they want, so they install it, but then They install another plugin 20%. But the reality is they’ve just double covered almost all of their features, logins, contact forms, contact forms, or

I actually had this problem is is kind of a niche case. But with syntax highlighting plugins, I had, I think I had two or three different ones installed at the same time at one point, cuz like I wanted both like a syntax highlighted box, like four blocks of code. But I also wanted the ability to like do inline syntax highlighting or code formatting. So I had, I had these two different plugins for it, because neither neither of them did both things

now. And it just comes down to this idea of how you know, is that last 20% really that important at that point, like if you, if you need to install multiple plugins to get a job done, you’re probably in the territory where maybe you should just build the functionality yourself.

There. So there’s something that we’ll talk about a bit later. about why this is important, but if you aren’t using a plug in anymore, just delete it. There’s no reason to keep it around you can always re download it later if it’s still being maintained and if it’s not being maintained, you don’t want it anyways. So just if you’re not using it, delete it, it reduces your attack surface for your site which is for WordPress especially is really important. And it will just make it easier to maintain also,

the last one on the list is not keeping personal backups. And this is one that it really gets into even you know, our bigger topic for the evening. But you know, there’s this idea a lot of a lot of hosts, you know, if you use Bluehost Hostgator you know, they offer backups, they do backups on sites, limited in a limited fashion and restoring them can actually be a little cumbersome if you haven’t done them before, or if you haven’t done like a five drill with it but it’s always better to rely on yourself sometimes for that stuff and have things in a format and in a place where you control them. And that’s it make sure that I use up dr like updraft is my go to for when it comes to WordPress, specifically install updraft, it’ll tie like straight into Dropbox. And so you can have it run on a schedule and keep three versions of your site you know, keep the last three days of your website in Dropbox for you. That’s cool. That’s it’s like the perfect the unit that’s underneath or at least when I last did it it was underneath the free version of the plug in the didn’t have to pay for any of that

and really thought about that.

The great thing about it is like at least the way updraft does it is all of it gives you separate zip files for things like your themes, your plugins, your uploads, it drops your sequel database into a file, but they’re all just that like they aren’t stored funny or anything like that. It’s an it’s a SQL dump it’s folder dumps. So bringing them up on another site in another place, let’s say a server melts the fuck down and is just gone. You can pick up those, those backup files, unzip them onto a new server into a clean WordPress file, load the sequel database in and your site it will just be back.

It’s that’s a really good point is to remember, especially with WordPress that your site data, like the WordPress installation, your themes, your uploads, especially like your images and other content. Those are separate from your text content, which is in the database. Yeah, like a database has your configuration and some of your text content. They’re two different things that’s downloading your directory of your WordPress site is not going to save all the stuff you’ve written. I would argue your database content is more important but I mean Having all those photos can be difficult to replace. If you have it, that was the only place you had them. So it’s good to backup both things. It sounds like updraft does both?

Yeah, yeah, draft takes care of the whole shebang. If you’re a server level guy, or you’re not using WordPress, you always got our sink and SCP, have it just zip up that directory and ship it off to another server over over FTP or SFTP or something like that.

At the very least, if you go to Tools, export, you can choose all content, download export file, I literally just also did this and it will grab you an XML file of all of your content, comments, etc. And then if you ever have to like nuke it and start over, you can just do import and upload that XML. It won’t have your images saved. So I need to get those separately.

If the site that you’re importing from is accessible it can try to import them though. That’s right. Yeah, it will try to pull them over but I’ve I have had personally very mixed to not results with that being functional. So

it’s not good for disaster recovery, but it is okay. If you’re doing like a site migration or something. Yeah, it can sort of work but but for disaster recovery, you just want to make sure that you get the the WP content directory is the one that you need. That’s where all of your crap will be.

Right. So run run by specie boy, Eric’s articles up over there. It’s on its specie boy.com slash bad dash habits dash WordPress. We will of course also have a link waiting for you in the show notes at drokken ux.com. So end of the year, coming off of this idea of here are five bad habits that can hurt your WordPress website. We thought, let’s keep that train rolling. And let’s just talk about some of the ways Aaron and I have jacked stuff up over the years and how we responded to that. Because it’s, you know, it’s one of those things like it’s only a mistake if you don’t learn from it. And I’ve always subscribed to that idea, like the only way something is a failure. The only way something is truly bad is if you don’t learn from those mistakes. And it’s important to me for other people to know that we all make mistakes, you know, it’s an imposter syndrome kind of thing that

I we speaking of that, I personally find it very reassuring to know that other people fuck up to Yeah, we were, we were just talking about my coworkers and I were talking earlier about we’re parsing through some some stuff. And I’ve only been in my job for not even a month yet and I might one of my Coworkers started a week or two after I did. And our other co workers only been there for seven months. So like, we’re all pretty new to the app and everything and I’m just like, man, like, sometimes I don’t know what the fuck you’re talking about here. And he’s like, Oh my God, thank you for saying that.

Oh, there’s there is a shared wisdom in in that, you know, we’re all different you know, it doesn’t matter how much experience you have. Yeah, you may be at a different point in your in your travel so to speak, you know, your journey. You’re new at that place. And yes, exactly. Your your trust in your skill level doesn’t always equate to trust in, you know, the way things work or the way things are done, you know, and

how much experience you have like domain knowledge is something like everybody starts from page one when you started a new job.

Yeah. The way this bit me I remember quite distinctly I started Working at Pitt State in 2006. That was my first like big like, Hey, I’m I’m a web professional. I’m getting paid like a salary to make websites. If I don’t know if you remember, do you remember urgent?

Yeah, that was analytics. Like, before it was GA, right?

Right. Yeah. Before ga bought it, it was called urgent. Google. And Google bought urgent back in 2005, and then rebranded it as Google Analytics. So it was just that next year that I had started that pit state. So this whole thing of Google’s got this free analytics thing you can put on your website, it gives you a ton of data, like this was a new, you know, is Pandora’s box, right? This whole world was opening up in front of people being able to say we can get all of this data for free and get so much more out of it then running something like you know, normal stats dashboard or something on the server. So one of the first Things I did at Pitt State. I was young, I was eager. I wanted to, you know, make an impact right away. I said, I’m going to install Google Analytics on our website. Okay, we just come through and set up a brand new CMS. So it’s like we had I had an easy way to add the code to the template. What could go wrong? Well, I took the entire site down.

How did you do this? I’m just like a JavaScript include. I added one

JavaScript file and brought our whole site down. How though, so to this day, I don’t fully understand the technical reason behind it. The way I can explain it was, this was my lack of technical expertise with the broader department at large because I was responsible for the front end half of our website, not the back half. So that’s talking like the S is the student information system, you know, where people go into register for courses and maintain their transcript and all of that. That was an in house custom built bespoke application that was maintained in a different development department for more I was something about the way they had that platform configured on the servers and the way they were reading in cookies for the first party cookies. When I installed that script, it started generating new cookies, of course, for the Google tracking, and whatever it was about those cookies, crippled that system, which in turn hurt build the server that ran everything. And so it just brought the site down. I’m sitting in my office, I get this little closet of an office, it’s it’s off a hallway, I have a window, but there’s of course a shade on it. I have a door and I have about nine square feet to my name. And I’m saying people through the window, kind of just moving back and forth. A lot more foot traffic that I’m using to somebody opens my door up and they lean in and they’re like, you know, the site’s down. Am I talking about the site’s not down like everything this whole story of the thing was we found out they’re like you know, do you know anything about this cookie this whatever you know it wasn’t underscore ga then I think it was still they were calling it I think it was still underscore urgent or whatever, was like, Oh, yeah, I just installed that this morning. And they’re like that, that broke everything. Now I’m somewhat skeptical as to the fault there I you can say yes, I brought the site down because I installed without thinking about it, I would argue that is not something that should ever break aside or take it down but but it was, you know, my lack of expertise with the group. It was something you know, just I didn’t think about the need to even have the conversation to ask I’m very much have you done like disc assessment before

disc assessment. Yes, di sc. Yeah. Si.

Yeah, that communication profile deal. No, I’m a I’m a DC, some I’m a very like driven deterministic analytical kind of person. But one of the quality traits of a DC is very, they’re very much an ask forgiveness rather than permission. Sometimes. Am I get that about you? But that was me. So I broke the website. And but I learned an important lesson about a having those conversations with folks. Even if I feel like there’s no technical reason it should be a problem. There were certainly other considerations that probably should have been had, whether that was legal tracking wise, stuff like that. And the obligations we may have had to third parties or something like the likelihood of any of that is super low, but I should still have asked ahead of time.

Yeah. Although, I mean, I wouldn’t think to ask about adding a single vitam JavaScript Can I feel like that’s a purely client side and shouldn’t break anything. I don’t know.

Well, the other side of that too, though, is we didn’t have a way to test it. We didn’t have a development site, we didn’t have a staging site. So the only way for me to even go about it was to just deploy it at that stage. Again, we’re going back. This was 13 years ago, which wasn’t by any means the Dark Ages. But we definitely were operating I think, with a very different mindset at that point in time, especially at the university level where, you know, pickings were slim, so to speak, from a source standpoint. So today, I would absolutely it’s like, I have a dev server. I have a staging server, we’ve got QA that comes into the mix. We’ve got all you know, not only that we have to actually catalog the cookies and all this kind of stuff. So there are layers that would even prevent something like that from ever happening now. At least for me, but it’s still my hubris. You know It was the lesson it was an important lesson. And the what mattered was we identified it, I took it down, that problem got fixed. And then I was allowed to roll my change out. And we got it up and running within a couple days and and it’s like, wow, all of a sudden, we had Google Analytics, and it was great. It was and the world opened before us.

Well, I, I don’t think I’ve ever had a Google Analytics crashes site, but it definitely crash sites before, I think. Alright, so relating to the stuff that we kind of alluded to earlier with WordPress. The reason I advise everyone to delete unused plugins and themes and update your plugins is because I had my site hacked many years ago, because of an exploit in Tim thumb. timtom was a plugin that did, like kind of on the fly image resizing

that and fucking plug in.

Yeah, so The problem was I didn’t install the plugin. It was included in a theme, right that I was using, it was added in a lot

of things.

It was really prevalent. Yeah. And so basically, like some people figured out like, Oh, these themes used him thumb. So let’s search the internet for every site using these themes. And you can tell the theme from the HTML source, because it’ll be in there. And so they, you know, they we just have a roster of like, okay, all these sites are using this theme, or all these sorts of WordPress sites. Let’s just have this robot, check every single one of them for this theme directory and look with him thumb. And if you find it, then try to win this exploit on it. And so my site got compromised. And thankfully, I did have backups. I was able to restore it. It was just they did a rat basically. They just in infected a bunch of the PHP files, so I had to run a reg x and clean all them out. But regardless, the preventive the preventive measure for this is just deleting your plugins and themes that you don’t use.

I think right wasn’t this specific issue there that the processor that Tim thumb used was exposed in a way that you could feed it a file, like a remote file, I think. Yeah, yeah, I think it was something where you could be to the command that it would then pull in a remote file or something was was the to

their credit, they told everyone like once it was realized that this was going on, they said, Stop using our plugin. It’s this is bad news. But a lot of the people that did themes didn’t know that and so they accidentally included an exploit for you. So

one remix guys good resource on that if and I recommend this Dyneema if you do WordPress work you should know about the site and you should check it regularly. wp volm db.com It’s literally what it sounds like. It’s the WordPress Vulnerability Database. And they keep a running day by day list of any hacks that are found whether that’s in WordPress, they tracked plugins, they track themes. They explain, you know, is it an ex SS? Is it a CSRF type of vulnerability What? What is the deal? What versions does it affect? You can get email alerts for it. There’s an API you can pull in, there’s an RSS feed, but it’s a great way to keep up to date on what things are out there that you should know. Odds are 99% of them you’ll never care about but the one day you catch that one plugin that you do happen to be using for a free resource, it will pay for itself I guarantee it. But most

really useful feature on that site is you can go on to the site you can Kind of WordPress in the top menu, and then you pick your version. And you can find your version. In your WordPress installation. I think at the top or something, you’ll say what version you’re using. You find your version and then you click on it, and then it tells you all of the current vulnerabilities and how they’re fixed or more information about them.

Yeah. And it really, you know, it will open your eyes, I think to what I said earlier that, you know, there, there are a lot of vulnerabilities in WordPress, like it’s not a bulletproof system, it will really amaze you how much stuff there is, in terms of not just, you know, certainly plugins and themes, but the core vulnerabilities that get found constantly through whether that’s new vectors, new attacks, new exploits in operating systems, you know, things that are running behind the scenes that allow stuff to happen. So it’s definitely like, as far as like any takeaway from tonight’s episode. That would be like the Golden Nugget, I would give you go get signed up for the are the RSS feed from that website so that you can keep track of WordPress vulnerabilities.

Okay, so if that’s the white hat site, there is a site that you should know about that’s a black hats or maybe a gray hat site called showed on.io, which is like Google, but for vulnerable websites. And there’s like you can there’s a free access, like, how you might use Google, but then there’s also a premium access, which gives you a lot more power features. And so that’s that’s a way for attackers to find sites that might be vulnerable. So just just patches shit. People will find it otherwise.

So I have a website I’ve maintained since 2012. It’s a gaming website. It was something my setup for a role playing game that I thought okay. Really cool. I enjoyed the game. I was excited about it and there weren’t any resources out for you. It was kind of a little small, you know, small market type game.

So I set the side What? What game? Was it?

numenera?

Okay, I don’t know it.

It’s a game that Monte cook developed money cookies to be a DND. Oh, yeah. So I set up this website for this game. And I’ve been running it for since Yeah, since late 2012. Seven years now. Over the last probably three years, four years. It’s kind of been on autopilot a little bit. I haven’t really been giving it any attention. I certainly haven’t been writing new content for it or anything. And the site. I didn’t know what to do with it anymore, quite frankly. And I talked to some folks about maybe taking it over or you know, doing something to update it. But a couple years ago. I did. I did something that was good. I got him off a bad habit. where a lot of folks, when you first start doing web development or first start making sites, you get your first domain names by virtue of buying hosting, right? You go to hostgator. And you get a free domain with the service. And they’re like, yeah, if you sign up for us, you get a, you know, a free year of your domain, and it’s just sort of included with your deal. That’s convenient. But it’s also a terrible way to try to manage. Right? And they always, you know, their whole thing is okay, now you have one, let’s try to upsell you on more and but they, of course, charge you more for those and all this. And if you do this even a couple times, now you’ve got domain names in different places. So that’s not not easy. So I started moving all of my stuff over to one registrar. And I have since consolidated I think at that point, it was named cheap was who I was moving it all to. Yeah, but I actually got from giving it all to Google domains. I’ve had really good experience with that. So far, it’s been super easy. So I moved the domain for this website over to Google domains. Now what happens when you transfer a domain is you get like an off code that you have to pass through and all of this and it is released from one registrar, it goes over to the new registrar, you set up your zone files, all of this, this wacky stuff, but the other thing that usually happens is you have to pay for another year registration. Okay, so let’s say if I had just renewed it, and then decided I’m going to move all these 20 registrar, I’m going to have to add another year. It’s not a big deal, because it extends your existing period regardless, doesn’t it like you’re not double paying for the same year? So I did that I moved it over to Google domains, and I said, pay for another year and I’m good to go. That was two years ago. And then this year came. And so the lesson of this story is I lost the domain. Because when I transferred it, I forgot to set auto renew. Oh, and then I got the emails, you know that you get those emails that say, Hey, your site’s coming up for renewal and you know, seven day, why Greg finger, but in my head, I would see those notes. And I was thinking, oh, they’re just the automated messages, no big deal. It’ll auto renew. Right? And because oh, my God, that has happened to me at other services, they say, Hey, your domains coming up for renewal. It’s like, it’s a reminder in case you don’t want to renew it at that point, usually, but I just I left it. And one day, my server monitor went off and it’s like, Hey, your site’s down. And the the bad irony was I’d been having some up and down problems on that machine. So I thought, Oh, no, again, no big deal. It’s just bouncing the service is going to come right back by those messages too. Long story short, I was stupid. I was not attentive. And as a result, you can after a domain expires, like truly expires, you can still restore it for like a month, but it costs $100 to do it. And yeah, I just wasn’t interested in that. And I thought, well, it’s an obscure site. What I’ll do is I’ll wait the month, I’ll let it hit the market. And I’ll just try to re renew it on like, the third, someone else snatch it up. And yeah, it’s still got snatched up quicker than I could get to it. And now there’s some weird educational blog on the domain like it doesn’t even make sense. But I had to go buy a new domain, rename everything on the site. update all that stuff. On the flip side, it kind of motivated me and I’m like, I’m going to do something with this site. Now. So keep track of your especially if you’re a web developer, and you’ve got a lot of domains, at the very least, make sure you have autorun On if you just want to be better safe than sorry but otherwise like we started out the top of the show talking about the bad habits that can hurt your website commercial licenses expiring things that are on an annual cycle that may expired domains lump in with that so make sure you know the cycle those are going to be coming up on so you don’t lose them because unless you’re willing to pay the hundred dollars is it’s for me like that would have just been 100 bucks out of my pocket and I was like it’s right I don’t want to lose the side but I also don’t want to spend $100 so I’m just not

I think that the days when you could have even an hour of time before I get snatched up our long past us.

Oh yeah, yeah.

Oh man. I’m so this is unrelated to that. But there have been two different times when at jobs When the first commit I made, like, broke the site. The first time was when I was at Cornell, we used a Perforce version control. And I think I was, I think, updated the version of jQuery we were using, and I didn’t know it, but there was like, a regression problem with it. And we were like, We had something that was depending on an older version of jQuery, something like that. Anyways, I pushed it up, and I was thinking like, oh, it’ll be fine. Now it broke the whole internet. So yeah, that was fun.

And, you know, to my cookie thing, you know, it’s the same kind of deal, right? You wouldn’t expect something like that to necessary, right? Yeah. Probably like that’s, you know, normally it’s like, yeah, I’m just gonna update it. It’s more performance. They’ve added a couple features, not they broke something that breaks all my stuff.

Right. So my first day at my job, I never use perfect Before that, so my first day of my job I’ve learned how to do a Perforce commit. And then also do a Perforce rollback.

A really, man and I’m glad you brought it up because I’ve broken stuff in get before like with merges and stuff and like a careless merge. I think we’ve all had that at some point where it’s like, oh, this is overriding something. I don’t know why that’s there. But I’m sure it’s fine. It’s worth making sure you take the time to also learn stuff like get inside now because if if you have to cherry pick or revert or anything like that, like I get into muscle memory real easy, but then I have to work outside of that. Sometimes that gets a little.

Yeah, if you’re if you tend to use get through the command lines or these through the graphic tools, like in your ID or whatever. Take an adventure and go try to learn how to do it from the command line. Cuz there’s some things that are just easier to parse through when you’re doing it from the command line. Yeah. Um, the other the other one was at my last job, the first command that I pushed up was just, it was just adding a tracking pixel to the site, but I forgot to close my f tag. And so some of the pages on the site were erroring.

I see that’s, that’s just about as bad. The Google adding a tracking pixel that should do nothing.

Right, right. Yeah, this is like a legitimate syntax error on my end, I think. I know, I think I think it didn’t get merged then. It was really, it was really easy to overlook it because it was like, because the beginning and the end of the block were really far apart.

Yeah. So and depending like we use a language called velocity, which doesn’t have very good syntax support in VS code, or Adam or anything like that. There’s some But it’s just not great. And so it, you know, from like a linting standpoint or anything like that, like it, it’s not, the apps aren’t good at alerting you to something like a missing end or is if you’ve ever been in especially like complex conditional statements and stuff where you’ve got IPS inside of IPS inside of IPS. Sometimes I take some of those out or you take out an LLC, or you know, things like that, and all of a sudden, you end up with an extra end or an extra F or an extra curly brace mixed in there. And right, like if the depending on the way your code compiles and runs or or doesn’t compile, you know, depending on the language. Yeah, catching that stuff can be a real pain in the butt. It also speaks volumes to the importance of review. Yeah, we uh, you know, if you are a freelancer, that’s one of the big things that super sucks because it really does mean you have to rely on yourself for a lot of your success. And one thing I learned early on was about like, just because I can make something work doesn’t necessarily mean I’m making it work the right way or the most. And if I didn’t actively search out people to look at code, I would never have been able to learn those kinds of things. And, and even then, it’s still an imperfect year like you say it if your stuff got merged in to in the master and got through all those other people, whoever was looking at it, we’ve had that, you know, yeah, go code line sometimes, especially if it’s a big change, like, you know, we will have some PR is that it’s like, yep, we, we took the white class off of this div, so it would be great. You know, it sounds like yeah, I’ve got to check off the simple reviews so I just hit the button. Right But I totally missed that. They when they deleted the class name off there they deleted a quote mark two. review is imperfect in and of itself. Self, but it is still incredibly valuable.

I think also, this is a good reason to have, like an automated test suite, especially one that like, even just like the most basic integration tests, like if you have, if you even if you had a test suite that just like pings every like major page on your site, and just made sure it got a 200 back when I loaded. I mean, that’s it’s like 50% of the work right there. Because then like if a page is having trouble loading, you’ll know instantly. So I mean, it doesn’t catch everything. But it’ll at least be like the first line of defense to start preventing. Yeah.

is the one that I’ve been using Cypress I have fault now I shouldn’t say fallen in love with it, but it is definitely been my favorite testing suite to date so far. Hmm. My last little story for tonight is it’s a mystery. stake. It’s also a bad habit. And the way I phrase it in the show notes is It can’t be that easy, can it? The reason I say it that way was because I have a habit of sometimes over s or under estimating rather, the amount of work that can go into something that feels very simple. You know, it’s, we always look at work and we think, Oh, well, that’s just adding up such and such joy, oh, we can add a button to it. And that’s nothing. That’s not a big deal. We just need to add an option to that select box. That’s man, that’ll take 30 seconds. And a lot of the time it does. But there’s definitely I think, a point where I need to still that this stage, I need to be more skeptical of my confidence. I think in terms of how quickly I think I can get some things done because there are so many cases where there may be downstream considerations that come into play, there may be, you know, especially when it comes to CSS, when you think about, oh, yeah, we’ll just we’ll just change the font on that header. And then you get in there and you realize, well, the header definitions are set up, you know, they actually impact three different sites, you know, they’re all the same base files, they’re importing this stuff, change it here, you’re actually going to change it in these other places. It’s like, it’s simple, but it’s not. And,

yeah, there’s a little there’s a lot of hubris that goes into assuming that that something is a simple change, and that you’re the first person to discover it. I definitely have noticed. I’ve been learning not to do that as much anymore. And do is like I like to ask first now, especially if it’s with like a part of a code base that I haven’t used before. If I’m like, Oh, well, this seems like a really obvious thing. Why hasn’t anyone done it? I’ll just do it. And then it’s like, No, wait.

Mine has really bit me like right now today. And I’m literally at the tail end of a boot camp that I’ve been taking for, like react and some advanced JavaScript stuff. And so I’m working on my final project. And I, I picked an idea for a site. Very simple thing, I wanted to make a little simple, like single page web app that you’d go in, and you would just log some data in, and then it would spit that data back out from an aggregate to give you a little chart and give you some averages and stuff out of it for a game that I play. And I thought, super easy. I’m going to make Gutenberg block that’s going to just embed a react app in it that will use the WordPress CLA to submit to a custom post type, I’ll pull the custom post type and then math, you know, like, that’s all that’s happened in my head, very simple. In my head, very simple. Very simple. As I’ve been building it out, I started getting into Things like having to figure out okay, now I’ve rendered my react app, and I’ve got my component for my select box. But when that changes, then I gotta buy an on change event to that, because I need to show and hide different fields based on it. Now, right? Do I need to do you have an event handler going on change is the fact that it’s already rendered? Does that matter? And then I get to thinking about, wait my results page, I need to do it in space. But if I take the React app out to put my results page in place, do I break the the app to rerun like there’s all of these like things that where do I include the the WordPress API JavaScript and all this like where does worse I included in queue that in this whole thing, right? It it’s stuff that if you’ve done it, and once I get over the hump, you know, it will all be beautiful and easy, and I’ll probably be able to reproduce it a million times over but I definitely I would say it’s about five times harder now that I’m trying to get the code written than what it was. When I, you know, outline that for the teacher, you know, oh, wait, I have to make sure they’re logged in, I have to make sure that we’re authenticated and that we have a nonce when we submit these things. So that you know, it’s it’s secure and not getting spammed and all this. You know it, there’s just so much there and I underestimated. I looked at I thought it was going to be super simple. I let my confidence get in the way and it says it’s a mistake. It’s a bad habit more than that. And I think that there’s a lot of value in always questioning yourself a little bit and admitting the end, just because something that looks easy isn’t easy. That doesn’t mean that you failed at something or that you didn’t do something right. A lot of the times that Easiest stuff is hard explicitly because a lot of other folks have written something that depends on it or, you know, generating that one line of text requires internationalization libraries to come into play or, you know, things like that. So just keep a healthy dose of skepticism on hand for yourself. And just and use it Don’t you know, don’t use it, like as an excuse or as a way to beat yourself up. Just get better at estimating,

especially if something is a an app that if you didn’t write the app, or the app isn’t really, really, really new, and something looks easy. Just take it from my experience, ask first and ask like if anyone’s considered it and why it hasn’t been done. If the answer is like, Oh, well, we didn’t know you could do that. Great. That’s probably a green light. You can do it. Otherwise, what’s more likely the cases like oh, yeah, we tried that. It didn’t work. Because of this. Then you just saved yourself like, you know, three hours of and maybe a slight breakage Alright, so I got one. I A long time ago I was embarrassed by this but I think I mentioned on the show before but so many years ago when I was first starting as like a like as a professional web developer, I worked for a municipal government in Indiana. And I was a I was officially I was just like, you know, help desk or technician person, like a bench technician, fixing computers and doing whatever else. But I was also the only person on our staff that had Linux experience. So I was also the Linux system admin. And I was like, oh, like, I’m going to teach myself my SQL and PHP and I did, and I built a CMS and I accidentally allowed it to have I didn’t sanitize my parameters, and I introduced the sequel injection bug. And thankfully, the person that discovered it was a friend of mine who worked in the computer forensics at the police department. And he was like, Oh yeah, if you do this, it logs you in as the admin and I was like, Oh, thanks for finding that.

Well, I can officially say that I didn’t finish my juror a little bit left in this bottle. So that’s probably for the better books, I hope. I hope these mistakes have helped you feel better about some of yours I would love to hear especially from people who have you know, faced adversity from from this kind of stuff and you know, because it’s, it’s not just about making the mistake, it’s about how you rebound from it and what you do to overcome those things and committing, you know, for me like the the last one, my habit of under estimating the amount of work, my solution to that is committing to you know, 22 I’m going to start paying attention when I say something takes eight hours. Maybe I’ll keep a clock and and try to see was I right? Did I underestimate that? And try to hold myself honest to adjust for that. So how you react is really sort of the measure. If your site gets hacked? Did you turn off the things that made it vulnerable? Did you do something to make sure that you’re checking your plugins? Do you make sure you’re getting your code reviewed before commit whatever those cases are? So let us know we’d love to hear what what you do or have done and and how you made up for it is

would like to know. I think it’s part of I think, like what you said earlier in the show is, it makes a lot of sense. Like, it’s only a mistake if you don’t learn from it. And I I think it’s good. It’s good to be wrong, and having a good culture of like peer review can help these mistakes which are totally normal and happen to all of us. can help them be sparse and low impact.

The drunken UX podcast is brought to you by our friends at New cloud. New cloud is an industry leading interactive map provider who has been building location based solutions for organizations for a decade. Are you trying to find a simple solution to provide your users with an interactive map of your school city or business? Well, new clouds interactive map platform gives you the power to make and edit a custom interactive map in just minutes. They have a team of professional cartographers who specialize in math illustrations of many different styles and are ready to design and artistic rendering to fit your exact needs. One map serves all of your users devices with responsive maps that are designed to scale and blend in seamlessly with your existing website. To request a demonstration or to view their portfolio, visit them online at New cloud dot COMM slash drunken UX that’s in you cloud.com slash drunken UX.

Thanks for listening this evening. The last This is the penultimate estimate. estimate. Yes. The penultimate episode for the year not estimate. Thanks for tuning in again. We’re gonna do some fun stuff next time.

Maybe? I don’t promise anything in this one.

Yet Really? Dude, it’s crazy. This is the end. This is the second year I was when I was telling one of my friends about this. That may be a guest later next year. I was like, yeah, we’re finishing up our second year, which is just wild. Unknown Speaker Two years. You’re

welcome. I’ve pushed you hard. Yeah. You have. Folks if you have any ideas for us, if you’ve got topics you would love to hear us cover. If you’d like to be on the show or know someone who might make a good guest for the show, by all means reach out to us. You can connect with us on Twitter or Facebook. Look at slash drunken UX. You run by the website drinking UX calm we’ve got a contact form there. That is has a box where you can explicitly say hey, I want you to talk about this so you can shoot us a message through that. Or jump on slack with us at trumpian ux.com slash slack we’ve got that open and welcoming to anybody who wants to hop in. Come, let us know. say we are wrapping things up. Season Three will be on the way we will start fresh in January. You will see no lapse in time we will still be releasing every other week as we get into that but lots of new stuff to talk about. We’ve been collecting our articles and making our notes and I we do have a guest to open that up the we were supposed to have actually this episode would have been a final guest for the season, but we did have to do some rescheduling there. So instead, we will launch season three with that. So still incredibly excited for that interview because I think you’re going to really enjoy it. We’ve got some fun information. To share their outside of that. I hope everybody has a Merry Christmas. You will hear us again right before that, right i think Yeah, right. Right before Christmas is when we will finish things up. If

driving to your families are making a turkey or whatever it is wrapping presents, you can probably saw maybe be entertained by us.

If you get a second, leave us a like a review in your favorite app. We appreciate the support and loving kindness that everybody shares with us. Shoot us a message on Twitter. Let us know what your favorite episode of the year so far has been. Other than that, I’m going to leave you with a handy piece of winter advice said it’s the six the bad habit that you can add to your list which is to keep your personas close and your users closer bye bye

Exit mobile version