It’s been recently revealed that Jason Kenny most likely set up a dark horse candidate to win the Conservative Party leadership in Alberta. reading https://www.macleans.ca/politics/what-really-happened-inside-the-alberta-ucps-kamikaze-campaign/ it really stuck me how believable everything was. Folks like that have stopped thinking about the greater good and it’s now all a “game” where your “side” needs to win. It’s all about winning. Whatever the moral or ethical cost.
5 years ago I started what’s basically the slow carb diet. Not really a diet, but a lifestyle change since it’s not just a temporary restriction of certain foods, but rather removing most / all processed foods, cutting out sugar as much as possible and if eating carbs, focus on things like legumes or whole grains.
It’s worked great, I’ve lost ~45Lbs since starting it and have been able to stay there.
While that really helped me get to a healthy weight, I still have a few problematic eating habits. Mostly around eating for no reason. By that I mean, overly snacking on food when I’m not really hungry. I was able to shift my snacking from eating large amounts of nuts or fruit to eating large amounts of vegetables (peas, pickles, salsa, etc). Now that’s much healthier but didn’t really deal with the deeper issue.
That’s fine as I’m a big fan of incrementalism and think it’s unrealistic to try to break all your bad habits at once. Now that I’m at a better place I’ve joined Nerd Fitness and my current focus is on mindful eating.
The idea is that now instead of just going for the fridge when bored, I ask myself, “Am I actually hungry? Or is it just that I’m not so full I could stuff more things in my stomach?”. I then also don’t multi task when eating. No listening to a podcast, no watching a youtube video, no working or reading emails, all I do is focus on eating.
It’s interesting and I still have lots of progress to make. I just ate a bunch of pickles and I’m pretty sure I wasn’t hungry, just looking to procrastinate.
I think I’ve set some good systems in place to help me (and a reward if I stick to this for 3 months). Hopefully in a few months time I’ll be able to understand my hunger better and react better to it.
If you’re interesting in nutrition, particularly the psychology of it, I’d strongly recommend reading Xi Zhang’s blog on the matter: https://ithinkthereforeiovereat.blogspot.com/ she actually has qualifications to talk about this, as opposed to me who just rambles about things that have worked for me.
I’ve straight up copy pasted that title from Maria here. I really enjoyed the blog post. I recommend reading all of it, but the tl;dr is this:
If you see someone go through a hard time, don’t feel sorry for them. It deprives them of agency. If you say you’re sorry, you’re saying they’re unable to deal with what is happening.
People are much wiser and stronger than we think. They have the power to use whatever challenge they’re facing as a tool for growth. The best you can do is to be their cheerleader. Say, I know it is hard, but I know you can make it.
When I was at VIP we always argued for a very tough stance on security. To the point that we’ve been criticized for being over-zealous on escaping, permissions checking and nonce checks.
I understand many of the arguments made against enforcing late escaping. The one I understand and can empathize with the most is the one that goes something like: “If we just enforce rules without understanding the context, folks won’t understand why and when they really need to escape”. That’s a valid point, but I think it doesn’t work in terms of a large scale project. Be it your plugin or theme or even the WordPress project itself.
There’s often talk about two models of security. I’m sure they have better names but I call them the “Fortress” and the “Onion” model. The fortress being, that there is this one “moat” that protects the code. So internal functions for example can rely on the code being passed to them as being safe. The Onion model is kinda like if a paranoid squirrel wrote code. Every function should be suspicious of what it gets passed and doesn’t trust any other functions. I’m not sure where the squirrel fits in with my analogy to be honest, but I liked the thought of picturing a paranoid squirrel.
With that in mind, I would argue that the WordPress code base is currently not resilient enough to attacks as it often makes assumption about the data passed to it’s functions. A good example of this is the latest security release (5.1.1) that patches this: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
So you would think this is an easy fix right? Just replace all the instances where we’re not late escaping to escape late. But I suspect that if I were to go thru the codebase and change all instances flagged by the PHPCS WordPress ruleset (and the VIP ruleset). The patches would be rejected.
The thinking, from my experience and my assumptions, would be that this could break backwards compatibility. A noble cause indeed. There is something to be said to not touching code that doesn’t “need” to be touched. It’s quite easy to introduce bugs or unintended consequences when adding escaping. It’s also possible that the escaping wouldn’t help or, in a small subset of circumstances, would make things vulnerable.
All this being said, I know from having seen how the sausage is made that it’s much more complicated than what may be interpreted from reading this blog post. I want to make sure it’s clear that what I’m suggesting in regards to WordPress security is not actually as easy a solution as this brief post may make it out to be.
There are many smart people who are working on this and they have a challenging task. I suspect my experience with enterprise clients has coloured my opinion in preferring security over backwards compatibility. Very good arguments could be made that if folks do not have confidence in the automatic updates (because of broken backwards compatibility) it would leave more users at risk than patching code that _may_ be a problem in the future.
But one thing I think is clear. If the code proactively was written to late escape, no matter where the data is from, we wouldn’t be in this situation. Hence, for all new code that you write, think of being like a paranoid squirrel. It’ll make your job way easier in the long run.
Some of you may know CDS, others may know the other countries’ versions such as USDS and GDS.
CDS’s goal is to bring together skills and expertise to help the Government of Canada embrace new methods and tools to improve how it designs, builds, and delivers services.
If you’re like me, you may be at first skeptical of this being possible in government. As some of you may know, I spent a few years working in the Government and, like many, experienced some things that were sub-optimal.
I had many many great chats with folks at CDS. It made me believe in the vision that CDS has and that the folks there have the mandate to bring about change.
I’m very excited to be joining such an elite group of individuals working on one of the most important tasks – delivering government services that work.
If you want to read about some of the accomplishments CDS has already achieved, I suggest following their blog (sadly not on WordPress 😉 ). If you’re interested in joining me, CDS is hiring for many many roles.
I suspect the title of this post might raise a few eyebrows. Even though I’ve been in non-monogamous relationships for the past 7 ish years, it’s often not something that comes up in conversation. We’re open about it, but given the contexts most people just assume that we’re monogamous. It’s the default position, especially if you have 2 heterosexual individuals who are married and identify as partners.
There’s something interesting that happens when you embrace non-monogamy. The required extra communication, the ability to talk about thoughts and feelings that are often taboo, having thoughts about someone else, wanting to flirt, feeling joy and excitement from being with others. These are all things that “regular” society says is bad. If you feel these things, then you’re doing relationships wrong. You then feel shame, disgust, or sadness at feeling them. You start to question your current relationship, even if it’s objectively great because well, if you feel those things, then surely something is wrong. This person can’t be “the one” if you have those thoughts or feelings.
It also brings about some introspection with regards to self confidence and jealousy. If you really start to dig down into it, often our thoughts, fears, feelings of jealousy, etc, are products of what we’ve been told are what makes “good” relationships. Clearly if our partner is enjoying being around someone else, that must mean we’re not good enough. Maybe we’re not “enough”, maybe they’ll leave us, maybe they were never that into you. If we examine it, I think we find that many of these are internal problems, problems with our thought patterns. If you truly have a good connection with someone, you should know, understand and be able to talk thru these things.
Many people make analogies to explain it. Just because I usually love vanilla ice cream doesn’t mean I won’t take chocolate once in a while. We can also compare it to our partner playing a video game by themselves or spending time with another partner. Would we be jealous of the video game? I would say no. (I can see someone saying that yes, they could be, and perhaps that is the case, but if so, I’d argue the video game is not the problem. If your relationship is so tenuous that spending time on another activity causes you pain, something deeper is probably wrong.)
If you want to learn more, this intro to polyamory is very interesting. There are also great books on the matter such as: Opening Up (There are also many others).
If you have any questions feel free to post them in the comments or send me a DM.
I got one of the best compliments Yesterday. Someone I worked with previously is interested in starting discussions around mental health at their new workplace because of how much it helped them when we worked together.
I mentioned a bit of what happened (most of this was not done by me, I was just one small part of the events that happened) and I thought it might be helpful to share here.
It first started with someone saying that during one of the company meetups they would have a 1h thing where people can just come and chat about mental health in a random room. There were a few people who showed up. We decided to create a private slack channel where people could just talk openly about mental health. Word of mouth started spreading, especially among people who were like “Well, it’s not really _that_ bad, I don’t have a diagnosis, etc etc”. We welcomed them all.
I (and I’m sure many others) had follow up conversations with folks who were mentioning going thru rough patches. Since I was quite open about it, often mentioning in the #watercooler channel if I was feeling depressed or anxious and taking a break, lots of folks send me DMs just asking me about it and just wanting to chat. Sometimes it was about them, sometimes about a loved one.
I’d ask them all if they wanted to join and convinced them that even if it “wasn’t that bad” they should join. At another team meetup I did a lunch thing where folks could come and eat lunch one day with others and chat about mental health (or just listen).
It was just to see others who were also working thru things. You didn’t need to talk or anything, you could just listen. I did a bit of an intro of why I think it’s important and some of the things I struggle with, a few other people spoke, some didn’t (but they often would send me a private message saying thanks later).
When I left, it’s one of the things people told me they appreciated the most. To have someone who they saw as senior and a leader talk about this. It made them feel like it was “okay” to feel that way sometimes.
I’ve started doing talks in workplaces about this as well, if you (dear reader) think it could be useful for your workplace, I’m always happy to give a talk. I don’t charge anything but I ask that the organization make a donation to Kids Help Phone. For some organizations, donations aren’t possible so I send an invoice and make the donation myself.
I’ve done this talk in workplaces and at conferences such as Confoo and the feedback has always been very positive:
“6/5 Sensitive topic explained simply and with humour”
“Great personal touch”
“Good energy, interesting perspective and personal anecdotes”
“Very good talk. Honest, straighforward, helpful.”
“Important topic presented in a funny manner”
Confoo 2016 feedback
“Stéphane’s candid testimonial on mental health issues was truly engaging. With his great sense of humour and genuine presence, Stéphane puts his audience at ease, making participants receptive and open to tackle what can sometimes be a heavy topic. Having “just a regular guy” come in to share his knowledge of mental health, sprinkled with personal anecdotes, made us feel like we were having a conversion with an old friend. We learned lots of great tips and tricks to prevent or deal and were inspired to talk about mental health more openly.
Great talk, Stéphane, thank you!”
Gabrielle Michaud, Immigration, Refugees and Citizenship Canada / Government of Canada
If you or anyone you know wants to chat about mental health, I’m always happy to listen. Spoiler alert, I’m not a professional and will probably recommend you talk to someone a bit more qualified.
As you can see, my frequency of posts on the SNC Lavalin matter has declined. A bit because it seems like it’s not really that big of a deal. Ya it’s probably not the best thing to have done, especially moving Wilson Raybould out of that position, but in the scheme of things… shrug.
I’m concerned that perhaps my thoughts on it as biased because it’s “my tribe” and I’m just making excuses but I’m not sure. It does seem a bit overblown. I mean, would I of preferred if it hadn’t happened, yes. Do I think it’s sub-optimal and reflective of politics in general, yup. Will this change how I vote, probably not.
The “tribes” aspect is an interesting one. It reminded me of a blog post by Vincent St. Pierre about how you shouldn’t be a blogger. The problem is that many people, especially in politics assume that if you blog or tell thoughts that are not towing the party line, you’re not loyal and don’t deserve a job in politics. I understand the appeal of having folks who will toe the party line all the time even when not employed. You see it in many op eds written by consultants/lobbyists (which are often former staffers) who will probably go back to the ranks of political staff after making good money for a bit.
I’ve had a few people who mentioned to me that my analysis is interesting, but they don’t understand why I’d “burn bridges”. I understand the concern. I guess I don’t feel I’m burning bridges, I’m just talking about what I feel and how I understand things to be.
If someone doesn’t want me as part of their team because I speak my mind (publicly when not part of an organization, privately when part of an organization), then perhaps I’m not right for that job/organization.
I prefer having a nuanced conversation about topics instead of just hurling talking points to others. I understand that’s not something you can do when you’re working for a party, but as individuals, we should acknowledge when things are or were sub-optimal and really try to find common ground. We should dig into the root causes of issues and how we can fix them together.
As a friend recently said, “Elevate your discourse, you piece of shit”