Is this the hill you want to die on?

Maybe it’s just me, but that’s a question I’ve been asked quite a few times. It’s a loaded question really, the implication is that if you don’t change your mind, you’ll “die”. That it would be foolish not to change your mind.

For me, it’s often a matter of principle. It’s about doing what I think is right, it’s about not compromising on ethics or values, or just not going along with ideas or plans I don’t believe in. It’s about being authentic.

It’s never as if you really die, the consequence really if often something the lines of not being part of a group, ending a friendship or relationship, leaving an organization, or leaving a job.

Maybe it’s idealistic or optimistic, but I think perhaps we should choose to “die” on hills more often.

Accidents causing death

There’s a very good opinion piece in the CBC about the driver of a semi that caused 16 deaths. https://www.cbc.ca/news/opinion/humboldt-driver-1.4972428

I feel like so many people judge quickly, but it easily could of been them. Momentarily distracted, changing the radio perhaps. We should try to have more compassion towards mistakes like these.

“Efficiency is our existential purpose”

There’s a very interesting article from BuzzFeed about millenial burnout

While you may be tempted to skim over since there’s not much extra-ordinary, I would recommend at least reading the conclusion in full.

Fear in leadership part 2

I often used to assign malice to folks in leadership positions I strongly disagreed with. I then slowly moved to assigning ignorance. It made being compassionate to these folks much easier. Now, I often assign fear. http://stephboisvert.ca/2018/12/23/fear-in-leadership/

Now here’s the tricky part. It’s way easier to notice and see this in others. Looking inwards at what you are afraid of…. Now that’s much trickier.

Fear in Leadership

I often used to assign malice to folks in leadership positions I strongly disagreed with. I then slowly moved to assigning ignorance. It made being compassionate to these folks much easier. Now, I often assign fear.

Fear of being found out a fraud, fear of being in over your head, fear of failure. – Elizabeth Shassere

I recommend reading the whole article here. Not everyone will tick off all the checkboxes but perhaps being aware of them can help you build compassion for others and maybe even become aware of some things you are afraid of.

Rise of populism

There are lots of good think pieces on the rise of populism. This one has an interesting take on why the lying that Trump does is not a problem.

The rise of highly polished, professional politicians such as Tony Blair and Bill Clinton exacerbated the sense that politics is all about strategic concealment of the truth, something that the Iraq war seemed to confirm as much as anything. Trump or Farage may have a reputation for fabricating things, but they don’t (rightly or wrongly) have a reputation for concealing things, which grants them a form of credibility not available to technocrats or professional politicians.

It’s and interesting read: https://www.theguardian.com/news/2018/nov/29/why-we-stopped-trusting-elites-the-new-populism

BikeShedding

One thing I often noticed in politics (as well as other environments where there’s classical management) is bikeshedding. You do a design for a report or for a landing page and suddenly everyone is a designer or a landing page optimiser professional. This is really well addressed by Seth Godin here:

you’d think that there’s a correlation between the last few hours of tweaking and the results that we get. […] For surface shine, 80% might be more than enough. After that, the tweaking is for us, not those we seek to serve. – Seth Godin

La CAQ au Québec

La CAQ viens de gagner les élections au Québec. Il sont de droite et je me demande si c’est juste de la chance ou si quand le fédérale est plus de gauche les provinces change plus a droite et vice versa.

En tout les cas je suis d’une manière soulagé de ne pu vivre au Québec par ce que je n’aurais pas été sur pour qui voter. Les Libéraux au Québec sont un peu plus a la droite que je l’aimerais mais l’autre option, Québec Solidaire, avec lequel je partage quand même assez d’opinion est super souverainiste.

Ya aussi un échange en particulier qui m’aurais probablement faite voter Libéral et c’est celui-ci:

La chose intéressante c’est que tous les parti sauf les Libéraux sont en accord. Je trouve sa troublant….

Is time linear or cyclical?

An interesting article on philosophy that talks about time has this interesting quote:

“the idea of progress in history is a myth created by the need for meaning”.

Which, while a bit hyperbolic, is an interesting take on the dominance of linear time in the West.

Late Escaping in WordPress

Late escaping is often seen as unnecessary. I remember when I used to think this:

“Why should I late escape something that I know is safe?”

Let’s examine the various parts of that statement. The “I” really means not just me — the developer currently writing the code — but me at this current moment in time. While debugging old code, how often have you asked yourself who the “genius” who thought up some “clever” solution was only to realize you were the one who’d written it 6 months ago?

Late escaping future-proofs your code by making it easy to spot escaping. Otherwise, to check the security of it, you’d probably need to re-read all of the code surrounding it, check which functions are called, where the inputs come from, etc. It’s easier and less time-consuming to rely on late escaping instead.

The second part of this statement I want to examine is the “is safe” part. Safe in this context really means, “is not currently known to be insecure” with currently being the key word. The statement “the code is safe” is probably accurate at the point in time when you originally commit it. The problem is, code has a tendency to change. The function you’re calling that returns the “currently safe” code might change in the future. Or, the inputs to that function will change and be from a source you didn’t initially anticipate. That change could introduce user-provided data in a way you didn’t expect and end up being insecure. It’s safest to rely on late-escaping because it’s more resilient to unanticipated changes in the future.

I sometimes hear from developers who are worried that late escaping will hurt the performance of their site. Escaping — even with functions traditionally thought of as slow such as wp_kses_post() — is a drop in the bucket compared to one additional MySQL query on a site. If you take a look at this great post by Zack Tollman on the performance of wp_kses, you can see that older versions of PHP were a bit slow on long content. However, running wp_kses on longer content in PHP 7 and above* shows performance improvements similar to those of HHVM.

So you can rest easy — adding late escaping won’t slow down your site, and it offers many benefits:

It’s easier to scan the code using PHPCS
It’s easier to read during peer code review
It’s more resilient to changes in other parts of the codebase
Removes ambiguity and adds clarity for future code maintainers (including yourself!)
Negligible performance impact

*For reference, WordPress VIP runs PHP 7 at a minimum

Stéphane JPM Boisvert

Speaking, Consulting, and Hopefully Making the World a Better Place

Tag Archives: All posts