Author: Michael Lucas

Writer. Sysadmin. Owns this site.
Posted on

March’s Malformed Sausage

(This post went to Patronizers at the beginning of March, and the public at the beginning of April)

Last month, I mentioned blood pressure problems.

The good news is, I have the blood pressure under control. The bad news, it’s given me a cough so fierce that I occasionally fall over. People have told me I work to hard, so now I’m taking a thirty-minute break every four hours around the clock for a breathing treatment that leaves me wheezing and quivery but functional. It’s an opportunity to prove the maxim “sleep is for the weak,” and I needed to develop my abs and rib muscles anyway. The doc changed my meds yesterday, so I’m hopeful I can exchange these side effects for less inconvenient ones.

This is all covid damage. I’m not risking developing more problems. You want me at your events, enforce a mask policy. I got too many books to write to put up with any more symptoms.

I also failed to finish Run Your Own Mail Server last month. See the above cough. I’m down to one technical issue, MTA-STS, and a few social issues that only require spewing words. I was tempted to wait on this post until I write those, but that’s pretty much a guarantee that I won’t complete either. You folks are my strongest supporters, and I need to give you the attention I agreed to. (Not the attention you deserve, of course. I don’t have that much attention.)

One of the headaches in this book has been its constant violation of one of my usual writing rules: do the hard part first. When I approach a new project, I rank the contents in order of difficulty. Usually, there’s at least one thing I haven’t previously done. Those are the things I need to write first. Writing the stuff I know how to do is pretty straightforward, but the unknowns wreck my plans. RYOMS could only be written in one way, though. The services must be set up and documented in a particular order, without shortcuts. If the book said “This is wrong but we’ll come back and fix it later,” I know perfectly well that none of you would go back and fix it. We have to set it up right the first time. Which led to some extra work. I use pyspf-milter so I wrote about it, but rspamd turns out to be a wiser choice. Retreat, refactor, rearrange, try again.

On the fiction side, I sold a new Rats’ Man’s Lackey tale to a magazine. The RML tales have a strange publishing history; every magazine or anthology I’ve sold one too has collapsed before they could publish my tale. Once a story destroys a publication, I put it up on my bookstore. I’ve written enough of those to release a collection, but a few buyers are still in business so I have to wait for them to implode–uh, publish. Publish.

I’m most of the way of a massive Terry Pratchett Discworld reread, not just studying his craft but how he improved his craft. There’s something fascinating about reading a large body of work in the order it was written. The quality of Pratchett’s early work was borderline, but some editor saw something unique in his craft and decided to give the kid a chance. You can see him improving with every book. At a technical level, there’s a certain fascination in saying “Oh! This is where Sir Terry discovered cliffhangers!” “Hey, he learned the difference between description and setting!” “Ooooh, he figured out how to stop violating drifting point-of-view, thank you Om.” This binge gives me hope for my own craft, because nothing Terry with his craft did was magic. The art expressed through his craft was magic, but art is not craft. I started reading Pratchett when The Light Fantastic came out, and in retrospect I can honestly say he taught me how to improve my craft.

Note that you can’t binge-study James Patterson. This kind of study requires examining the work of someone who writes their own books. You also can’t binge-study Ayn Rand, because she never got better.

Anyway, this binge study leaves me feeling validated about my method of deliberately practicing one skill per project. That’s a dangerous feeling; I don’t study to see what I’m doing write, I’m looking for ways to improve. I’ve found a few, but I still suspect I’m missing something big. Oh well. I guess, in a year or two, I’ll have to… study Pratchett again.

I’m going to cut this a little short, because the coughing has backed off and I desperately want to finish RYOMS this week. Thanks for supporting me, everyone!

Posted on

xz backdoor vs “$ git commit murder” sale

I’ve gotten half a dozen messages on various forums declaring that the xz backdoor is eerily reminiscent of a major plot element of $ git commit murder.

I’ve been a sysadmin for decades, and hanging around with operating system developers nearly as long. I came up with a plan for a “difficult but achievable” hack. I checked with various actual developers to see if it was realistic, and adjusted the hack based on their feedback.

Target a userland tool. Hook it into the operating system core. Proceed from there. The plan is easy, the execution fiercely difficult, the coincidence unsurprising.

I can say that if Dale had developed this hack, it would not have damaged the host’s ability to serve SSH requests. He would have caught that and fixed it before deployment.

I feel compelled to acknowledge this similarity, however. Coupon code xzhack gets you 50% off $ git commit murder and $ git sync murder at my store. This expires 8 April 2024.

To all the sysadmins who are having a bad weekend because of this hack, I offer my sincere condolences. Just because the blast missed me this time doesn’t mean I don’t feel your pain, or that I won’t be caught next time.

To the author of the hack I would like to say: you are a dick.

Posted on

Vultr backed down, but so what?

(Quick note, because very busy day.)

Vultr had a rights grab in their ToS. They just took it out, after community outrage.

So, is everything fine?

Nope.

This is exactly what Findaway tried. I’ve read the whole ToS. There is no misunderstanding.

The CEO has said that users are not lawyers. I am not a lawyer, true. But I deal with a lot of intellectual property contracts. My books are intellectual property, and I have to read ToS and contracts for every one of them. When reading a contract, you have to assume that the other party will be sold to a complete bastard who will exploit the contract as far as possible.

It’s highly unlikely that Constant Contact (Vultr’s parent firm) would use a book stored on my site to make a film. But suppose their parent company did so. A film I didn’t want made would come out, destroying the value of any film I might have made. I could sue, spending my money to fight a much larger firm. This is a losing proposition.

Perhaps Vultr’s lawyers are merely incompetent.

But their parent firm is a content company. And many content companies are doing rights grabs.

Rights grabs are becoming more common, though. I believe that the only way to stop them is to stop doing business with any company that attempts one. Backing down from a rights grab is too late.

Posted on

Vultr Just Betrayed Us

(followup at https://mwl.io/archives/23504)

I suppose the hip kids would say this is enshittification, but it’s certainly a betrayal.

According to their new Terms of Service:

You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you.

This is unacceptable. No other hosting company does this.

The TLDR on the side is deceitful. They say that we own our stuff. Fine. The fine print declares that we license our stuff to them, for full exploitation, without compensation.

I have not agreed to those ToS. Fortunately, I can migrate off their systems without console access, so I do not have to agree. If you use vultr, I suggest you do the same. Also contact them through their contact page and state your refusal. I’m told you can cancel via their page without logging in, but haven’t yet tried it.

I am now investigating alternatives for hosting FreeBSD and OpenBSD systems. Preferably that take custom installs.

Posted on

Shopify vs Woocommerce for Author Bookstores

The hot new idea in writer circles is the author-owned bookstore. According to the Wayback Machine I’ve had my author-owned bookstore since 17 May 2013, so you can imagine I’m fully on board with this. This store now accounts for 35% of my income, more than Amazon, so it’s a critical part of my business.

When folks look at building a store, though, they’re immediately confronted with choosing a platform. There’s two major platforms: Shopify and Woocommerce. Which should you pick? The costs are comparable. The skill level to use either is about the same. They then commit a grievous error and ask me for my opinion.

I will always advise Woocommerce. Always.

When I say this, many authors immediately jump up and say “I tried Woo and it sucked, Shopify works better!” I would reframe that. “The first store I built sucked, the second store I built is much better!” The first book you wrote probably sucked, too. The first iteration of my Woo store also sucked. I look at a lot of author bookstores and immediately say, “Oh sweetie, no, this is not how you do it.” Some of them hired ‘technical’ people to build the store. Technical people are like literary agents: there is no qualifying exam, they act in their own interests according to their own biases, and you can’t afford a good one. Even a disaster is educational, though. Your failed first store taught you how to build a second store containing less suck. (It’s amazing how many writers are willing to spend years noodling over a manuscript, but expect their first store to work perfectly on their first try.)

My motivation for standing up my own bookstore is to declare independence from any outside channel. A decade ago, Amazon was the majority of my income. Making my books available in all channels increased the number of readers I drew while reducing my dependence on Amazon. Adding my own bookstore reduced my dependence on anyone. Yes, I use outside components and services, but every one of those parts can be replaced. Why would I replace a dependency on Amazon with a dependence on Shopify?

Cory Doctorow recently made a big splash with the word enshittifcation. He describes it as the process where an Internet company starts off being useful, becomes powerful, then starts squeezing values out of suppliers and then customers. It’s standard business practice at Internet scale. Ford and General Electric would totally do the same, if federal regulation didn’t prevent it. Amazon exists with very little federal regulation.

I prefer a simpler word: betrayal. It’s harsh, yes, but it fits.

Internet companies betray their user every day. Glassdoor sold itself as a place to anonymously rat out employers. Now the company wants to monetize its users, and is attaching real names to user profiles. While I could laugh and say You idiots trusted an Internet company, what did you expect? this will literally destroy lives and careers. Findaway Voices sold itself as one service, got bought by Spotify, changed its ToS to become an IP-pillaging company, and appeared to back down under protest. People thought it was a victory. It was not. We lost. We lost huge. It was an absolute rout. Compare their current terms of service to the pre-Spotify terms of service. Now consider what a minor update like “we added three carefully-chosen words to the ToS, they’re harmless legal boilerplate, we promise” could do. I guarantee that Findaway’s lawyers knew what words they would add and where they would put them before releasing these “friendly” Terms of Service. In Reddit’s quest to raise money, it trashed the people who create its value. All that’s only in the last year.

Betrayal is the Internet’s business model.

Businesses look out for their own interests. If a business believes it exists solely to maximize shareholder value, and has no legal, regulatory, or competitive barriers, it will become invaluable and then betray you.

What happens if either Shopify or Woo betrays me?

The Shopify software and all hosting thereof is fully controlled by the Shopify company. When folks tell me that they’re lovely people, what I hear is “the company’s current management is lovely, but the owners have decided to not betray their users. Yet.” A third of my income is at risk. If they become a problem I must hurry up and find a new store system, without advance warning, right freaking now.

The Woo software is freely available under a permissive license, and is hosted on a WordPress site I pay for. There is a Woocommerce company, yes, but they make money by selling support and add-ons. The actual software cannot be taken away. Yes, I buy some Woo plugins. There’s a super healthy plugin marketplace. If Woo Inc betrayed me, I’d have time to switch. After all, I have all the code. It’s running on my server. Betrayal would vex me, and I’d feel obliged to rant and rave. Also, Woo is a fork of Jigoshop. If Woo betrays its users, any number of those outside firms would leap up and happily take their place. And Woo knows it. That’s how they replaced Jigoshop. One day they’ll get bought and the new owners will go for a betrayal anyway, though.

When Shopify inevitably betrays me, over a third of my income is at risk.

When Woocommerce inevitably betrays me, I am not at risk. I’m merely pissed off.

Either way, you need to experiment with your store. Polish it. Experiment. Some of those experiments will be complete failures. Some will succeed worrying well. It’s all about what your readers want. Give readers a seamless buying experience, and expect that it’s gonna take a while.

Posted on

“Run Your Own Mail Server” off for tech review

I just finished the first draft of “Run Your Own Mail Server.” Copies have gone to my volunteer tech reviewers and my sponsors.

When I need to mass-mail my sponsors, I normally can only mail a dozen or so at a time without making Google and Microsoft throw a fit. This time, I mailed all 147 sponsors at once. None of the big providers even looked askance.

Requested feedback by 15 April, just to make tax day extra special. That’ll let me open the Kickstarter by Penguicon.

Posted on

February’s Fantabulous Sausage

(This post went to my Patronizers at the beginning of February, and the public at the beginning of March.)

Last month, I made plans. Immediately thereafter, life gave me a surprise.

Since my last doc visit in June, seems my blood pressure has doubled. It’s been 80/110 my whole life. Suddenly it went to 130/190.

What changed?

I had my first bout of covid, that’s what.

Fortunately high blood pressure is a well understood problem. I am resistant to the medication, but it’s been dragged out of “holy crap your brain is gonna explode” territory down into “well, that ain’t right” and we have hope it’ll reach normal before too much longer. The long term impact is real. The effort to arrange my life so I can be properly productive remains in place, though. I’ve had to slow down a bit. The drop in blood pressure has left me with orthostatic hypotension, which is great fun for a martial artist who specializes in throws and falls. Been focusing on tai chi and physical relaxation.

In some ways, that physical relaxation will be most difficult. The hip-height split keyboard works well for pure word production. I’m using them right now. I carefully placed them at a height where they only work if I relax my shoulders. Using them involves a tiny bit of knee flexion, but that’s actually preferred. It ensures I don’t lock my knees for eight hours straight. The problem is, “relaxed arm dangle” height corresponds with “tense your shoulders the way you shouldn’t, and hunch the way you also shouldn’t.” Martial arts practice has given me a decent posture, which in turn has helped me avoid myriad health problems caused by desk jobs, and I need to maintain that.

So: NO HUNCHING.

I’m still planning to publish a crapload of books this year, though. I might publish more than were on last month’s plan, if certain things work out. I totally forgot about one book that’s damn near ready to go to production. I need to finish the mail book first.

And how goes the mail book?

It’s my only writing project at this time. I’m cranking on rspamd. Rspamd is a seriously complicated program, mainly because people are complicated. It requires tuning. Some useful features are disabled for privacy reasons, and enabling them means explaining more than I had hoped. Rspamd has no single consistent management interface: some tasks can only be accomplished in the web interface, while others are limited to the command line. Technically, fetch http://localhost:11334/symbols is on the command line, but it gives you a file of compact JSON. Trying to grep that for a symbol name is not productive. I’ve been pointed at jq as a solution, but that’s another daft thing I need to figure out. It’s all a process of figuring out what I need to explain so I can explain what I need to explain, sigh. I’m spending the time to dig up solutions for command-line-based management wherever possible.

I’m still hoping to finish the first draft before family matters drag me to Las Vegas mid-February. I don’t know if I can do it. The blood pressure meds leave me a little woozy. Not sure if it’s because of the meds themselves, or if I’m acclimated to high pressure and returning to normal is destabilizing. Either way, it’s costing me time. Dealing with spam takes time and experience. While I use rspamd elsewhere, never before have I used it methodically. But once I finish that, the rest should be a matter of spewing the words onto the paper.

At least I have my email entirely switched over to the shiny new host, which is a good line to cross.

If you happen to live in Las Vegas, by the way, you’re welcome to have gelato with me on the 17th. 7PM. Details will be posted on my blog.

And if you don’t follow my so-called blog, I finally have an index of all my titles. It’s sortable by title, year of publication, fiction or non-fiction, and even length. I don’t know why you’d want to sort by length, but it was easier to leave that option than turn it off. Building this served as a double-check of all the titles on my site. No, I didn’t do the work myself: this is the first public-visible project completed by my Competent Assistant, and it’s something folks have begged for for years. I wasn’t ignoring y’all, I just didn’t have the information.

Dang. I’m hunching again. Stop it, dude.

I’ll blame WordPress. Because blaming wordpress is not always correct, but it is never wrong. Not as fiercely “never wrong” as always blaming Oracle, but never wrong.

I submitted a few talks to my usual conferences, Penguicon and BSDCan. Some of them involve email. It gives me a deadline for getting the book in people’s hands. If I can’t manage print by then, I at least want the Kickstarter going for Penguicon. Or a Kickstarter. I’m running enough of the damn things.

That’s all the news. Seriously. No big business decisions, no projects ready to announce. I’m just keeping on.

Posted on

The end of the Findaway Voices saga (hopefully?)

See part 1 and part 2 for context.

Last night Findaway changed their terms of service last night to something mundane, but it doesn’t matter.

I’ve worked with developers for decades. Developers do extra work, but only certain kinds of extra work. They will rearchitect your entire front end in Rust and Pascal for the sheer joy of it. What they won’t do is change the terms of service for the fun of it. That’s boring.

I know several lawyers who have fun drafting proposed contracts. This isn’t that.

Someone came to the Findaway web site developers and said “Add a popup with these new terms of service.”

Were those ToS an error? If they were identical to the Spotify ToS, then I’d accept a copy-and-paste goof. They were not. Someone wrote them.

Additionally, it was pointed out that opting out had a 30 day lag, and the announcement was made 30 days before it would take effect. If you didn’t catch it immediately, Spotify would assimilate your work.

Lawyers are accustomed to negotiating with other lawyers. Everybody starts by asking for everything, they bat it back and forth, either meet in the middle or amicably end negotiations. The initial ask includes things that they know they won’t get, and things that they can discard so they can show they’re being reasonable. It’s a dance.

These online terms of service from tech companies? They start the same way, but they’re negotiating with the public. They wait to see what gets pushback.

They’ve shown us what they want to achieve, and it’s antithetical to our art and our craft.

Spotify has no pointy-clicky way to delete books from their inventory or your account. You can go in and delete the individual MP3s, however. You can change the cover art and description to Removed Because Spotify’s Business Practices are Unacceptable. You can then email support@findawayvoices.com and ask them to delete your account.

Hopefully, I am now done blogging about this.

I hear that Author’s Republic, which imperfect, has viable options. I haven’t read their ToS, though. You should read them for yourself, and ask how they’ll be used against you.

Posted on

Findaway Voices followup

Yesterday I posted about Findaway Voice’s rights grab. Last night I received this email from Findaway Voices.

Earlier today, we shared planned updates to our Findaway Voices by Spotify. Terms of Use that are set to take effect on March 15, 2024. Our goal was to introduce language that would allow us to offer authors innovative features, improve discovery, and provide promotional tools such as share cards while assuring authors that you “retain ownership of your User Content when you post it to the Service.”

In the hours since, we’ve received valuable feedback, and we understand that there is confusion and concern about some aspects of this language. We want you to know that we hear you and are actively working to make clarifying updates to alleviate your concerns.

We are deeply committed to your success on Spotify. In the meantime, please stay tuned for more details.

I’m not going to bother ripping this apart line-by-line, but I will comment on “confusion and concern about some aspects of this language.” We are concerned because there is no confusion. I am not a lawyer, but I am accustomed to reading rights agreements. They haven’t even agreed to delay the implementation of these license terms. Those terms were reviewed by a lawyer and were not mistakenly uploaded by some overworked developer. A press release does not override a legal agreement.

It’s been suggested that this was an example of a lazy lawyer copying from an existing agreement. A person’s motives don’t matter. Only the harm they inflict matter. And if Spotify has this boilerplate lying around to copy from, that’s a really bad indicator.

I have no doubt that they will follow up with something less objectionable, but the problem is: they’ve shown their goals. They have written down and showed us what they want to achieve, and it is hostile to writers making a living.

Many musicians dislike Spotify. I can’t say all of them hate it, because there’s always an exception. Multiple musicians have removed their music from Spotify. Taylor Swift pulled her music from it. It reappeared without explanation, which is business-speak for “after years of discussion we negotiated an acceptable deal that included an NDA.” Good for her.

My first book came out in 1992. I’ve been through the business wringer. When I have a business question these days, I ask myself “what would Taylor Swift do?” (Or WW James Patterson D, depending on the problem).

Corey Doctorow made a splash with his neologism enshittification. It’s short, punchy, and has great emotional impact, but the concept is not new. Every public corporation in the Western world has the goal of permanently binding customers to them. They want to be the sole customer for their suppliers. Every company has tried this, for decades if not centuries. Ubiquitous computing and digital distribution of art has given them a huge new tool.

Remember that you don’t write books. You create and license intellectual property. Read the Copyright Handbook. The new edition is on top of my TBR pile.

My strenuous advice to everyone is: do not become dependent upon any one business partner. Be able to pivot at any time. Do not take bad deals that lock you into a single customer or allow others to pillage your intellectual property. Those Spotify terms? They allow any use of your audiobook. Run it through text-to-speech and then through text-to-video AI. Poof, there’s the movie. It’ll be a bad movie, because film is a distinct art from books, but its mere existence will hurt the value of your film rights.

I set up my own bookstore a decade ago, and spent ten years refining it. I turn down bad deals from publishers.

Writing is a long-term game. A career in creativity is the greatest life I can imagine, but it takes decades. If you need money now, rob a billionaire. My goal is to spend the rest of my life doing work that I enjoy. That means telling the exploiters “no.”