Death is going to be your guide, and he will tell you who is going to die, fairly early in the story. And, he will remind you.

And from there the suspense builds, bittersweet and tender as the main character, Liesel, and her friend, Rudy, grow, play, and try to understand the world in a time when everything is turned on its side.

This book captures why we live, why we love, and why we try, even though we know, at the end of it, where we are all going. We just don’t know when. Or how. Or even who we will meet along the way, and how they may need our compassion, or us, theirs.

I can’t help but read this book and wonder, like Death, how people can be so beautiful, and so ugly. How we can love so tremendously and hate so ferociously. How we are capable of so many things.

I think, or at least I hope, that you will find this book a challenge. Not because it is difficult to read, but because of how it treats our humanity. I suspect that you may look at your fellows with a bit more wonder, compassion. And in that regard, I feel that this book succeeds as a piece of literature, in that it shows us as we are, using the characters as the mirror and lens into our collective soul.

If nothing else, read this book for the wonderful imagery Zusak paints throughout the novel.

Gowan, the Duke of Kinross, usually finds attending balls a chore because they distract from business. And an English ball is worse, with the wiry English ladies in attendance. When he’s unable to dodge a ball due to business connections, he doesn’t expect much. Until he dances with Lady Edith “Edie” Gilchrist, whom he falls for fast and decides that he must marry as soon as possible.

On the other hand, Edie barely remembers the dance, as she’s in the middle of a fever haze. The men are all smitten with a (literally) hot, rosy cheeked woman that remains mysteriously silent. Including Goawn, who is intent on ensuring that Edie is his, and brokers a deal with her father. After all, what is marriage but a type of business transaction? And things seem well, as Edie and Gowan seem more than compatible.

Things begin to unravel on their marriage night, when Gowan tries too hard to ensure Edie’s pleasure in his own way, and Edie finds the whole affair too painful to bear but unable and a bit afraid to voice the pain. Hurt feelings and misunderstandings soon drive a wedge between the couple. To make matters worse, Edie feels that she can’t talk to Gowan because he’s always working, and they have little to no privacy.

It is a tough book to read at times, as it is fairly realistic with Edie’s pain and Gowan’s enthusiasm. Both are inexperienced, and the book does a fairly decent job depicting that clumsy and painful inexperience. The story ends with a resolution that the characters are happy with.

But is it satisfying to the reader? I felt there are more issues for the couple to tackle waiting off-page and off-book. However, I also felt that the story ends with them with solid ground and understanding between each other to figure out and resolve those new issues. I didn’t feel like I ended with a happily ever after, everything is magically okay, but a happily ever after, this couple will figure out the tough times, and enjoy the good times.

Which is something I’ve hoped to see in a romance book, and I was surprised to find it.

People love rating things. Food, people, movies, and books. Let’s look at book ratings.

Ostensibly ratings convey how someone feels about a book. Did they love it? 5 stars. Thumbs up. Did they hate it. Zero or thumbs down. But what about that murky middle? They sorta liked it, but that once scene, where the dragon kissed a donkey, that wasn’t realistic. Everyone knows dragons eat donkeys! 4 stars! 4.5 stars!

Wait. 4.5 stars? What does that even mean? Goodreads and Amazon reviews are rife with reviews that start “3.5 stars, but I have to pick 3” or “4.5 stars, but I have to pick 4”. As a reader looking for a book to read, a fractional rating doesn’t convey any additional helpful information. I find that fractional ratings tend to raise more questions than they answer.

Years back, I interviewed and did annual performance reviews with a system that allowed fractional reviews beyond half-steps. I could assign a ratings such as 2.2 (considered fairly bad) or 4.6 (considered very good). Oh, but the arguments folks could have when selecting a rating between 3.2 and 3.8. A 3.0, on a 5-point scale, isn’t usually a bad rating. Consider it middle of the pack. That rating would imply the person or thing rated was exceptional or poor. In theory, someone would do quite well with a 3.0. But what does 3.2 mean? What does it mean in context with someone with a 3.5? Why did they not get a 3.5, then? And the same questions arise from a 3.8 rating. Why didn’t this person rate a 4.0? Is someone with a 3.8 rating distinctly better than someone rated 3.5?

These fractional ratings caused a lot of wasted time as people argued their particular ratings, strongly believing that they held solid truths of the person that they rated. But, often, they didn’t. The ratings often meant something to the individual who selected a particular rating, but to other folks the fractional ratings failed to convey that someone performed well versus someone who performed poorly. Good managers would instruct folks to stick to N.0 if at all possible, and N.5 ratings if someone just had to use a fractional rating. And avoid, at all costs, any other fractional values. Be decisive!

Thankfully, fractional ratings don’t exist any longer (to the relief or complaint of many). But I think the point illustrates the problem with rating a book: fractional ratings reflect that folks have a hard time being decisive with their ratings. Perhaps they enjoyed a book, as a whole, but that dragon/donkey scene really took them out of the story. A 4.5 absolves someone of choosing between loving a book with a 5.0, or liking it strongly, with a 4.0. It is an avoidance maneuver to own up to a rating.

I suspect that books with harder material, diction, or thematic elements routinely receive lower ratings. They may not be bad books given time and energy, but they may make the collective readership uncomfortable. Or they may be inaccessible. And therefore the lower ratings indicate less a book’s intrinsic “goodness” as the ratings reflect how accessible the material in a book is to the wider audience.

A further problem with ratings is that folks often disagree what they mean. I think a 3.0 is a solid, good rating. I’d recommend a 3.0 to a friend. But I have friends that feel that a 3.0 implies a book is awful, that I hated the book. If we can’t agree on what a particular rating means, can we derive any value from aggregate ratings on book sites? Can you reliably use aggregate ratings to pick a good book? I don’t think so.

An aggregate rating of 4.1 would typically indicate that the median rating is fairly high. If we’re lucky, we have some bar graphs that indicate the spread of reviews, so we can determine if the ratings are clustered around 4, or scattered wide between 1 and 5, with the bulk of ratings closer to 4. But that numerical rating doesn’t amount to much if each person rating a book has a personal meaning attached to each rating. What does 4.1 mean if each person has their own meaning for each numerical rating? If we can’t agree that 3.0 is a good book? At best, it means that the mathematical mean of all ratings is 4.1. That’s it. That’s all the information that number could provide. I don’t think that it can provide any deeper information on how well a work is liked, if we can’t agree to a scale.

At the end, the problem isn’t so much that ratings exist. The problems is that ratings exist as different concepts for each person reviewing the item. Without a consistent guide to ratings, without context or meaning, numerical ratings aren’t helpful. Perhaps if folks could agree on a consistent guide, then personal ratings would be helpful. In the mean time, I think the best that each person can do is to find and cultivate reviewers they like or trust for solid ratings and reviews.

Twenty years late to the blogging party, I deployed a blog using a virtual machine on Google Cloud. This article captures the steps I followed, next steps I intend to figure out, and what I’d do different if I did this again.

Registering a domain

Google Domains offers domain registration in a fairly simple process. I opted for a .com for ease of typing and recognition, and because a domain ending in something like .blog costs $30/year, wheras a .com costs $12/yr.

During registration, Google offers an option to register and pay for a Google Workspace. This can be a great for new businesses to access Google tools such as Gmail, Google Docs, Google Drive, and so forth. If you’re used to using Google tools for collaboration, this is a quick way to take advantage of those tools with your own domain name.

Google Workspace offers several different plans. As I don’t intend to replace my personal email with that for my domain name and I don’t want to expose my personal email on the blog, I chose a Business Starter plan. That’s $6/month per user, with 30GB of storage. I expect that will be more than plenty for now.

Deploying WordPress

Google Cloud offers a click-to-deploy option for installing WordPress on a Cloud virtual machine. This option does several things:

• It starts a virtual machine running Debian 10.
• It installs Apache, MySQL, PHP, WordPress, and phpMyAdmin.
• It presents a small tutorial to lead you through configuration tasks.

I found this is deceptively easy. I had a running WordPress install within 15 minutes, but I was left without knowing what exactly was installed, how it was configured, and for software that was installed outside of Debian’s package manager, where that software resided.

I read the support statement in the marketplace before I installed the software:

Google does not offer support for this solution. However, community support is available on Stack Overflow (the link goes to all items tagged with “WordPress”). Additional support is available on community forums (which is a link to WordPress’ documentation, not community forums).

But I didn’t click the links, trusting that they would be helpful (they weren’t). At this point having a pointer on how to configure the installed software, remove optional software installed outside of apt-get, and next steps would be helpful.

Everything after this point is me working without any script, with a bit of an idea of what I wanted, and a lot of things out of order (I could have done without the domain through Google Domains, too, and used Cloud Domains, I suppose).

Obtaining an SSL certificate

I thought I could get an SSL certificate through Cloud Console, but that was because I’d confused a couple of other Cloud products that you can get SSL certs for (Cloud Load Balancing) through Google Cloud.

Since I’m not doing anything so fancy, I used Electronic Frontier Foundation’s EFF Certbot to obtain a signed SSL certificate. You essentially download and run Certbot, and it does the work of obtaining an SSL certificate, installing it, and verifying it.

Certbot needs an exposed HTTP port to complete the installation, though, so that it can test the installation. Changing a virtual machine’s firewall rules in Cloud Console is quite easy.

My only gripe was that I’d expected I could install Certbot via Debian’s package manager, but I discovered that it is installed via a snap package. I have some feelings about Canonical’s use of snap packages, and more so with those packages on a Debian system, that I’m not quite ready to poke at.

Gripes aside, Certbot is pleasantly easy to use. If you need an SSL certificate (and you’re rolling your own little server somewhere), I highly recommend it. When you’re done, consider a donation to EFF.

Updating MySQL and WordPress passwords

Cloud’s Deployment page listed the default passwords set during the initial install. These passwords are for the WordPress and root MySQL accounts, and for the WordPress admin account.

To change the WordPress and root MySQL accounts, I did the following:

1. Connected to the virtual machine via SSH.
2. Ran the following commands, replacing USERNAME with root or wordpress, and PASSWORD with new a password:
   1. sudo mysql -u root
   2. set password for 'USERNAME'@'localhost' = password('PASSWORD');

It’s quite possible that I could have logged into MySQL without sudo (this does seem rather redundant), but I’ve recorded what I used.

Changing the WordPress admin password was a matter of changing it on the Profile page, http://ADDRESS/wp-admin/profile.php.

Disabling access to phpMyAdmin

As I understand it, phpMyAdmin is a web interface for administrating MySQL. I’m happy enough to run an ssh session to my virtual machine and running queries via the command line. I’m also not comfortable exposing my database like this, so I wanted to remove it.

For this installation, /var/www/html/myphpadmin is a symlink to /opt/c2d/downloads/phpmyadmin/. This particular Click-to-Deploy feature avoids using a Debian package. In the interest of avoiding damage to the installation, I first tried disabling the root MySQL user’s access to myPhpAdmin:

1. Connect to the virtual machine via SSH.
2. $ cd /var/www/html/myphpadmin
3. $ sudo vim config.inc.php
4. Added the line $cfg ['servers'][$i]['AllowRoot'] = FALSE; to the configuration file.

Seeing no damage to the WordPress install, I later removed remote access to phpMyAdmin. I figured I could do this and use an ssh tunnel later if I discovered I actually need it. The following are the steps I followed:

Connected to the virtual machine via SSH.

1. cd /etc/apache2
2. sudo vim apache2.conf

3. Added the following lines below existing Directory lines:

   <Directory /var/www/html/myphpadmin>
            Order Allow, Deny
            Allow from localhost
   </Directory>
   

4. sudo systemctl restart apache2

I expect that medium-term, I can delete these four lines from /etc/apache2/apache2.conf and delete the symlink to /opt/c2d/downloads/phpmyadmin/. Long-term, I’d move to deleting everything under /opt/c2d/downloads/phpmyadmin/.

Hardening WordPress

WordPress has a guide to hardening a WordPress installation, or suggestions and avenues that are available to help make a WordPress install less tempting for an attack. I’m not a security expert, but I did follow a few tips.

First, I did the following to harden the wp-includes/ directory:

1. cd /var/www/html
2. sudo vim .htaccess
3. Copied the code displayed at Securing wp-includes into the file.cd.

Then I did the following to move wp-config.php out of the web root directory:

1. cd /var/www/html
2. sudo mv wp-config.php ..

Next steps

Next steps that I intend to figure out at some point include:

• How to backup my WordPress install.
• How to backup the MySQL database.
• How to recover each of the backups.

Final thoughts

If I did this again, I’d follow a different order after the install completed:

1. Change default passwords.
2. Block phpMyAdmin from remote access.
3. Disable root login phpMyAdmin.
4. Apply hardening to the WordPress install.
5. Install certbot.
6. Turn on HTTP(S) at the firewall.
7. Run certbot to obtain and install SSL certificates.