The process of buying the Apple iPhone was pretty easy. Glenda and I walked into a store in Daly City at about 8:30 PM and each ordered one, and walked out. No lines. The device is physically much more elegant and smaller than I expected, and the iTunes-integrated signup process was fairly smooth. However, it’s been hours now and still no activation, which means I have a very expensive paperweight, which is worse than not having it at all. Update: Approximately 16 hours after my inital setup, I now have a working phone. I was contemplating taking it back, but I’m glad I didn’t.
Man goes to hospital for headache, discovers bullet. Haven’t we all had those days?
I’m in Dallas where I saw The Police with my sister. (The tickets were her birthday present.) Afterward I was checking out their respective website and it looks like Andy Summers, the guitarist, has a WordPress blog. His site also has some interesting essays and photography.
Walt Mossberg has his review of the iPhone up, with an accompanying video. I would also link to the NY Times review, which had some differing opinions, but when I went back to the page to get the link it wanted me to login. Welcome to 2007. Both Mossberg and Pogue dug the keyboard… after a few days.
Google apps now supports importing mail from IMAP, which means for me it just got 1000x more interesting. I have a Gmail account I use purely for archival but I only started a few months ago and so I often just resort to
grep for searching the years of archives before that.
I just read on Detlog there is a WordPress Japan meetup in Okayama on July 1. I just got a copy of a new Japanese WP book and it looks pretty neat. I’d love to make it to Japan and one of these meetups someday.
Web storage sites loom as next big thing says CNET… in 1999.
Wincent Colaiuta has no problem throwing flames at WordPress, but doesn’t see fit to enable comments. (Apparently disabled to make Movable Type more secure.) His table-layout blog isn’t too notable but it got linked from Daring Fireball so a lot of people saw his article trying to draw the line between a routine point release and encouraging people to never use WordPress on the public internet. Here are a few points for thought in response:
- The SQL problem in 2.2 requires both registration to be enabled (off by default) and the blog to be upgraded to 2.2. It is a serious problem but I’ve heard of fewer than 5 exploits from the flaw. Even if you assume there are 100 blogs for every one we heard about, that’s still an incredibly small percentage of the millions of WordPresses out there, especially considering, as Wincent points out, the problem has been in the public for a while now.
- Getting people to upgrade web software is hard. We work as best we can with hosting companies, but a consideration is that it’s best to roll several security fixes into one release. It’s not responsible to do a release if we know of another problem, so sometimes there is a lag between an initial report and a final release, not to mention the testing required of a product used as much as WP.
- Wincent digs up the server crack that modified the files of 2.1.1 for a few days. Ignoring the fact that it was a server issue and had nothing to do with WordPress the software, we actually had NO reported exploits of the problem. (Though I’m sure there are at least a handful out there with problems, it wasn’t enough to hit our radar.) Despite that we took a hit and publicized the issue as much as we could to get the word out.
- Also about 2.1.1, the problem was found through someone proactively auditing the codebase.
- Finally Wincent says of WP “[a]nd if you insist on installing it, then you need to watch the trac like a hawk.” You would think complete transparency of the problems (it was on our bug tracker and mailing list) would be a good thing, especially considering the software Wincent uses doesn’t have a bug tracker, and the only way to submit a bug is through a contact form.
We can and do review new code for problems, and pick the vast majority up before any releases. I think the real issue though is not that WP has bugs which are sometimes security related, which all software not written by djb does, but that the mechanisms for updating complex web software are a pain. Right now the best experiences are probably with folks like Media Temple or Dreamhost that have pretty foolproof one-click upgrades and are quick with updates.
Making notification better and upgrading more painless for people not lucky enough to be on a host like that are problems with some very clever minds on them, and I’m confident that we’ll have good progress toward each in the next major release of WP.
Finally, I suppose we could act more like our proprietary competitors and try to downplay or hide security issues instead of trumpeting them loudly in our blog, but I think the benefit of having people well-informed outweighs the PR lumps we take for doing the right thing. I truly believe talking about these things in the open is the best way to address them.
In some ways it’s a good problem to have. When a product is popular, not only does it have more eyes from security professionals on it, but any problems garner a level of attention which is not quite warranted by the frequency of the general event, like Angelina Jolie having a baby. There are certainly things intrinsic to coding that can make software more or less secure, but all things being equal the software with the most eyes on it, which usually means Open Source, will be the most robust in the long term.
Jerry Yang announced he was becoming Yahoo’s CEO on Yodel Anecdotal, their WordPress blog.
Mike Davidson: How To Keep Widgets From Slowing Down Sites: WEDJE. I’m thinking about making this a requirement for all external widgets on WordPress.com.
Raanan Bar-Cohen is joining Automattic from Dow Jones. He’s got a disclaimer in his sidebar, “This site is not maintained utilizing the author’s employer’s resources or on company time.” Little does he know that blogging on company time is a requirement here. 🙂
Wifi is pretty much a given these days, I want to see a website about which airports have the best power outlets.
Podcast #10 is up with my sister Charleen. We talk about the art of TV shows, covering Heroes, Battlestar Galactica, Firefly, Buffy the Vampire Slayer, Angel, Babylon 5, Veronica Mars, Stargate SG-1, Stargate Atlantis, Supernatural, Alias, Lost, Joss Whedon, and more. This is a long one, clocking in at 12:46, but the file size is only 3.9mb. Here’s Charleen’s blog. Enjoy!
Alex Shiels, known as zem in Textpattern, is joining Automattic. He’s our first troublemaker from Australia.