Monthly Archives: July 2007

Litepost Email App

Litepost is a new open source web application that’s taking a new approach to the long-ignored realm of webmail. The state of online email has been advanced enormously by Gmail and Yahoo in the past two years, but the webmail apps, particularly the open source ones, haven’t responded in kind. Litepost is worth keeping an eye on.

WordCamp Roundups

I’m still recovering from the conference this weekend. It was really amazing in both the people who attended and the quality of the presentations. Anyone have a good roundup post or liveblog any sessions? Leave it in the comments. The session pages are picking up pingbacks but seem to be missing some good stuff.

WordCamp Events Friday

There are two events happening before WordCamp officially kicks off on Saturday. Tomorrow at 1 PM there is a meetup at Crossroads Cafe which should be a lot of fun. And then at 6:30 there’s a dinner meetup organized by Niall at a neat place called Taylor’s Automatic Refresher, which is an outdoor beer and burger place at the Ferry Building. (Same place we met last year.) It’s cafeteria style, and we’ll be outside chatting. San Francisco evenings tend to get chilly near the water so bring a jacket.

Screencast and Videoblogging

The Show in a Box project has made a screencast called How To Install And Setup WordPress. According to Jay Dedman, “ is our new project to help videobloggers simply download a folder, install, turn on plugins, and choose a theme. All open source. Basically make the “ultimate videoblogging platform using WordPress”. It’ll showcase videos using vPIP, build a visual archive, help with categories, and offer a community funding mechanism.” Cool!

Theme Quality and Downloads

There’s been a common argument that sponsored themes are higher quality because they were paid for and removing them from the theme directory will make it suck. While I find this argument insulting to the designers who have put their work out there without sponsorship, and having personally looked at hundreds of them I had a general feeling that most sponsored themes were junk, I didn’t really have any data.

Well I ran a few queries against the theme viewer DB a few minutes ago and found out some interesting stats:

  • We’ve removed 2,107 themes so far, or a bit under 60%. Those themes had 2,243,735 downloads total, or about 1,064 downloads per theme.
  • There are 1,737 themes still in the directory and those had 3,480,244 downloads, or about 2,003 downloads per theme.

(There may be some spam themes still left in the 1,737 number, but I think we’ve gotten most of them. The reports have slowed to a trickle.)

So if you assume downloads are a measure of the public interest in a theme, then non-sponsored themes are about twice as popular as sponsored ones.

Of course you might not accept that assumption, and the data is fuzzy, and there are certainly a handful of sponsored themes that are very high quality, but overall the indications are that they were a net drain on the site. Rather than making one-off exceptions to the no-sponsored-themes policy and being accused of favoritism or of having ulterior motives* I’d rather spend time doing things to reward and encourage the people who are making high-quality themes without embedded advertising.

* Which we get enough of already.

Price of Freedom

I got asked an interesting question today:

The only thing why (at least) I encode the footer is to prevent people from removing my designer link. I usually spend around 6 hours designing the graphics and coding the theme and some people simply take my link off and some of them even dare to write that the theme was designed and coded by them! How would you feel if someone took your WordPress script (since it’s free) and said they made it? Wouldn’t you like to bite their head off?

The response became too long for a comment, so here it is:

Kate, thousands of people every day remove the WordPress link, or my link, or search and replace the WP logo with their own and redistribute it, use it to spam, distribute hate speech, or any number of awful things you can imagine. So why have hundreds of people spent thousands of hours working on it?

Though the freedom intrinsic in the GPL that has allowed people to abuse WordPress it has allowed even more people to do amazing things and over time the good far, far outweighs the bad. Most importantly I feel like WordPress would have never gotten off the ground if it hadn’t been open from the beginning. (In fact there were several more functional blogging programs started around the same time that have since withered away.)

Ultimately I know our software isn’t going to change anyone’s spots. Good people will do good things with it, and bad people will do bad things with it — regardless of any protections I put in place. Windows Vista, a multi-billion dollar enterprise, was cracked within days. Does any piddling encoding I can do in PHP really matter? If protection like that isn’t broken it’s a statement of popularity, not security. I suppose could harass the bad guys, shut down their host, send them scary letters, but it’s just going to stress me out and like cockroaches they’ll pop up someplace else. I also know that most projects, software, and ideas die from obscurity, not piracy.

If you accept that bad people are going to be bad then the real question becomes how do you maximize the effect of the good instead of treating them just like the bad. (No one likes to be treated like a criminal.) In my brief experience here’s three things that work:

  1. Give people the tools they need to succeed. This can be interpreted on a lot of levels, but personally I’ve found at the most base the freedoms provided by the GPL and other open source licenses are incredibly empowering.
  2. Celebrate the successes. Talk, connect, promote, and embrace the people who are creating things on top of your creation. (The best revenge against someone doing something bad is helping create something awesome.)
  3. Provide a way for people to choose to help you, and try to remove as much friction from that process as possible. Now that you’ve ignored the bad people and delighted the good, by their very nature they’ll want to give something back.

The success stories around this model are numerous and growing every day. People can and do rip-off the entire Wikipedia, but it’s still become one of the top ten sites on the internet and a marvel of what can happen when you let go. (Not to mention it is run entirely on open source software.) WordPress itself was built on top of a pre-existing GPL product called b2/cafelog. Anyone can run the software behind our hosted service and create competitive sites, and many have, but it hasn’t hurt us one bit. Linux, GNU, and the thousands of related desktop projects haven’t taken a bit longer than folks had hoped, but the impact they’re having, especially on emerging economies, is dramatic. The list goes on and on. It’s not hard to join the movement, but first you have to figure out who you’re fighting, who you’re trying to help, and if the price of freedom is something you’re willing to embrace.

Guardian on Splogs

The Guardian: Why Google is the service of choice for sploggers examines spam, splogs, Blogger, and As you may tell from the title, it’s overly harsh on Google, but nonetheless has some interesting commentary and information. Like I said last time someone wrote about this, I would never suggest is splog-free because I delete too many of them myself, but it is a problem we take very seriously and are ever vigilant against.

Love and Hate

One of my favorite funny graphics from the on-hiatus Creating Passionate Users was this one from the entry Be brave or go home. Because on this entry on my blog a few days ago the part of the blogosphere that makes money from ad-embedded themes has been viciously attacking me personally. Attempted assassinations are never fun, at least for the person on the receiving end, but overall I’m happy for a few reasons:

  • Some of the paid links in themes are to the same URLs I see in Akismet, so I know that there is at least some overlap between the people financing these themes and attacking our blogs, and any way we can fight them is good.
  • I know that this is something the majority of the WordPress community has voted for.
  • I am hopeful we’ll stop seeing threads like this in the support forum. “I installed the ecologici theme found here [link to] I customized it, no problems. I went to add my scripts to the footer and found this code…”
  • The attacks sting less when it’s from people who have significant financial interests in seeing sponsored themes continue. They’re just trying to protect their money.
  • That they’re making so much noise is an indication we’re doing something meaningful.
  • The attacks sting less when they’re from people with questionable personal practices. [1]

Still, there is a lot of hard work ahead.

[1] For example one attack post from “Franky” on a blog called Wisdump (didn’t that used to be run by the awesome Paul Scrivens?) I noticed it was loading a little slow, then I saw in my address bar. I looked at his source and saw he had embedded a 1×1 pixel iframe loading the ping page for Ping-O-Matic on every one of his pages. I must admit this is clever, it utilizes the distributed network of everyone who visits your site to attack Ping-O-Matic and spam the ping servers, and of course IP blocking is useless because it’s coming from the regular folks on your site. But it is also extremely skeevy. (And I believe a little bit of JS on the ping page should fix that right up.)

On PHP has announced that they will stop development of PHP4 at the end of this year, and end security updates on 2008-08. (In 2007, their site still doesn’t have obvious permalinks. They do have a RSS 1.0 feed though, remember those?)

PHP 4.0 was release in May of 2000, by 2004 when the first version of PHP 5.0 was released, PHP 4 had achieved complete dominance and was completely ubiquitous in both script and hosting support.

Fast forward 3 more years and PHP 5 has been, from an adoption point of view, a complete flop. Most estimates place it in the single-digit percentages or at best the low teens, mostly gassed by marginal frameworks. Even hosted PHP-powered services who have no shared host compatibility concerns like 30boxes, Digg, Flickr, and, have been slow to move and when they do it will probably be because of speed or security, not features.

Some app makers felt sorry for PHP 5 and decided to create the world’s ugliest advocacy site and turn their apps in to protest pieces at the expense of their users. (Hat tip: Mark J.) They say “Web hosts cannot upgrade their servers to PHP 5 without making it impossible for their users to run PHP 4-targeted web apps” ignoring the fact that there isn’t a released PHP app today that isn’t PHP 5-compatible and recent upgrade issues have been caused by PHP itself in point releases. (See WP#3354.) It’s easy to always promote the newest thing, but why, and is it for us or our users?

Now the PHP core team seems to have decided that the boost their failing product needs is to kill off their successful one instead of asking the hard questions: What was it that made PHP 4 so successful? What are we doing to emphasize those strengths? Why wasn’t PHP 5 compelling to that same audience? Are the things we’re doing in PHP 6 crucial to our core audience or simply “good” language problems to solve? Will they drive adoption? How can we avoid releasing (another) PCjr?

I wonder if PHP 5+ should be called something other than PHP. A unique name would have allowed the effort to stand on its own, and not imply something that’s an upgrade from what came before when in many cases it’s just different, not better, from an end-user perspective. Continue to maintain PHP 4 as like a PHP-lite. Make it harder, better, faster, stronger.

For all the noise though, this isn’t a big deal. It’s easy to forget that PHP 4 hasn’t had any real innovation in the past 3 years while at the same time apps and services built on top of it have created some of the richest and most compelling user experiences the web has seen. (Née Web 2.0.) None of the most requested features for WordPress would be any easier (or harder) if they were written for PHP 4 or 5 or Python. They’d just be different. The hard part usually has little to do with the underlying server-side language.

Someday on our mailing lists I hope half the words wasted pontificating on “language version wars,” which are even duller than language wars, go toward design, copywriting, information, performance — the things that truly matter.