Category Archives: Press

Interviews, profiles, and media coverage.

New Spring Design

Meta, Press, Quote, WordPress,

Time to come out of your RSS readers and visit the site. In celebration of Spring, Summer, the new domain, and WordPress 2.5 I’m launching a new version of Photo Matt / Ma.tt. Here’s a before and after picture:

Old and new ma.tt

A couple of functionality changes you’ll notice:

  • Thumbnails and photos are now much larger. (Especially photos, now 840px wide.) Imagine it like going HD, you’ll definitely enjoy it more on broadband.
  • I’ve brought back the photo tech details like aperture and focal length.
  • In addition to posts and asides, I’m now doing new post types: galleries, quotes, videos, and highlight photos.
  • You can now click on a photo to go to the next one, making  browsing galleries easier.
  • The header is a lot shorter, so you get to the content faster. You can’t say I have a big head anymore. 🙂
  • I’m starting to use the new taxonomy bits in 2.5 to tag people, places (geotagging), things, and concepts in the various photos. (More on this later, still a bit broken.)
  • This is the first iteration of this site that is powered entirely by WordPress. (I know, 5 years late. The cobbler’s children go shoeless!) Before it was a cobbled together set of PHP includes and software like Gallery. Now 100% WP.
  • Gravatars are much more prominent. I wonder if there’s a way to only allow comments from people with Gravatars? It looks so much better.
  • Name has changed from Photo Matt to Ma.tt, tagline is the same.

The fine design was executed by Nicolò Volpato, the same talented fellow who did the last design. My concept was to evoke Spanish talavera, inspired by my trips to Spain and Argentina and pottery at my parents’ house like this, this, and this. It was a lot of fun to work with Nicolò on and I already have a few ideas for Fall. 🙂

I’ve been noodling on the implementation for months now. Last night I had just arrived from New York and it turned out the Jay-Z/Mary J Blige concert in Oakland got postponed so I found myself with a bit of time on my hands and decided to tie up all the loose ends. There are still a ton of things broken like the photo border on portrait images, I still have 15k old photos to import, and you may see the old design on some older pages, but I wanted to get it out there. There are also some weird things, like Firefox seems to back the background image blurry while it’s razor-sharp in IE and Safari. I feel like I’ve seen that somewhere before.

Finally I’m hoping to release a lot of the work I did here, including a version of the old theme, the plugin + script I’m using to resize all my old images on the fly, the taxonomy stuff, and some core improvements to WP to make some of the things I’m doing here easier. (I got lazy and did some direct SQL queries, etc.)

On Sphere

Press, , ,

Sphere has found a home at the prescient AOL, as talked about on their blog, GigaOM, and Techcrunch. Sphere is a great company and the folks who made this happen at AOL will look like rockstars as the team continues to execute on their vision of tying the web together through lateral navigation. Disclosure, as it says on my about page, I was an advisor to Sphere and we’re cousins in the True family.

SecurityFocus SQL Injection Bogus

Press, Spam, WordPress

Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely content-free, except for making claims that every version of WP since 2.0 is vulnerable.

Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.

A valid security report looks like this, it usually includes sample code and a detailed description of the problem. The WP security team was notified of the KSES problem and it was fixed in 2.5. You can impress your friends by saying whether a security report is valid or not, so it’s a good critical facility to pick up.

All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.) Google has some guidelines as well, what to do if your site is hacked. If I were to suggest WordPress-specific ones, I would say:

Continue reading SecurityFocus SQL Injection Bogus

OpenID and Spam

Press, Spam

Magnolia is going to be restricting their signups to only OpenID users:

Why? Because 75% of new accounts being created there lately have been created by spammers using automated tools. Spammers took over Ma.gnolia. Now, the company is using OpenID as a system of 3rd party verified identity and using the superior spam blocking skills of services like Yahoo! and AIM to clean up the Ma.gnolia ranks. Spamfighting could be the incentive that puts many other vendors over the edge to leverage OpenID.

At best this is a Club solution, meaning it’ll be effective as long as Magnolia is not a worthwhile enough target or not enough people use the technique.

Anyone advocating that a Yahoo, Google, or AOL account is going to stop spam signups, sploggers, or anything of the sort is out of touch with the dark side of the internet. The going rate for a valid Google account is about a penny each. For $100 get a text file with 10,000 valid logins and passwords, and go to town. We used to require email verification to signup for WordPress.com, and the vast majority of splogs were coming from Gmail or Yahoo email addresses, hundreds of thousands of them. Myspace and ICQ are both good examples of completely closed identity systems with registration barriers but still overrun with spam.

Each of the big guys probably has an anti-abuse team larger than all of Magnolia fighting these spam signups, but it obviously hasn’t been effective. In theory you could blacklist OpenID providers but who’s going to block Google and Yahoo and even if they did they’re just pushing the problem outward, to the point where spammers eventually run their own identity providers, and if you think they won’t come from millions of unique registered domains look at your comment spam queue.

OpenID has a ton of promise for the web — let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not. Regardless of registration, identity verification, or CAPTCHA, you still need something working at the content level to block spam.

WordCamp Dallas and WordPress 2.5

Press, WordPress, ,

The talk this morning at WordCamp Dallas was quite enjoyable. The audience here is very sharp and on-point, there was a ton of participation and great questions. They also had delicious Rudy’s BBQ for lunch, which I nibbled at as much as I could. Also (roughly) concurrent with the talk we released WordPress 2.5. Funnily because I kept the edit screen for the announcement open from stage the concurrent editing protection prevented anyone else fom publishing the post! Andy told me after I was done and I pushed the button, but it’s good to know the feature works. 🙂

WordPress is Open Source

Press, Rant, ,

Six Apart has recently decided that the best way to win back customers fleeing their platforms is to target WordPress, which is a new strategy they call competing. (What have they been doing the past 7 years?) A good example is this exchange between a commenter on Valleywag and Byrne Reese, the lead developer of Movable Type:

Sundown: “@anildash: what part of WordPress is not open source?”

byrnereese: “@Sunnduwn – I think that is a question better asked of Automattic. Anil, and certainly not Six Apart, has never been briefed, nor has anyone for that matter been presented with an accounting of what is open and closed source at Automattic.”

Okay, here’s some accounting:

WordPress is 100% open source, GPL.

All plugins in the official directory are GPL or compatible, 100% open source.

bbPress is 100% GPL.

WordPress MU is 100% open source, GPL, and if you wanted you could take it and build your own hosted platform like WordPress.com, like edublogs.org has with over 100,000 blogs.

There is more GPL stuff on the way, as well. 🙂

Could you build Typepad or Vox with Movable Type? Probably not, especially since people with more than a few blogs or posts say it grinds to a halt, as Metblogs found before they switched to WordPress.

Automattic (and other people) can provide full support for GPL software, which is the single license everything we support is under. Movable Type has 8 different licenses and the “open source” one doesn’t allow any support. The community around WordPress is amazing and most people find it more than adequate for their support needs.

Movable Type, which is Six Apart’s only Open Source product line now that they’ve dumped Livejournal, doesn’t even have a public bug tracker, even though they announced it going OS over 9 months ago!

I had held off criticizing them after they went OS and before they decided to start an all-out confrontation because that’s not generally what OS projects do to each other.

For as long as I can remember the WordPress about page has linked and thanked Movable Type for ideas and inspiration.

Movable Type once led the market, it had over 90% marketshare in the self-hosted market. Now they call “pages” and “dynamic publishing”, features WordPress has had for 4+ years, innovation and you still can’t do basic things like click “next posts” at the bottom of home page.

For the record, I’m glad they’ve taken the license of MT in a positive direction that prevents them from betraying their customers like they did with MT3, but they have a long way to go before the project could be considered a community.

WordPress did 3 major releases last year, we’ll do 3 major releases this year. Along the way thousands of people will contribute, as well as every employee of Automattic. What we build will be greater than the sum of its parts because we’ve been a community and open source from the beginning, and always will be.

Backing BuddyPress

Press, WordPress, ,

Some of you may remember when I wrote about Chickspeak, a WordPress MU-based social network. Andy Peatling, the fellow behind it, later decided to recreate the work he had done as an Open Source effort he called BuddyPress. And it was good.

Today I’m happy to announce that Andy has joined Automattic full-time and we’ll be taking the BuddyPress project under our wing. We will grow it and support it the same way we support WordPress, MU, bbPress, Akismet, and more.

It’s clear that the future is social. Connections are key. WordPress MU is a platform which has shown itself to be able to operate at Internet-scale and with BuddyPress we can make it friendlier. Someday, perhaps, the world will have a truly Free and Open Source alternative to the walled gardens and open-only-in-API platforms that currently dominate our social landscape.

See also: DiSo, GigaOM, Techcrunch, Mashable, Techvibes.