I’ve been following the Livejournal hack closely because as someone who runs many services that allow user submitted content, any new developments in XSS are very important to stay on top of. So far the only official technical explanation I’ve seen is here on lj_dev. Since we don’t allow template editing or embedded JS or styles on WP.com I can’t think of any vectors for attack, but you never know with these things. More on moz-binding.
WP Probloggers
Andrew says ProBloggers Use WordPress based on this poll at problogger.net which gives WordPress + WordPress.com about 40%.
Socialtext Spam
(Rant warning.) What’s it called again when you can’t unsubscribe from a service that sends you email almost every day? This is broken:
- I get my daily email about changes in the LoicLeMeur Wiki that I signed up for sometime at Les Blogs.
- “To stop receiving or change how often you receive emails about changes
to LoicLeMeur Wiki, go to: http://www.socialtext.net/loicwiki/emailprefs “ - Redirects me to this URL.
- It appears that I am logged in. I change my preferences to “Never”
- Of course when I go to my settings it shows me as “user78247”, so I didn’t actually cancel my subscription, it just showed a stupid subscription page to me even though it obviously doesn’t have my email address right now and I’m not logged in.
- Okay, click the “log in” link.
- Type in email and password.
- I am now mysteriously redirected to the FOAFnet wiki, which hasn’t been touched in like a year. NO IDEA WHY.
- Wait, the top still has a login button, but also a settings button?
- Settings takes me to the user page for “user19254”, even though I JUST LOGGED IN.
- Okay, click login again.
- Now I’m redirected back to the FOAFnet wiki again but this time it shows me as being logged in.
- Where the heck do I go now???
- I go back to the Loic wiki via the address bar.
- It says login in the top right corner again.
- I enter my information, and am redirected by to the FOAFnet wiki. I can sense the wiki mocking me.
- Okay, maybe if I go back to my settings page where it worked.
- It forces me to login to the FOAFnet wiki AGAIN even though I did just SECONDS AGO.
- I now am logged in, I click on settings and go to “My Workspaces.”
- It only shows the FOAFnet wiki, even though I know I’m a member of the Loic one because I GET EMAILS FROM IT EVERY DAY.
- Also now for some reason every Socialtext wiki I try to visit, like this one from Web 2.0 conference, redirects me back to the FOAFnet wiki. (cue blood-curdling scream)
Any suggestions? I would just dev/null them in my procmail, but I prefer not to do that to legitimate companies. At what points could the user experience be improved?
(And yes, I have reported this problem to them. I demonstrated it in person in August 2005 at BarCamp. It’s January.)
Update: Socialtext responds in the comments. “[T]his morning we disabled email notifications for all the public wikis on our site, due to the confusion people had when trying to turn them off.” A thoughtful, effective, and quick response.
Mashpit
Yesterday I participated in an event called Mashpit with some interesting folks and with Cal and Alex built a version 0.1 of a translation manager, the idea being that people can submit translations for phrases in a moderated wiki-like manner, allowing for community translation of projects large or small. It was a lot of fun and very rewarding to get something functional done in such a short period of time.
Hindsights
Guy Kawasaki on hindsights, a great non-tech read for everybody.
Zeldman on Hype
Building 9rules
Building the 9rules network (using WordPress). Some very interested ways of stretching WP far beyond a CMS or blogging script. First of a series.
Scaling Megaservices
Great interview of the guy running Hotmail, he talks a lot about the scaling of megaservices and some of the concerns of managing tens of thousands of boxes. What would you give to hear a similar interview by his counterpart at Google or Yahoo? Fascinating read.
Ping-O-Scratch
It is amazing Ping-O-Matic has handled as much traffic as it has thus far, but it really wasn’t conceived with these levels even imagined. It hasn’t had a good update since it was doing 20-30 reqs/second. Time to rip it out and start from the ground up. I’ll blog about it again when the new system is ready.
Automattic Toni
Another nice birthday present! I have no idea (really) how he got this, but Om has the scoop on Yahoo VP Toni Schneider leaving to join Automattic. We were originally going to announce this at the end of the month when Toni actually left but I guess now is as good a time as any. ๐ Toni was the CEO of Oddpost and after joining Yahoo led, amoung other things, their really cool developer network.
I first met Toni shortly after I moved to San Francisco and I’ve wanted him to be a part of Automattic pretty much since the idea first entered my mind. We’ve spent many long meals over the past year discussing the Automattic idea before it even had a name. I’ve been on cloud nine since (somehow) I convinced him to leave the incredibly cushy corporate job and rough it out in startup world again. I’m very very excited about some of the things coming down the line.
Update: Toni has blogged about it here. He also has a WordPress.com blog that used to have a bunch of cool cars on it, hopefully that’ll come back somewhere. ๐
Update 2: It’s on Digg, and I’m curious what linking to the Digg story will do. Digg it if you think it’s interesting.
dotorg
A birthday surprise! The watch I had on PhotoMatt.org came through and now the domain will start redirecting to PhotoMatt.net as soon as the nameservers change over. Now people can stop asking me about that weird .org guy.
Matt 2.2
We’re very proud to announce the final release of Matt 2.2, a full year in the making since the last major release. This version includes dozens of enhancements ranging from DSLR support to the new facial hair module (which we could never quite get to work in previous revs). The knowledge base has been expanded, though it’s still a bit light on the experience benchmark. We’ve also fixed that bug that was around since about 1.7 where it thought the knowledge base was already full. Now it knows more, but knows it knows less. Short-term RAM is still a little flakey. Email processing is also still slow, but the “piano” and “reading” plugins have come a long way. This version also runs without a support contract from a major corporation. Most people surveyed agreed this was a solid upgrade, but we know there’s a lot of work left to do still. We hope to continue listening to feedback and keep up the regular release schedule.
All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40.
SxSW Meetup
A tentative WordPress meetup for SxSW is starting to come together, the date and time may change, so sign up if you’re interested. This is also the first time I’ve used Upcoming and I must say it’s pretty slick.
WP.com Performance
It’s nice when people notice these things. There are a few more performance changes planned that may help even more, even while we’re adding more than a thousand blogs every day. Right now we’re in noodle mode, throwing things against the server walls and seeing what sticks. ๐
Newsforge on WP
Newsforge thinks WordPress 2.0 is better than ever. Aw shucks. ๐ There is still a lot of work to do still, nice reviews are great but we’re still working our butts off on the next version.
WSJ On WordPress
It’s a new year and new people are using WordPress. On the heels of About.com and the New York Times, the Wall Street Journal has launched a new law blog powered by WordPress. Hat tip: Blog Herald.
Home Sweet Home
I’m back in San Francisco. This normally wouldn’t be a big deal, except I left at the beginning of December. It has been an exciting month, and I had the pleasure of meeting WordPress users from all over the world in person. I also learned a ton about efficient traveling and getting work done on the road. All great fun, but I am so happy to be back in my own place.
Happy New Year
Happy new year everybody!
Taken on the way to Times Square in New York City.
Commercial Akismet
Blog Herald asks about WP plugging a commercial project, namely Akismet. One of the lessons I learned from Ping-O-Matic is that web services like this can grow far beyond what you anticipated, need a lot of attention, and can be expensive to maintain. (Akismet has to be really fast otherwise it bugs people and delays commenting.) You also have a social contract with all of your users to continue to provide a service they’ve all come to rely on. When Akismet first got started, I wasn’t at all worried about the technology — I was using it myself and it worked great. I spent most of my brain cycles planning out how the service could be economically independent and self-sustaining in the future, so it could thrive and provide a great service to the public without relying on charity. I had to balance this with my desire to just give everything away (as I usually do).
I’m happy with where it eventually ended up. The Pro-Blogger limit was set very high and the vast majority (over 99.9%) of people use Akismet at no cost whatsoever. I’m able to justify devoting my time to the service while still putting bread on the table and the larger blogger community can stop dealing with disgusting spam on their blogs. The technology has scaled incredibly well and even before the Yahoo deal Akismet had a bright future. Also the API and the plugin itself is completely open so people could clone the API or modify the plugin if they wanted. The service just hit its first major milestone, has been embraced by the development community, and I’m confident now that it will continue as a public service. I think it’s also providing something pretty valuable, as evidenced by the people who have been buying Pro-blogger licenses just to support it, not because they fall under the commercial terms.
Northen Voices
I’ll be speaking at the Northern Voices conference in a few months. Will be my first time in Canada.