Love and Hate

Spam

One of my favorite funny graphics from the on-hiatus Creating Passionate Users was this one from the entry Be brave or go home. Because on this entry on my blog a few days ago the part of the blogosphere that makes money from ad-embedded themes has been viciously attacking me personally. Attempted assassinations are never fun, at least for the person on the receiving end, but overall I’m happy for a few reasons:

  • Some of the paid links in themes are to the same URLs I see in Akismet, so I know that there is at least some overlap between the people financing these themes and attacking our blogs, and any way we can fight them is good.
  • I know that this is something the majority of the WordPress community has voted for.
  • I am hopeful we’ll stop seeing threads like this in the support forum. “I installed the ecologici theme found here [link to wordpress.net] I customized it, no problems. I went to add my scripts to the footer and found this code…”
  • The attacks sting less when it’s from people who have significant financial interests in seeing sponsored themes continue. They’re just trying to protect their money.
  • That they’re making so much noise is an indication we’re doing something meaningful.
  • The attacks sting less when they’re from people with questionable personal practices. [1]

Still, there is a lot of hard work ahead.

[1] For example one attack post from “Franky” on a blog called Wisdump (didn’t that used to be run by the awesome Paul Scrivens?) I noticed it was loading a little slow, then I saw pingomatic.com in my address bar. I looked at his source and saw he had embedded a 1×1 pixel iframe loading the ping page for Ping-O-Matic on every one of his pages. I must admit this is clever, it utilizes the distributed network of everyone who visits your site to attack Ping-O-Matic and spam the ping servers, and of course IP blocking is useless because it’s coming from the regular folks on your site. But it is also extremely skeevy. (And I believe a little bit of JS on the ping page should fix that right up.)

Cool Touch Interface

Video, ,

While reading Michael Arrington’s essay Why Desktop Touch Screens Don’t Really Work Well For Humans I came across this video, which I thought was pretty cool.

Hopefully this whets your appetite for whatever comes out of Apple tomorrow. Should be an interesting day for WordPress.com as well: whenever Apple does a major announcement we blow past all our previous traffic records. The current one-day record is 63.5 million pageviews.

Dubai Timelapse

Essays, Video

A month or so ago I got a tilt-shift lens (Nikon PC-E Micro Nikkor 45mm f/2.8D ED) and one of the first things I wanted to try was interval shooting to make a stop-motion like tilt-shifted video like these awesome ones from Australia photographer Keith Loutit. Haven’t quite figured out how to make them look that cool yet but here’s one of the first efforts, taken from the Burj Al Arab looking down at its car entrance at night. Watch how the lights come in and out of focus, and how fast the cars are at the intersection. The video is available in full HD if your computer can handle it just toggle it in the top-right and go full-screen.

Big thanks to Michael Pick of WordPress.tv fame for doing all the video magic here.

Rita Update

Uncategorized

Thanks everyone for your kind words. I just got through to my Mom on her cell phone, which has been tricky because the circuits are always busy. I’ve also been told people are having trouble getting to my cell which is a Houston number even though I’m on the other side of the country. Anyway she and my father are still in traffic in Houston, after leaving over 15 hours ago. When I drove from Houston to San Francisco 15 hours of driving was about 60% of the way to California. They were extremely lucky to get some of the last gas from a station before it closed, it seems everyone’s cars are dying because none of the gas stations along the evacuation routes have any fuel. They had to wait in line for 2 hours to get gas.

AJAX and CSRF

WordPress, , ,

When working on some new AJAX features for bbPress and WordPress we’ve noticed that AJAX requests don’t seem to send HTTP_REFERER values. We check referrers as one level of protection against cross-site-scripting, or XSS, so when they’re not set we aren’t able to use that value. How are most people using AJAX protecting against XSS? It seems the same things we’re doing to make things easily accesible in a dynamic fashion are also opening new vectors for attack.

Ning to BuddyPress

Asides

JJJ at BuddyPress has some Helpful Resources for Ning Users. I’ve seen smaller startups rush to fill the space left by Ning’s announcement they’re getting out of their free tier, but honestly if a company with $120,000,000 in funding can’t figure that business out, I wouldn’t hitch my horse to a company with $5-6M. It’s better to get a $10/mo hosting account you know will be around forever and install BuddyPress and have complete and total control over your network, from the domain to the source code.

Thirty-Four

Asides

I am very thankful and grateful to have made it through the past year, which was a really special one personally and professionally. I learned to open myself up more to relationships, continued aspiring to be clear and direct with yellow arrows, and worked alongside some incredible people to tackle the biggest and hardest problems, whether it was getting plugin and theme support on WP.com or the start and growth of Gutenberg.

I read a lot more books, traveled 337k miles between 91 cities, spent more time in Texas, kept my health in a good balance with weight training, running, and a better diet including several months of 16/8 intermittent fasting, while still getting in some excellent meals with friends and loved ones (up to 58% of top 50 list). As I’m solidly in my mid-thirties now, and I want to continue to live by: all things in moderation. I consider what I do with WordPress and Automattic my life’s work, and hope to continue it as long as I’m useful. Some days I pinch myself.

Thank you to all of you on this journey with me. I am imperfect but trying my darndest, and I’m lucky to have friends and colleagues doing the same.

All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41.

Those Other Lawsuits

Personal

It’s a heavy day, and I’m sad to write this. Not sure where to start.

In 2022, a lawyer recruited two people who took care of my Mom—an assistant and one of her dozen nurses—to resign and demand a million dollars each, or they would publish horrible things about her in a lawsuit. I refused. The lawsuits were filed. Luckily, the accusations are so sick, twisted, and outrageous that they refute themselves. There’s some weird sex stuff, and also claims that my Mom is racist. I am sad for whatever mind could even imagine such things.

I won’t link or quote them because they don’t deserve that, but the lawsuits have been part of the public record and available to anyone with a web browser since 2022. The lawyer sent them to every major media publication and gossip rag. You’re just hearing about them now because any journalist who spent five minutes calling around easily saw how spurious the claims are and didn’t run with the story. They’ve been dredged up as part of the smear campaign against me in my battle with Silver Lake and WP Engine.

My advice for any other founder: As you gain wealth this may happen to you with household staff as well. Never settle. It just creates an incentive for more people to make stuff up. Even if it’s messy, fight the claims in court as I am doing. It’s the only way to deter people trying to make a quick buck. These cases are common, and the media is used to them.

Now for some good news! I’m happy to report that since these two people left, my Mom has had no errors in her medication (previously, she had to be hospitalized twice and almost died because of medication errors). She’s back to the weight she was in her 30s and isn’t in a wheelchair all the time anymore. She’s just moved into a new home we’ve been remodeling together for the past 5 years. She still has 24/7 RNs, but the new nurses have been fantastic and feel like an extension of our family. We’re looking forward to celebrating the holidays together with my sister, lifelong family friends like the Ornelas family, Mom’s four dogs, and some of my fifteen godchildren who live in the area.

I may be wrong or dumb about many other things, but I sincerely believe in the sanctity and beauty of every human life, regardless of any background. We are all God’s creation. My Mother taught me these values, and I have done my best to uphold them in my life’s work building open source, WordPress, and Automattic. It’s part of why I give so much back.

Out of Commission

Asides

I’m going to be a bit slow or absent on blogging and email for a few days because I’ve injured my left hand and my thumb is in a splint which makes it pretty tough to type. (One-handed mostly.) There is a ton I want to write about, but the doctor said pushing it too hard might aggrevate the injury, so it’ll mostly have to wait. To keep things interesting around here I’ll send a WP.com invite to whoever comes up with the best story about how I did it.

Facebook McAfee

Open Source

Facebook is offering its users a 6-month free trial of McAfee and promoting it heavily, and even forcing people to run a scan before they can reactivate a hacked account. They’re “not aware of another free Internet service that takes this much responsibility for helping people keep their accounts secure.” (Didn’t Google promote McAfee through Google Pack at one point?) I think this is a laudable step, more security is intrinsically good, but I have to suspect this is more about revenue than security. They will probably make many millions of dollars from their users installing or buying McAfee as a result of this.

Modern versions of Windows include free tools like Defender which are just as good and appear to have less of a performance impact on the computer. But if they really wanted to have a long-term impact on desktop as a vector for attack on web services I’m surprised they didn’t start, sponsor, or promote an Open Source equivalent of McAfee. This seems like a space very well-suited to address with an OS tool in the digital commons, much like a Windows anti-spyware equivalent of SpamAssassin, with self-updating rules and a completely transparent process.

State of the Word, 2017

I really enjoyed connecting with the WordPress community in Nashville this previous weekend. On Saturday I delivered the State of the Word presentation alongside Mel, Weston, and Matías. There’s always a post-event buzz but I definitely noticed a change in tenor of people’s thoughts on Gutenberg after the presentation and demo. The video is above, check it out when you get a chance.