Shure to Break

Asides

I’ve been mostly happy with my Shure E3C headphones, but I only got them because I had some E2Cs which the cable went bad on. Now, right before I get on a plane and need them most, one of the heads just broke off the E3C and I highly doubt I’m going to ever buy a Shure product again, and I’m no longer recommending them to friends. Fool me twice…

Twenty-twelve was an exciting year for Automattic. We added 48 new Automatticians and it’s been delightful to see the effect the new folks have had on the company. We made over 40,000 commits to our various repositories, about half of those on WP.com alone. Contained in those commits are countless improvements to the experience for WP.com, but I’m just as proud of the things we removed and streamlined: the WP.com homepage has been drastically simplified, and a completely revamped reader is launching this week. Engagement started rising again after being flat in 2011. Support responses that used to take days now take hours or less. We added 75M uniques to our our network. There is a demo WordPress app on every iPhone and iPad in every Apple store I’ve visited in the US. (If you contribute to WordPress, show it to your friends next time you’re in a store and say “I help make this!”) We did two acquisitions, one announced, one not yet. It looks like we’ll grow the team by at least another 60 people this year. There’s so much more already done that hasn’t been announced yet or that’s coming that I’m bursting to share, but the surprise is at least half the fun. Stay tuned. 🙂

Weeds in the Garden

WordPress

Under the Iron has an old interview with Scott Johnson that is a good read. Now scroll down to the comments. Dozens and dozens of spam comments. I see this over and over again on MT and s9y sites. What’s terrible is these pages are just as dangerous as dedicated spam blogs. Think about it: I shouldn’t even be linking to it now.

Alex told me the other day about a new type of comment spam he’s been seeing: comments that link to normal blog entries. Well known blogs like Mozillazine. As advanced as tools like MT Blacklist have become, they’re pretty useless in cases like this. Are you going to blacklist Dave Sifry? Molly.com used to have spam comments on her site all the time. Even though she spent a lot of time and effort dealing with them (a daily chore) they only need to be there long enough for Googlebot to index them for the harm to be done. I’m not dogging on MT here, it’s just that there are tens of thousands of MT blogs out there who don’t have any protection and the spammers are targetting them mercilessly. Domain blacklists don’t scale (spammers can have thousands of domains easily and hijack innocent domains) and centralized registration hasn’t shown to be effective except against people who don’t like centralized registration, a group that doesn’t include spammers.

People used to say that WordPress doesn’t get spam comments because it’s not popular enough. I don’t think this argument holds water anymore. It’s true that MT has three to four times as many blogs as WordPress, but Serendipity has an order of magnitude fewer blogs than WP and is highly targetted by spammers. I think WordPress has, through design and luck, done a lot of things right with regards to comment management in general. First we respond to the problem in the core code quickly. Moderation and blacklisting has been in the core for half a year now. All of the WordPress developers are bloggers as well so we’re pretty sensitive to new techniques in use by the spammers. When early versions of WordPress 1.0 advertised moderation was on spammers instantly adapted to that and started searching for blogs that didn’t have the phrases we used, so in the next nightly build for testers I had changed how that worked so it couldn’t be targeted anymore. Then in 1.2 we expanded the already successful moderation to allow powerful regular expressions and target not just the content but things like number of links in a post. Let’s say that somehow two hundred spam comments did get on your blog, which would never happen in the first place because we’ve had throttling for over a year now, you can easily delete hundreds of spam comments at once in under five clicks. We’re not sitting still either, version 1.3 will have emergent registration based on code originally written by Kitten so there is a type of automatic whitelisting going on that spammers can’t duplicate because it uses email addresses like a secret key and WordPress never reveals your email address. (So Dave and Mark, stop leaving fake ones!) The code will be flexible enough to adapt for GPG signing for the ultra-geeky in the audience.

Any of these things by themself wouldn’t be very effective, and each method I’ve listed has its flaws and weaknesses and I know them. Which brings us to what I think the real reason WordPress, despite its explosion of popularity, still doesn’t get the level of spam other tools do: it’s more trouble than it’s worth. WordPress, to spammers, is an unpredictable and moving target. We’re not resting on our laurels, we have another exciting feature-filled release coming just a few months after the landmark version 1.2. The WordPress moderation system can be be toggled to manual mode, which is 100% effective at catching spam, or triggered only when something is suspicious. We’re committed to keeping the cost high and the reward uncertain for spammers which means you don’t have to wake up every morning to filth on your weblog as well as in your inbox. You can focus on what draws us all to this medium, writing and genuine interaction. Here’s a quote from Molly from a comment she left on Keith’s site:

I wanted open comments. In my situation, MT, despite the wonderful Jay Allen personallyhelping me on an almost daily basis to deal with comment spam, I was a major target. My ISP refused to continue dealing with me because the server molly.com resided on was brought to its knees twice due to spam floods. I was spending up to two hours PER DAY to undo the spam much less post.

Since switching to WP, I’ve had exactly five emails sent to me automagically for moderation. 3 of them were spam, 2 were just enthusiastic posts with multiple links from a reader.

Either way, I had instantaneous access to accept or delete those posts.

That’s the sort of thing that is incredibly rewarding about working on WordPress. Knowing that your work makes it easy for someone else to do what they love is one of the greatest feelings in the world. No amount of money or recognition can ever match that.

Back, Feeling Good

Video

I’ve been offline (mostly) for the past week while at Tracker School and over the next few days I’ll be catching up on what happened while I was out. You guys were busy. 🙂 As I pulled into my garage after a long drive this song came on shuffle and I wanted to share it with you guys — Nina Simone’s Feeling Good:

TechCrunch’s Social Responsibility

Spam, , , ,

Mike Arrington on TechCrunch did an interesting thing a few days ago, he asked their readers if they should accept advertising from PayPerPost/Izea. Their readers made the right decision and voted that it would be disingenuous to accept advertising from a company that, in Michael’s words, pollutes the blogosphere. He also notes that TechCrunch is being held to a higher standard than most mainstream media would:

The comments that are most interesting to me are the ones that say we’re selling out if we take their advertising. I understand that we are held to a certain standard (and we hold ourselves to that standard), but it’s interesting that we supposed to do things that would never be asked of MSM.

While I’m sure there’s mainstream media which turn away advertisers because of social reasons, the point that we should hold flagship blogs to high standards is a good one.

On that point, I would encourage the crew at TechCrunch to re-examine their advertising and implicit endorsement of Text Link Ads, which pollutes the blogosphere in the same way PayPerPost does, by selling links with the intention of gaming Google. Just as PayPerPost “posties” were recently penalized by Google and Pagerank was one of the criteria that advertisers looked for when choosing which bloggers to give money to, Text Link Ads has been doing the same thing for years, they’ve just been more explicit about it. (And their corporate site has been penalized in Google for a long time.)

I should also note that if TechCrunch decides that the same reasons it decided to not accept advertising from Izea also apply to Text Link Ads, it’ll be operating at a higher standard than Google itself, who even though its business is directly impacted by the search engine spamming both of these companies practice allows both TLA and PPP to advertise via Adwords and Adsense.

It Feels So Good to be 3

Personal

A birthday present from Google: I have overtaken that other guy and I am now the #3 Matt in the world. Go look at it now, because Google can be a harsh mistress. If things continue to go well I might reach #1 and have to take down all my sites, like I promised.

For those of you commenting on the phantom ping from yesterday, I actually posted something and took it down. Don’t worry, a little editing and it’ll be back.

Twenty-Nine

Personal

A week ago I rang in my twenty-ninth birthday and entered that twilight zone prior to thirty. It was an exciting day, I got to fly a plane, dogfight another, and do some aerobatics like a tumble, which was pretty much the coolest thing ever. Unusually for me, I managed to stay away from my computer the entire weekend, instead spending time eating, drinking, and dancing with a few friends who were also in Las Vegas. I came back online to some very sweet birthday blogs (thank you Lorelle, Austin, and John!) and of course a number of nice messages on Facebook and Twitter. All in all, extremely pleasant.

I travelled more this year than I ever have before, covering 261,077 miles in 292 days away from San Francisco (79 cities, 11 countries).

From the outside my life sometimes can appear crazy, and my 20s have been atypical in many ways, but one of the things I appreciate the most about this past year is that things have been getting less hectic overall. Much of this I attribute technology which I’ve finally gotten to a point where the majority of it in my life serves to allow me to spend doing things I love, like writing, designing, coding, learning, and less time on infrastructure or overhead.

The most interesting thing about twenty-nine so far is I’ve been getting lots of tips from people on how to end my 20s, which usually fall under “go out with a bang” from people currently in their 20s and “don’t worry it just gets better from here” from people in their 30s.

My focus this year will be on simplification and streamlining. As in many years past, I find I’m the most balanced when I take time every day to read, especially in the morning, and as an additional resolution this year I’m trying to watch a film every week recommended by friends. (So far have seen My Fair Lady, Casablanca, King Corn, and American President.)

All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41.

Subversioning WordPress Upgrades

Asides

Here is the simple script I use to upgrade all the WordPress sites I run on a single server in one fell swoop. Each site is a Subversion checkout of the WordPress trunk so getting the latest changes and merging them with my version is a simple command, however remembering to do each site was a pain. It also helped me figure out exactly how many WordPress installation I’m responsible for upgrading. (Twenty-seven.) Just fill out the array with the site roots of each install (use locate wp-login.php to find them) and run the script on the command like php upgrade-sites.php. I also like to put the time command in front to see how long things take.

Whoops!

Asides

Sorry for the interruption in service, things should be back to normal now. *ahem* If you missed it, someone guessed my not-at-all secure password to this blog and posted an entry and changed the “siteurl” setting.