SecurityFocus SQL Injection Bogus

Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely content-free, except for making claims that every version of WP since 2.0 is vulnerable.

Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.

A valid security report looks like this, it usually includes sample code and a detailed description of the problem. The WP security team was notified of the KSES problem and it was fixed in 2.5. You can impress your friends by saying whether a security report is valid or not, so it’s a good critical facility to pick up.

All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.) Google has some guidelines as well, what to do if your site is hacked. If I were to suggest WordPress-specific ones, I would say:

Continue reading SecurityFocus SQL Injection Bogus

On Ma.tt

A few weeks ago I twittered I was heading to the bank to wire money for a life change. People got excited, and assumed I was buying a house, fancy car, plane, company, jewelry… it was really amusing to see where people’s imagination went. I’m afraid the truth is much less exciting, at least to other people. I was wiring money for the domain I’m on now, ma.tt. How did this come to be?

Around the beginning of the year I was going through a spreadsheet for international domains, listing all the different countries, and I spotted .tt. I noticed they did the top-level thing, not .co.tt or something lame like that, and I wandered over to the 90s-era NIC site for Trinidad and Tobago. I did a search for “ma.tt” and was utterly shocked that it was unregistered!

Now I’ve been at photomatt.net for 6+ years now, but quite honestly the .net threw people off. I can’t tell you how many times media coverage has misspelled my domain name, usually with .org or .com. The .org guy was a little wacky, but eventually he let the domain expire and I picked it up. But the .com guy was a little more damaging — he had a somewhat active and well-designed site, it just focused mostly on pictures of harajaku (sp?) girls. People assumed this was me and I had a weird Asian fetish. No matter how many times I contacted him, he never got back to me about a price for the domain, or a mutual link, anything. I had also thought about something like matt.com, but I think that’d be way too expensive. It became more obvious that photomatt.net probably wasn’t going to be a domain name for the ages.

Back to ma.tt, it was unregistered but to register a domain in Trinidad/Tobago you have to do an international wire to their bank, they don’t accept credit cards, and the cost is 500/yr for the first 2 years. (Which is probably why you don’t see too many.) The cost is much higher than an unregistered .com, but you can easily spend 1-10k on a good .com and this was way cooler, so the price seemed reasonable. It’s a 5-character domain, the same length as a single-letter .com. So about two weeks ago I went to the bank, wired the money to their foreign account and then… didn’t hear anything for a week. At first I wondered if I had been scammed 419-style, but then I got an email from their admin that everything was set up. 🙂

I originally wanted to launch the new domain with a new design, but knowing that yesterday’s post would get a ton of links it seemed like an opportune time to make the jump. Switching over took 2 seconds, I just updated my siteurl and home options in WordPress, and I shortened my permalink structure to remove the day, and it started magically redirecting all my old links to the new ones.

If you can, don’t forget to update your blogroll links, though old ones will continue to work forever. Not everyone would consider moving domains a “life change,” but it is to me. I’m looking forward to many, many years at ma.tt.

Backing BuddyPress

Some of you may remember when I wrote about Chickspeak, a WordPress MU-based social network. Andy Peatling, the fellow behind it, later decided to recreate the work he had done as an Open Source effort he called BuddyPress. And it was good.

Today I’m happy to announce that Andy has joined Automattic full-time and we’ll be taking the BuddyPress project under our wing. We will grow it and support it the same way we support WordPress, MU, bbPress, Akismet, and more.

It’s clear that the future is social. Connections are key. WordPress MU is a platform which has shown itself to be able to operate at Internet-scale and with BuddyPress we can make it friendlier. Someday, perhaps, the world will have a truly Free and Open Source alternative to the walled gardens and open-only-in-API platforms that currently dominate our social landscape.

See also: DiSo, GigaOM, Techcrunch, Mashable, Techvibes.

Dave Matthews Stand Up

“Crash into me…” If you buy the new Dave Matthews Band Stand Up CD, do not put it in your Windows computer. I did and it popped up an annoying software installation and I said no to it just like I did 9 years ago when I first saw that happen with Fiona Apple’s Tidal. It then ejected the CD. First strike! I just wanted to listen to it. So I did the logical thing and pushed the CD drive back in, and the CD spun up and then the computer crashed and rebooted. Needless to say, this is a very bad thing.

Syn-thesis 3: Switchers

The biggest after-effect of the Thesis license violation episode seems to be raising people’s awareness of alternatives that are both fully GPL and have better functionally too. One theme that seems to be picking up a ton of new users is Genesis. We helped Laughing Squid and Paul Stamatiou make the switch, but Chris Brogan joined the party completely independently. (All formerly in the Thesis showcase. Scobleizer switched a while back.) I’m excited about this because I think Genesis is a better theme, particularly for its advanced support of WordPress functionality like child themes. (Child themes are the only way you should build your site on top of a framework.)

Even though Thesis has done the bare minimum not to be sued for its license violation and the code it copy/pasted from WordPress, lots of folks including myself still have a bad taste in their mouths from the episode, since there was no apology or contrition shown (like a donation to the WordPress Foundation, which would be a drop in the bucket compared to the millions Thesis made while breaking the GPL). But I think it’s best to focus on the positive.

There is a linkbait from a Thesis affiliate going around asking if I favor certain commercial themes — absolutely yes! Is that a controversial question? Themes WordPress lists on its commercial page go above and beyond bare compliance with the GPL and are full members of the community, sometimes even becoming active in core development like WooThemes has done. As a business, I would feel a lot more comfortable building my online presence on a real enterprise like Woo, StudioPress, iThemes, and many more rather than a one-man-against-the-world operation, regardless of how good its marketing is, or how many affiliates it has.

For Automattic’s part, our theme team has been taking the opportunity to update our blogs stuck on Cutline and Pressrow, which were abandoned by Chris years ago and don’t support any of WordPress’s new features. The first iteration of this is Coraline which is aesthetically is similar to Cutline but under the hood is way better, with multiple layout and sidebar options, color schemes, custom background, per-post custom headers, gallery and asides support, and a few other bonuses. (Unfortunately, the switch had a bug that broke widgets for some sites, but that’s being fixed. We’ll avoid that when switching Pressrow.) A lot of this was kicked off before DIYThemes dodged litigation, but it’s important to continue because we’re building better themes for users who honestly shouldn’t worry about this stuff, they should just have theme that’s current, flexible, functional, and beautiful.

On WP Security

Wincent Colaiuta has no problem throwing flames at WordPress, but doesn’t see fit to enable comments. (Apparently disabled to make Movable Type more secure.) His table-layout blog isn’t too notable but it got linked from Daring Fireball so a lot of people saw his article trying to draw the line between a routine point release and encouraging people to never use WordPress on the public internet. Here are a few points for thought in response:

  • The SQL problem in 2.2 requires both registration to be enabled (off by default) and the blog to be upgraded to 2.2. It is a serious problem but I’ve heard of fewer than 5 exploits from the flaw. Even if you assume there are 100 blogs for every one we heard about, that’s still an incredibly small percentage of the millions of WordPresses out there, especially considering, as Wincent points out, the problem has been in the public for a while now.
  • Getting people to upgrade web software is hard. We work as best we can with hosting companies, but a consideration is that it’s best to roll several security fixes into one release. It’s not responsible to do a release if we know of another problem, so sometimes there is a lag between an initial report and a final release, not to mention the testing required of a product used as much as WP.
  • Wincent digs up the server crack that modified the files of 2.1.1 for a few days. Ignoring the fact that it was a server issue and had nothing to do with WordPress the software, we actually had NO reported exploits of the problem. (Though I’m sure there are at least a handful out there with problems, it wasn’t enough to hit our radar.) Despite that we took a hit and publicized the issue as much as we could to get the word out.
  • Also about 2.1.1, the problem was found through someone proactively auditing the codebase.
  • Finally Wincent says of WP “[a]nd if you insist on installing it, then you need to watch the trac like a hawk.” You would think complete transparency of the problems (it was on our bug tracker and mailing list) would be a good thing, especially considering the software Wincent uses doesn’t have a bug tracker, and the only way to submit a bug is through a contact form.

We can and do review new code for problems, and pick the vast majority up before any releases. I think the real issue though is not that WP has bugs which are sometimes security related, which all software not written by djb does, but that the mechanisms for updating complex web software are a pain. Right now the best experiences are probably with folks like Media Temple or Dreamhost that have pretty foolproof one-click upgrades and are quick with updates.

Making notification better and upgrading more painless for people not lucky enough to be on a host like that are problems with some very clever minds on them, and I’m confident that we’ll have good progress toward each in the next major release of WP.

Finally, I suppose we could act more like our proprietary competitors and try to downplay or hide security issues instead of trumpeting them loudly in our blog, but I think the benefit of having people well-informed outweighs the PR lumps we take for doing the right thing. I truly believe talking about these things in the open is the best way to address them.

In some ways it’s a good problem to have. When a product is popular, not only does it have more eyes from security professionals on it, but any problems garner a level of attention which is not quite warranted by the frequency of the general event, like Angelina Jolie having a baby. There are certainly things intrinsic to coding that can make software more or less secure, but all things being equal the software with the most eyes on it, which usually means Open Source, will be the most robust in the long term.

New Summer Design

As has become the tradition around here, today I’m launching a new design to celebrate the new year. (See also 2006, 2008, 2009.)

As you can tell, it is very inspired by the pop art of Roy Lichtenstein, an idea that came to me while visiting the Hirshhorn Museum in Washington D.C. last year, and again at SFMOMA in November. The idea was beautifully executed by designer Nicolò Volpato (who has now done 3 of the past 4 designs for Ma.tt) and coded up by Otto.

The header is a lot smaller, the graphics should load much faster since they’re simpler, and there have also been a few tweaks throughout the site to make it feel a bit speedier. Instead of image hacks like I’ve used in my past few designs I’m now using Typekit for pretty much everything, which feels nice.

Please take a look around, stroll through some of the recent photo albums, and generally make yourself at home. Let me know what you think in the comments. On to the next one…

Color Schemes Contest

I’m very interested in seeing some alternative color schemes for the WordPress admin, so I thought I’d sponsor a mini-contest here. You don’t have to be a WordPress user or even have it installed to participate. The colors don’t have to match the logo or anything like that, I’m just interested in seeing easy-on-the-eyes color schemes people would enjoy looking at. For people who aren’t running a nightly build or not running WP at all I’ve put up two screenshots that you can use to get an idea of where the colors will go. You don’t have to be a designer to play, just play around with the colors in those images until you find some that you like and then post the results. Winners (I’ll probably pick a couple) will get prominent mention on this site and wordpress.org, a free unlimited-user copy of WordPress, and a small monetary prize via Paypal. So fame and fortune, what more could you ask for?

So to recap the important bits:

What?
Playing with interesting color variations for the WordPress admin sections.
Materials?
Screenshot one, screenshot two, and a HTML dummy page.
How do I enter?
Leave a comment with some way to represent your color scheme, whether it is a screenshot, CSS code, linked post, hex values, whatever you’re comfortable with. You can enter as many times as you want and win multiple times. If you don’t have time to enter, link to this entry and let other people know about it.
Any guidelines?
Be creative! Don’t modify the layout, just the colors.
Deadline?
Friday night, my time. This is a low-impact project, all you need is a color picker and about ten minutes. Submit your entry as soon as possible so no uses your colors before you do. Enter as many times as you want.
Prizes?
Fame, fortune, and that warm fuzzy feeling you get from contributing to open source and having your work in front of thousands of people.

When all is said and done I’ll roll this into a plugin or something so people can enjoy it. You don’t have to be a designer to enter, just put together something you like.

Update: There are a few clarifications and tips in the comments, so you might want to look over those. The big news, however, is that Aaron Epstein has donated a copy of his excellent Color Schemer Studio product to be awarded to the top winner. Downloading a 15-day trial would be a great way to put together a great entry and get a taste of what you might win.

This hasn’t been forgotten, I’m just can’t write the plugin for the winners until 1.3 is finished. Thanks for your patience.

We Called it Gutenberg for a Reason

Movable type was about books, but it wasn’t just about books. Ideas spread. Literacy spiked. The elite monopoly on education and government started to crack. Luther’s 95 Theses were printed on a press, rocking Europe, and he issued “broadsheets.” Broadsheets became newspapers; newspapers enabled democracy. The printing press ushered in social, political, and economic sea changes. Gutenberg changed everything.

WordPress has always been about websites, but it’s not just about websites. It’s about freedom, about possibility, and about carving out your own livelihood, whether it’s by making a living through your site or by working in the WordPress ecosystem itself. We’re democratizing publishing — and democratizing work — for everyone, regardless of language, ability, or economic wherewithal.

WordPress’s growth is impressive (28.5% and counting) but it’s not limitless — at least not in its current state. We have challenges (user frustrations with publishing and customizing, competition from site builders like Squarespace and Wix) and opportunities (the 157 million small businesses without sites, aka the next big market we should be serving). It’s time for WordPress’ next big thing, the thing that helps us deal with our challenges and opportunities. The thing that changes the world.

Gutenberg.

For those who don’t know we kicked off the Gutenberg project around the beginning of the year, I talked about it and we did our first public releases in June, and the team has been doing weekly updates of the public beta plugin that’s available for anyone to try out in their wp-admin.

When Johannes Gutenberg’s press came out, people mostly used it to print the same religious text monks had been copying. It wasn’t until ten or fifteen years later that people started innovating and trying their hands at new kinds of writing, and the wheels of change started to spin faster. Now it’s WordPress’ turn to do the same. Gutenberg meets our challenges and opportunities head on while simultaneously benefitting everyone who makes a living working in the WP ecosystem. It’s about a lot more than just blocks. Our Gutenberg moves every part of the WordPress ecosystem forward:

Developers and agencies will be able to create interactive templates that clients can easily update without breaking things or dealing with custom post types: Imagine a custom “employee” block that you can add to an About page that includes a picture, name, and bio. They’ll be able to replace most meta boxes, and they’ll get a chance to update old code or clients to work in this new paradigm.

Plugin developers will be able to completely integrate into every part of WordPress, including posts, pages, custom post types, and sidebars without having to hack TinyMCE or squeeze their entire feature behind a toolbar button. Today, every plugin that extends WordPress does it in a different way; Gutenberg’s blocks provide a single, easy-to-learn entry point for an incredible variety of extensions. Some folks have already begun to port their plugins over, and are finding that they’re easier to build and have a much improved UI. I’m looking forward to highlighting those stories as we get further along and more people write about them.

Theme developers won’t need to bundle tons of plugins or create their own page builders. There’ll be a standard, portable way to create rich layouts for posts and guide people through setup right in the interface, no 20-step tutorials or long videos needed. Every theme will be able to compete with multi-functional premium themes without locking users into a single theme or compromising their experience.

Core developers will be able to work in modern technologies and not worry about 15 years of backwards compatibility. We’ll be able to simplify how menus, widgets, and the editor work to use a common set of code and concepts. The interface will be instantly responsive.

Web hosts will have better signup rates, as Gutenberg opens up WordPress to an entirely new set of people for whom WordPress was too complex and hard to set up before. (Remember our goal: to democratize publishing.) Their churn rates will go down: they’ll stop bleeding customers to Wix, Weebly, and Squarespace, and fewer people will abandon their sites because it was too hard to make things look they way they wanted.

Users will finally be able to build the sites they see in their imaginations. They’ll be able to do things on mobile they’ve never been able to before. They’ll never have to see a shortcode again. Text pasted from Word will get cleaned up and converted to blocks automatically and instantly. (I pasted the first version of this post from Google Docs and it worked great. 👌) They’ll start manipulating their sites in ways that would have taken a developer. They’ll be able to move from blogging to using WordPress as a CMS without missing a beat. Editing posts will just work; they’ll write more. They’ll learn blocks once, and then be able to instantly use and understand 90%+ of plugins.

I could go on about how photographers will be able to create rich galleries, parallax images, and better portfolios, or how poets will finally be able to preserve whitespace as they write, but you get the idea. It’s big. It moves the WordPress ecosystem forward, but it also moves the whole web forward.

Which is scary! Because change always is, and this is a big one. But a scary thing is usually a thing that leads to growth, if you can push through it. Ten years ago, agencies and developers worried that software like WordPress would ruin their business because clients wouldn’t need help updating their sites any more, and would maybe even just start building their own sites. But their worse fears didn’t come true — instead, it created new opportunities for everyone.

(People were worried when the printing press was invented, too. A Swiss biologist warned against the “confusing and harmful abundance of books,” but I’d say it all worked out in the end.)

This is not to say that nothing will go sideways with Gutenberg, or that people’s concerns about it are unfounded. Making something people want is really hard to do and easy to mess up — we definitely have in the past. I share many of the concerns or worries with today’s version of Gutenberg, and we’re working to mitigate them. Gutenberg will ship with WordPress 5.0, but the release will come out when Gutenberg is ready, not vice versa. We still have target dates to help us think about scope and plan for all the supporting documentation, translation, and marketing efforts, but we’re not going to release anything until Gutenberg is something the team working on it agrees is ready.

And as we work, we’re listening: feedback on core and feature plugins gets read, heard, and considered. Every review of Gutenberg, even the rude ones, has a response. Seven months of vigorous and public debate, chats, tickets, and code changesets brought us to where we are today, and there will be  a fair amount more before we can present the Gutenberg vision in a mostly-complete state. I welcome it; apathy would worry me a lot more than disagreement or controversy.

Creating great software will never make every person happy. We’re not creating The Perfect Product, we’re choosing a path between many good options, weighing all of the inevitable trade-offs that come from a change, listening, shipping, and then doing it all over again. Iterating. My life’s work is improving WordPress. I firmly believe that Gutenberg is the direction that will provide the most benefit to the maximum number of people while being totally in line with core WordPress’s philosophies and commitment to user freedom. So keep giving us your feedback, and let’s push through the fear together. It’s worth a little discomfort to change the world.

Yes, it is a press, certainly, but a press from which shall flow in inexhaustible streams, the most abundant and most marvelous liquor that has ever flowed to relieve the thirst of men.

Johannes Gutenberg

Thank you to the WP Tavern conversation that helped me write down many of these ideas, and Michelle Weber. This post started in Google Docs then revised in Gutenberg 0.9.

A New Home for the WordPress Trademark

As I write this, I’m on my way to Seaside, Florida to see 60+ Automatticians at our yearly meetup. More than sixty… that number astounds me! Automattic has grown so far beyond what I originally imagined and every day I’m amazed by my colleagues and the things they create. Today we’re growing in another way: Automattic has transferred the WordPress trademark to the WordPress Foundation, the non-profit dedicated to promoting and ensuring access to WordPress and related open source projects in perpetuity. This means that the most central piece of WordPress’s identity, its name, is now fully independent from any company.

This is a really big deal.

I want to recognize and applaud the courage and foresight of Automattic’s board, investors, and legal counsel who made this possible: Mike Hirshland, Phil Black, Tony Conrad, Toni Schneider, Gunderson Dettmer. I’d also like to thank Matt Bartus of Dorsey & Whitney for their counsel on the Foundation side. The WordPress brand has grown immeasurably in the past 5 years and it’s not often you see a for-profit company donate one of their most valuable core assets and give up control. However, I know in my heart that this is the right thing for the entire WordPress community, and they followed me on that. It wasn’t easy, but things worth doing seldom are.

When Automattic registered the WordPress trademark back in 2006, we were a small startup of a few people: a business founded largely to enable us to work on WordPress full-time instead of hacking around our day jobs. A lot has changed since then — somehow along the way we ended up with an audience of a quarter billion people — but a lot has stayed the same. We’re still a group of people in love with WordPress and free/open source software and we’re lucky to have figured out a way to contribute to the world and flourish as a business while doing it.

Automattic might not always be under my influence, so from the beginning I envisioned a structure where for-profit, non-profit, and not-just-for-profit could coexist and balance each other out. It’s important for me to know that WordPress will be protected and that the brand will continue to be a beacon of open source freedom regardless of whether any company is as benevolent as Automattic has been thus far. It’s important to me to know that we’ve done the right thing. Hopefully, it’s important to you, too, and you’ll continue your support of WordPress, the WordPress Foundation, and Automattic’s products and services. We couldn’t do it without you!

On PHP

PHP.net has announced that they will stop development of PHP4 at the end of this year, and end security updates on 2008-08. (In 2007, their site still doesn’t have obvious permalinks. They do have a RSS 1.0 feed though, remember those?)

PHP 4.0 was release in May of 2000, by 2004 when the first version of PHP 5.0 was released, PHP 4 had achieved complete dominance and was completely ubiquitous in both script and hosting support.

Fast forward 3 more years and PHP 5 has been, from an adoption point of view, a complete flop. Most estimates place it in the single-digit percentages or at best the low teens, mostly gassed by marginal frameworks. Even hosted PHP-powered services who have no shared host compatibility concerns like 30boxes, Digg, Flickr, and WordPress.com, have been slow to move and when they do it will probably be because of speed or security, not features.

Some app makers felt sorry for PHP 5 and decided to create the world’s ugliest advocacy site and turn their apps in to protest pieces at the expense of their users. (Hat tip: Mark J.) They say “Web hosts cannot upgrade their servers to PHP 5 without making it impossible for their users to run PHP 4-targeted web apps” ignoring the fact that there isn’t a released PHP app today that isn’t PHP 5-compatible and recent upgrade issues have been caused by PHP itself in point releases. (See WP#3354.) It’s easy to always promote the newest thing, but why, and is it for us or our users?

Now the PHP core team seems to have decided that the boost their failing product needs is to kill off their successful one instead of asking the hard questions: What was it that made PHP 4 so successful? What are we doing to emphasize those strengths? Why wasn’t PHP 5 compelling to that same audience? Are the things we’re doing in PHP 6 crucial to our core audience or simply “good” language problems to solve? Will they drive adoption? How can we avoid releasing (another) PCjr?

I wonder if PHP 5+ should be called something other than PHP. A unique name would have allowed the effort to stand on its own, and not imply something that’s an upgrade from what came before when in many cases it’s just different, not better, from an end-user perspective. Continue to maintain PHP 4 as like a PHP-lite. Make it harder, better, faster, stronger.

For all the noise though, this isn’t a big deal. It’s easy to forget that PHP 4 hasn’t had any real innovation in the past 3 years while at the same time apps and services built on top of it have created some of the richest and most compelling user experiences the web has seen. (Née Web 2.0.) None of the most requested features for WordPress would be any easier (or harder) if they were written for PHP 4 or 5 or Python. They’d just be different. The hard part usually has little to do with the underlying server-side language.

Someday on our mailing lists I hope half the words wasted pontificating on “language version wars,” which are even duller than language wars, go toward design, copywriting, information, performance — the things that truly matter.

Leaving CNET

It was just about a year ago I blogged about leaving Houston and driving across the country to join CNET. It ended up being one of the best moves of my life. Since moving to the Bay Area I’ve had incredible oppurtunities and met a whole tribe of amazing people. For what I’m passionate about, I really believe this is the best place in the world to be.

For me the last year has really been about learning. From school in Houston to CNET to the explosive growth of WordPress and Ping-O-Matic, it’s been an incredible ride. There have been plenty of mistakes along the way, but all-in-all I don’t mind because that’s when I learn the most. At CNET I was lucky enough to be surrounded by veterans of the industry whose success and perserverance through the thick and thin of creating what we know as the web had a deep impact on me. CNET also gave me incredible flexibility to work on WordPress, and has embraced WP all over their organization, it was really the ideal gig.

However in the back of my mind I was wondering if I could focus on my passions full-time, to put more daytime hours into the community and projects that have changed my life already. I don’t need much, and working on WordPress full-time is my idea of heaven. I gave notice (they’ve been incredibly supportive).

I could say this was a hard decision, but the truth is I can’t imagine myself doing anything else.

Watch this space, I’ll have plenty more to talk about in the next few weeks. I’m very excited about the things happening with WordPress.com, WordPress.org, bbPress, a WordPress non-profit, Ping-O-Matic, and a few projects so shiny they don’t even have names yet.It’s a little scary to be leaving the safety net, but nothing worth doing in life is without risks.

My last day at CNET is Friday, October 21.

If there is ever going to be a time in my life to take big risks and reach for the brass ring, now is it.

MSN Spaces Closing, becomes WP.com

As just announced on stage at TechCrunch Disrupt, Windows Live (formerly MSN) Spaces is shutting down and migrating their 30m+ users to WordPress.com. Four years ago I was fairly worried as every internet giant (Microsoft, AOL, Yahoo, Google) had a hosted blogging service. Now only Blogger remains, and is firmly in our sights. I’ve been impressed with Microsoft’s regard for their users in providing a solid upgrade and migration path with a really smooth experience, which I think is in strong contrast to Yahoo’s 360 or AOL’s Journals. Given that this effectively doubles WordPress’s user base, there is a lot of work to be done still, but I’m excited by the challenge. 🙂 See also: official Windows Live post, official WP.com post, and 30+ other articles covering this on Techmeme.

WordCamp – WordPress Conference

The idea for an event for WordPress users has been bouncing around in my head for a long time, as there is a really interesting group of people around WP but we don't do nearly as many face-to-face interactions as some similar projects. A set of circumstances are coming together at the beginning of August, and I think we're going to give it a go.

August 5th, 2006 is the date, here in the lovely town of San Francisco, California. The idea is a one day BarCamp-style free conference with a party that night. There will be free BBQ for lunch, WordPress t-shirts, and a full day of both user and developer discussion. ("BarCamp-style" is a code phrase for "last minute.")

There are still a few things to figure out, such as a venue, schedule, and other little things like that. (By the way, if you can help with any of these or have event experience, please drop me a note.) But mostly I wanted to get the date out there so people could start planning for it, buy tickets if they're travelling, and let us know if there are any huge conflicts that day. (Like a national holiday or something.)

In the meantime, I've put up a quick site where you can leave your email to signup for more information or let us know you're coming. If you think you can make it, please say so as soon as possible so we can prepare for the right number of people. If you'd like to help in any way, drop me a note via email or in the comments.

Don't know if this will work or not, but it should be fun regardless. Podz is coming in all the way from England, and Donncha from Ireland. 🙂

PollDaddy Goes Automattic

It’s another exciting day here at Automattic. Today we finally get to announce that we’ve acquired the market-leading poll and survey service PollDaddy.

For a year or two now, I’ve been minorly obsessed with polls and surveys as a method of lightweight interaction that engages casual users of your website and also can get you some really fun data to play with. I’ve also mentioned at a few WordCamps that a polling plugin is one of the top 10 WordPress plugins in the world. Polls are really popular with WordPress users.

As we started to look at building out our own service for this, it became more obvious that, while on the surface it’s a very simple problem, there’s a lot of hidden complexity and opportunities for some really powerful features under the hood. There are probably a dozen companies addressing this space right now, but as we started to survey the space I was struck by how often I’d see this “PollDaddy” thing pop up.

Two guys in Ireland with a quirky company name were cleaning up with some of the largest and most respected websites using their service on a daily basis. They weren’t the biggest, but they had the high end of the market. It seemed to be the WordPress of the polling space.

I took a secret trip to Sligo and put back a few pints with the team and we decided to make things work. They went to bed every night and woke up every morning thinking about polls and surveys, and were iterating at a great pace. By plugging into Automattic’s experience at creating internet-scale services and the distribution of WordPress.com, I knew we could take Polldaddy to an entirely new level in a relatively short amount of time.

Today we just enabled PollDaddy integration with 4.4 million blogs on WordPress.com and have released the first version of their .org plugin.

You can read more about the acquisition on the PollDaddy blog, Toni’s blog, and the WP.com blog. I’m super excited to have Lenny and Eoin as part of the Automattic family, and I’m looking forward to seeing the service flourish with its newfound resources.

I’m putting together the State of the Word address for the upcoming WordCamp San Francicso, and one thing I like to do every year is highlight some cool WordPress-powered sites, especially ones that show off the power of the platform. I have a few in mind already, but are there any WP sites you’ve seen recently that really blew your mind? Leave links in the comments.