Automattic, Forbes, and the Future of Work

press

There’s a great article in Forbes today that covers some of the early days of WordPress through Automattic as a business today. I recommend everyone check it out! I wanted to respond to one bit about Automattic’s global nature though, which is actually timely because next week the entirety of Automattic is going to San Diego:

As a legacy of its open-source roots its 120 employees are spread across 26 countries and six continents. Although most work alone at home, each team–usually made up of five or six people–has a generous budget to travel. “All of the money we save on office space, we blow on travel costs,” Mullenweg laughs. Groups have gathered in Hawaii, Mexico and New Zealand. Once a year everyone meets for a week at an accessible destination with a solid Internet connection. A distributed workforce means Automattic can hire talent from around the world–without having to offer the perks and pay of Google, Facebook and Apple.

I’d like to counter the last sentence, which implies this is something we do as a cost saving scheme: being distributed is not a legacy, it’s a conscious choice. The people at Automattic are truly world-class — I invest in and advise a number of startups, and spending time in New York and the San Francisco Bay area I would put the caliber of people inside of Automattic on par or higher than anyone I’ve met from Google, Facebook, Apple, or any of the traditional tech giants.

How do we do it? Automattic offers a benefit above and beyond what they ever could: We give people the perk and the luxury of being part of an internet-changing company from anywhere in the world. This mirrors the meritocracy that makes Open Source great and treats people on the quality of their ideas and their work whether they’re in San Francisco or Argentina. (Or if they started in San Francisco and moved to Argentina.)

Even when big companies try to adopt this (sometimes under the lovely moniker “telecommute,” which reminds me of “horseless carriage”) people still face cultural resistance from their managers and teams, or find themselves as a second-tier citizen versus those in headquarters. The same often happens in “remote offices.” For it to really work it has to be part of the DNA of the company from day one. You have to be really committed to keep the creative center and soul of the organization on the internet, and not in an office.

I really believe this is the future of work, it’s just not evenly distributed yet.

Dave Chappelle

Uncategorized

Glenda and I just ran into Dave Chapelle in the new mall on Market Street in San Francisco. That’s pretty neat in and of itself, as he’s a funny dude, but what struck me more was how darn polite he was.

We got to the escalator at the same time and we stopped to let him on but he insisted we go first even though his friend was already ahead of us. Once we were on the escalator we realized who he was, confirmed by someone on the opposite escalator saying his name in surprise. I dorked out and snapped a quick photo with my Blackberry. As we started to walk away he called out and I turned around and tried to figure out why in the world Chappelle would be calling us, it turns out Glenda had dropped her parking ticket and he picked it up and gave it to her.

So not only was he polite and unassumming, he saved us $30. Someone’s mother raised him right. I don’t know what he was doing hanging out in a mall in San Francisco with a skateboard, but I sure hope he had a nice night too.

Job / Career / Calling

Quote

Jonathan Haidt in The Happiness Hypothesis:

Most people approach their work in one of three ways: as a job, a career, or a calling.

  • If you see your work as a job, you do it only for the money, you look at the clock frequently while dreaming about the weekend ahead, and you probably pursue hobbies, which satisfy your effectance needs more thoroughly than does your work.
  • If you see your work as a career, you have larger goals of advancement, promotion, and prestige.
  • If you see your work as a calling, however, you find your work intrinsically fulfilling you are not doing it to achieve something else. You see your work as contributing to the greater good or as playing a role in some larger enterprise the worth of which seems obvious to you. You have frequent experiences of flow during the work day, and you neither look forward to “quitting time” nor feel the desire to shout, “Thank God it’s Friday!” You would continue to work, perhaps even without pay, if you suddenly became very wealthy.

Hat tip: Derek Sivers books page.

Airport Security?

Asides, ,

I just found a pocketknife in my laptop bag. This is not unusual, except I remembered that I must have taken it with me both to and from Houston earlier in the week, passing through security both times with a 2 inch blade in my bag. This happened once before, but was caught on the return flight. Total I have passed through airport security at least 4 times with a forgotten pocketknife, and only once did they stop me. A 25% hit rate? That’s just going to frustrate me more next time I’m standing in a security line for an hour.

Calculate Age in MySQL

Uncategorized

I just got an email from docs@mysql.com saying the following:

The user comment system in the MySQL manual is not the place to request features. You can do so using our bug-tracking system at http://bugs.mysql.com/. Thanks. (Actually, your comment is not a feature request, but it relates to another comment that is. The example you’re giving is nice, but this is a reference manual, so we have to restrict it to _a few_ useful examples.)

My original comment was:

You bring up some important issues, but dealing with ages really isn’t that hard. For example you could do something like this:

mysql> SELECT DATE_FORMAT(FROM_DAYS(TO_DAYS(NOW())-TO_DAYS(dob)), '%Y')+0 AS age FROM people;

Where ‘dob’ is obviously their date of birth. It’ll also work with pre and post-epoch dates. Please excuse the funky formatting as the
comment stem seems to insist on inserting line breaks into the code block. I ran into this problem while working on some genealogical things over at Mullenweg.com, a family site. I hope this helps!

Looking back, it’s funny that the comment is still around, I wrote it over two years ago. The date and time functions is the MySQL page I use most, so in some sense it was always nice to have my mark on there. For google and posterity I’ve preserved the comment here.

I’m glad they’re cleaning up the comments, as they are really bad in places and have atrocious formatting, especially when compared to say, the PHP manual. However there is a later comment (which is still up) that offers perhaps a better method. From Kirill Novitchenko:

The method posted by Mathew Mullenweg is good, but leap years goof it up on birthdays. (Try it. Use the current date and subtract exactly 5 years ago.)

Hopefully this will be the last ‘find age’ function. There is a simple premise to it:

  1. Subtract the current year from the birth year to get the age.
  2. If the current month and date is less than the birth month and date, subtract 1 from step 1.

Therefore, this should work with everyone who wasn’t born in the future.

SELECT DATE_FORMAT(NOW(), '%Y') - DATE_FORMAT(dob, '%Y') - (DATE_FORMAT(NOW(), '00-%m-%d') < DATE_FORMAT(dob, '00-%m-%d')) AS age

where dob is date of birth.

I’ve never run into any problems with my function but I see nothing wrong with the way this one works, so I may update my code to use it.

Why not just use unix timestamps and avoid all the funkiness? When I first started writing everything I actually did, but then one day I got a call from my lovely sister saying that it was showing everyone’s birthday as January 8th, 1901 (or something like that). I had reached the negative limit of a 32-bit integer, the upper limit being sometime in 2038. Moving all the date functions into the SQL is probably bad from a programming point of view but it works great for the application. Of course I have no clue how it deals with the 10 days Pope Gregory removed from the calendar in 1582. Hopefully that won’t come up. 🙂

Tune in to WordPress.tv

Automattic, Essays, WordCamp

Today we’ve switched on WordPress.tv, a new space to geek out and learn about all things WordPress.

WordPress.tv is home to tutorials for both WordPress self-installs and WordPress.com to help you get blogging fast and hassle-free.

We’ve also aggregated and organized all that awesome WordCamp footage from around the web, on WordCampTV. There you’ll find videos and slideshows of presentations made by Automattic employees and other WordPress gurus, plus interviews I’ve done with the media and fellow bloggers.

Tune in regularly for fresh content and updates to the WordPress.tv blog.

As always, community comes first. You have a say in shaping the future of WordPress.tv. Just drop us a line and let us know what you’d like to see added next.

WordCamp USThere were amazing applications for teams and cities to host the inaugural WordCamp US, a concept originally floated at the State of the Word last year. It was very hard to make a choice, but can now announce that the birthplace of the United States, Philadelphia, will host the first WCUS on December 4th–6th. They will also host it in 2016, but no dates have been chosen yet.

Having it the same place two years in a row allows us to keep logistics a set variable and really focus on the rest of the event in the second year. I also want to use it to facilitate experience transfer: We’ll choose the 2017 + 2018 host city in between the first and second event, so that team can volunteer on the ground the second year Philadelphia hosts it to learn from their experience. Hat tip: Cool graphic by Andrew Bergeron.

The TimThumb Saga

WordPress

Last week there was a serious flaw found in the code behind TimThumb, an image re-sizing library commonly used in premium themes.* Because the code is commonly embedded in themes it’s not easy to discretely update like it would be if the code were a plugin, and even when a theme is updated people are hesitant to update because they often customize theme code rather than making child themes, so if they were to overwrite their theme with a new version they’d lose their modifications. That, combined with the severity of the flaw, means that this is one of the more serious issues in the WordPress ecosystem in a while, even more than normal because it wasn’t in core.

It could have gone a lot of ways, but the incident brought out the best in the community. The core team sprang into action searching through the theme directory to inoculate any themes that contained the dangerous code. Community blogs quickly got the word out about the problem so people were aware of it. Mark Maunder, who originally discovered and broke down the problem, created a fork of the code called WordThumb that rewrote TimThumb from the ground up. Forking is not usually ideal because it fragments the market for users but Mark soon connected with Ben Gillbanks, long-time WordPress community member, and they’ve teamed forces to release TimThumb 2.0, a collaboration that exemplifies Open Source at its finest. An updated plugin should be in the directory shortly.

It also illustrated the original vision I had behind VaultPress. In addition to reporting early and emailing customers with vulnerable code, the following morning they had devised a way to go in and surgically correct vulnerable code on over seven hundred affected websites. This fixing-problems-while-you-sleep delighted users and is exactly the kind of problem I hoped VaultPress would solve for people and it underscores the core value of the service. If you’re not using VaultPress for your most important websites yet, you should.

* I originally had a long rant here, but here’s the 13-word version: I’ve seen no correlation between how much something costs and its code quality. This is getting better as more people become familiar with the coding standards of core, and PHP in general, but there is still a long way to go. If you want to avoid this in your own code, check out Theme Check and Log Deprecated Notices to start. If you’re looking for code to base your own theme on, it’s best to start with something like 2010 or 2011.

Ten Years of Automattic

Automattic

Ten years ago the first official Automattician was Donncha O Caoimh, and he had no idea what he was in for. Neither did I, honestly. And it’s been amazing.

I’ll remember the days before I knew everything.
— The Automattic Creed

When you think about it, Donncha was incredibly brave. WordPress had far less than 1% market share. I hadn’t joined Automattic yet — I was still working for CNET, paying Donncha with my salary, savings, and credit cards. He was leaving a Real Job for a Barely a Job; I hardly knew how to wire money to an international account to pay him. I’d just made a giant screw-up (probably my biggest ever), taking money to have spam advertising on WordPress.org, so I wasn’t the most confidence-inspiring leader.

It also seemed like the decks were stacked against us. We were going to try and build an open source business model different from what we had seen before, a hybrid of a downloadable open source project combined with a web service that ran the exact same software. Up to that point companies built on open source projects had usually suffocated the communities that spawned them.

Sign me up, right? But we had one important thing going for us: at our cores, we shared a deep belief that open source could transform any industry it touched and that web publishing needed to be democratized. We’d been hackers-in-arms together coding on WordPress, and knew we could take that and build on it.

I am more motivated by impact than money, and I know that Open Source is one of the most powerful ideas of our generation.
– The Automattic Creed

Within that first year we were joined by Andy, Ryan, Toni, and Mark, and together we began building a business which looks remarkably similar to what Automattic does today. (We’re all still at Automattic, by the way.)

We just want to make the web a better place. We’re proud to contribute to what I consider the best open source project in the world, WordPress. We bring it to as wide an audience as possible through hosting it on WordPress.com, and providing services for the ones we don’t host with tools like Jetpack. Through it all, we have fun and experiment with side projects that have become crucial to the ways we work — P2, Cloudup, Simplenote, and dozens more that we tried, failed, learned something from, and tried again.

Our work is far from finished, and I hope there are hundreds of failures we learn from over the next 20 years. One of the things that makes me happiest is that I get to wake up every morning and work on the hard problem of making the web a better and more open place, and I do it alongside close to 400 talented people at Automattic and thousands in the broader community. For me this is a life’s work. The first decade is merely the first chapter of what I hope to be a very long book, which will eventually tell the story of a movement and a company that are at the core of this crazy thing we call “the web.”

I am in a marathon, not a sprint, and no matter how far away the goal is, the only way to get there is by putting one foot in front of another every day.
— The Automattic Creed

Some find it strange that someone in this day and age would have the same job for a decade. The truth is, it’s not the same job: it’s always evolving. At times it’s been comfortable, at times it’s been extraordinarily challenging. I’ve needed to change how I work. Automattic has changed. The structure of the company is designed to accommodate growth, and we’re constantly experimenting with how we work and relate to one another.

Half the time I feel like we’re making it up as we go along — I’ve never managed a distributed company of 400 people before. But the important things stay the same: the desire for impact and my love for the people I work with. They embody the Automattic creed:

I will never stop learning. I won’t just work on things that are assigned to me. I know there’s no such thing as a status quo. I will build our business sustainably through passionate and loyal customers. I will never pass up an opportunity to help out a colleague, and I’ll remember the days before I knew everything. I am more motivated by impact than money, and I know that Open Source is one of the most powerful ideas of our generation. I will communicate as much as possible, because it’s the oxygen of a distributed company. I am in a marathon, not a sprint, and no matter how far away the goal is, the only way to get there is by putting one foot in front of another every day. Given time, there is no problem that’s insurmountable.

Thank you, Donncha, for believing in me all those years ago and pioneering the way for a company that would come to impact a lot of the world. Thank you Andy, Ryan, Toni, and Mark. Thank you to every Automattician that’s made the same leap. We’re building something that gives people all over the world a voice and that people can trust to be thriving a century from now, and that’s huge.

There’s a lot more to do, and I can’t wait to see what a “20 Years of Automattic” post says. I’m a lucky guy.

Update: Donncha has a post talking about starting at Automattic.

Password Coalition

Ideas

Users use the same passwords for multiple services. It’s a fact of life, it’s just so easy to that most people end up having 2-3 passwords they use everywhere, including one “hard” one for financial sites, etc. The downside is your password is only strong as the weakest link of where you’ve used it — when something like the Gawker hack happens there is a huge wave of compromised accounts that follow.

You can ask users not to use the same password, you can even encourage things like 1password (too expensive for many people I recommend it to), but what if there was a way to enforce that people registering for your site hadn’t used the same password elsewhere?

It actually wouldn’t be too hard, if you’re registering with 123@gmail.com and the password “abc” when you register and the site hasn’t encrypted and stored the password yet it could try to log into your Gmail account with those details, and if it works force you to choose a different password. There’s no reason this has to be limited to email logins, you could put it against the APIs of WordPress.com, Twitter, Facebook, LinkedIn, any number of other services that expose simple authentication APIs and see where it works. Any successful logins, tell the user they need to pick something else.

Of course all that work and they’ll probably just put a 1 at the end of it.

Email Reloaded

Email

So the long and short of it is, I’m loading all the email I receive into a database using a fun combination of Procmail, Spam Assassin, and a sprinkling of command line PHP. I’m very excited about this, more excited than I’ve been about a new project in a while. For me, email has been steadily waning in utility for the past year, and I want to breathe new life into it. I’m tired of folders. I’m tired of slow searching. I don’t want to hand my email over to someone else, even if it’s Google. I don’t want to deal with mbox or IMAP or maildir or any of that junk. Those are implementation details of various servers and clients.

Mirroring my email into a MySQL database has some interesting ramifications. Imagine instant Gmail-type searching using FULLTEXT or LIKE. Imagine instant email backup using MySQL replication. Think email RSS feeds, keyed on searches or senders or anything. Don’t forget the interesting metrics that can be extracted from this as well. Right now I’ve replaced my timely dozen with an counter running since this morning. If you send me an email, you’ll see it increment live. If it increments the spam counter you may want to resend it and reword your mortgage suggestion. This is the most basic of a hundred interesting things that can be culled from this data.

I want to hear your wildest dreams. Besides the obvious search, backup, and statistics benefits, what can you imagine this system doing? What would you like email to address? (groan…) What email metadata is interesting? (I’m currently tracking subject, date sent, date received, from, the message itself, and spam status.) What statistics would be interesting to you? Is anyone even interested in this or am I just spinning my wheels?

Today my mail lives in 400 MB of mbox folders I access using IMAP. Tomorrow I want something better.

Culture of Distraction

Essays

From the Hacker News discussion of my Silicon-Valley-is-destroying-the-world remark I came across a Joe Kraus talk on We’re Creating a Culture of Distraction. (I’m a huge fan of Joe and excited to see he’s on WordPress now.)

It’s also important to read Paul Graham’s Acceleration of Addictiveness where he compares addictive technology to alcohol and cigarettes, society developed “antibodies” to the danger of cigarettes, but it took about a hundred years, and technology is changing much faster than that now.

The most prescient here is Neil Postman’s Amusing Ourselves to Death, originally published in 1985. It’s long, but I’m going to quote the foreword in its entirety because it’s worth reading a few times over:

We were keeping our eye on 1984. When the year came and the prophecy didn’t, thoughtful Americans sang softly in praise of themselves. The roots of liberal democracy had held. Wherever else the terror had happened, we, at least, had not been visited by Orwellian nightmares.

But we had forgotten that alongside Orwell’s dark vision, there was another – slightly older, slightly less well known, equally chilling: Aldous Huxley’s Brave New World. Contrary to common belief even among the educated, Huxley and Orwell did not prophesy the same thing. Orwell warns that we will be overcome by an externally imposed oppression. But in Huxley’s vision, no Big Brother is required to deprive people of their autonomy, maturity and history. As he saw it, people will come to love their oppression, to adore the technologies that undo their capacities to think.

What Orwell feared were those who would ban books. What Huxley feared was that there would be no reason to ban a book, for there would be no one who wanted to read one. Orwell feared those who would deprive us of information. Huxley feared those who would give us so much that we would be reduced to passivity and egoism. Orwell feared that the truth would be concealed from us. Huxley feared the truth would be drowned in a sea of irrelevance. Orwell feared we would become a captive culture. Huxley feared we would become a trivial culture, preoccupied with some equivalent of the feelies, the orgy porgy, and the centrifugal bumblepuppy. As Huxley remarked in Brave New World Revisited, the civil libertarians and rationalists who are ever on the alert to oppose tyranny “failed to take into account man’s almost infinite appetite for distractions”. In 1984, Huxley added, people are controlled by inflicting pain. In Brave New World, they are controlled by inflicting pleasure. In short, Orwell feared that what we hate will ruin us. Huxley feared that what we love will ruin us.

This book is about the possibility that Huxley, not Orwell, was right.

Oh, and we just launched new comment push notifications for iPhone and iPad. It’s one of those days. 😉

The Feed Validator is Dead to Me

RSS

Is anyone else sick and tired of the so-called feed validator changing its mind on fundamental issues every other week? I’m sure Sam Ruby and whoever else is still working on the Validator mean well, but the constant ivory tower decisions to change the way it interpets “valid RSS 2.0” is making it seem more like a political advocacy tool than anything else. Perhaps I should give the benefit of the doubt and “Never attribute to malice that which is adequately explained by stupidity.”

I’m not even talking about deciding they can change the world by decree. (Which has already been addressed.) The latest in their line of enlightened changes is that the author of the Well-formed Web spec has changed the capitializition of the wfw:commentRSS element at some unknown point to lowercase Rss. This arbitrary decision has been codified by the validator, which now reports the millions and millions of feeds that use the previously correct capitialization as invalid. Confusion ensues.

If the previous paragraph makes your eyes glaze over, congratulations, you’re normal.

Here is a post on their mailing list which also explains the issue and includes a link to the archive.org version of the page with the capitialization everyone uses, which was there for at least two years. One line can cause so much trouble.

But wait, there’s more. “In addition, this feed has an issue that may cause problems for some users.” They’ve also started marking all uses of content:encoded as potentially causing problems, which is funny because it actually avoids a ton of problems and (again) people have been using it in RSS 2.0 feeds for 3+ years now, and I even asked Dave Winer about it in the past and he said that was fine. Their documentation on the topic seems more geared toward instilling fear, uncertainty, and doubt in RSS 2.0 than addressing the reason they’ve decided to start warning about this element. Where a validator normally provides stability, the feed validator has become the Homeland Security of the RSS world, keeping us all in a constant state of dulled fear, insensitive to whatever warnings they’re giving us today because we just want it to stop.

I’m sure the content:encoded change can be rationalized with a perfectly convincing argument. I wouldn’t be surprised if someone as smart as Sam could do the same for the arbitrary wft:CommentRSS change. I know that the code is open source and we could fork it and create another version of the validator that doesn’t invalidate half the blogosphere on a Tuesday afternoon. But then we would have more than one validator, and that defeats the point.