Dave Winer tweeted this on Saturday:

I have a little spare time today so I decided to start on River3. It'll be much much smaller and more focused than River2.

— Dave Winer (@davewiner) April 13, 2013

One of the things I love and admire about him is that many, many years after he doesn’t have to anymore he’s still learning, hacking, and taking free time on a weeknd to make something new.

Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

TechCrunch writes WordPress.com Has Imported 15M Posts In The Last 30 Days, Remains A Top Safe Haven For Nomad Bloggers. I’m very proud of the 8+ years we’ve been a home for, and protected, our users blogs. Protection covers many aspects: backups, scalability, security, speed, permalinks, mobile versions, forward-compatible markup, clean exports… the list goes on. We’ve done the same with other internet-scale services, like Akismet, Gravatar, and Jetpack, and I hope to earn the same trust in the coming decade with VaultPress and Simperium.

No to NoUI by Timo Arnall is one of the better pieces I’ve read on design and interfaces, and is also chock-full of links that will keep you busy for hours.

Rapping Truth To Power. “The study’s authors concluded that ‘the overwhelming message in hip-hop wasn’t that the rappers disliked the idea of justice, but they disliked the way it was being implemented.'” This is part of why sites like Rap Genius are so important. Hat tip: Elise.

The Extraordinary Science of Addictive Junk Food, a long read but fascinating story of how we’re getting hooked on food. See also: Paul Graham’s Acceleration of Addictiveness.

Creative Market just announced that all of their WordPress Themes are now 100% GPL, meaning to list in their marketplace and reach their users your theme must provide users with the same freedoms that WordPress itself does. They have some great themes already. This is fantastic news and I’m very proud of their team for taking this bold step, and as promised WordPress.org homepage promotion is forthcoming. I think we’ll see more of these down the line, especially as WordPress consumers start demanding 100% GPL from anything they buy.

Michael Mulvey writes “My advice to designers in need of portfolio pieces and jobs is to not do three things: Wait, Ask For Permission and Stop.”

As Liz Gannes wrote in AllThingsD, Automattic has acquired Simplenote, the coolest notes service around which you can get on the iTunes app store or for a variety of other platforms, and Simperium, which if you’re a developer you should watch the video on their homepage and see how the technology can make what you’re doing even cooler. You can read our official announcements on the Simperium blog and the Simplenote blog, which also includes some future plans. I’ve been a daily user and fan of the service for a while now, and I’m looking forward to how we can use Simperium across WP.com.

I’m attending the World Economic Forum in Davos for the first time, if you’ll be there I’d love to meet up and of course open to any tips you have about the event, it’s very intimidating to attend a first-timer. Also: Switzerland is beautiful! Also my first time in the country.

“For one experiment in the study, Wilcox and Stephen asked 84 study participants to either browse Facebook or read CNN.com for five minutes. […] The Facebook group was much more likely to go for the cookie, while the CNN group picked the granola bar.” — Does Facebook Praise Kill Self-Control?.

In addition to having a great new single, Suit & Tie, with Jay-Z, Justin Timberlake has a spiffy new WordPress-powered site.

Twenty-twelve was an exciting year for Automattic. We added 48 new Automatticians and it’s been delightful to see the effect the new folks have had on the company. We made over 40,000 commits to our various repositories, about half of those on WP.com alone. Contained in those commits are countless improvements to the experience for WP.com, but I’m just as proud of the things we removed and streamlined: the WP.com homepage has been drastically simplified, and a completely revamped reader is launching this week. Engagement started rising again after being flat in 2011. Support responses that used to take days now take hours or less. We added 75M uniques to our our network. There is a demo WordPress app on every iPhone and iPad in every Apple store I’ve visited in the US. (If you contribute to WordPress, show it to your friends next time you’re in a store and say “I help make this!”) We did two acquisitions, one announced, one not yet. It looks like we’ll grow the team by at least another 60 people this year. There’s so much more already done that hasn’t been announced yet or that’s coming that I’m bursting to share, but the surprise is at least half the fun. Stay tuned. 🙂

Steven Sinofsky, known at Microsoft for turning around the Office franchise and most recently as head of Windows, where he turned it around post-Vista. He left Microsoft a few months ago, and just started a blog on WordPress.com called Learning by Shipping. It’s a concept I’m particularly fond of.

Zach Holman writes on how chat is superior to meetings for most things that businesses do. From the description, Github sounds extremely similar to how Automattic operates. We’ve been going a slightly different direction though: after 7 years of essentially no meetings, many teams have started to incorporate more regular Google Hangouts in addition to their few-time-a-year in-person meetups. I’m curious to see how these evolve, right now my theory is these are largely to restore some of the social connectedness you lose when working remotely, with the pleasant side benefit of occasionally knocking out issues or decisions that high-bandwidth communication can facilitate better.

In the past on WordPress.com there’s been a big gap between Pro, which costs around $100 a year, and VIP, which starts around $60,000 a year. Now it’s been partially filled, and we’re calling the new service WordPress.com Enterprise. You get 90% of the benefit of VIP — scalability, security, upgrades, 70+ audited plugins, full JavaScript access — for 10% of the cost, or about $500 a month. I think Enterprise is a perfect fit for many higher-end and business sites. Full speed ahead, number one.

Nassim Taleb, one of my favorite living authors, has written 44 five-star reviews on Amazon. It’s a great reading list.

WordPress.com now accepts payments via Bitcoin, possibly the largest internet service yet to adopt it. I find Bitcoin intrinsically interesting as a crypto-currency, but it also might open up our premium services to folks who couldn’t use them before. It’s been fun to watch the store engine of WP.com evolve behind the scenes. In other WordPress.com news, there are now verticals for municipalities and bands, and we compiled an incomplete list of best-selling authors on WordPress.

Rolling Jubilee is a non-profit that takes donations to buy distressed debt for pennies on the dollar, and then abolishes it. Donate $100 and they can take $2,000 off someone’s back. Seems like an amazing random act of kindness, you’ll never know who you helped.