Matt Mullenweg

Aug
8

The TimThumb Saga

Last week there was a serious flaw found in the code behind TimThumb, an image re-sizing library commonly used in premium themes.* Because the code is commonly embedded in themes it’s not easy to discretely update like it would be if the code were a plugin, and even when a theme is updated people are hesitant to update because they often customize theme code rather than making child themes, so if they were to overwrite their theme with a new version they’d lose their modifications. That, combined with the severity of the flaw, means that this is one of the more serious issues in the WordPress ecosystem in a while, even more than normal because it wasn’t in core.

It could have gone a lot of ways, but the incident brought out the best in the community. The core team sprang into action searching through the theme directory to inoculate any themes that contained the dangerous code. Community blogs quickly got the word out about the problem so people were aware of it. Mark Maunder, who originally discovered and broke down the problem, created a fork of the code called WordThumb that rewrote TimThumb from the ground up. Forking is not usually ideal because it fragments the market for users but Mark soon connected with Ben Gillbanks, long-time WordPress community member, and they’ve teamed forces to release TimThumb 2.0, a collaboration that exemplifies Open Source at its finest. An updated plugin should be in the directory shortly.

It also illustrated the original vision I had behind VaultPress. In addition to reporting early and emailing customers with vulnerable code, the following morning they had devised a way to go in and surgically correct vulnerable code on over seven hundred affected websites. This fixing-problems-while-you-sleep delighted users and is exactly the kind of problem I hoped VaultPress would solve for people and it underscores the core value of the service. If you’re not using VaultPress for your most important websites yet, you should.

* I originally had a long rant here, but here’s the 13-word version: I’ve seen no correlation between how much something costs and its code quality. This is getting better as more people become familiar with the coding standards of core, and PHP in general, but there is still a long way to go. If you want to avoid this in your own code, check out Theme Check and Log Deprecated Notices to start. If you’re looking for code to base your own theme on, it’s best to start with something like 2010 or 2011.

Aug
4

Dale Harvey on working remotely, some great tips for getting started and how to rock it. As always, Automattic is hiring great people regardless of location. ∞

Jul
31

Rob Paterson writes Why do corporation die so soon and cities don’t? Corporations are Machines and Cities are Networks. Along the way he brings it back to WordPress and the Wikipedia. ∞

Jul
30

In Baring Train Crash Facts, Blogs Erode China Censorship in the NY Times. ∞

Jul
27

Microsoft’s MS-DOS is 30 today. Type “dir” in your Linux terminal in memory. ∞

Snake oil? Scientific evidence for health supplements. ∞

Istanbul Not Constantinople Will Confuse Your Users by Ipstenu. ∞

Jul
26

Alexia Tsotsis writes on how Technology Is The New Smoking. ∞

Jul
24

Boing Boing has switched to WordPress from Movable Type, and it looks good. They also switched to Disqus for their comments, which will be interesting to see how it interacts with their highly evolved moderation policies including disemvowelling. ∞

Intellectual Ventures And The War Over Software Patents on This American Life. Props to Chris Sacca for speaking on the record about everything. ∞

Jul
23

Keret House / Centrala, a house built in the found face between two buildings. ∞

Don’t punish everyone for one person’s mistake. ∞

Jul
21

Abby Johnson from WebProNews posted an interview about the philosophy and thinking behind the WordPress 3.2 release, and we also recorded the video below:

∞

Jul
20

The Trouble with Nathan Myhrvold’s Pro-Patent Arguments by Paul Kedrosky. ∞

Jul
18

The world is blue at its edges and in its depths. This blue is the light that got lost. Light at the blue end of the spectrum does not travel the whole distance from the sun to us. It disperses among the molecules of the air, it scatters in water. Water is colorless, shallow water appears to be the color of whatever lies underneath it, but deep water is full of this scatted light, the purer the water the deeper the blue. The sky is blue for the same reason, but the blue at the horizon, the blue of land that seems to be disolving into the sky, is a deeper, dreamier, melancholy blue, the blue at the farthest reaches of the places where you see for miles, the blue of distance. This light that does not touch us, does not travel the whole distance, the light that gets lost, gives us the beauty of the world, so much of which is in the color blue.

From A Field Guide to Getting Lost by Rebecca Solnit. ∞

The Karma of Bug Killing. “We’re all pretty quick with the fly swatter and the folded newspapers.” ∞

Jul
14

The Software is Wrong, Not the People by Joe Flood about the DC meetup the other day. ∞

Jul
12

The FCC just released their first plugin for WordPress (a faceted search widget) and writes about why. Does your organization have a cool plugin you’ve written but not released yet? I know we do. Hopefully they will get the plugin in the repo soon. ∞

Jul
11

Fifty Million

Filed under: WordPress

As noted on TNW and Adweek, yesterday we passed over 50,000,000 websites, blogs, portfolios, stores, pet projects, and of course cat websites powered by WordPress. I had the good fortune to celebrate this milestone with a few hundred WordPressers at WordCamp Montreal yesterday. (During my Town Hall I wasn’t aware we had passed the number until someone shouted from the audience.) It’s always fun to pass a big round number and over the weekend many libations were consumed with friends old and new, but ultimately the press has always been more concerned with those top-line numbers than we have in the WordPress community. More sites being created is a good benchmark for our adoption, but ultimately WordPress matters not for the blogs it creates but for the lives it affects. We have some huge opportunities this year, particularly around making our software more accessible to the next 50 or 500 million people who want to have a voice online, something I hope to talk more about at WordCamp San Francisco next month.

Jul
8

Memeburn has a new interview up: The future of WordPress: Q&A with founder Matt Mullenweg. ∞