How hell froze over at insignificantthoughts.com…

I’ve said numerous times since I made the switch to WordPress in March of 2003 that it would be a cold day in hell before I went back to using Movable Type. I found it to be bloated, slow, and unintuitive compared to WordPress which was lightweight, easy to tweak, and enormously extensible.

That still holds true. WordPress is still lighter weight, much easier to tweak, more extensible, and so on.

So why am I using Movable Type now? I’m glad you asked!

Frankly, the folks over at WordPress fucked up. They fucked up good. They fucked up repeatedly.

And then they fucked up above and beyond the call of fucking up. The last fuckup was so bad that I had to bail and I think any blogger with any modicum of ethics should do the same. Before I get to that point, let’s back up and recap the recent WordPress disasters.

1. The recent updates have been shit. I don’t keep up on the developer mailing list, but I know someone who does, and I’m consistently hearing about broken features, non-functioning code, and so on. Overall, things couldn’t be worse, and with each new release of the software it’s actually getting worse not better. I’ve made the quip numerous times that you never run an even number release of WordPress until it’s been out for a few weeks, and they’ve done an outstanding job of validating that motto the last few months. In fact, because of the disaster that happened recently and because of the sheer volume of things that were broken, they forked the code so that different branches could continue to be developed off the old code base and so on. Way to dilute the waters, folks.

2. The security hack that ended up with hundreds of people having contaminated versions of the software running their service is unacceptable. Period. The fact that something like that can even happen proves that the folks over at WordPress don’t take security seriously enough. I’m not blaming them for getting hacked, I’m blaming them for creating an environment that allowed the hack to happen. Being open source is not an excuse for being lax, and that’s what this amounted to.

3. This is seriously the most egregious. I read about it on Friday morning and for me, it was the straw that broke the camel’s back…

WordPress is a very popular open-source blogging software package, with a great official website maintained by Matt Mullenweg, its founding developer. I discovered last week that since early February, he’s been quietly hosting at least 120,000 168,000 articles on their website. These articles are designed specifically to game the Google Adwords program, written by a third-party about high-cost advertising keywords like asbestos, mesothelioma, insurance, debt consolidation, diabetes, and mortgages. (Update: Google is actively removing every article from their results, but here’s a saved copy of the first page of results. You can still view about 25,000 results on Yahoo. Here’s an example of some results in MSN.)

Why WordPress? The WordPress homepage has a very high Google Pagerank of 8/10, largely because every WordPress-powered blog links to the WordPress homepage by default. The high pagerank affects their ranking in Google search results, making context-sensitive Google ads very profitable. This, in turn, makes WordPress very attractive to advertisers.

In a nutshell, Mullenweg was spamming Google.

Clearly. There’s not even any debate about that despite the objections Mullenweg and others may have to the term.

Now you may wonder why I take this so personally?

Because I’m lucky enough to have a relatively popular blog, that’s why. In fact, I get thousands of trackback spams and comment spams pointing to blogs like the ones Mullenweg took blood money to host. Hundreds upon hundreds of comments telling me all about the beauty of tramadol, where to find cialis and viagra, and so on. Oh sure it isn’t Mullenweg himself spamming my blog, but I can’t help but associate him with the scumbags doing it now. Every time I clear out a comment or trackback loaded with spam I can thank people like Mullenweg who make it all possible. Everytime either my partner Slobokan or myself struggle with a server at Secondratehosting.com because it’s getting bombarded with comment spam, I have people like Mullenweg to thank. Every time I have to ban an IP because that IP is doing nothing but spamming my site, I have people like Matt Mullenweg to thank.

Do I think he made a mistake? Of course.

Do I forgive him for it? Not that he cares, but yes I do.

That, however, does not take away from the fact that what he did was akin to a doctor murdering his patient. He betrayed hundreds of thousands of bloggers with his quest for a few sheckles, and the sycophants are all about letting him off about it. Frankly, I say screw them too.

Am I happy to be using Movable Type? Honestly, not particularly, but as much as I dislike the big corporation feel that Six Apart has developed over the past few years, their ethics are impeccable and always have been. I’ll live with Movable Type. In the end, it makes the experience better for my users anyway.

But frankly, anyone who reads this and still uses WordPress has lost a lot of, if not all of, my respect.

tags technorati :
This entry was posted in Geeky. Bookmark the permalink.
  • http://www.turning25.com Chris

    I agree with you. The hack was ridiculous, and their updates have sucked (I hate the default to wysiwyg editing on a fresh install, etc.).

    Your third point though is from early 2005. Have they done anything to correct the stupidity since then?

  • http://acaproductions.com/myblog/ Alan

    You are making me wonder if my own blog should be using something other than WordPress. I’m fairly new to the blogoshpere so this was all news to me.

  • http://photomatt.net/ Matt

    1. To my knowledge, we haven’t shipped any software with “broken features” or “non-functioning code”. Since there are so many people using WP (we host 800,000+ of them) that sort of thing gets picked up very quickly. Maybe your friend was referring to a development versions? If you have any first-hand information I’d love to find out more.

    Also we didn’t fork the codebase, but as part of our commitment to Debian we’ve promised to keep maintaining the 2.0 branch for security fixes until 2010. We’ve always maintained old versions for about a year, but this is a bit longer. So far it has gone well.

    2. While it sucks one of our servers was hacked, I certainly tried to respond to it as quickly and transparently as possible. It wasn’t easy asking everyone to blog about the worst thing that has ever happened to the project. Similar things have happened to other open source projects in the past, including Apache, I don’t think anyone is immune.

    3. It’s been over 2 years now since the dumb hotnacho article mistake I made. At the time I didn’t really understand web spam in the broader sense as you describe it, but that’s still no excuse. I don’t think I was let off easy, in fact it was one of the toughest periods of my life, and it happened in the public eye of the blogosphere and mainstream media. In the years since I’ve devoted a lot of my time to Akismet, which is an anti-web-spam service which has blocked over a billion spam comments, trackbacks, signups, wiki edits, and more. (Akismet is platform-agnostic, and in fact is one of the more popular plugins for MT.) We also spend a ton of resources keeping sploggers and spam off WordPress.com, something much bigger players don’t pay as much attention to. I appreciate your forgiveness, but I’d hope my actions since then would speak loader than my words.

    Anyway I just wanted to drop my two cents in, I’m sorry my personal actions drove you away from a thriving open source community and I hope if you keep an eye on WordPress we’ll regain your respect in the future.

  • http://www.insignificantthoughts.com Vinny

    Thanks for responding Matt…

    1. The rapid succession of bug fix releases says to me that things are going out the door with problems.

    2. I agree that not everyone is immune, and even said as much. It’s still unacceptable. The hard part for me is that not everyone in the WordPress community (particularly end users) is competent enough to do the fixes themselves and I reckon a lot of them don’t even know that these fixes are out there. Just take a look at how many people didn’t even upgrade to 2.0 let alone 2.11!

    3. I think you were let off easy. Frankly, I’m very connected to the community. I own a hosting company and my partner does WordPress layouts. We both have installed WordPress numerous times both for ourselves and our clients. Neither one of us heard about this until this weekend, which means that most people probably didn’t even know about it (in fact, read the two comments above yours…).

    I don’t think we should flog you in the streets. WordPress is a great product. My only problems with it ever were the utterly useless forums where when you ask a question someone calls you a n00b or asks you to kindly read the FAQ or something. I don’t even have a problem with you in particular. Really.

    I have a problem with what your actions represent. I’d feel the same way if I found a police officer with a stash of coke in his garage.

    Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

    I’m sorry but I can’t support that.

    I wish you all the best, Matt. I understand that you’ve learned your lesson and like I said earlier, I appreciate your comments here.

    Who knows… Maybe one day WordPress will find its way back into my heart again.

  • http://photomatt.net/ Matt

    1. The frequency of release simply means that when we find a security problem we don’t sit on it for months like commercial companies do, we put a fix out there ASAP. It’s also a function of popularity — I manage popular and unpopular projects, and something that would go unnoticed for years in the unpopular product get discovered and fixed within days in the popular one.

    2. As part of the announcement we encouraged people to help out any friends who were unable to upgrade, and worked with hosting providers as well. To date there have been *no* reported compromised blogs as a result of the problem, and our internal stats show that the upgrade message got out there really well. I would estimate there are at most a few dozen vulnerable 2.1.1 blogs left in the world.

    3. If you didn’t know about the incident, it’s probably because you joined the community at least several months after it happened. It was covered on hundreds of blogs and MSNBC, The Register, Guardian, CNET, etc, and is still to this day promoted by people who have beef with me. It’s also on my Wikipedia page.

    However if you still missed it, it’s probably because *I’m not WordPress*. Again, I’m very sorry that my personal mistakes caused you to dismiss the work of hundreds of passionate volunteers over several years.

  • http://www.insignificantthoughts.com Vinny

    1. That sounds a lot like spin to me. In a strictly mathematical sense, you’re 100% correct, but let’s not kid ourselves. WordPress used to release a new version on occasion as the need warranted. Suddenly there’s an increased awareness of bugs that requires fixing immediately? No. The product goes out the door and isn’t as fully tested as it used to be thus the continual releases.

    2. Again, that sounds like spin. Understand I don’t blame you directly for what happened, but that doesn’t make it any more acceptable. I stand by my original point that this rapid succession upgrade process (which seems the way things roll now) will undoubtedly leave people behind.

    3. I started using WordPress in March of 2003 and have been blogging since January of 2002. I guess “all over the place” is more about perception than anything else. From the inside (ie: You and the WP team), I’m sure you couldn’t escape it. From the outside (ie: everyone else) this sort of thing just wasn’t that big a deal.

    Either way, it’s a moot point. What’s done is done and all that jazz. I’m just annoyed that one of the biggest banes of a blogger’s existence can be traced back to the creators of one of the most popular software for blogging out there. You’ll understand if I don’t feel like I’m “throwing away” the work of others.

    As for the repeated refrain “I’m not WordPress…” here’s your Wikipedia opening:

    Matthew Charles Mullenweg (born January 11, 1984 in Houston, Texas) is an entrepreneur living in San Francisco, California.

    He is the founding developer of the popular open-source blogging software WordPress and writes a popular blog Photo Matt. After quitting his job at CNET, he has devoted the majority of his time to developing a number of open source projects and is a frequent speaker at conferences.

    In late 2005, he founded Automattic, the business behind WordPress.com and Akismet.

    You’ll understand if I chuckle when you say you’re not WordPress. You may not be the whole company, but you’re a lot more than a mailroom shlub.

  • http://www.turning25.com Chris

    Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

    I’ve been trying to get wrapped around that line of thinking since reading your post. What kind of monetary gain is there from Akismet? It’s offered freely, so I’m imagining at most not that much. Though, if there is some sort of gain to be had, this is poisoning everyone’s water (creating the problem) and selling the antedote for $100 a pop (profiteering with the solution).

  • http://www.insignificantthoughts.com Vinny

    I didn’t ever say there was a monetary gain in Akismet, but there’s no gain to be had in any open source project, really…

  • http://www.turning25.com Chris

    I know you didn’t say that, and I made the same conclusion in my comment that open source doesn’t endow the wallet. (Except for adverts, perhaps?) I guess in a roundabout way I was simply agreeing with your point that Matt was let off too easy. If this had been some sort of business venture or just anything with dollar signs hooked on to it there would be all sorts of 2.0 outrage.

  • http://www.turning25.com/ Chris

    I agree with you. The hack was ridiculous, and their updates have sucked (I hate the default to wysiwyg editing on a fresh install, etc.).

    Your third point though is from early 2005. Have they done anything to correct the stupidity since then?

  • http://acaproductions.com/myblog/ Alan

    You are making me wonder if my own blog should be using something other than WordPress. I’m fairly new to the blogoshpere so this was all news to me.

  • http://photomatt.net/ Matt

    1. To my knowledge, we haven’t shipped any software with “broken features” or “non-functioning code”. Since there are so many people using WP (we host 800,000+ of them) that sort of thing gets picked up very quickly. Maybe your friend was referring to a development versions? If you have any first-hand information I’d love to find out more.

    Also we didn’t fork the codebase, but as part of our commitment to Debian we’ve promised to keep maintaining the 2.0 branch for security fixes until 2010. We’ve always maintained old versions for about a year, but this is a bit longer. So far it has gone well.

    2. While it sucks one of our servers was hacked, I certainly tried to respond to it as quickly and transparently as possible. It wasn’t easy asking everyone to blog about the worst thing that has ever happened to the project. Similar things have happened to other open source projects in the past, including Apache, I don’t think anyone is immune.

    3. It’s been over 2 years now since the dumb hotnacho article mistake I made. At the time I didn’t really understand web spam in the broader sense as you describe it, but that’s still no excuse. I don’t think I was let off easy, in fact it was one of the toughest periods of my life, and it happened in the public eye of the blogosphere and mainstream media. In the years since I’ve devoted a lot of my time to Akismet, which is an anti-web-spam service which has blocked over a billion spam comments, trackbacks, signups, wiki edits, and more. (Akismet is platform-agnostic, and in fact is one of the more popular plugins for MT.) We also spend a ton of resources keeping sploggers and spam off WordPress.com, something much bigger players don’t pay as much attention to. I appreciate your forgiveness, but I’d hope my actions since then would speak loader than my words.

    Anyway I just wanted to drop my two cents in, I’m sorry my personal actions drove you away from a thriving open source community and I hope if you keep an eye on WordPress we’ll regain your respect in the future.

  • http://www.insignificantthoughts.com/ Vinny

    Thanks for responding Matt…

    1. The rapid succession of bug fix releases says to me that things are going out the door with problems.

    2. I agree that not everyone is immune, and even said as much. It’s still unacceptable. The hard part for me is that not everyone in the WordPress community (particularly end users) is competent enough to do the fixes themselves and I reckon a lot of them don’t even know that these fixes are out there. Just take a look at how many people didn’t even upgrade to 2.0 let alone 2.11!

    3. I think you were let off easy. Frankly, I’m very connected to the community. I own a hosting company and my partner does WordPress layouts. We both have installed WordPress numerous times both for ourselves and our clients. Neither one of us heard about this until this weekend, which means that most people probably didn’t even know about it (in fact, read the two comments above yours…).

    I don’t think we should flog you in the streets. WordPress is a great product. My only problems with it ever were the utterly useless forums where when you ask a question someone calls you a n00b or asks you to kindly read the FAQ or something. I don’t even have a problem with you in particular. Really.

    I have a problem with what your actions represent. I’d feel the same way if I found a police officer with a stash of coke in his garage.

    Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

    I’m sorry but I can’t support that.

    I wish you all the best, Matt. I understand that you’ve learned your lesson and like I said earlier, I appreciate your comments here.

    Who knows… Maybe one day WordPress will find its way back into my heart again.

  • http://photomatt.net/ Matt

    1. The frequency of release simply means that when we find a security problem we don’t sit on it for months like commercial companies do, we put a fix out there ASAP. It’s also a function of popularity — I manage popular and unpopular projects, and something that would go unnoticed for years in the unpopular product get discovered and fixed within days in the popular one.

    2. As part of the announcement we encouraged people to help out any friends who were unable to upgrade, and worked with hosting providers as well. To date there have been *no* reported compromised blogs as a result of the problem, and our internal stats show that the upgrade message got out there really well. I would estimate there are at most a few dozen vulnerable 2.1.1 blogs left in the world.

    3. If you didn’t know about the incident, it’s probably because you joined the community at least several months after it happened. It was covered on hundreds of blogs and MSNBC, The Register, Guardian, CNET, etc, and is still to this day promoted by people who have beef with me. It’s also on my Wikipedia page.

    However if you still missed it, it’s probably because *I’m not WordPress*. Again, I’m very sorry that my personal mistakes caused you to dismiss the work of hundreds of passionate volunteers over several years.

  • http://www.insignificantthoughts.com/ Vinny

    1. That sounds a lot like spin to me. In a strictly mathematical sense, you’re 100% correct, but let’s not kid ourselves. WordPress used to release a new version on occasion as the need warranted. Suddenly there’s an increased awareness of bugs that requires fixing immediately? No. The product goes out the door and isn’t as fully tested as it used to be thus the continual releases.

    2. Again, that sounds like spin. Understand I don’t blame you directly for what happened, but that doesn’t make it any more acceptable. I stand by my original point that this rapid succession upgrade process (which seems the way things roll now) will undoubtedly leave people behind.

    3. I started using WordPress in March of 2003 and have been blogging since January of 2002. I guess “all over the place” is more about perception than anything else. From the inside (ie: You and the WP team), I’m sure you couldn’t escape it. From the outside (ie: everyone else) this sort of thing just wasn’t that big a deal.

    Either way, it’s a moot point. What’s done is done and all that jazz. I’m just annoyed that one of the biggest banes of a blogger’s existence can be traced back to the creators of one of the most popular software for blogging out there. You’ll understand if I don’t feel like I’m “throwing away” the work of others.

    As for the repeated refrain “I’m not WordPress…” here’s your Wikipedia opening:

    Matthew Charles Mullenweg (born January 11, 1984 in Houston, Texas) is an entrepreneur living in San Francisco, California.

    He is the founding developer of the popular open-source blogging software WordPress and writes a popular blog Photo Matt. After quitting his job at CNET, he has devoted the majority of his time to developing a number of open source projects and is a frequent speaker at conferences.

    In late 2005, he founded Automattic, the business behind WordPress.com and Akismet.

    You’ll understand if I chuckle when you say you’re not WordPress. You may not be the whole company, but you’re a lot more than a mailroom shlub.

  • http://www.turning25.com/ Chris

    Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

    I’ve been trying to get wrapped around that line of thinking since reading your post. What kind of monetary gain is there from Akismet? It’s offered freely, so I’m imagining at most not that much. Though, if there is some sort of gain to be had, this is poisoning everyone’s water (creating the problem) and selling the antedote for $100 a pop (profiteering with the solution).

  • http://www.insignificantthoughts.com/ Vinny

    I didn’t ever say there was a monetary gain in Akismet, but there’s no gain to be had in any open source project, really…

  • http://www.turning25.com/ Chris

    I know you didn’t say that, and I made the same conclusion in my comment that open source doesn’t endow the wallet. (Except for adverts, perhaps?) I guess in a roundabout way I was simply agreeing with your point that Matt was let off too easy. If this had been some sort of business venture or just anything with dollar signs hooked on to it there would be all sorts of 2.0 outrage.