Automattic Meetup 2015

This year, Automattic went back to Park City, Utah! The big difference this time? Our “almost 300” has grown to 400 employees spanning the globe, many joining us from the WooThemes acquisition earlier this year. With so many colleagues from around the world, it’s great to see everyone at least once a year, and build great things in person.

Some aforementioned great things were indeed made this year, keep your eyes on the Blog and the Jetpack Blog for news, but perhaps more interesting (or at least more fun) was the introduction a live band made up of some of my more talented colleagues. I don’t think the band will be producing any albums, but it sure made for a fun night! :)

For more photos, visit colleagues Adam Heckler and Greg Stewart, and don’t forget that we’re always hiring!

James and Greg

James and Greg

WordPress Security and Auto-Updates

autoupdatesWordPress 4.3.1 was released six days ago and included three security fixes. If you haven’t done anything silly to disable auto-updates, you would have been automatically updated within an hour of the announcement (and in some cases even before the announcement). If you have disabled auto-updates, your site was publicly at risk until you manually updated, and if you still haven’t updated, you had better do so now.

Auto-updates are not only crucial, they are almost quite literally the least you can do to protect your site. When a security update is announced, along with the vulnerabilities being made public, you could trust your site to update itself quickly and efficiently with no effort on your part, or you could disable all of that and keep your site vulnerable until you got around to doing it yourself. Sure, there is a very slim possibility that a feature of a plugin on your site may momentarily break until its developer fixes it, but such a thing is insignificant compared to recovering a hacked site, or losing an unrecoverable hacked site, just because you decided to let it live with publicly known vulnerabilities.

This doesn’t just extend to WordPress core. Plugins and themes get occasional security updates too. While WordPress doesn’t automatically update those by default, you can make it do so by modifying wp-config.php, using a plugin, or a service like Jetpack Manage. Just like with WordPress core, the updates will be applied within an hour of the release. And, if you’re worried about losing theme modifications, make sure that you’re using a child theme or a plugin like Jetpack Custom CSS so that you can modify your theme in a way that still allows you to safely update the parent theme.

When it comes to securing WordPress, there’s a lot you can do, but allowing auto-updates to function is by far the best way to keep your site secure, and almost quite literally the least you can do. Enjoy the freedom and security that auto-updates afford to you and your site.

WordPress 4.3 Released

si600WordPress 4.3 has been released! This release introduces menu and site icon controls to the customizer, formatting shortcuts to the editor, stronger password enforcement, and more.

246 volunteers contributed to this release, lead by Konstantin Obenland. At the time of writing this, WordPress 4.3 has been out for a bit over 2 hours and has already been downloaded 373,399 times!

All users can now safely update from Dashboard -> Updates or download and update manually, though you should probably backup first just in case, unless you’re already using VaultPress, which you really should be.

WordPress 4.2.4 Released

wordpress600WordPress 4.2.4 has been released. This is a critical security release, addressing 6 security vulnerabilities, as well as 4 bugs (including a few you may have run into during the last security fix).

A huge thanks to the folks who kept us all safe by responsibly disclosing the security vulnerabilities.

If you have not done anything silly to disable automatic updates, you were already updated hours ago. If you did do something silly to disable automatic updates, then your site has been vulnerable to 6 now publicly known security vulnerabilities for at least the past 10 hours, so you should really update manually right now, and then turn your automatic updates back on.

As always, if you run into any trouble, please let us know!

Small Twitter Victory

twvictoryWhile my tiny corner of the world is being loomed over by the type of room-shaking thunderstorms it rarely experiences, I did find a tiny ray of sunlight. MacManX on Twitter is finally mine, after spending the last five years trying to wrestle it from the clutches of a long-abandoned tech news account. I don’t know why it’s so important to me, but it always bothered my that it was just sitting there unused and unloved, while I had to use MacManXcom instead. Well, now it’s mine. Time to find some sort of tiny victory horn to blast, but probably no one will hear it over this thunder.

Changing usernames on Twitter is shockingly easy, it’s actually just another settings field. You type in a new username, it instantly displays if it’s available, and you save your settings. Your Tweets are transferred over, your Followers are transferred over, everything is transferred over. I was very impressed. The only negative point is that there is no way to redirect the old username. You have officially given it up for someone else to have, which I suppose is perfectly fair. One minute to change the username, one hour to find and change any links and integrations that are within my power to change, and another hour to take a black marker to my business cards (way too many business cards). A nearly five-year struggle was over in two hours.


Doobies Inc. at House of Blues

Sarah and I, plus a few of our friends, had a great time last night catching good friend Lawrence Tamez (saxophones and percussion) with Doobies Inc., a Doobie Brothers tribute band, at House of Blues in Anaheim. I figured I might as well share a few photos here, because stage lights are cool. If there’s a Doobies Inc. show in your neighborhood, you absolutely must go!

Sequoia National Park Trip

My wife and I felt it was about time for a vacation, so we took a few days to drive up to Sequoia National Park. On the first day, we took the easy Crescent Meadow Trail and somehow wound up on the far-less-easy Trail of the Sequoias (lovingly referred to as the Trial of the Sequoias) and all the trails we then had to take to get back to where we started. On the second day, we planned to visit Moro Rock, but wound up on the much longer trail to Moro Rock instead.

We certainly made a few mistakes along the way, but those mistakes lead us to some amazing views that we would otherwise have missed. We look forward to returning next year for everything we had actually planned to see this year. :)

Trail of the Sequoias 9

Team Rads in Malta

Two weeks ago, Team Rads of Automattic met in Malta to focus our efforts on launching the inevitable WordAds 2.0 and to investigate unique marketing opportunities. We are an ever-growing distributed team, with three of us in California, one in Australia, one in Iceland, one in Portugal, and our newest team member in Italy, so we try to get together a few times each year to work out things that can’t be done over email, o2, and Slack.

Malta is an amazing country, and I really hope I can go back some time in the future to enjoy it as a vacation rather than just a business destination. We toured the island by bus and boat, and even visited the famous Blue Grotto. I also managed to take a few photos along the way.

Does any of this look interesting to you? Then I have some great news for you! If you want to work at Automattic, we’re hiring!

Team Rads in Malta

Going Webmail-Only

webmail600Last week, I mentioned that I was de-prioritizing email in my life. So far, it’s been great, and I’ve had some amazing success avoiding email in general by only using webmail. Webmail is harder to get to than launching an app, which means I don’t use it as often. Most importantly, webmail is simple and only offers essential features.

I spent the last four years changing email apps to find one that simplified email, rather than further complicating an already complex system. To be honest, Sparrow was the perfect email app, but it has mostly stopped working since Google acquired it two years ago. Airmail began life as its spiritual successor, but they keep adding features that are useless to me. It’s become the perfect example of software bloat. I’ve also tried Apple’s Mail app, Thunderbird, Postbox, Mail Pilot, and a few others I have generally forgotten, all resulting in similar feature exhaustion.

All I want to do is read and send email, but every app assumes that I want to do more, so much more. My ideal email app puts those two features up front and hides the rest unless I specifically enable them. Much to my surprise, my ideal email app is webmail. I have tried webmail from ProtonMail, iCloud, and Gmail. Their webmail does a great job of clearly presenting email’s core features. They hide the extra features behind settings, make them less visually prominent, and even omit some of the less-used extras.

Webmail’s simplicity allows me to focus on my email, and that’s exactly what I want from an email app. I’m sure a new Sparrow will show up some day, but until then, I’ll always have webmail.

De-prioritizing Email

downemailMany years ago, when the internet only made this sound, I opened my first email account at Excite (and yes, it still works). Back then, I thought that email was both the most efficient and the most polite way to contact someone. Unlike sending a letter, you had the possibility of an immediate response. Unlike calling someone, you knew that they would only log in to it when they were ready to. Email was never an interruption.

That last bit has been lost to us. Email is now an interruption to our daily lives, even more so than phone calls, because it’s just so much more popular. We get email notifications on our computers, our phones, our watches, and even in front of our faces. No matter what you’re doing, something is going to let you know that someone wants you to read an email right now. I have spent the last several years under the oppressive rule of email notifications, but no longer.

Starting this week, I have de-prioritized email. Since I only check my physical mailbox for mail once a day, I’m only going to check my email twice a day. Emailed notifications are switched off everywhere, work communication is primarily via Slack, and anyone else who needs me immediately can call or send a text (preferably via Signal).

How am I going to avoid the addictive lure of my email applications? I got rid of them and have switched to webmail only (more on that later). In short, my email is now harder to get to, so it’s no longer a distraction. How will this turn out? So far, I feel more free than I ever have. There are less things clamoring for my attention throughout the day, and I only read my email when I’m ready to, which means I just have more time to do more important things throughout the day. Beyond that, only time will tell.