The answer may surprise you

ordPress is a leading (probably “the” leading) blogging platform and it is also used extensively as a CMS, even in my business. I run about 10 WordPress sites and I take pleasure in the fact that it is GPL-licensed, community-supported, and managed by very cool and Free software-friendly people.

But who created WordPress?

Crediting just Automattic or Matt for WordPress would be unfair. GPL encourages the laying of one’s work upon another and WordPress actually comes from this piece of software, known to many as b2. Several years ago I personally met the person who liaised with Matt to create WordPress, which helped the succession of the mostly abandoned/forzen b2 (at that time). Matt is currently the only one who receives credit for WordPress, just like Jimmy Wales gets too much credit for Wikipedia (he was merely a co-founder).

In short, WordPress is the fruit of labour of many developers, not just extensions producers who brought appeal to the platform/framework. But originally, WordPress was merely a succession of b2. The nature of Free software is, credit is preserved to a degree, so we can always go back and check who did what. One might say that Michel created WordPress, not Matt.

NE common complaint about WordPress is that it requires frequent updates. But the matter of fact is, very few of these updates nowadays are security-related, so provided one does not ride along with the treadmill, it should be possible to check the release details and see if an update is crucial for security. For over half a year (until recently) WordPress had no security updates. There were not known flaws. So for those who maintain many WordPress blogs (I run about 10) or have to manually upgrade some of them due to hosting setup, an update to WordPress should only be required once in a very long time. Nobody forces an update and provided one is comfortable lagging behind on the features, WordPress should not be marked down on the basis of release pace.

OR about 5 days now I’ve been spending an increased amount of time over at Identi.ca, which has a very pleasant community and helps enhance interaction with people who appreciate freedom. It can be similar in some ways to Google Wave or to Novell Pulse (thus the image above), but it is built entirely on free/libre software (AGPL). May I recommend that you too, dear reader, join the site and join the fun?

As an aside, for 3 days in a row now I’ve been the most prolific user there. A new addiction? Hopefully not. Addictions are never good.

EB statistics/tracking services share some very encouraging figures which suggest that Netscape and Digg lead the pack of social-driven news sites. As I am active on both sites, I am more than pleased to see this. Some time this weekend I will have submitted my 10,000^th story to Netscape.

Knowing that Netscape attracts roughly 5 million unique users per month, I am certain that my contributions have an impact. They primarily promote digital freedom — something which I passionately believe in and therefore perpetually promote.

Mobility of data is becoming an important issue these days. Many people’s data is stored on third-party Web sites, whose data formats are not specified. The data cannot be exported (e.g. for upgrades or migration) either, so there’s a lockin involved in many such Web services (think Web 2.0).

Possession of one’s data would be a selling point. So why are sites not providing this facility? Why is its implementation assigned such a low priority? Simply put, sites wish to elevate exit barriers and make it hard for customers to walk away. But there is a cost here. This leads to resentment. This leads to backlash, which DRM, for example, comes to show us.

Let’s just integrate facilities for import and export in all user-driven Web sites. Export at the least — one that relies on standard protocols for containing data — should be crucial. Without import facilities, quick flow of SPAM is not an issue, in the case of public-facing sites such as Digg.com. Just take del.icio.us for example.

ITH success in any Web site comes some spam, which needs to be combatted effectively. Herein I will deal with social bookmarking Web sites in particular. Spam is not always automated. There is brute-force spam that is scripted; but there’s also self-promotion that strikes in the form of mass submission. And people have begun trying to game Netscape, whose front page bears an admirable PageRank 9. This keeps the Anchors and Chief Editor on their toes.

The problem has become somewhat universal across this new wave of sites comprising contributer-driven content. Digg has had submission parasites, yet human moderation, as well as spam report widgets (community-driven), have it eradicated early on. I usually report any suspicious submission as spam, at least as soon I spot a distinct and objectionable pattern. When the same person always posts to the same domain, for instance, that’s a red flag. Sometimes you can align the username with the domain’s affiliation, but sometimes consistency in the URL is enough. And ‘sock puppets’ (same person with multiple identities that boost a bogus sense of consent) are another-yet-closely-related matter altogether.

When enough stories get intercepted, links the to the domain are banned by principle (for a month if not permanently), or particular Web addresses blocked for good. This sends the appropriate message: abuse, then get your domain blacklisted. This may be better than banning the users who could otherwise change their ways and contribute differently; in a positive way, that is. In fact, some people just haven’t grasped the concepts of social bookmarking, so they fail to see the wrongdoing.

When banning users, there is a need for caution. A pissed off innocent user is far worse than spam that successfully percolates because people talk. They have blogs, so a good rant with proof can get heavy exposure very quickly. And it affects reputation. Look at what has happened in Digg more recently.

An afterthought: One possible workaround to ‘sock puppets’ would be to demand that each newly-subscribed user supplies a unique E-mail address, as well as logs in with an IP address that wasn’t yet used in registration on that same day. This can’t stop instantiation of puppets or protect against proxies and dynamic IP’s. However, it definitely slows down the abuse and reduces incentive to game the system.

T has been argued and nearly publicly announced that WordPress.com is headed towards a get-your-own-space program. I think this would be an excellent idea. Essentially, a blog that runs on WordPress.com can be accessed transparently from a personal domain rather than a subdomain on WordPress.com.

Interesting thoughts spring to mind. One can get a wordpress.org blog hosted by a third-party (through a manual installation or using a one-click-away script). Alternatively, anyone could just start things on a small scale with WordPress.com, then growing big(ger) with a personalised, top-level domain. While I’m not sure how search engines will deal with redirections or URL changes (this could get tricky), it could be done properly by sending HTTP header with status code 301. I heard success stories, as well as ‘Googlejuice’ disasters. But people’s bookmarks should not be an issue.

Chiroweb.com, for example, has been doing essentially the same thing, namely letting you have your own domain hosted as a subsite on a root site, which is at the same time accessible through your won domain. Page composition (CMS front end), on the other hand, is, as expected, restricted by the service, so there is limited freedom and scope for manoeuvre, development, and extension. This can nonetheless be circumvented by changing hosts and installing an alternative (temporary site mirror) manually. It should be possible with WordPress.org, but probably not with Chiroweb, whose templates are proprietary/licensed (example below).

That’s my relative in Florida!