WordPress.org

A week from today on May 1, hundreds of WordPress users, developers, designers and general enthusiasts will descend upon San Francisco for the 4th annual WordCamp SF. Since that first WordCamp in 2006, back when WordPress was on version 2.0 (Duke), the number of people using WordPress to power their web publishing — from personal blogs to large-scale commercial sites — has grown by millions. It’s no wonder this year’s event is going to be so great.

If you’re unfamiliar with WordCamps, here’s the skinny: the San Francisco event is the flagship, put together each year under the direction of WordPress co-founder and lead developer Matt Mullenweg, who traditionally reports on the “State of the Word” and assembles a lineup of speakers that have inspired him over the past year. This year’s lineup includes luminaries such as Richard Stallman, the father of Free Software, best-selling author Scott Berkun, and Salon.com co-founder Scott Rosenberg. As the final speaker list is finalized, the remaining speakers will be added to the WordCamp SF website, but a surprise or two is still possible.

Though the main event is on Saturday, May 1, there are additional days of WordPress goodness in store. Saturday, May 1 will be the main conference with scheduled speakers. There will be keynotes, session tracks for both bloggers/end-users and developers, and lightning talks to provide a broad mix of content, followed by a raging afterparty. Sunday, May 2 will shift location and tone, with a low-key developers’ unconference for the super-code-focused attendees. May 3 and 4 are conference-free, but a WordPress core contributor in-person code sprint will span those two days, bringing together core contributors old and new from around the globe for two days of intense hacking (and let’s face it, 3.0 bug fixes).

If you’re in the Bay Area, or can be, and want to attend WordCamp San Francisco, go get your ticket today!

*     *      *      *     *

Other Upcoming WordCamps

It’s definitely WordCamp season; just check out the growing list of upcoming WordCamps over the next couple of months! If you don’t see a WordCamp near you listed here, check the rest of the schedule at WordCamp.org. In the meantime, don’t forget that many WordCamps post video of their presentations on WordPress.tv.

April 24 (today!) – WordCamp Orange County
Irvine, CA USA

April 29 – WordCamp Nashville
Nashville, TN USA

May 1 – WordCamp San Francisco
San Francisco, CA USA

May 8 – WordCamp Paris
Paris, France

May 8 – WordCamp Argentina
Buenos Aires, Argentina

May 8 – WordCamp Chile
Santiago, Chile

May 15–16 – WordCamp Denmark
Copenhagen, Denmark

May 15 – WordCamp Victoria
Victoria, BC Canada

May 21–22 – WordCamp Italy
Milan, Italy

May 22 – WordCamp Malaysia
Kuala Lumpur, Malaysia

May 22–23 – WordCamp Raleigh
Raleigh, North Carolina USA

May 29–30 – WordCamp Fayetteville
Fayetteville, Arkansas USA

May 29 – WordCamp Yokohama
Yokohama, Japan

June 5–6 – WordCamp Chicago
Chicago, Illinois USA

June 12 – WordCamp Reno-Tahoe
Reno, Nevada USA

June 12 – WordCamp Vancouver
Vancouver, Canada

June 18 – WordCamp Catania
Catania, Italy

June 19 – WordCamp Columbus
Columbus, Ohio USA

Early next week, we’re hoping to release the 2nd beta release of WordPress 3.0 on our journey toward the final version. There are still over 200 bugs in the 3.0 milestone, and we can use all the help we can get on fixing these problems. If you’re a developer, take a look at the list of bugs that still need fixing in 3.0. Write a patch, or test and give feedback on someone else’s. The tickets around custom post types and taxonomies are especially in need of help. Every little bit helps, so if you’re a developer who’s never contributed to core before, maybe now is the right time! Check out our information on contributing to WordPress core, and head over to Trac to see if there’s a problem you might know how to fix. If you get stuck, need collaborators, or have a question about the best way to approach a fix, hop into the dev channel on IRC at irc.freenode.net, channel #wordpress-dev. Core developers will be around over the weekend working on bugs themselves, so if you’re trying to help, don’t be afraid to ask questions. With your help, maybe by Monday we can knock the bug count down to half of what it is right now. How great would that be? (Answer: pretty great)

The sprint will go full force until Monday afternoon, when the lead developers and core committers will all stop to take a breath and look at the remaining bug reports to see how we did over the weekend, so don’t wait! And thanks!

Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.

P.S. Network Solutions, it’s “WordPress” not “Word Press.”

The deadline for students applying for Google Summer of Code this year is today, at 19:00 UTC. That’s about 3 hours from now. Still working on your application? Double check your time zone here. No late applications will be accepted.

There are a lot of potential projects on our Ideas list, so if you’ve been hemming and hawing over whether or not to apply, this is your last chance for this year. We have great people lined up to mentor the students, including most of the WordPress lead developers, some dedicated core contributors, plugin developers, the BuddyPress lead developers, etc. Google is providing a great opportunity for both students and the open source projects that act as mentoring organizations (like WordPress), so don’t pass it up if you’re an eligible student.

You can’t win if you don’t play, right? Five thousand bucks for two months of coding over the summer with WordPress hotshots. I know a lot of people that would love that deal. Oh, and hey, student girl wonders of WordPress-land: why haven’t you applied yet?

Apply now! (Don’t forget to use our application template.)

Remember when I posted earlier about the Twitter account, and I said that hopefully you’d find out later today what has been keeping us all so busy? Beta testers, this is your moment: the WordPress 3.0 Beta 1 has arrived!

This is an early beta. This means there are a few things we’re still finishing. We wanted to get people testing it this weekend, so we’re releasing it now rather than waiting another week until everything is finalized and polished. There’s a ton of stuff going on in 3.0, so this time we’re giving you a list of things to check out, so that we can make sure people are testing all the things that need it.

Read on for more »

This post is about the @WordPress Twitter account, so if you don’t use Twitter, or don’t care about Twitter, then feel free to take the time you might have spent reading this post to go play outside (or an equivalent) instead.

Okay, so, Twitter! When all those apps started popping up using the Twitter API, things like automatically following anyone who followed you and sending an automatic Direct Message seemed like good ideas. We’re all friends, right? Wrong. That auto-follow bit us hard, and the huge amount of spam the account gets means that it’s been nearly impossible to monitor legitimate messages from WordPress users and developers who need to be pointed to a help resource. We’re sorry! Just as we needed to get the Ideas Forum under control* so that it could become a more useful resource for the community, we needed to get rid of the spam clogging our Twitter arteries. Except there was no easy way to do it.

We had wound up following over 50,000 people. If someone went to the wordpress profile page on Twitter to see the stream of updates from people we followed, almost none of it had anything to do with WordPress or the community. Diet pills, Twitter scams, and multi-posted spam messages were the norm. Yuck! Who else wishes there was Akismet for Twitter? Unfortunately, there’s no easy way to clear this stuff out quickly (mass unfollows trigger their TOS alert, so it’s not surprising). I even contacted Twitter directly to see what the options might be, and it was suggested we use a script to clear the account. To be clear: Twitter flagged our account so that when the script was run they wouldn’t mark us as spammers for violating the TOS with a mass unfollow. We communicated with them beforehand, and the use of scripts to do this is not encouraged. Twitter was doing us a nice favor to help us get our house in order. Thanks, Twitter! Last night I ran the script and removed everyone. Extreme, but in good cause, right?

We’re now starting to re-follow real people from the WordPress community. There will be no more auto-follow. If you are a WordPress developer, designer, blogger, fan site, whatever — and think your tweets should appear in the wordpress updates stream, then send an @ reply to us and we can add you to the new list (assuming you’re not hawking diet pills, free iPads or ways to get a million followers). This way, people who are new to WordPress and go to check us out on Twitter will (hopefully) get a sense of the vibrant community that we have. People who send @ messages to us won’t (hopefully) wonder indefinitely why they were ignored, because without all the spam, maybe we can use Twitter as it was intended to be used, as another channel of communication.

And for anyone who uses Qwitter and thinks wordpress stopped loving them because of the last tweet they posted before the script ran… sorry! It wasn’t like that, we swear! It would be nice if the script could have done a bulk DM before the removal, but nope (otherwise we’d have included a message about this). So trust us, we still like you! And if you haven’t already been re-followed, please don’t take it personally… just send an @reply to wordpress (tell us how you use WordPress!) and we’ll try to get you re-added soon. Later today (hopefully) you’ll find out what’s been keeping us so busy!

*Have you noticed? We cleared out thousands of old threads, added categorization, and will try to keep it to under a hundred open idea threads at a time so that they can be managed in a timely fashion. Check it out and rate some of the new ideas today!