Autocrattic
Matt removes my wp-db-backup plugin from the default WordPress package. No trac ticket suggesting this course of action, no seeking feedback from testers or hackers, and no public discussion of his actions prior to executing them. The backup plugin was very highly recommended by a lot of people on the hackers list for inclusion with the default download.
I continue to get trackbacks about how it has saved folks' sites. I see my plugin listed in many "top ten plugins" lists. I honestly don't care whether my plugin is bundled by default or not. It's Matt's unilateral decision making that raises my ire so much. He's written time and again about what users want when justifying things he wants to ram into the core, but then happily ignores popular opinion for his own undocumented, unpublished, goals.
I take particular umbrage with Matt's claim that it "has been a source of security probs". I was only ever made aware of one security issue, which I published immediately here, as well as on the WordPress support forums. If one security issue means the plugin should be removed from the core, then the core of WordPress itself should be excluded from the core, since it's had far more security vulnerabilities in its lifetime. Doug Stewart claims "it's been a security nightmare", but offers nothing to back up that claim. Nor have I received any emails from him, Matt, or anyone else about these security problems, even before I stopped officially supporting my plugins.
Matt says, rightly, "There is nothing stopping you from continuing to use the plugin". Sure, I still host the plugin version here, even though I have no intention of updating it to work with any future versions of WordPress. The kicker, though, is Matt's final comment "I just don't think it's appropriate to bundle with core anymore." And that alone is sufficient grounds for him to take action, community be damned.
Don't let yourself be fooled: although the code to WordPress is available for download and personal modification, there's very little chance of anyone other than Automattic making substantial contributions to the product. It's "open source" in name only.
Matt suggests folks should use the new fangled XML import/export feature, instead of the backup plugin. This isn't the first time Matt has removed someone's contributions to be replaced by something he cooked up. I haven't used the import/export feature yet (because I gave up following WordPress development), but I do wonder about its utility in comparison to the backup. Export and backup are two different things.
If anyone wants to take ownership of the wp-db-backup plugin, feel free to contact me. I'll happily facilitate anything I can if you want to pick up where I left off. I'll also politely ask Autocrattic to grant you write access to the wp-plugins.org repository, though be warned that it took almost a month to get subscribe2 updated for its new maintainer.
First you complain about its integration, now you complain about it being taken out.
We've removed plugins before (Textile, Markdown, etc) and it has generally been for the best. Time will tell, but I don't think yours will be missed much. For the percentage of people who will, they can still install it. That's the beauty of plugins.
Ultimately backup is something that should be handled at the system level. XML import/export isn't perfect yet, and still needs work before launch, but it functions fine for backing up posts and comments, exporting to another system, and transferring posts and such between blogs. (Only one of those was addressed by wp-db-backup.) It's also much smaller, and reuses a lot of our existing code. The only reason I bundled wp-db-backup in the first place (another unilateral decision, I suppose) was because XML import/export didn't make it in time for 2.0.
Your abandonment of the plugin certainly didn't help its case, it may have been improved to address some of the more common use cases above but you obviously don't care or want anything to do with WP, besides taking potshots at myself and Automattic.
The wp-db-backup plugin was written, perhaps unsurprisingly, to only address database backups. Thus the catchy name. It was written specifically for the much flaunted "Backup Week", and was an attempt to make backups easier than using phpMyAdmin. It wasn't designed to transfer data between blogs, or to export to another system. To claim now that it is deficient in areas outside of its domain is making a straw man argument.
Speaking of straw man arguments, what are the security problems, exactly? If you've identified any, you never contacted me about them. It's not too late: feel free to email me any security problems with wp-db-backup.
My recollection of the bundling of wp-db-backup in the core download was as a result of popular opinion on the wp-hackers list in response to your request for comments for which plugins to bundle. I wouldn't call that unilateral. Your removal of the plugin from the core code without comment or announcement simply reinforces the perception that you see yourself above the rules: you don't need to bother with trac tickets, because you're infallible.
Were I taking potshots, I'd be calling you names and nit-picking as many of your deficiencies as possible. I'm not doing that. Instead, I'm pointing out what I feel are substantive problems with the WordPress power structure -- the very same problems that drove me away.
I spent quite a lot of time advocating WordPress, writing documentation, and helping out in the forums. I stood up for you, personally, as well as your product, many times because I felt things were on the right track. Even when I didn't personally agree with things (like, for example, the continued avoidance of any meaningful security announcements long after exploit code had been published), I tried my best to continue to advocate for WordPress.
Eventually, I came to the conclusion that things were not on the right track. Or, perhaps more accurately, things were not on the right track for my own comfort level. The continued lack of attention to documentation, the continued lack of published goals and objectives, the continued lack of meaningful release announcements with changelogs, and the continued autocracy drove me away.
Why you bother to comment on my post is quite beyond me. You ought not be bothered by my insolence: you're the benevolent dictator of a wildly popular blogging platform, and you've got a company named after yourself. Why do you care what I -- a WordPress deserter -- have to say?
As for not wanting anything to do with WordPress, alas, if only that were true...
[...] Do you ever wonder about the politics of open source? I’ve seen some nasty splits (anyone run through the DBIx tussle on the perl side?). But I thought this entry from the author of the default backup plugin in WordPress was *very* interesting. Of course, it’s difficult to know the full story, especially being outside the beltway so to speak, but it raises some very interesting issues that developers deal with on a daily basis, especially the not created here syndrome that plagues many of them. Writing for open source code bases is a thank-less job to begin with and it’s only made worse by seemingly arbitrary moves that disengage the very people that are trying to support you. In these cases, diplomacy is just as important as coding prowess. [...]
I'm with you Skippy. I think it's a great tool which allows me to do just that. Backup and keep it off-server..
Thanks for the plugin and for sure you have a user of it as long as it works :)
I hope you find someone to take it over to port it to future versions!
Skippy, I like how your plugin gives users a "warm and fuzzy" that they've successfully backed up their database; and that they can do it from the same web administration interface as everything else. That said, it seems to cross a certain security "line in the sand", in my mind at least, allowing possibly private data to be accessible via a web interface with only a password challenge between. To this extent I would also say that I think phpMyAdmin crosses the same line. Any time I see a possible coordination/conflation of web user rights and system administrator rights I get nervous.
So conceptually I agree with Matt that database backup belongs at the "system level" and perhaps (this is my addition) only the scheduling of said backup belongs in the web user interface. It certainly would be a lot simpler code-wise; and the permissions to run the sql dump would never require an administrative inter-connect with the web application.
That said I think Matt made no effort to explain the security case against your plugin. Further, I admit, the security implications are arguable if implemented with care...
I do think that there is a strong case for WordPress to de-canonize your plugin in favor of a replacement that offers the same advantages plus new ones. ( I have not checked to see whether the XML exporter allows you export sensitive information. ) The correct procedure however would be to offer it as an alternative with a comment period before deprecating your plugin.
Bob, I don't argue for a moment that a system-level backup, when available, is superior. But there are a lot of WordPress users out there hosting with companies that do not provide them shell access. As such, they cannot use the command-line mysql tools, and wp-db-backup is better than nothing.
I make it very clear in the plugin's readme (notably absent from default WordPress download, now that I think about it) that this plugin does introduce a security risk. In my mind, it's an acceptable risk: the backup file lives on the hard drive only until it is sent to you (by smtp or http) and promptly deleted afterwards.
One must also consider the situations in which this plugin is used. If folks don't have shell access, they likely are blogging for solely personal reasons. The exposure from any backup compromise is, in most cases, extremely small.
But all of this is tangential to my complaints: 1) why was there no discussion about this before Matt took action? 2) what are the "security problems" that are so grievous?
Ryan is less charitable than me in his response, though I admit his reply made me laugh out loud. The only reason I'm harping on this is because it's my plugin -- were it someone else's plugin that was removed without discussion, I'd expect them to carry the torch (and I'd support them in that effort).
Matt has the gall to claim "security problems", when there was exactly one published "exploit", which required admin privileges to execute anyway. Far worse exploits have been found in the WordPress core -- some which did not require admin rights -- so Matt's either being disingenuous, or just plain lazy.
Upon reflection, I really could care less about my plugin being removed. Matt's correct that I've abandoned it. But many users still rely on it, and judging from past experience with WordPress releases, the removal of the plugin from the core will not be well articulated to users. So they'll be left wondering where their backup tab went, and struggling to adjust to the new workflow forced upon them with the XML export.
I'm mostly unimpressed by the notion this is needed for users with hosting sites that deny them cron and/or command line access. If you're not in control of the server...I should think that you shouldn't expect to control database backups either. Frankly, may I venture that these users are confused about their role as webmasters and use Blogger instead? If I were running a hosting service, I'd be somewhat surprised to find code that made available for download entire database tables.
Incidentally whether it's a SQL dump or XML doesn't matter...it's what data is included. The XML export could well give the same security exposure.
Bob,
I agree... What happens when an "exploit" or "security problems" are found in the XML export? Is he going to remove it from the core? No.
From the standpoint of a pure user, one who simply benefits from the efforts of passionate developers, I must say that it is refreshing to read such well thought-out debate about the final quality of a product. I wouldn't go so far to say that the same sort of debate doesn't happen at MicroSoft or Apple, but it is well out of the public eye. This is what open source is all about. A public discussion and implementation of a product, for the good of all. Having said that, like in all democratic systems, there is always someone in the end that will make the final decision, rightly or wrongly, fair or not. As long as Matt has final say, he'll use it. We must assume that he make his decisions based purely on what he believes is best for the end users and WordPress. Of course, it's always nice to actually know why he decides this from that, but perhaps he's simply too busy.
I like the ideas behind the XML export, but I'm really distressed by its current shortcomings. Comment ID numbers aren't exported, non-core tables aren't exported and the size of the output file is ginormous.
I tried to explain this controversy to my girlfriend. I talked about the realities behind open source projects and tried to fairly articulate the arguments from both sides.
Her response: "So... it's a geek fight?"
Whoa, Skippy, I'd hate to think that I was the cause of a slight. Looking back at my message, my wording was quite indefinite - I was saying that the commit log (and thus one of the svn committers) was making that claim. I guess I should have been a lot clearer. My apologies for any misunderstanding.
Hi Skippy,
I've been following the discussion in the mailing list and so landed up here.
While, I personally never used the plugin, (phpMyAdmin for me), I am sure a lot of users have been doing so and will continue. Afterall, the upgrade to 2.1, will not delete it for anybody, if they don't use SVN.
1. What I would like to ask you is what is your opinion about the security of this plugin.
2. With Ryan's fix, isn't the backup more secure than before. Is it bundled in the v1.7 download on your site?
3. What experience level would a person need to maintain the plugin?
Skippy, just wanted to say thanks for this plugin. I've been using it quite a bit, and I just picked up wp-cron today, which is really quite awesome. I'm sorry things haven't worked out with you and Wordpress as of late, because you made some really great plugins.
I know what you mean about things being somewhat shady with WP development, but I try hard to keep in mind that it's hard to please everyone all the time. I don't know any devs or anything personally, but I'm sure that everyone is doing things the way they see things as "right" from their perspective. In the end, nothing is perfect, so it's not surprise that WP isn't either.
Personally, I hope that somebody notices that there are a lot of WP regulars that have distanced themselves from the community. It's certainly not a good sign. Maybe things will change, maybe not. Either way, we've got flexible theme and plugin systems working, so I've been treating WP as a platform for development - and taking advantage of all the features you get for free.
It's been a long time since the community really influenced where Wordpress is headed. Wordpress.com, Automattic and general "make mo' money" ideas has slowly turned a lot of people who really was interested in helping develop and further Wordpress. To be honest, the only real reason I continue to use it is that I know it. It works, and a lot of plugin developers has done a great job. I have invested way to much time on my own site to abandon it and switch systems. If that wasn't the case, I would switch in a heartbeat, much because of incidents like this and the general lack of Developer/Community interaction and respect. I honestly don't think that some of the developers in Automattic care about end users at all. Main focus seems to be generate income, holding speeches and so on. Somewhere along the line someone lost track of their origins.
There is nothing with the "core developers" that keeps me clinging to Wordpress at all. Not that I think it matters to them anyway.
If someone has the time and skills to fork it, I'm pretty sure lots of people would follow.
Skippy. I'm quite happy to take on the development of wp-db-backup and bring the version on dev.wp-plugins.org up-to-date adding new features and maintaining the current code base going forward. I'll send you an email and maybe we can hook this up.
[...] There were some very nice comments on my Autocrattic post, and some very well-thought-out opinions were put forward. Thanks for the kind words, the support, and the temperance of calm reason. RSS feed for comments on this post. TrackBack URI [...]
Is Matt nuts? Your backup plugin combined with the wp-cron plugin is the perfect plugin combination. Every night, without fail, my database is backed up and emailed to me! I suppose he is right that we can choose to carry on using but why bundle and then unbundle it? It seems like playground rules and he's p***ed off at you :-)
[...] Not to worry: I’ve another system. Used in conjunction with wp-cron, the built-in (or not) wp-backup plugin is set to automatically email a zip file to my gmail account every night. Except it seems that it inexplicably stopped working at the end of July, after chugging merrily along for months. I’d gotten so used to not even thinking about the emails that I didn’t notice them stop. This *might* coincide with the upgrade to Wordpress 2.0.4, thinking about it. [...]
[...] Answer: not much. [...]
Bob, why shouldn't users who have no shell access leave their backups to the whim of a shady host?
I'm not a "professional blogger," yet I do want to make sure I have recent and updated backups. When hosted on Dreamhost, I had no assurance that my database was being backed up, nor that I'd have access to that backup if I somehow screwed up my database. In fact, many hosts say that they do daily backups, but that the customer will have no access to them, that they're only for when the server fails.
So what then, for the blogger who made a few changes, and managed to corrupt their database? What about all the WP upgrades, that stress backing up the database first? How exactly am I suppose to do this easily, when I don't know phpadmin, nor to I have shell access.
Your blanket statement that bloggers have are confused about their roll as webmasters is just silly. I am a blogger. And I am a webmaster. Anyone who runs their own site, controls their own data, is a webmaster. And they have every right to be sure their data is backed up, whether or not they have the skills or shell access.
Skippy: Thank you for this plugin. Thank you. I don't blame you for not supporting it anymore, but your plugin has probably saved more sites than people give you credit for.
I don't think an XML export will ever be as good as a database backup. How can it? Is it going to export every table in the database? And when you import, is it going to recreate those tables?
I'm not even going to talk about Matt's decision making.
[...] update #1 After write about wp-cron a came across some discussion about wp-db-backup, and it seems to be removed from the default WordPress package… Doesn’t matter: I still recommend this plugin! [...]
XML import / export? Isn't that called RSS. :-D Anyway XML is not the answer to DB backups or post backups because all other information in the DB is not going to be in that XML file. If the version of WP that is supposed have XML import / export included why not just add a DB backup to right in. Makes sense... Maybe? :-)
I'm completely agree with Lisa. XML will be never be better than just DB backup.
A bit late (okay, a lot late), but I just found this thread.
Then, why on this green earth don't you remove "Hello Dolly"? It serves no useful purpose to the average blogger (about 99% of WP users).
Oh, that's right...you wrote it.
Skippy, I feel your well within your rights to raise this issue and call Matt out on this one. Matt, you should take a long look in the mirror while reading the definition of a hypocrite.
I am very pleased with your plugin wp-backup, Skippy!
I saw that in 2.1 it was not bundled anymore.
I do not know why...
I certainly disagree with Matt on that. He thinks it's for the best not to bundle this plugin. Did he answer WordPress users? No. He just decides.
Well, it's his project and his right.
Still, I do not agree on that...
Skippy, thanks for the great work!!! :-)
Reaaly late.
But i just want to tell a nice story about my using the backup plugin
From oktober 2006 till may 2007 i spend my time on a very long trip in
South and Central America. For the friends and family my girlfriend and and kept a blog going. From shady internet cafes we updated the site regularly. Which was hard enough, sometimes i tried to do some maintenance through the siteworx panel which this host uses to acces the site. Siteworx is a dragon in it's own right which could easily just show only some of the tabelized contents or could fail due to a stuffed browser cache. Then accesing phpMyAdmin from Siteworxs was even more fun. So my options where limited and since we paid by the minute for internet time also was my time to get something right.
But i never worried about the content of the site since i knew every knight the backup plugin and the cron plugin tandem would drop a copy in my mail.
This is just to put a feather in skippy's ass.
Now on the point of who should backup a database i think we can be very clear, if you put stuff in it you should be able to get it out. Let me explain this a bit.
First You pay for storage on a hosting server, renting this storage if you dont harm the toal system you should be able to do whatever you want with it.
(In this point porn would mean a lot off traffic and thus harming the system).
Second there is the copyright thing, if i write something i have the copyright on that something, meaning i have the right to control whatever copy of the writtten something. So i should have the right to control whatever i put in a database. In my opinion this includes having the right to control backups from the database, which is made by or for me.
The hosting company could be very friendly by giving me a copy of my data everyday. Or they could charge me money to do so but basicly i think like this. My data -->My database -->My backups. Shell acces or not you should allways have the right to backup your own database from your own site.
Skippy's tool did a great job. I hope that the new managment will do a great job too and i wish them luck doing so.
T.
Skippy, I know it's a bit late, but I really appreciate your plugin. It makes backing up my blog simple and easy, which is the whole reason I use blog software and don't write HTML for all my posts and upload new files. Sorry to see you no longer support this plugin. Hope you someday reconsider.
Skippy,
I use and appreciate your plugin.
The bone of contention, at its core (marrow?) seems to be how decisions should be made in open source projects. I'm not familiar with the developers involved in WP, but I'm inferring that Matt is the main developer. His decisions may be autocratic, and even very bad decisions, but doesn't he have the right to do stupid things if he started the project?
It seems that you expect a complete meritocracy on open source projects, which is arguably a better arrangement. But did he give you an indication at some point that it would be otherwise?
I'm not trying to take sides here, just ask questions that I think will get to the heart of the disagreement. You maybe completely right and he may be completely wrong, but I think arguing about whether the plugin is good is missing the point (clearly it is very useful, and in my opinion it also belongs in the core...)
best of luck wth Habari. It looks cool.
Brandon: thanks for the feedback. You're absolutely right that Matt has every right to run the show however he wants. It is, however, disingenuous to run an autocratic development process and then extol the virtues of your open source project.
What is (or rather: was) particularly frustrating about participating in WP development is that it's an entirely one-way process: people pour their time and talent into WP, but never get much recognition outside of a commit message tip of the hat. There's no social reward for contributing to WP: you're not engaged in the decision making process, you're not empowered to effect change, and you're not recognized by the larger community.
If you share (or can accept) Matt's vision for the software, all is hunky dory. But Matt has demonstrated time and again that he's not particularly keen on soliciting or accepting other people's ideas. It's "not invented here" syndrome to the extreme. No, Matt never claimed that WP development was an open process, but the expectation most participants have in Free Software projects is that in the marketplace of ideas, the best ideas should win. This does not happen with WP.
And more interestingly to me, WP has recently begun adding a lot of server-side features (core update notifications, plugin update notifications, and who knows what might come next). None of this server-side code is available for public scrutiny. It's impossible to submit a patch to these server-side functions. It's also all controlled solely by Automattic, as opposed to the community of WP developers. Shouldn't the open source WP project be controlled by the open source community of WP users and developers, as opposed to the commercial entity of Automattic?
One would, at least I would, expect that the open source Wordpress would indeed be open. But, as is proven time and time again it's only open to the extent that the source code is available. Other than that, it might just as well be a closed source project. Wordpress has, for some reason, managed to leverage a highly motivated contributing community, without ever really returning the favor. It's a pretty good feat actually.
I think Christian summed up the entire thread succinctly by saying: