And back in 2007ish I remember bloggers crying out to Google for help with some tools /APIs to help combat comment spam and Google basically ignoring it, leading to the eventual death of blog comments and blog based discussion.
Looking at all that, it's great to finally see Google trying to support bloggers - the people that have delivered some of the most interesting content in their index.
Or am I too jaded?
At the time, Iran had for a couple of years implemented an internet censorship platform, blocking access to much of the internet. Nearly all international news agencies (CNN, BBC, NPR, etc.) were inaccessible; so were most of "web 2.0".
Despite the widespread censorship, there was a large active community of independent blogs, non-sanctioned news sites, and small e-publications. The reason this structure could thrive was that even though these websites and weblogs were blocked, they were accessible through Google Reader.
Because of the way Google services were implemented, the government could not block Reader without also blocking GMail and Google Search, which was not an option. As long as authors had a way (like a not-yet-blocked VPN or a friend outside the country they could email to) to post articles, people could read them, like them, comment on them, etc. Iran's censorship was to significant degree neutralized by this setup. The community was large, strong, and thriving. They even had their own jargon: the community was referred to as blogestan ; Google Reader was called Gooder, etc.
And then, Google, for some (now obviously incorrect, but ultimately irrelevant to my point) financial calculation, decided to kill Reader. Just like that, overnight, the breadth of the web accessible to an average Iranian decreased by orders of magnitude. The entire community of freethinking authors and their followers disappeared. The only news websites remaining accessible were those sanctioned by the government, pushing the official narrative.
Google put a large nail in the coffin of internet freedom in Iran. For that, I will never forgive them.
 with the -stan suffix, https://en.wikipedia.org/wiki/-stan
I remember one SaaS product we wanted to use at our company had one major js file that had the word "proxy" in the title. The product had nothing to do with circumvention or anything but the national internet filters picked up that word and blocked it completely. Thus, we couldn't use that service at all.
Although I hate that I can't block YouTube on our metered connections with a URL whitelist as Google logins require calls to accounts.youtube.com.
It's interesting that they didn't block gmail and Google search. The Chinese government did that a couple of years ago, which surprisingly didn't cause widespread criticism except among the highly educated group.
If their policies were a bit more cohesive, maybe the people who killed Reader would have remembered these declarations, and maybe decided differently.
So instead of asking how this is good for Google as a company, you have to look at whether it's good for a single project within Google. PWAs and AMP seem like the most likely candidates.
Makes two jaded HN readers so far :)
They are developing free, probably open source, plugins and themes for WordPress. Also they stated that they will help develop the supported AMP plugin.
That's great. Google will make it much better. It needs help right now.
I just don't understand why people are snubbing and thumbing their noses at Google for contributing their world-class resources to making free, open source software better.
Sure, their interests align with getting a foothold in this ecosystem, but I don't think their play is to poison WordPress.
Not that your wrong for being suspicious of their motives in general. They have broken some pretty cool stuff.
I've never done any WP development, but my understanding is that WP core/internals are essentially OK, but plugins have gaping security holes. I think internals are messy because WP shares the PHP philosophy of avoiding major breaking changes but their front end tooling is probably less mature (because Jesus webpack, 4 major versions in as many years, wtf)
Anyway, I hope we have reason to be optimistic here, but it looks like the beginning of something awful
So, the good thing is that Google will not push WP to run on an alternate language, because the entire value of the project is its API compatibility. That's also the bad thing.
The thing is that there would be no point in doing so (which, admittedly, hasn't stopped Google before).
Right now Google needs WordPress. Without WordPress, where is Google going to place ad spots? Facebook? And WordPress has PHP as a massive underestimated advantage - every Tom, Dick and Harry can spend 5 minutes to install WordPress on a $5 a month shared-hosting plan, something no Ruby/Rust/Go/Java/C++/Node/Erlang/Fashionable-Language-Of-The-Week can do.
I think it's important to note here that WordPress is a project, not a business or a company. I don't think Google is trying to break a community supported product that powers 24% of the web. Sure, build better doors and windows to their products. I don't see that as a bad thing. I happen to like Google, as do a large number of Internet publishers. Many of us will appreciate these efforts.
Google now has WordPress as the next internet thing to embrace and than kill off.
Miced feeling here. I hate WordPress but don't like Google doing it...
People launch online stores on it for the price of their domain name, hosting and some sweat. That is freaking cool; more projects should aspire to have that kind of impact
WP is very popular, but it is terrible from an engineering standpoint. My company decided to move to WP and every time we engage a WP developer or consulting company, and I give them my engineer requirements, most of them pass. I'm talking about things like command-line deployment, publish to test servers with git, things like that. So far, only one firm has not balked at this, and they seem to be very expensive. I don't think Google will put up with this type of thing.
And, don't forget, WP is OSS. Blogger wasn't, so that's why the comparison to it are not apples to apples.
If you're wanting to do that, why not just use Drupal, which has drush and drupal console. Also, drupal.org uses git for all those third party modules and themes.
How common is this with programmers in general though? If you frequent hackernews, you get the impression everyone does these things but this isn't going to be an accurate representation.
You do not need command-line deployment and test servers with wordpress, that's the whole point.
Does Google or any Megacorp act monolithically over the span of a decade?
I have a conspiracy theory:
These are myths writers from Wired and PC World want us to believe in so that they attract eyeballs.
And now you sir, have recirculated these myths!
It's just a shame that unintended consequences things like Google Reader over the years have done much to harm blogging. It could have been so much better...
In general, Google doesn’t want to encourage stuff that lives off their cloud. RSS is the best protocol for Facebook/G+ type stuff where you want feeds and updates, but it’s harder for central control.
Google has done this with other products over the past decades. I remember when Blogger used to generate flat html that would publish to self-hosted web sites. And Google desktop that would index your local machine. Lots of stuff that fit into “organize the world’s information” mission and empowered users was discarded or deemphasized in favor of things that put Google between users and their data.
It's easy to setup and the ecosystem is great, but the security issues are massive and there's really no reason for content to be stored in a database for the majority of sites.
I hope a static site generator comes along with an intuitive UI for non-technical people to easily update their own content.
What's that? You've stored your content separately so that you can just regenerate the pages when changing site designs? It's a system for letting you manage your content separately from the rest of the mechanics or the site? The content files are stored on a journaled file system like EXT4 or NTFS? That's fantastic. It's just like a DB backed CMS that stores flat files for cache.
I'm not saying static page generators aren't useful, but I am saying that the difference between that and a cached wordpress install is virtually nil.
I refuse to set up a new WordPress instance for any client unless they are also paying me a monthly retainer to keep it updated and secure.
Do you have ideas for superior methods? A bit upthread someone mentioned clients paying him a monthly security retainer to monitor and update. This might be good, but pretty expensive so would price out lots of users.
On the other hand, I don't know how possible that would be to setup for inexperienced site admins on commodity hosting.
I’m searching for a plug-in that generates static based on the edits in Wordpress, but haven’t found any that work cleanly.
I think that Wordpress is good for its users who will never use build processes for deployment unless automated well.
Similar, or insist a hosted solution is used.
I'll take HTML5/CSS and a filesystem and a few custom markup and commands any day before touching a single line of the unholy mess that is dealing with WordPress.
And not even mentioning simple hosting, secure by definition, etc...
Those people are already served well by things like Wix and Squarespace. WordPress is essentially a point and click application development tool at this point, with integrations for anything imaginable. Yes it is insanely insecure, slow, poorly designed, and bloated. But the depth of offerings from the plugin marketplace will keep WP relevant for a long time to come with people who can't afford custom development.
I'd be inclined to believe that this is a side effect of Wix's target market not being aware of how to optimally compress their images for web delivery.
If you minimize your reliance on plugins, enable automatic updates, and harden your installation, it's pretty secure. At least I haven't had issues.
Anything can be insecure if it's misconfigured, not just WordPress.
The newer versions have been _much_ better.
> If you minimize your reliance on plugins, enable automatic updates, and harden your installation, it's pretty secure. At least I haven't had issues.
My guess is that it was long too easy to not do any of those things, so it gained a reputation for being insecure. They might have mitigated a lot of the problems, but bad reputations die hard.
That’s what I suggest all my friends who want to create a blog to do.
I could do more, but some of these sites depend on contact forms - which I know can be made outside wp - but it's extra work I can't jump into at the moment.
This has cut down the hacking on more than 20 sites - and I am doing some more as I run into them.
Tons to love with wordpress, but lots of reasons to turn it static and avoid the non-stop brute forcing of it.
This. (Although it seems a lot of people aren't in agreement) I think there used to be an app called Cactus for Mac that had a GUI and let you generate your own site. This sort of solution could work for people 1) not technical enough to run command line site generators, but 2) technical enough to buy some hosting space to drag their static site onto. If I were a hosting company, maybe I'd explore making an intuitive site generator available for free, in the hopes it could sell some light hosting plans.
For what it's worth, my preferred site generator is Poole (https://github.com/obensonne/poole). I'm not sure why it's not better known.
Does this not exist? Would love to offer that to some of my non-technical team members.
My current pick of the crop: https://www.netlifycms.org/
I have no affiliation with Netlify, just my perceived benefits of Netlify CMS:
* Open source
* Static site generator agnostic
* Host the editor UI yourself
* No vendor lock-in
* Git based
P.S. These are all part of the https://jamstack.org/ movement.
I set this up last week and it’s amazing. It costs $0 for my small project.
I’ve aleo rolled out it out to event websites. And they love it too.
No database is a big win for bloggers, who should focus on content and not security.
What specifically about Wordpress makes it a security disaster? Do you mean the plugins or actual Wordpress?
Over the last few years, Wordpress core had gotten quite a bit better (to the point that I have gone back to Wordpress for my personal site). But previously, the core was victim to some embarrassing security issues. In Wordpress' defence, I can't think of a single PHP application as old or as large as Wordpress that did not suffer from similar problems.
Plugins are often an unmitigated security clusterfuck. I've seen things in popular Wordpress extensions that have made me want to trade in my laptop for an abacus and go full luddite. (I've also seen some really wonderful code.) The big problem I see is that a plugin has to be extremely popular before anyone with much of a background in writing relatively secure code will ever read the code. And by that time, it's so popular that it keeps getting hundreds of installs no matter what kind of flaw you find. Some plugin developers/maintainers are incredibly diligent and helpful, but I've also been threatened with legal action (more than once) when I've disclosed some really amateur security issues.
But, due to how the GP seemed to conflate Wordpress, and "everything else" I wondered what was the basis for his comment. I'm pretty clear on the security of WP itself.
> Some plugin developers/maintainers are incredibly diligent and helpful, but I've also been threatened with legal action (more than once) when I've disclosed some really amateur security issues.
Most WP plugins are terrible from a security perspective, and I've found the quickest method to resolution is to send a patch to the devs, solving the problem for them and me.
They also supported some dynamic elements like comments and admin.
Hopefully it leads to great stuff. Historically, there's been near zero interest in php/wordpress amongst the engineering ranks. Everyone wants to learn the Next Big Language/Library/Framework, which is understandable.
Many current/former Googlers have been interested in helping out with a project I'm involved in (GXJam.com), but the conversation ends quickly when I tell them it's WP/php/MySQL.
WordPress seems overkill for that niche, and this may be an opportunity to build and sell tools that allow easy publishing for static sites, given the July 2018 update.
Getting a full WordPress site up and running meant signing up for hosting, clicking a "enable WordPress button", agreeing to the (selected by default) auto-update WordPress check-box, and then going into the WYSIWYG editor.
A few hours later I had a site up and running that looks equally good on Desktop and Mobile.
The # of tools I had to learn was approx 0. The number of hosting options I had to choose from was enormous, pretty much everyone offers WordPress hosting, or one click WordPress installs. WordPress has the advantage of having an incredibly low barrier to entry.
Of course, once it gets complex, it can get really complex.
however, that's exactly my point. a publishing tool that allows you to publish, without learning any tools, like wordpress except faster, since google is going to start penalizing slow sites July 2018.
there's solutions for pretty much every dynamic aspect of a blog. If wordpress is slow, and google is going to penalize your search ranking, it's worth looking into.
It's hosted & serverless, like Facebook and Disqus.
But at the same time, it's open source, so you will be able to export your comments from Talkyard's servers, install Talkyard yourself and import the comments.
(But I haven't yet built export and import functionality :- P )
Really I think where WordPress actually lacks is in the API department. The almost non-sensical approach to partially implemented OOP kills any ambition I have to create a site without my own weird abstraction layer I wrote on top of it all.
If Google offered a WP hosting solution (a la WP Engine) on the Google Cloud, I'd be very very interested. I don't think Google will do it anytime soon though.
And GCP has a page dedicated to Wordpress:
(I work for GCP)
Can you put me on GCP/WP waitlist if such an offering is in the works? ;)
I have no idea what it all means for the bigger picture of Wordpress/Google/Automattic, but these are nice little tips and ideas to start with anyway.
Unfortunate that this announcement has the cloud of Google over it. Just about anything google is untrusted and tarnished, not just in the tech circles that know how it profits at the expense of others, but more and more by average people who are getting a clue that google today is nothing like it once was, or once tried to make itself be perceived anyway.
More and more searches are censored, more ads on screen and less of the interesting things to find, services killed off, no customer service, frustrated web site owners... I still have a smidgen of hope for google fiber, but the rest of the brand is not much different than fcbook in my mind, and many others are starting to see the tech companies that put money ahead of giving people what they really expect.
This announcement would get more exiting cheers if it read "ex-googlers team of engineers to help dev wordpress"
Of course we all wonder if the politics that hit the browsers and standards will come to play - but honestly it would make sense to help shore up a product that runs so much of the web, even if google wasn't trying to get it's claws deeper into other software - just producing faster sites that are hacked less will help with the google search results - so just that alone is win win win.
I'm cleaning up hacked wp sites tonight actually, yay.
To be fair, I should really switch it over to being a static site, I am using a complicated templating engine to pop out a few paragraphs.
Of course that is the ultimate irony about WordPress. Like any other swiss army knife framework, it will always be slower than a proper dedicated tool.
Another issue (one that a lot of modern development practices share) is that WordPress lets you quickly pull in components to Get Things Done Quick, but those components pull in more dependencies. I was looking at adding some more smooth scrolling effects, and the suggested way was to pull in jquery (fair enough), even though the template I'm using already pulls it into the page. Repeat that a dozen or so times to get the page looking Just Right, and, well, there goes perf.
Make sure you are using a recent version of PHP and appropriate WP caching plugins.
Also check to see if your DB is hanging when a connection is made to it, perhaps due to trying to reverse lookup the IP for logging purposes and waiting for that to time out, or something else simple like that.
Out of the box settings, ugh.
Full second to parse jquery, 1/2 for jquery, 1/2 for jquery migrate. Something called wp-emoji-release.min.js is taking another 396 ms.
And this is after repeatedly visiting the page in my browser. I thought the browser was supposed to cache stuff? Heh.
Then again, according to Chrome, the page only took 1.4 seconds in total. I'm wondering where the remaining 4 seconds of me staring at an empty browser tab is coming from. :/
Then again, switching pages on my WordPress admin page takes ~6 seconds, so I think there is just a significant probability than my VPS has miserable performance.
Edit: Installing a caching plugin makes the page load not as horribly slow. It is at 3 seconds now, which is still 2 more than I'd like, but at least acceptable.
Also, look at the time-to-first-byte . . . if that is high, maybe further tweaks to the cache plugin settings may help you. If you are not using at least PHP version 7.0 you will get a noticable improvement by getting to that as well.
Then again not having root on my own VPS, and having multi-week outages of the managed apps that supposedly are the reason for me not having root, also contribute to my lack of overall happiness.
That said, super nice support reps. Just wish they would actually fix my issues. :/
By far, the bulk of the time loading your site is TTFB or Time Till First Byte for your website. That could mean that your hosting company is extremely slow, your theme is doing something very awkward, you have a million plugins running, or something along those lines.