Post Status Excerpt (No. 70) — Trust and Distrust: Microaggressions, Active Install Growth Data for Plugins, and Open Source Security

In this episode of Post Status Excerpt, Dan and Ny take on three issues in the WordPress community that can threaten or impair trust while also revealing how foundational trust and healthy communication are: 1) racism and microaggressions, 2) the sudden removal and uncertain fate of the active install growth chart in the WordPress.org plugin repository, and 3) open source and security. Briefly discussed: emerging US federal policy that aims to secure open-source software. Zero-trust architecture might work well for networked machines, but human relationships and communities need trust.

Estimated reading time: 36 minutes

In this episode of Post Status Excerpt, Dan and Ny take on three issues in the WordPress community that can threaten or impair trust while also revealing how foundational trust is, especially in open source.

First, they talk about Ny's article at MasterWP, “Enough with this woke stuff: and other racist speech you can unlearn,” which explains microaggressions and received a significant number of macroaggressions in reply — but also far more positive support from the community.

Trust can be betrayed in so many ways or failed even with the best of intentions.

Dan Knauss

Next, “How do we rebuild trust when it's harmed?” is a question that leads into the biggest WordPress story of the week — Matt Mullenweg's apparent decision to shut down access to active install data at the WordPress.org plugin repo due to an unspecified security breach and/or privacy concern. The way communication has happened — or hasn't happened — about this decision is clearly damaging trust in the WordPress community, particularly among business owners with a product in the plugin repository. Ny points out how this all looks to a newcomer to the WordPress community — again, trust takes a beating. But while we lack clarity about the possible return of install data in some form, Dan suggests asking why this data is trusted and valued by many plugin owners. What business decisions can it helpfully inform? Are there alternative and possibly better sources of data about a plugin's users?

Finally, Dan briefly talks about the emergence of draft legislation in the US Senate: the Securing Open Source Software Act. It seems likely that in the near future, US security agencies will be getting people, dollars, and new organizations involved in assessing risk in open-source software. Are WordPress auto-updates critical supply chain infrastructure? When should individual freedoms be exchanged for collective security? When do we need to know what our machines and software are doing? When don't we? Zero-trust architecture might work well for networked machines, but human relationships and communities need trust.

🔗 Mentioned in the show:

🙏 Sponsor: A2 Hosting

A2Hosting offers solutions for WordPress and WooCommerce that are both blazing fast and ultra-reliable. WordPress can be easily deployed on ANY web hosting plan from A2: Shared, VPS, or Dedicated. A2 also offers Managed WordPress and WooCommerce Hosting. Take a look at a2hosting.com today!

A2 Hosting

👋 Credits

Every week Post Status Excerpt will bring you a conversation about important news and issues in the WordPress community and business ecosystem. 🎙️

You can listen to past episodes of The Excerpt, browse all our podcasts, and don’t forget to subscribe on Spotify, Amazon Music, Google Podcasts, iTunes, Castro, YouTube, Stitcher, Player.fm, Pocket Casts, Simplecast, or by RSS. 🎧

Transcript

Dan Knauss: [00:00:00] Good morning Ny.

Nyasha Green: Good morning, Dan. How are you?

Dan Knauss: Okay. I think! We've got quite a few things cover here, but I think today, the first — the first is probably a topic all onto itself. Something you could spend a lot of time on!

I feel like I'm in the role of like bringing, bringing someone to the family Thanksgiving dinner and having to explain like… Oh yeah, Uncle

They said that.

Nyasha Green: Oh yeah, So , I wrote an article at Master WP about microaggressions. Mm-hmm. . And you know, usually when I do my social commentary, I do tie it to tech. And I mean, the reason I wrote it was tie it to tech issue, Twilio and claims of reverse racism and hiring and [00:01:00] things like that. And affirm of action and.

What I saw the conversation around this tech conversation was that, you know, a lot of microaggressions, which I talk about is like, you know, unconscious bias and basically racism. Um, so I was like, you know what, this seems like something that the community really needs to learn about and hear about. So, took my wonderful African American studies degree in research background, , and um, you know, did a good article on microaggressions.

Mm-hmm. , which led to more microaggressions. That let this hate mail led to me taking a little break from Twitter. But, um, I guess that's addressing the elephant in the room. But I mean, I look at it as something as I still don't regret writing it. I don't regret what led up to writing it because we have a good number of people in the community who are very informed and they are very.

You know, resp receptive to information like this. I got a [00:02:00] lot of support. I got more support than hate. Okay? So I want to do, I do wanna acknowledge that, but there are quite a few people in the community who actually, you know, they need this information and they ignore it. But you know, that's not going to stop me.

And although I'm taking a break from Twitter, you know, it's because, you know, I have a lot of other things going on. Um, yeah. So I'm perfectly fine and I can't wait to get back on Twitter cuz I'm really gonna argue. Yeah. I'm ready to argue with people. , I'm just kidding. But I, no, I do miss Twitter. It's.

It's nice connecting with people of the community. Yeah. Be in a meaningful way. And like I said, there were lots of people who were like, you know, I really needed to hear this. Like, this actually changed my perspective. I think I might buy a book, one of the books you recommended, Things like that. So, Oh good.

If I can help one person, like that's all, that's all I need. I don't need a, A group.

Dan Knauss: I think it was really good article. I, I haven't heard all of the, the stuff that you covered and you did have a, a bibliography at the end, so Yeah. Mm-hmm. , people [00:03:00] wanna read, click through and, and, and get into some more. Um, I thought it was pretty generous and even handed things.

It's interesting people. Triggered about it because you were pretty clear that microaggressions are, are things almost anyone can do to anybody else for any number of of reasons. Um, but, um, I don't know. I'm, I'm always, I'm surprised, not surprised at the kind of reactions that you, you get, um, when you touch these, these subjects.

I know it's, it seems pretty much that women. are the, the targets of, of that when, when there's equity and inclusion and justice type subjects that come up. Um, and that kind of bothers me. We talked about that a bit before. Mm-hmm. , the kind of, what I wouldn't say it even approaches hate mail and we get the kind of angry I'm leaving, [00:04:00] I'm unsubscribing it, you know, you shouldn't talk about this stuff.

It's always anonymous. Um, that comes to me. The, the stuff I've seen, um, that post status gets, Um, I, I think your experience is quite a bit different and that kind of concerns me that, um, people getting, I think a, a pretty, even, even handed and calm, even like calmer than , a very tolerant response to. Some tough issues where there's, there's definitely kind of abusive things going on out out there.

Um, the reaction is more of the same a as you said, directed very personally from people who are using their work accounts to do it. And they're not hiding their identity at all with you. I don't know what they're afraid of. They don't do that with, with us, but it [00:05:00] kind of, That doesn't speak to anything good if they feel confident.

Um, just cutting loose on, on you, on, on women who write, um, something that they don't want to hear. And it is, it is exclusively men as far as I've ever heard.

Nyasha Green: Yeah. Um, As, as you said, as we talked about people, as you saw on Twitter, people are writing from their Twitter accounts with their WordPress information in it.

Yeah. They're sending it from their business address that. Their business, their business, email addresses that have their addresses and phone numbers and stuff. Mm-hmm. , that's what's, uh, . It's interesting to me because even if you, I, it's a disrespect thing, honestly. Let me, let me go back. They do it because it's, they know like, I can say this to you with my chest, and there's no repercussions.

Or they think, they think that, right. And, um, it's a disrespect issue. It's always amusing to me. Going back a little further to what you said, you were like, you wrote it very like, you know, without emotion. Objectively, I've, I've seen a [00:06:00] lot of people say that. A lot of people said this to me. Mm-hmm. , they were like, this was written like a research paper.

Yeah. Because, you know, one, it was. Two. The biggest thing that I want people to know is that I don't have the luxury of being able to be emotional in writings like this. When I write about my race and my gender or things that I have experienced, and the moment I show any sign of emotion, I'm the wrong person.

It doesn't matter what the other party did to me, right? Because there's this big, uh, I don't know what you would call it. It's this big theory with people discount your experiences and they say it's because you're emotional. It's because you're looking to be a victim like you in, like, I enjoy stuff like this.

I don't enjoy racism or racist people. I prefer to pretend they don't exist. That if I could do that, that's what I would do. But, um, I just couldn't show emotion. And it's been a while since I've written like that. Um, I've been able to show emotion for a while, but I knew with this I couldn't. And you see with that, we still got hate mail

So, uh, I got told I was being a victim of, I was like, Of what? [00:07:00] No response. I was like, What am I a victim of? I'm like, I'm, this is, I have. Micro aggress against people. I've used ables language, you know, not knowing I've said things, um, toward people that I didn't know was harmful. And it was important to me to unlearn that I don't care if I didn't do it on purpose.

And I'm like, Doesn't everyone feel like this? No, they just rather not be told that they're doing anything bad at all, ever, even if it's unintentional and even if it hurts people, but you know, that's them. But for everybody else who wants to learn, I'm always here .

Dan Knauss: Yeah, it's, uh, definitely worth checking out if, um, if you haven't seen it enough with this woke stuff and other racist speech you can unlearn, which I think is very inviting.

Um, uh, and yeah, that, uh, it, it can be unlearned that's a, a positive. Um, yeah, I've seen mail come in about that, complaining that we don't want to hear anymore [00:08:00] of this. Change your thinking, change your mind. Woke stuff. Too bad. Yeah, too bad. Uh, everyone who has that kind of reaction is just a voting for doubling down on, on bigotry or the idea that they have nothing to learn.

Um, and yeah, I know, I think that's a pretty honest and good generous starting point that we're. There's, there's not really any way through life and relationships without stepping on people's toes, and sometimes intentional, sometimes unintentional. And if you don't learn from that, you're, you know, that's, uh, at some point it's not ignorance anymore, it's intentional damage you're doing.

Um, but I'm, I'm glad you wrote it and I hope more, more people. Engage with it, read [00:09:00] it and think about, think about it. Um, I, I think, uh, it's a tough one. Cause you, you also tackled the myth of meritocracy, which will die hard in, in tech. Um, , you know, I, everyone's a victim who hasn't earned their way up or, you know, proven their worth or, or mm-hmm achieved something that I consider, you know, notorious. Yeah, that's, there's a lot, there's a lot more going on in here than I imagine people think who just dismiss it at the title. So that's, uh, it's definitely worth, worth going through. And honestly, it's not in my time. I, I don't think this is something we've talked about a lot.

I don't think it's come up, um, a ton in, in just let's talk about. Kind of, um mm-hmm. conversations. [00:10:00] Yeah. In reaction to bad events. Un unfortunately in problem individuals and, uh, conflicts that come up. So it's, it's worth, it's worth having that conversation as a running one. And I hope the, um, diversity inclusion, um, equity approach to.

To the, to not just events, but um, to, um, to help people, um, look at each other and relate in general will. We'll make that more of just, this is, this is just normal, right? . There's, there's a lot of different cultures and perspectives and age groups represented in a large, large community like WordPress and having an open door and open conversation on it.

It's good. Um, anything else you wanted to [00:11:00] get into? About that. I know there's, there's so many big things looming behind it, but yeah, you need some time to rest, recover, and.

Nyasha Green: Um, not many big things for me. Um, I just want people to, I, I was worried people were thinking, um, especially the first few days I was off Twitter that I was like somewhere crying. I'm not,

Dan Knauss: Oh geez, , no.

Nyasha Green: This man could not ever in a million years make me cry, baby. But , um, it has encouraged me to keep talking.

Like, if, if the reception was a little more tame, , I definitely probably would've said, You know what? Okay. People heard and they understood. The pushback has made me want to talk about it even more. Mm-hmm. , So I'm, I'm cooking up some things and we had Ally, uh, Neon's workshop on how to be an ally, which, um mm-hmm.

talked a lot about microaggressions and a lot of things we were experiencing cuz Ally's been through the re, through the wrong. Is that the expression? Thank you.

Dan Knauss: Through the [00:12:00] ringer.

Nyasha Green: Through the ringer. Especially when you talk about, you know, racism in Europe and, you know, Yeah. You can't even talk about racism in Europe according to Twitter.

So, um, and I'm going to talk about it. So, and I'm going to Word camp. I, I don't care if no one has Christmas, I'm going to work Europe next year. But, um, Yeah, we're, we're gonna keep talking about it. I, I hope to see more workshops. I may do one I don't know yet. Um, I'm gonna keep, I'm gonna keep talking about it.

If, like I said, if I'm only reaching one person out of all the people that this goes out to, that's fine. Yeah. ?

Dan Knauss: Yeah. Good. No, um. I, I, I think, uh, anyone who thinks that you were off Twitter for any of those reasons is just out of , out of touch. No. Yeah. Pin pinned your flow foot to the floor with a steak knife.

Got bigger. wasn't a steak knife, but was a Japanese, a big

Nyasha Green: shift [00:13:00] knife.

Dan Knauss: The sword.

Nyasha Green: It was a Santo chef knife. It was very sharp. I sharpen it every week. It was an, it was a beast. Let's, let's embellish this story. Oh. And then, Yeah. I don't, I know.

Dan Knauss: Jump me. I told you I don't, I don't want to talk about sharp needles, knives every, you know.

Oh man, we won't, We've been through that. I've been upset when that happened. I was like, Oh, oh, oh,

Nyasha Green: oh. But I just wanted it to be known. It was not a state knife I could have handled.

Dan Knauss: No, it was huge. A state knife. Yeah. Yeah. It was. Uh, well, I, I hope that that recovery. Goes really well and admire your, your spirit, but it, it is good to get off.

It is good to get off of the social media and I'm glad for the supports you've got and the team that is always seems to be a hundred percent behind you and is good with disagreement and, and some amount of, of [00:14:00] tussle and stuff. And, and that's. That's probably a good move in a good way to move into the, the bigger, the bigger topic in most people's minds for this week.

But, um, yeah. Um, I, I really think the macro microaggression and how people teach, uh, how, how they treat each other. . Um, it's just a huge thing on onto itself and it really affects, it impacts trust and I think that's the theme, the theme here. And it's, it's always one in open source and in communities and in relationships.

How, how healthy is our level of trust? Um, For each other. And this, uh, this active install growth chart issue going away has certainly touched a lot of people's nerves and confidence or, or trust for, um, their relationship with.org and how things work there. [00:15:00] Have, have you, uh, what are, what are your, what are your thoughts on that?

It's, I guess nothing's really changed in a week as far as I can tell this morning.

Nyasha Green: That's a spicy topic. I don't know. I don't wanna say the wrong thing. I'm just kidding. You know? Nah. Um, , no. Um, that was a very interesting topic. Um, I have not jumped a lot into plugin developing. Plugin development. I've wanted to, that's something I have on my to-do list for the future.

Um, there's so many different aspects of WordPress I want to kind of jump into cuz it's very interesting. I don't, and I'm, I'm being honest, like I don't really know how to feel because I've seen both sides of it. Um, you sent me some good information. We had a very good article. Um, I don't wanna Bri pronounce his name.

Dan Knauss: Mark Zara. Mark. He's a great guy. He's, um,

Nyasha Green: he is, he is awesome. Um, he had a article by him. Oh, go ahead.

Dan Knauss: Oh yeah, he, he brought [00:16:00] it to everyone's attention first, I believe. Um, yeah, so for those. Have been under rock or, or new to all this , I think it was late Thursday night, um, a week ago. Um, uh, uh, someone who works for, for Audrey Capital, um mm-hmm.

So you would assume like directly. Responding to, to something Matt had re requested, took down the, uh, re reverted the changes in an old track ticket that in 2017, introduced the active install charts that are in the advanced section on plugins, um, in the WordPress DO org plugin repository. So, Plugin owners and really everyone can go in there and see a somewhat obscured, rough estimate of, um, how many sites appear to have your plugin installed on it at the, within the last 24 hours and.[00:17:00]

And then over time, how that needle moves. Is it, is it going up or down? And, and if there's a, a growth or decline trend, what's that line averaging out to? So that's been there for a while and, and people really, a lot of people have really relied onto it. And that just went away with a ticket that just said it's insufficiently obfuscated data.

So clearly there's, there's sort of an implication and then further things, there's definitely a security issue. The attempt to put out, to make some data public and not all of. Um, completely exact and comprehensive and available to everyone. That wasn't the attention, but some, some entity, um, with the capacity or more.

I know a lot, there's a lot of services and people who scrape that, who pull that data in some way. Um, To get a fix on the market, on to offer it as a service to look at other, [00:18:00] your plugins, your competitors, how things are going. Um, that was just pulled and there's co, the, the primary code involved, um, is not public, is not out in the open, and it's what would be receiving the, the pings from all the sites and interpreting them.

As, Okay, does this count as a live site? If so, score one and then making that available through some kind of API where you can pull, um, pull out your current active installs. That too, that's the part that apparently has a security privacy issue and needs attention and, um, that has not been formally, officially.

Clearly publicly stated, there's a discussion in meta slack, uh, mechan and WordPress slack, where this, you know, if you wanna read through, read between the lines and [00:19:00] people unofficially, but who I think are, uh, uh, totally trustworthy and, and know enough about what's going on. You can figure out what's happened.

And that's the article I put together. Uh, trying to take that as at face value. Um, that appears to be what's gone on. And you see the, the reaction if you were a plugin owner. In the,

Nyasha Green: I wanna pause on something you said. You said, Well, if you know that these people are reliable, the right people are telling you the right things.

What if you're a newbie like me right to this and you don't know these people not saying they're not true. Exactly. I don't, You know, I, I.

Dan Knauss: My thought, Who is Triple J? Why should we trust him?

Nyasha Green: No, I wouldn't say that. I'm just like, I'm going off what you're saying. You're like, Well, these are the right people.

And I'm like, Well, you know that. How would I know that? You know? Yeah. That's me not playing devil's advocate. Cause I think that's stupid, but I, that's me just like waiting in, like I, I don't really [00:20:00] personally know these people. I, I get. , I get the side, I get both sides. Again, because one, I, I looked at it when I was deciding on plugins that I didn't really have a lot of information a on because, you know, the more people that seemed to be using it mm-hmm.

the more reliable it seemed. And so, I mean, I definitely get that as a consumer. I'm definitely like, Okay, I'm gonna do a little bit more research and, you know, I'm lazy. So, you know, that's on me, that's on them, that's on me. But I, I get where plugin owners are panicking over that. Like, it's, it's their money, it's their business.

Like I, I get that. And then like, it does not seem to be a lot of clarity on it. Like especially when it went down, like it just went down like, ugh, you know, we need to fix this. Mm-hmm. . And it was kind of like, that's it. And it. , Right? What can we get an explanation? And it's like they have to dig, dig, dig.

And I'm, I know speculation is bad in general, especially when you don't have all the facts. Um, so I know there's been a lot of speculation on what's really going on and why it was really taken down, you know, outside of the few statements we got. But [00:21:00] do you blame them? Can you blame them? Like, if you're in the dark, all you can do is guess, I guess.

Dan Knauss: Yeah. And that's not helpful from the, from the, um, from a normal corporate communications or community management standpoint. Mm-hmm. not having, not having an internal PR arm, not having some means of, of communicating to stakeholders in ways that calm things and, and spread correct information. Um, is it just.

Who does that? So I think a lot, a lot of people feel disrespected, but this isn't a new thing. Um, they should know that it's, it's that way. It's been that way for a while and I would assume it's wanted to be that way. Um, but if, if you were expecting or wanting something a little more standard, that is not, not the [00:22:00] case.

And it does lead to people getting wound up. Speculating wildly and, and, uh, with distrust, uh, is spreading a good deal with distrust. And I think that's, that's what people are going to do every time.

Nyasha Green: I mean, and I'm, I'm with you on that. It's been this way for a long time, so people are pretty much, um, You know, a lot of people pretty much expect it.

So they're like, Well, you know, these things happen. That's one way to look at it, but I would like to quote the Great American Television Show The Wire. Oh yeah. And say the thing about the old days. Is they The old days, ,

Dan Knauss: Was that bunk who said that? I think

Nyasha Green: he did. Yeah. It wasn't, Yeah. So, um, This is the thing, like, again, me just looking at this from my perspective as a newer person, if I'm, if I don't know to expect these things, how can I expect them?

Right? Like, that's a lot, a lot of things happen in community, even outside of this, where it's like, well, that's how things have been done. And it's like mm-hmm. . [00:23:00] Yep. What am I supposed to do? , Like, I, I, Okay. Like I have to, There's no onboarding to how things are done. We've talked about,

Dan Knauss: That's a big issue.

This is your onboarding.

Nyasha Green: Yeah. So it's like, Trial by baptism. Trial by fire. Yeah, that's what I mean. But you know, and I know some people, some people who are still having these conversations, they've been in the community and they're used to this, but I mean, it could be, they could be tired of it. They could want change.

But I, I do agree with you saying like it's, it's gonna spread a lot of disinformation. No, you didn't say disinformation. It's gonna spread a lot of disagreement and we really don't need that. At all. You know what hashtag WP Drama. Um, but I mean, people also need answers. It's like I don't have a clear answer for what they should do because when I'm confused and I feel like I'm in the dark and nobody's giving me answers, I'm definitely going to complain.

And sometimes when you complain, it turns into hashtag WP Drama .

Dan Knauss: Oh yeah. That's almost inevitable. And so seeing it both ways, [00:24:00] Um, it, it shouldn't be Mark coming into Post Slack and in Twitter and saying, Hey, did anyone notice this ticket that just kind of crept in there and late Thursday night and, Hey, look, this chart's gone.

Um, that's. At once, kind of highly irregular. But then again, is it, is it really to me for this, for this family?

Nyasha Green: To this family, I guess not like I'm the, I'm the, the, the daughter-in-law, I guess I'm married into this family. Yeah. I'm at Thanksgiving. Like, Huh, ?

Dan Knauss: No, I feel like, yeah. Well, sorry you married into the mob.

Um, . I apologize for uncle over here. . Um, well, yeah, I, I think trying, I always try to see things multiple ways and, and look for what's the most. [00:25:00] Most productive way forward that will align the most people in a understand productive way And what can be learned here? Um, I, I'm willing to, because John James Jacoby stepped in and is a real long timer and is on the Medi and the ME team's a bunch of.

Good people. Mm-hmm. who, um, were not apparently in the decision making about this, but have some degree of knowledge and oversight or independent, um, takes on. On the non-public code in question and have made it, and I see no reason to, to distrust any of that. So what, what has come out short of it? Not a press release, not something on even the taverns not, you know, being, being quite critical and not not getting any special, um, quotes from.

Inside explaining this, um, what we've got is what's come out on the, on the [00:26:00] ticket and it, they're saying it's a security issue that the either privacy, security, the, the way the data, um, was being pulled and used was over line that they were. Not willing to tolerate going on, and they want to change how that data access works.

And I also trust them that it's gonna come back at some point. But what's muddied the waters is Matt has, um, disregarded the um, The desire for the, the, the crowd that calling for like a full explanation and, and just kind of leading it going forward with the discussion of, well, what is this data that you want?

Um, what would, what helps the most? Um, and trying to kind of move things i I, in this direction of competition, how do we promote cooperative competition, Cooper competition, Um,

Nyasha Green: ooh, let's make that [00:27:00] a word. .

Dan Knauss: So it's a tough pivot to not to say, Hey, don't, let's not give you any kind of, we can't give you any full, There's not even official statement saying, We can't officially disclose what's going on here, but we're trying to remedy it in the meantime.

Um, There's a couple of paths, how this could come back and how it could look, what's your feedback and input on that. Um, that's kind of what's being attempted, but the room temperature isn't really conducive to the most, um, helpful feedbacks, but just for me, just in watching, I'm, I'm, I haven't seen a lot of people explain why that one number is so important the way they think it.

Um, and it makes me think like if you're that fixed on this thing, that could come and go, that wasn't there before. And none of the really big businesses are, [00:28:00] um, they're, they're not living and dying by this, and I'm not sure anyone really is, you know, eggs all in one basket. Like really, Um, this is a, a wake up call I would think that if, if that's how you're running your business or you, you think it works that way, maybe you need some other.

Other ways to analyze your success or, or, um, decline in with your customers.

Nyasha Green: Okay. I, I can't agree with you there, , but can I cannot, can't, cannot. I cannot.

Dan Knauss: Oh. Oh, really? What do you, what what, I mean, what about it?

Nyasha Green: Like you said, that's, that's all fine and dandy for the bigger corporations, but for the smaller person, it's like, Whatever, Figure it out.

Find another method. Oh, well I, again, you said this is how it's been done, but it's like, how many times can you do that to people? Honestly, [00:29:00]

Dan Knauss: I, Yeah, I think that's a separate thing, right? If you kind of put that aside, this isn't a great way to, this isn't a great way to handle a community. Um, it's not a great way to handle business community.

Um, It is what it is. It's happening. We put that aside. That's happening. Why do, why do you, you know, even if this hadn't happened, why is that? People saying that they go to that chart multiple times every. It only updates every 24 hours. And like the, the, it's general, it's kind of shotgun analysis. So I would say like maybe a week's worth of data would give you, it's just kind of a thumbs up, thumbs down on what, on install activity.

And that's, that's for your free plugin. So if you're trying to make, um, if you're, your revenue stream is coming elsewhere from a premium product or, or something else, um, this is just people who are trying you out or using. The free [00:30:00] version and it's, it's just a general pool of, um, not, um, Well actually you can, you couldn't, um, you may, it may include, I guess it would include both, but once you have paying customers, I would pay attention to them.

You have direct, you have a bit more direct, um, access to them and focus groups. There's a lot of things you could, you could do to, um, to get better. Data on how your, your product's being used and there's other ways to distribute.

Nyasha Green: You don't think that would be a lot on smaller business owners, people, you know?

Dan Knauss: Sure. It's a lot. Um, and I, it's always kind of surprised me though, how, um, how. There's, there's just, Well, you know, everyone wants an easy, an easy way forward, But does that really, does that really substitute for, um, real business intelligence, for real customer [00:31:00] feedback from real contact and relationships?

Um, the people I've seen who seem to effectively build a, um, a small plug-in business who in intentionally are, you know, they're not trying to build. Thing at scale. They're, they're trying to do a company of one. Um, they promote it from the beginning on their, on their own channels. They know more or less who they're talking to.

They're soliciting feedback. Maybe they have the, the code on GitHub, um, or wherever it is. They're engaged with a lot of people using it. I just, I don't see why a single measure as vague as that one is. Such, such an obsessed over, um, detail. I mean, I, I understand, I hear what people are saying about it. I get that mm-hmm.

but it, when you actually literally analyze it as like, is, does that make good business sense? I haven't, I haven't seen that. [00:32:00] The only, the only good one is, and I think it's, it's kind of a painful scene, but, um, Matt said about this, the same thing people. See it as a thumbs up if they see it going up, it's a motivation to keep working.

It's like, okay, that's valid. Like that. That's good feedback to give. Um, but what, there are all these other reasons people talk about why this is a, an important business metric to them. And I just, I think almost all of those are highly, highly questionable or at least, you know, you could probably get better information Another.

And the

Nyasha Green: independent, like, so I, I've never ran a plug-in business. I don't know if you have, you have a lot more experience than me. So, I mean, well we aren't we just speculating on what they can do. Like, you know, I, I trust Mark, Mark said that was one of the only tools they had, so it's going to make it a lot more difficult.

I mean, like, I think that's worthy of them [00:33:00] complaining. I think if that was their only tool, like I, I don't know. I can't, I can't like jump in and say, Well they can do this, they could do that. They could go do this cuz I don't know.

Dan Knauss: Well, but it's their, It's their only tool. Cause they've allowed that.

They've allowed that relationship to exist.

Nyasha Green: So it was the easiest. And they like just kind of, I. It's, it's the easiest tool. So they kind of, it was easier for them to latch onto that instead of doing like alternate things, which they can do now. Is that what you saying? If it's,

Dan Knauss: yeah, if it's really true that, that you put your, your business in the hands of a freemium type of product and the free versions in the repo, and this is the only measure you have of, of your potential market size.

That's choices you made. I, I . I mean, there are a lot of other, And you went in someone's house and, and this was here once and, and some years ago it wasn't there. And, um, I, I understand why that, that feels like a, a breach of trust. [00:34:00] But no one ever had a contractor understanding. To the other one, to anything different that this is, that they have a right to this.

Um, I,

Nyasha Green: uh, I think the analogy is, you know, you went into someone's house and they said, Hey, it's an open. And you can use this thing right here. And they're like, Okay. And they use it for years and then they walk into the house one day and it's gone. And the person's like, Well, it's gone. Oh, well tell me why you needed it.

Dan Knauss: Well, it wasn't quite that, It was more like someone, someone's been coming in the back door in the kitchen and they took the beer cooler.

Nyasha Green: Yeah. Someone else has been like sneaking in and doing bad stuff and now everybody, we can't pay forward.

Dan Knauss: We gotta go to the, Yeah, we gotta shut this down and, and go and address this.

And,

Nyasha Green: but there was no communication on that. I found out about the, the communication is cut that through somebody.

Dan Knauss: There's, there's two levels. If you look at it, there's a, there's a much higher level thing here with how much bigger entities are using this data. Mm-hmm. and potentially abusing it, and the need to get everyone on the same page, and [00:35:00] everyone has the same data and even has the ability to hide it.

If you don't want your business exposed or your dad exposed that maybe that you can, you can put a privacy control on it. Mm-hmm. , but the, the rank and file the small. Smaller business entities that are upset because they've really been relying on this. Um, totally understand that. But it, it does raise questions of why you have that level of dependency and does this number really do all that for you?

Is your business truly going to, to tank or suffer in some way with without this and could having it taken away, whether are your options, do you. Are there any kind of creative ways forward then? Um, I, I would think that there, there are, having watched that space enough and how different businesses operate partly in using the repo, not using it, um, and how they do their marketing, how they do their relationship with their [00:36:00] customers.

Um, I, I think it. It's something that matters a lot to people, like you're saying, who are, who are small and maybe don't have the capacity, um, or it's a part-time thing or a side part project. Mm-hmm. , and they're leaning heavily on this rather than other things that maybe they don't have time to be doing.

But it raises questions about what's ineffective, um, business model, what, what's good data and how do you get it? And, I think that there's, from above, there's a bit of an attempt to push that question on that part of the business community. And I don't know if that's an effective way to do it, but it doesn't seem

It's not nice, it doesn't build trust. Uh, but I don't know, I don't know given enough, uh, pain points maybe. I don't know. We'll see where. Where it goes and the people caught in between on it, I, I feel for them. But, um mm-hmm. , [00:37:00] I don't have any, any reason to, to distrust those who have tried to be mediators and I, I think they're, I'm glad they're, they're there putting, putting in their 2 cents.

Nyasha Green: I feel bad that they've had to be mediators. This is a, a lot to push on someone. It is, but I am interested to see where this goes. And I'm glad people are talking about it. I, I, I know communication is a bit as of a doozy sometimes, but I'm glad people are talking about it. Um, I'm, I think we need to revisit it.

Listen, visit this cuz what if it just blows over?

Dan Knauss: I don't think it'll blow over. I, I think it's, I don't, I don't either. It's like a watershed,

Nyasha Green: I don't think at all. . Yeah. But I'm interested to see where it goes. ,

Dan Knauss: but it, there is, there is some sense of, um, a desire to redefine that part of the ecosystem, that culture there.

Yeah. Definitely not wanting a [00:38:00] leaderboard of winners and losers or top 10 or something like that, but have some kind of helpful metric that motivates people that, um, is useful to them and isn't something that can be gamed and that someone higher up isn't pulling out and trying to figure out how can we game these stats or.

Aggregate enough of this to, I don't know, build an even bigger secondary market for plugins, like a Zillow of plugin and that number is over your head as your business value and, and you wanna flip, you know, you wanna sell. Like this is, things have been moving in that kind of direction. I, yeah, call it financial, a financialized market.

And I don't, I don't think that's really in most people's interests when, you know, it's like, When the housing market isn't people's houses anymore and or their homes or community or neighborhood, it's just, what's the number on this here today and what can I get for it if I were to sell it? Give me a number.[00:39:00]

You know, there was a bit, there's been a bit of a movement in that direction. I question the, the health of that, but it's really a question of pH kinda economic. Culture, open source culture philosophy. What kind of market ecosystem do you want to have? And I think from above they're being pretty clear that they want something more cooperative down there, which is tough for people to swallow because on a higher level, these are, they're the corporate entities that are playing full bore, um, corporate capitalism, you know, on a, on a higher level.

Mm-hmm. , um, where. No one's suggesting co-opetition between hosting entities. Entities I love, but maybe they should, you know, I mean, in a way, um, it is, it is throughout open source. I mean, there has to be some level.

Nyasha Green: I'll suggest that on Twitter. Yeah. You'll be breaking with me. I, I think

Dan Knauss: I'm really like the cons really in, in [00:40:00] favor of that.

I think I'm not a, I'm not a unrestricted market person and I, I don't think the idea of a commons. works with that. You do need limits and at least a culture with some kind of consensus on, hey, we don't overly extract this here and there. And, but that's right. That's, that's not a conversation you can have in normal corporate America.

Um, Oh no, But it isn't, it is an open source thing and, um, how do we help each other grow? While in the midst of some degree of competition, um, that's a really worthy discussion. And uh, it's unfortunate. I think that the trust issues are high and the confusion and eventually misinformation may be high and we can't have that appropriate conversation.

I hope we can, but mm-hmm. . [00:41:00] Yeah. Well enough said about that one. I'm not gonna speculate where it's gonna go, but it's been a weekend. It's been a season,

Nyasha Green: Yeah. Oh,

Dan Knauss: The um, the last thing I was gonna ta I don't think we'll really tackle it too much. No one's looking, no one's looking at this. Have you? Um, I haven't found a single person. I'm, I'm start. Poke around and mm-hmm. more technical sources. And I'd really love for feedback from, from anyone who has, um, closer familiarity with government policy that's emerging around security.

Um, there's a, there's finally, this stuff goes back a few years, but there's a senate bill, um, that's very specifically targeting open source and security and how we can, how things can be changed. [00:42:00] to, I think ultimately is, you know, it's about mitigating risk that, um, the US federal government, really any go, any government's always concerned with risk.

They're highly invested in open source. Um, and it's not open source in particular, Most people will point out software across the board. Um, how can this be exploited and hacked has gotten into the public eye and into. , the, uh, the eye of people in, um, in government whose job is to focus on things like supply chain, security, that, you know, things that are considered public infrastructure, um, in a national interest that we need to secure and can't just have people hacking through, exploiting, you know, whatever they think is going on.

But , there have been plenty of examples and there always will. Will be some. [00:43:00] So we just, we haven't really seen that, um, that come down before and I think we will soon. So have you, have you seen anyone talking?

Nyasha Green: Not really. Um, it seems like something Rob would tackle, um, top Yeah, I think you'd be interested, but, um, I'm, My input is as someone who has worked for the state and federal government in a tech capacity, I don't have a lot of faith in this.

Right? Can I say that?

Dan Knauss: Why? Get in trouble? I don't think you'd be,

Nyasha Green: Will they come snatch my microphone? Yeah. bust through my window in the back.

Dan Knauss: Um, you aren't gonna quote the giver, are you?

Nyasha Green: Oh, I got other quotes, but I, One per episode. It's all get, um, Oh God.

Dan Knauss: I'm from the government and I'm here to help.

Nyasha Green: Please. No. Um. I, [00:44:00] I understand. Okay. The big, uh, the big hacks that have been going on, like the, having the Uber , um, you know, there are a lot of con security concerns out there. I get it. But I don't see, I guess I just don't know enough about this bill to see what they're going to do to help. I just feel like it's more government regulation.

I feel like I found very, I feel like I found very. Pro Capitalism this episode. Hmm. I'm thinking

Dan Knauss: on the one hand. Yeah, but on on the other. Yeah.

Nyasha Green: Ah, stop me when you see, when you hear stuff. I'm just kidding. I'm kidding. Um, dang. I do now I have to, I have to sit with my thoughts now. Um, no. I get the security issues, but I really don't see what they're gonna do to help, is basically what I,

Dan Knauss: Well, it is, I think everyone does have a common problem.

It's mostly. D updates. . Mm-hmm. , The, and how they get. Um, so if you have unup updated, the, the largest problem, you have a really, really big [00:45:00] attack surface. Like the log four j log four shell thing was under the auspices of Apache Project. Uh, it wasn't that something wasn't unmaintained and, but there was, um, uh, a, a security vulnerability that was discovered that had been around a long time.

Just no one had noticed it. And then you needed to patch it quickly and, and distribute. All around something that's very widely used, and that is the, the tricky spot. How do you get mm-hmm. , you can't. So in terms of, of WordPress, there's all these really old installs out there. Mm-hmm. , Um, and some are so old, I, you can't push an update too.

Mm-hmm. , you'd have to have anyway. Forced updates have become more of a, a less controversial thing. There was a day, oh probably. Not too long ago, year or two, um, when it was, it was controversial for, uh, again, a decision [00:46:00] made by through unknown processes and deciders to we're just gonna push a forced update on an insecure plugin or some core thing, um, that's emerged and, and that can be done just pushed down.

And I think that's just becoming more of, of the norm for security. Reasons and how that, there hasn't been a really discussion of that, how that fits in the ethics of open source. Um, if I choose to use this software, can you push changes to it against my, um, consent or without my consent and change my client's sites and stuff like that.

Um, yeah, I think we've kind of moved into a place where, It's kind of like getting a vaccination, like, like, Oh Lord, please, you wanna opt out? You wanna opt out to this? Um, there's a real problem, um, to doing that, but it, I mean, I, that too. I, I, These are, these are [00:47:00] two sides to the openness and, and freedom and rights, Individual rights versus collective.

Um,

Nyasha Green: I will not be hopping into the vaccine debate. You know, I'll debate anything that is scary to me. , I'll still debate it, but people are scary when we talk about vaccines. I get scared. Um, but I, I think that to me, where it goes to me in my mind is for security updates. We don't talk enough about, about how computer illiterate, I guess is how you would.

Mm. A lot of society is getting, especially when you think about the younger generations who are dependent on their phones and tablets and they don't really know how to use computers anymore. Sure. It's like, um, you have older people who, you know, have struggled with that, and now we have a younger generation and then it's like us in the middle.

So I think, I think that's going to be an issue because we're forcing people to. It's update and they don't know, You know, they know one version they [00:48:00] can't learn, or not that they cannot learn newer versions, but there is not a lot of adequate education out there to learn newer things. And I'm not just talking about WordPress kind that's in my mind, but that goes through a whole host of other software.

I just, I think we need more literacy before we do stuff like that. I mean, I'm not opposed to it at all. Um, I.

Dan Knauss: It would certainly help for trust again, like, um, if you, I think more and more people are just expecting and, and vaguely, maybe they don't even understand that their devices are being updated all the time.

Yeah, I monitored all the time.

Nyasha Green: Definitely. Don't they? Definitely. Don't you remember when they said 5G was like causing covid? Did you hear that?

Dan Knauss: Um, that okay.

Nyasha Green: Conspiracy theory. That was one. Yeah. Yeah. And I was like, What? And like it was, people were send me stuff, they were like, You're in tech. Is this true?

And I'm like, What? And I'm like, Why would you even begin to believe [00:49:00] this? Where is the correlation? It's like people really don't. Anything . And it's like, you know, I'm not calling people stupid or ignorant. Please, if you're listening and you sent me a covid conspiracy theory, I am not attacking you. Um, I, it's just that people are, there's too much lack of information.

I feel like that's the theme of this, uh, of this episode. If you don't give people enough information and literacy, they'll speculate. They'll create their own narratives and then they'll spread them. Right? And then we have all this what? And then we'll hear stuff when we say what. Yeah. What I do that like 16 times a day, so Right.

It's, they, they have so much more to do than just force updates, but I don't have the faith that they will do that. That's me.

Dan Knauss: Well, there, there's a lot, there's a lot that can be done in, in testing and and security practices to make more secure product, but there's always gonna be stuff that just needs a hot fix.

It needs enough to push to it. Dependencies that aren't even within the project, but that we use and that some other project [00:50:00] uses. Everyone's got to be able to, um, verify what they're using, what version it is, maintenance status, and how do you, how do you quickly update a lot of stuff across the network.

I think that's all good, but yeah. What, what you're saying with a highly, with something, um, as ubiquitous as WordPress or. Apps on your phone. Um, people aren't, it's better if you can get them educated enough to trust that, okay, this is how this is done and mm-hmm people are trying to keep this secure and here are the risks and so on.

And, um, maybe there's some kind of catchall consent. If you know you're using this, this is what's gonna happen. It would be great if, as a community, talked more about those things too, and then mm-hmm. , um, informed people of, of what to expect about security with client work. It's totally, [00:51:00] absolutely necessary to, to explain about the importance of updates, maintenance, and security issues, and, and that being a constant ongoing process.

But when, when people don't understand and then something happens, you get what? The demonn haunted world. I keep thinking of this essay that that's a Carl Sagan book. And Corey doctor wrote a great essay a few years back when, when Volkswagen was uh, uh, gaming their catalytic converters or what, whatever that was when they, whoever hooked the hook, the cars up for testing to emission standards.

Um, it. The computer would realize, ah, we're being tested, so let's cheat. And we go into cheat mode and give a different output than, um, when you're on the road, you want more power delivered to the user and it's actually over emission standards. They got caught for that, but it was a sophisticated software [00:52:00] thing.

BMW did this to, uh, I wanna pronounce these in German way, Ba a. I, I don't know how many did this, but I was talking to a friend of a friend musician who bought one of their sprinter vans. He's really, uh, fancy bmw, um, vans, and they got, they had to do a recall on all their, Their catalytic converters, um, because they had a cheat system in it too, I think.

And they had agreed to some, you know, there was a, there was litigation and they just agreed to replace it all. Not that they had done anything wrong or something like that. And, and he was in the states, he's Canadian, bought this thing in, in Canada and it was in the States and the computer on the car, and his van started saying, You have 10 more starts.

You gotta get this to a dealer, Do the recall, have the part swapped out, and if you don't and, and you need to do that in 10 more starts, you start, you stop and start 10 times this thing's not gonna, it's [00:53:00] gonna be towed, you know, It will not, your, your vehicle will no longer function. Um, so it's like ransomware built into thereby the, the manufacturer of your vehicle.

Um, huge. Shift from . I don't think you knew that that was even possible. They left the thing running.

Nyasha Green: Well, , that reminds me. I do. Because that reminds me of the, the, I don't know if I've never had it, but I've known people who've had these type of cars. If you don't make a payment on your car, you miss a payment, they cut.

They really just lock your car and then you can't crank your car up. Yeah, you can't use your car. You've never heard of that?

Dan Knauss: Like they do remotely through the card. They do it remotely disabled.

Nyasha Green: I'm, I'm, I thought that happened to many people. Like I've had people go to pump gas and then they can't crank their car up and they'll say, Oh, you owe it's money.

Dan Knauss: My car is older than my oldest kid. I have a 1997 crv. Like the early years were, were really good. I have a Honda [00:54:00] guy, um, who um, yeah, like, yeah, I'm an old tech person, , so you couldn't Yeah,

Nyasha Green: that's, but that's like, that was kind of old. That's like, I learned of that when I was like a teenager and that was like, oh my.

I am about to turn 32. I was around 15. That was, I'm doing math 17 years ago, .

Dan Knauss: So yeah, I think that's, I stuff should be built to last some things and maintain. Oh yeah, definitely. And I don't like the idea of. Of being surveilled and controlled remotely. Oh, yeah. Um, and that's, um, that's the world we're moving into.

Mm-hmm. and to some extent there, you know, well there's real abuse and ethics issues and uh, personal autonomy. And I don't think that kind of car system is at all what anyone in open source wants or, or just coming. But there's always a trade off to, uh, with security, how do we, how do we protect. [00:55:00] Ourselves, Um, the most people efficiently.

And it's, it's by overriding, you know, anyone who might individually say, Wait a minute, I wanna evaluate this update code before, you know, most people are just gonna sit on an unup updated thing and mm-hmm not know what's going on. And that's, um, ultimately you have authorities saying that's just not okay cuz it's a security risk to.

Much more, much more significant higher level interest than, you know, Bob Smith with his whatever software he is running. Mm. Well, I think that's a, that's just a fascinating, ethical, intellectual thing, and I, I hope, I hope that we can find a few people to kind of dig more into that as, as that goes along.

But, um, yeah, trust. Everything's about trust.

Nyasha Green: You [00:56:00] made me think about trust falls. Trust. Trust falls when someone like stands on a chair and you all hold hands. Oh, that,

Dan Knauss: Yeah. I've never done that. Uh, no. I didn't

Nyasha Green: want, I was scared. Yeah. I didn't trust, I did not trust those people. But, but no, you're right.

Trust is, is that today's word? That's a big word for Elmo. .

Dan Knauss: Yeah. Just cause people are being, just cuz people are being nice and communicating well with you doesn't, you know, you assume good intentions, but I mean, trust can be betrayed in so many ways or failed, um, even with the best of intentions. And I think how we recover from it, there's no ideal state, you know, no human group is gonna have pure trust unless they're completely in denial, like a cult or something about how everything is awesome.

There's always damage. In and histories of, of um, reasons not to trust each other in any long relationship. [00:57:00] And you kind of have to find a way to be resilient through that and recover from it and reassure each other. Yeah, we're aligned. We want the same things, pretty much. Um, I'm not, I, you know, and I've got your back and that's what we need.

It's hard to come by.

Nyasha Green: I agree. Trust in communication.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.