Trust, Community, and Automatic Updates

*
Accepted Session
Short Form
Intermediate
Scheduled: Thursday, June 26, 2014 from 1:30 – 2:15pm in B304

Excerpt

WordPress shipped in October what is perhaps its most polarizing feature ever — automatic updates in the background of self-hosted web software, on by default and no easy way to turn it off. In most open source communities, this would be cause for open revolt. Learn how through trust, communication, and a steadfast commitment to its philosophies, the WordPress core team convinced a skeptical community to go along, even if it meant users giving up some control.

Description

At a conference in July 2013, the co-founder of WordPress announced a lofty goal: to have WordPress update itself, automatically, when a new version came out. Just three months later, WordPress shipped what is perhaps its most polarizing feature ever.

Getting to this point required a series of technological advances years in the making, not to mention a belief we could actually pull it off. Users required constant reassurance that we could get it working reliably. A centralized API would be instructing self-hosted software to update itself on the fly. This would be run-of-the-mill web software, often running on shared hosting. And this would be tens of millions of sites — by some estimates, WordPress powers twenty percent of the web. Yet this was the easy part.

Most users liked the idea, but many had concerns, and some fiercely protested. But the most important and controversial decisions had nothing to do with the technology. Rather, it was these questions: What control would a user have? Would it be opt-in, or opt-out?

While this is often ignored in open source, user interface preferences come at a clear cost. If there are too many, for example, users can’t find any of them, and options are often used to avoid making a tough decision. Here, the cost was clear: letting users opt out of a security update would have had severe repercussions for the world wide web.

WordPress 3.7 shipped with automatic updates on by default for security updates. And there was no checkbox to turn them off; you would need to go under the hood to do that. It was not just opt-out, but it was made difficult to do so. We have since used the same tool to forcibly update WordPress plugins to close critical security vulnerabilities, and long-term goals include updating WordPress to the latest version, whether major, minor, or patch.

In most open source communities, this would be cause for open revolt. Learn how through trust, communication, and a steadfast commitment to its philosophies, the WordPress core team convinced a skeptical community to go along, even if it meant users giving up some control.

Tags

trust, community, wordpress, decisions, preferences, philosophies

Speaking experience

I’ve presented both technical and philosophical talks at three dozen WordPress conferences in North America and Europe, guest lectured for classes at four universities, and spoken at dozens of other events. A selection of video/resources: http://wordpress.tv/speakers/andrew-nacin/, http://lanyrd.com/profile/nacin/. (I’m working on building an index of everything at http://nacin.com/speaking/.)

Speaker

  • Gravatar

    Andrew Nacin

    WordPress

    Biography

    Lead Developer of WordPress. News junkie.

    Sessions

      • Title: Extreme Software Portability as an Art Form
      • Track: Hacks
      • Room: B304
      • Time: 2:303:15pm
      • Excerpt:

        Writing portable software is hard. Throw in thousands of bad and worse shared hosting configurations, a decade of technical debt, the need to cater to a sprawling ecosystem, and PHP — and you have WordPress. We’ve found breaking changes harm our community and unfairly punish our users, so we don’t make them. But that doesn’t mean we don’t innovate or evolve — we’re just forced to get really clever. And it works, with adoption continuing to soar.

      • Speakers: Andrew Nacin
      • Title: Trust, Community, and Automatic Updates
      • Track: Culture
      • Room: B304
      • Time: 1:302:15pm
      • Excerpt:

        WordPress shipped in October what is perhaps its most polarizing feature ever — automatic updates in the background of self-hosted web software, on by default and no easy way to turn it off. In most open source communities, this would be cause for open revolt. Learn how through trust, communication, and a steadfast commitment to its philosophies, the WordPress core team convinced a skeptical community to go along, even if it meant users giving up some control.

      • Speakers: Andrew Nacin