Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
30 years a 1 month later, it seems like an apt time to revisit John Perry Barlow’s Declaration of the Independence of Cyberspace. The poetry is amazing.
Finished reading: The Song of Achilles by Madeline Miller is very well done. Really fleshes out the Achilles myth and brings Greek heros and gods to life 📚
My son and I watched his teacher compete in a karate tournament. It was a first for both of us, as he just started karate a couple months ago. It was a fun time, lots of participants demonstrating their skills!
This is a little embarrassing to share, but I’d rather someone else be able to spot a dangerous scam before they fall for it. So, here goes.
One evening last month, my Apple Watch, iPhone, and Mac all lit up with a message prompting me to reset my password. This came out of nowhere; I hadn’t done anything to elicit it. I even had Lockdown Mode running on all my devices. It didn’t matter. Someone was spamming Apple’s legitimate password reset flow against my account—a technique Krebs documented back in 2024. I dismissed the prompts, but the stage was set.
What made the attack impressive was the next move: The scammers actually contacted Apple Support themselves, pretending to be me, and opened a real case claiming I’d lost my phone and needed to update my number. That generated a real case ID, and triggered real Apple emails to my inbox, properly signed, from Apple’s actual servers. These were legitimate; no filter on earth could have caught them.
Then “Alexander from Apple Support” called. He was calm, knowledgeable, and careful. His first moves were solid security advice: check your account, verify nothing’s changed, consider updating your password. He was so good that I actually thanked him for being excellent at his job.
That, of course, was when he moved into the next phase of the attack.
He texted me a link to review and cancel the “pending request.” The site, audit-apple.com, was a pixel-perfect Apple replica, and displayed the exact case ID from the real emails I’d just received. There was even a fake chat transcript of the scammers’ actual conversation with Apple, presented back to me as evidence of the attack against my account. At the bottom of the page was a Sign in with Apple button that he told me to use.
I started poking at the page and noticed I could enter any case ID and get the same result. Nothing was being validated. It was all theater.
“This is really good,” I told Alexander. “This is obviously phishing. So tell me about the scam.”
Silence. *Click*.
Once I’d suspected what was happening, I’d started recording the call, so I was able to save a good chunk of it, which Jamie Marsland used to make a video about the encounter. You can hear for yourself exactly how convincing “Alexander” was.
So let my almost-disaster help you avoid your own. Remember these rules.
After all, the best protection is knowing what this looks like before it happens.
Thank you to Peter Rubin and Jamie Marsland for putting this all together.
matt.routleynet.orgSo I propose (years late, many bucks short) we just toss it all in the bin and go back to the beginning. Blogs, newsletters, IRC, mailing groups, and, sure why not, Usenet, go nuts. (The jury is still out on forums, but I suspect they are actually a stunted malformed sapling sprung from the same seed of evil that created modern social media.) These things are time tested, functional even in the face of overwhelming lack of interest from the general internet, and are, most importantly, utterly unbreakable. A specific blog, irc etc etc might disappear, but that won’t take...
A very interesting conversation on the feeling of instability in software engineering caused by the robots: www.youtube.com/watch
Go by The Chemical Brothers showed up just in time to get me through today’s tough ride 🚴🎵
🎵 Song of the week for my daughter — How Soon Is Now? by The Smiths. A classic alternative song that still sounds great to me.
As we announced and TechCrunch covered, my.wordpress.net has soft-launched.
What this means is you need to fundamentally shift how you think about WordPress.
From the beginning, WordPress has always been open source, giving you freedom, liberty, autonomy, and digital sovereignty. Open source is the most powerful idea of our generation.
For the past few decades, WordPress was software you got from a cloud provider or web host, such as WordPress.com, Bluehost, Hostinger, or Pressable (the currently recommended WordPress hosts). You could self-host it on a Raspberry Pi or home server, but few people did.
The experience of downloading WordPress, as my Mom did, is that it unzips a bunch of PHP and various code files onto your desktop. Very confusing!
But now, thanks to incredible advances in WebAssembly (WASM), we can spin up a web server, a database (SQLite or MariaDB), and a full WordPress installation inside your browser in about 30 seconds. Instantly. No server needed. I introduced Playground at State of the Word in 2022.
You can even use it to cross-publish apps to the web, desktop, and iOS, like Blocknotes did in 2023. You can get the latest Blocknotes at Blocknotes.org. One codebase, multiple platforms.
These WordPress Playground containers are fully composable and atomic. You can track and roll back any change. Undo for everything. Stop thinking of WordPress as just on a web host and worrying about maintenance and management, and more as a self-contained unit of open source goodness, a fun little package where you own and control the code and data and can run it however you like.
How perfect is that for AI to work with? Playground makes WordPress local, fast, and trivial to spin up multiple instances, test code changes, and save them.
Next up, we’re going to add peer-to-peer sync, version control integration, and cloud publishing so other people can access it.
I believe this will take us from millions of WordPresses in the world to billions. Hosting isn’t going away; in fact, I think demand for cloud syncing will increase drastically as we radically open up what people can build on top of WordPress.
In an AI age where it’s trivial to spin up software from scratch, consumers will have to give much more thought to brands they trust to be in it for the long term. We’ve been relentlessly iterating on WordPress since 2003. I plan to work on it the rest of my life, and there’s a broad community of hundreds of thousands, if not millions, of people who make their living on top of WordPress.
On WordPress.com we offer 100-year plans and 100-year domains, and I believe we’re one of the few companies where that’s credible. It’s led by Zander Rose, who ran the Long Now Foundation (one of my favorite non-profits) from 1997 to 2023, a quarter century.
In core WordPress, we are obsessed with backwards compatibility. You can run plugins and themes written 20 years ago on today’s WordPress. I’ve stumbled on decade-old installs, and the built-in auto-upgrade took everything to the newest version.
At Automattic, for better and worse, unlike Google, we almost never shut things down. We obsess about maintaining or redirecting permalinks. We make it easy not just to get your data in, but take it out too. We build businesses that lower churn not by locking you in (Wix famously has no export) but by making it easy for you to leave. If you love somebody, set them free.
In the next few years, there will be a Cambrian explosion of software and services. You’re going to have a lot of choices about where to put your most precious data and software. You should demand open source and bet on those who are clearly in it for the long-term.
Today, everyone gets a phone number and email when they grow up. That will expand in the future, everyone will have a domain and a WordPress. A part of the internet that you own.
Technology is best when it brings people together. Technology is best when it puts you in control, gives you ownership, digital autonomy, freedom, and liberty. That’s open source. It’s so exciting to see how AI is supercharging open source.
Join the WordPress community. It’s fun! We have cookies that don’t track you. 
A charming little story for when you feel squished by the shell you’re in: unsquish.me
Funnily enough, with moving home at the moment, this is what I needed ☺️
Tracking surprise in financial forecasts 😱: matt.routleynet.org
With the rise of GLP-1 drugs, there’s a trend that magnums are being ordered at clubs to meet minimums but left unfinished.
I think there’s a space for an ultra-high-end wellness drink at clubs. Imagine Erewhon meets Magic Mind meets Kin, maybe with some effervescence. An elixir that comes out with sparklers but makes you feel great with nootropics not hungover. Priced at hundreds of dollars retail so thousands at a club. It could even be a cold chain, with the freshest ingredients that need to be preserved.
Let’s do some turmeric-ginger-cayenne shots and get crunk.
For a brief period, Tumblr was unavailable to the 115M+ people in the Philippines because the government had blocked it. To their credit, the Philippines CICC quickly reviewed and corrected their block after mass public outrage from the Filipino Tumblr community. Let the people tumble!
I would like to offer some free business advice to people who are considering selling something they’ve created.
First, if the buyer insists you don’t talk to any other bidders, you are being screwed. They only do this because they don’t want you to find the market-clearing price.
Do you think when Microsoft called LinkedIn and said, “We want to buy you for $26B,” they just replied, “Sure! That sounds good.”
If you’re very lucky, you get to work with a bank like Qatalyst, which says, “That’s a lovely offer, let’s see who else would be interested.”
Ask yourself why someone wants to buy you? Who else might have the same motivations? That begins a process in which a wide array of parties review the deal.
If you don’t have the connections or a bank to help you, just email the CEOs of other companies that might be interested. Say: “XYZ wants to buy me for $Y dollars. Is that something you’d also be interested in?”
Now you’re creating a market.
Remember that you’re doing this for the first time, and on the other side of the table, they’ve done dozens of deals.
It really pains me to see WordPress-adjacent companies get taken advantage of by sophisticated financial and corpdev players who strong-arm them into not shopping their deal.
A confident buyer doesn’t care if you talk to others because they know they can offer you the best deal, which usually combines money with what happens to the business after it’s sold. This is the magic of Berkshire Hathaway.
Warren Buffett doesn’t care if you talk to other bidders; in fact, he wants you to, so you see why he’s the better outcome for your business if you want to sell it.
It’s tempting to want to celebrate every time a creator sells something. Say it’s good for the community. But if they didn’t sell it through a fair process, it’s more likely they were taken advantage of, and that saddens me.
For public companies, failing to follow the process I describe above can constitute a breach of your fiduciary duty to shareholders and expose you to legal action. But there aren’t any such rules for private entities, which is why they get rolled over so often.
Not doing a full What’s In My Bag yet, but I do want to highlight I’ve been really enjoying the Sennheiser HDB 630 Wireless Over-Ear Headphones. Hat tip: Philip Kaplan aka Pud.
Has anyone heard a cohesive argument of what Meta would do with an LLM that actually works?
NYT: ‘Meta Delays Rollout of New AI Model After Performance Concerns’:
The difference between Meta and Apple might be that Meta is merely a few months away from rolling out its own best-of-breed AI model. But the difference could be that Meta has blown hundreds of billions of dollars pursuing their own frontier models, and Apple has not, and both just license Gemini from Google.
Spent the evening watching the local chamber orchestra play Haydn, Finzi and Mozart in our medieval church. T’was beautiful. Though the clapping conventions were baffling 😂
I’m in New Orleans for the first time in 7 years for a beautiful wedding. My Mom’s side of the family emigrated here in the 1860s, and there’s a deep comfort in the art, traditions, and weirdness of Creole culture. Good music and food are ubiquitous.
I met up with WordPresser Blake Bertuccelli-Booth to catch a set by Jason Marsalis at Snug Harbor, featuring some great originals and surprising arrangements of Maroon 5’s “This Love” and the music from the Bejeweled Butterflies game. Great artists find inspiration everywhere.
Afterward, we went to see my friend Troy, aka Trombone Shorty, at his studio. (Troy and I met when we both received the Heinz Award in 2016.) He was with Silkk the Shocker and Reggie Nicholas Jr., working on beats and songs. Though I was there for just a short while, it was inspiring to see the act of musical creation.
A few days ago, Ed Sheeran went on the new Benny Blanco / Lil Dicky / Kristin Podcast Friends Keep Secrets. I haven’t watched the entire episode, but the twenty minutes from about 1:09 to the end where Ed and Benny come up with a new song I’ve seen 4 times now, it’s magical. Check it out, it’s one of the coolest things you’ll see this week.
I’ve seen Ed Sheeran loop his songs live, but this act of creation is very special, and I love the dynamic between him and Benny. It reminds me of that magical moment in Peter Jackson’s Get Back documentary where you see Paul McCartney and the band come up with the idea for the classic song Get Back.
🏃♂️ Winter was back for today’s run
Finished reading: The Prime Ministers by J.D.M. Stewart was exactly what I wanted: a concise and clear summary of each Candian Prime Minister. That was a gap in my knowledge that is now closed 📚
Login