[00:00:00] Nathan Wrigley: Welcome to the WP Builds podcast, bringing you the latest news from the WordPress community. Now welcome your hosts, David Waumsley and Nathan Wrigley.
Hello there and welcome to the WP Builds podcast. You have reached episode number 327, which is episode eight in our Thinking, the Unthinkable series. And this episode is entitled, is Open Source a Liability? It was published on Thursday, the 18th of May, 2023. My name's Nathan Wrigley, and I'll be joined in a few moments by David Wamsley so that we can have our chat.
But before then, a few bits of housekeeping. If you're into what WP Builds produce, why not subscribe? You can do that by going to WP Builds.com/subscribe, and you can find all of our social channels plus a couple of forms, which you can use, and if you do that, We will send you an email when we produce some new content.
If you feel like giving WP Builds a bit of a leg up, head over to your podcast player of choice, whatever platform you're on, apple, Spotify, and give us a review. We'd really appreciate that. The other thing to mention is that at the moment I'm doing a webinar series with Mark West Guard from WS form.
You're able to find information about that, but typically it's going to be on a Wednesday at 3:00 PM. UK time. We are joined live by Mark, and he's showing us increasingly complicated uses of his fabulous WS form plugin. We'd love it if you came and joined us in the comments. Go to the WP Builds.com homepage, scroll down a little bit, and there'll be information about the next show.
But as I say, it's on a Wednesday. The last thing to mention is our deals page. I say it every week. It's a bit like Black Friday, but every single day of the year. Significant coupon discount codes for WordPress products. Go and check it out. You never know. Search and filter. You may find something of interest to you.
The WP Builds podcast is brought to you today by GoDaddy Pro. GoDaddy Pro, the home of managed WordPress hosting that includes free domain SSL and 24 7 support. Bundle that with The Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place. Invoice clients and get 30% off new purchases. You can find out more by heading to go.me/wpbuilds. Once more, go.me/wpbuilds. And sincere, heartfelt thanks to GoDaddy Pro for their continuing support of the WP Builds podcast.
Okay. At the top, I said that this show was all about open source being a liability. What do you think? Is it a good idea to base your entire business on freely available software? The problem is you don't really have any way of phoning home if there's a problem. You just have to hope that somebody somewhere is going to fix it. In our case, we're using WordPress. It seems to be extremely well maintained. But what about all of the other bits and pieces that your websites are relying on?
Linux, engine X, Apache, all of the different things. We talk about some notable incidents in the past where governments around the world got incredibly worried because they couldn't pick up the bat phone when things like Log four J went haywire a little while ago. So there's lots to talk about. Is it a potential risk?
How do you explain it to your clients? What are you all doing with open source? I hope you enjoy the podcast.
[00:03:43] David Waumsley: Hello, on this eighth episode of Thinking the Unthinkable, where asking is Open source a liability. Nathan, you really kicked this one off by telling me a story from a couple of years ago about something that was a zero day attack called Log four
[00:04:01] Nathan Wrigley: Shell.
Yes, this I've gotta say that we're probably straying into areas. In fact, we certainly are straying into areas that I really don't understand in that, I don't really know what that does. But it would appear that whatever that is, log four j, this Java logging library of Apache, that it's a truly crucial piece of server-side architecture.
And yet there was a problem with it. It was running a significant proportion of sites on the internet, but when the problem was discovered, everybody was running around chicken little style. The sky is falling in. Because apparently that project was being maintained. I'm gonna say by an individual, I probably should have read up more about it, but it was certainly being maintained by a very tiny proportion of people.
And yet the whole thing was utterly critical. And you've managed to find this perfect picture to describe it. But so imagine a castle built out a variety of different Lego blocks. And, but more or less, all of the castle is being held up by this one tiny Lego block, which is sitting on its side.
It's not properly embedded into the ground, and if you just knock that one tiny block out, then the entire edifice above it crumbles. And that's exactly what was going on. So the internet was being maintained. In this case by one individual and things go wrong, how do you find that individual? How do you compel that individual to fix the broken thing, which is causing angst and anguish all over the internet?
And the short answer is you don't. You just hope.
[00:05:56] David Waumsley: It was just, yeah, it was one of those kind of Mr. President, we've got situation kind of things. One of really big news for, I actually missed it. It was only you telling me about it, but it had the ability to really bring down, key players like CloudFlare and Microsoft, didn't it?
And some of their big products and stuff. It was fixed and everybody just moves on with their lives. But it's a good, it's a good lead in to this, how much do we depend on open source? And of course we do. Because that's what WordPress is. And not only WordPress, it's really everything that WordPress depends on itself.
The lamp stack, Linux, Apache, php, MyQ, l all open source projects.
[00:06:40] Nathan Wrigley: Yeah. And it, you forget that all of that is going on in the background. I don't mean you forget it, but you forget that, that it's created, that it's written almost to the point where you just think that's a.
That's like a natural resource. It's just like water flowing down a river. It's there, it's always been there. It's available for everybody. You forget that there's real humans donating significant amounts of their own time for free to make this stuff happen. But if you work in a corporate environment, let's say, I dunno, you're working for Microsoft or something like that.
Presumably there's a hierarchy of people above you who get to tell you what to do with your time. So if something is broken, then okay, we need a patch for this. We've discovered a vulnerability and we'll release it in the next patch Tuesday for Windows. You, and you go and fix it and come back to me when it's done in the open source world, it really isn't like that, is it?
You just point into thin air and say who can fix this? We don't know. Anybody. Anybody? Bueller? Anybody got any time? Anybody got any access to these projects? So it's really interesting. But I think, I do think that the whole open source thing, I just take most of it for granted.
Assume it's gonna work, assume it's up to date, assume that I'm allowed to use it for it, ev ever and ever, without mentioning anybody or praising anybody or donating any money or time. Yeah. And in a sense that's the whole, that's the way it's been built, but it's not necessarily bulletproof.
[00:08:16] David Waumsley: No, and I think, I've seen changes in the time that I've been with WordPress.
So one of the key things that I did was make this kind of membership thing for my staff while I was working for the government. And they weren't very pleased about it, but then they made their own. But of course when we're talking then, back in those days, they there was no way. That a government department was going to use WordPress at all.
That was simply not on. They had to use their own content management system where they were paying someone for it. As I moved forward, and I guess people like Google putting out things like, supporting things like Android, it became accepting, that there were big players behind us and obviously, WordPress increased, and I noticed that difference in certain clients.
So I was talking to somebody about a theater site, which I'm pretty sure in the past would've said, WordPress No way. But now we're say it's a no-brainer, isn't it? It's it's what everybody's using. And I think, perceptions have changed. And I think, again, with this incident that happened a couple of years ago, it.
Probably made a lot of people question that again, just going, oh, have we got a little bit too relaxed with it?
[00:09:27] Nathan Wrigley: So just going back to your government job there. Yeah. You were mentioning that. WordPress or open source in general would've been out of the remit. In other words, there were rules and regulations precluding open source.
Whereas if you went to a private company and they had their own c m s. That was possibly acceptable. Was it simply because there was a, if you there was a back phone that you could pick up and enforce somebody to fix something if you discovered a problem? Was it around that?
[00:10:00] David Waumsley: Honestly, I don't know because I, I didn't have that level to understand their decision making. And obviously they had a deal already with the people who were supplying their content management system. But the implication of the conversations was that, you couldn't, we couldn't just use any system outside, apart from one.
That we got some kind of deal where the liabilities have been set, on that, what they're responsible for. Yeah, I think, but I imagine I, I don't know cuz I left and but I imagine that was probably more relaxed later.
[00:10:34] Nathan Wrigley: Yeah, because that seems, it feels like in the last period of time, and I don't really know what that is, but let's say the last decade as if there has been an inexorable.
Move towards open source being acceptable. Yeah. Especially in government. I remember watching, oh, it's probably listening to the news on the radio not that long ago where they were talking about open source software in schools. Because I think the thinking was that really a large amount of money had been spent.
In the Microsoft pot, getting every computer to run windows. And whilst I'm sure they got preferential licenses because they're educational establishments still, the amount of money spent every year giving Microsoft money so that their products would work. Where schools is not really mission critical.
I don't mean that that couldn't sound awful, but do you know what I mean? If the particular thing in on a school computer breaks, we're not in a real terrible crisis. So things like using open office instead of. The Microsoft Office suite using things like Linux instead of Microsoft Windows.
Now, I don't know if that all happened, but it was interesting that conversation was going on in the open. But I don't know if it was from a philosophical point of view or simply penny pinching. We can save a ton of money and there are these. Open source alternatives, so let's do that because it's gonna save the, the whole state.
A ton of money paying out to Microsoft. I dunno if that was the prime motive or if it was more of a philosophical position of actually why not? Let's advance open source. I doubt it was that it feels like it would've been more about money.
[00:12:27] David Waumsley: Yeah, it's interesting, really, that's why we have the peaks and troughs in just kind of anything in life with growth and stuff and economies, because we all get perhaps more comfortable with something at the point when it's probably the most risky, we reach the peak and then something happens.
And I think that's what's happened with our trust in open source. It's varied. I'm certainly in that situation where, I've now become more risk averse. So I'm really looking and I guess this is what all this is about. Open source seems a wonderful thing, bringing all these people together, but you, it's down to you then to risk assess your dependency on them.
[00:13:11] Nathan Wrigley: And Yeah. Yeah, and I guess you, you run the risk of trusting somebody with a critical piece of, in, in our case, your website. Who really isn't able to maintain that. So they release it, it's gpl, but they don't have the time to maintain it. A bit like this Log four J thing. They don't have the time to maintain it.
They don't have the interest to maintain it. They just did it. They put something out there possibly because they built it for themselves, and then they thought why not just let everybody have a go at it, but they're not intending to keep it going. And you see this all the time in WordPress, don't you?
Plug-ins which haven't been updated for years, and so get flagged. Maybe there's nothing wrong with them, but just the fact that it hasn't been updated for ages. And if you are building your websites or your client websites on top of that does. Raise questions, but I'm not sure that conversation often happens.
I think the conversation between clients and website builders is more, oh, it's free. There's all these great plug-ins and it's totally free. And the client's oh, great, it's gonna cost me less. Yeah. But then the whole commercial side of it, so plug-ins, which you pay for, they're still G P L.
You can, if you wish, go and find them in other less well nefarious ways, shall we say. Yeah. And download them. And that's completely legitimate. But I guess the argument has always been if you pay for it, you're gonna get support and updates. Yeah. That's an interesting take on open source, isn't it?
[00:14:39] David Waumsley: Yeah I look back really on, 16 plus years of using WordPress and that's, Linux, Apache, php, my Q L, the WordPress core, and a whole bunch of plugins. And I look back on this and I think I've literally really had so few problems, only minor little problems. Everything's run quite smoothly on this.
But then I'm reminded by somebody who's a potential client, and I looked at their site recently and they. They're stuck with one of those problems because they can't, they haven't updated their plugins and some of them have reached the end of life because of the change week. Gutenberg, and, they could have adjusted over time, but now they're stuck in this place where they can't update for security and they can't really update, which they'll need to do soon.
To the next PHP version. So they're stuck on PHP 7.4, which ended its life last year and will stop running security patches during this year. And I suddenly think, wow, yeah, that's probably more like your average user. I'm I've taken on the responsibilities cuz I moved along with everything and it's not seem, it seems problem free.
I've moved along with my PhD P versions. I've updated my my s sql as I needed to go along and not seen any issue. But yeah, for them, running on a lamp stack with WordPress turned out to be quite a liability. It's quite
[00:16:07] Nathan Wrigley: interesting, isn't it, how the open source pr, project, not just WordPress, but I think WordPress particularly, how there's definitely this clear definition between the commercial side of it.
And the pure open source side of it. So as an example, if you take Linux, so Linux, an operating system is completely open, you can download it and modify it and there's a whole bunch of variations and yet on top of that, you've got incredibly successful companies like Red Hat and a whole bunch of other ones who have made it their mission to, to bring that to the enterprise.
It's gonna be cheaper than buying a proprietary license, but still they're gonna make money. Yeah. And in that way they can then contribute back and make that project secure and successful and so on. And the same is true in WordPress. If you think about it, I wonder how WordPress could even exist if it weren't for the stewardship of, let's say, automatic.
Yeah, so automatic, as you probably know, is a business and it's run by it's Matt Mullenweg's company and it's run, it's a for-profit. It employs lots of people. Many of those people, because it's successful, can then contribute time back, and there's a whole load of politics around that, but nevermind.
But my point being, Would WordPress even survive if there wasn't a commercial profitable wing keeping it going? Yeah, and I don't know what the answer to that is. I
[00:17:46] David Waumsley: don't, and yeah I think it probably is true. Without that, without, effectively webpress.com is a hosting company, isn't it?
And the money that it makes goes back into the main project and keeps it alive and. That's where we're at, I think with it. And I don't think it would be a success without that. I don't know. But when you look at it, the other big successes, and that's why if you like, big commercial companies have jumped on their whole idea of open sources because it's the way to bring people to them,
[00:18:21] Nathan Wrigley: yeah. I dunno what the, I dunno what the ratio is of. Contributions into WordPress core. There's probably a way of finding this out, and maybe I should have done that before this episode, but I dunno what the ratio of pure volunteerism is. Into, let's say WordPress COR as against contributed sponsored contributions.
So let's say, I dunno, a hosting company who puts forward five employees for 10 hours a month or what have you. I dunno what that ratio is. And obviously that would be important
[00:18:54] David Waumsley: to know. Yeah, and I was talking earlier to you about the fact that's something that never really triggered in me before, but you realize why not only automatic has, would want to invest more in employing people to help, if you like, the open source project, but also why many hosting companies might want to also Buy up plugins and stuff to have their own suite because as it is effectively a way of getting in people for hosting business, you want something which is going to attract.
The customers that are out there, the DIY is particularly looking to be able to do it themselves, so it makes a lot of sense. The direction that we've gone to me, or has only just done that recently for me, when I've thought, what is the motivation for so many people acquiring plugins, particularly from hosting
[00:19:43] Nathan Wrigley: companies.
Do you wanna develop that a little bit more? Because you said quite a bit more than that when we were talking before, but it maybe you wanna keep that to yourself? I don't know. Yeah,
[00:19:51] David Waumsley: I think it'll just come on. It was just a revelation really. So what was the motivation of so many hosting companies buying these if you like their own page builders on the Guttenberg project and you just think Automatic, probably for its own reasons, needs to make sure that WordPress becomes the sort of modern, more wick like platform, if you like.
That's the able to bring in people so everybody can publish. So it needs to do that. So it's invested in its own money, but when you think about it, why are all the other hosting companies, because they're in the same situation because of this massive move to edge hosting or serverless hosting, which could mean if everybody goes that way, We won't need this lamp stack that everybody's required for so long to do dynamic work, so they're under threat.
This is an alternative. So I suddenly realized to myself that there, that might be the motivation for hosting companies. They did really well in the early days of hosting when, most people wanted to get online, couldn't maintain their own server in house so they could grab a lot of people.
But in those days we needed a dynamic system that ran on something like a lamp stack. And now that's been challenged a little bit as we go to this static site generation stuff. JavaScript being able to do more, the ability now to potentially skip servers
[00:21:15] Nathan Wrigley: altogether. Yeah, it'd be interesting to revisit this in a year's time or two years time and see whether that debate.
Is has been moved on. Yeah. Because it does feel at the minute that like there is a bit of a ground swell of, certainly amongst the more technical users of WordPress. There's a lot of interest in different ways of hosting your website and frightening and headless and all of those are definitely becoming more and more popular.
I guess there's a technical burden there, isn't there? There's a little bit of learning to be undertaken. There's a new. Set of tools that need to be adopted and but it does feel like it's becoming easier and those tools are becoming more and more accessible and it feels like that's a real growth area.
Flattened websites, headless websites.
[00:22:00] David Waumsley: Hello. And I don't think anything will ever, because the, there's always going to be people going to up their games. So as you can see already, there are, there's interest automatically putting some money into how you might be able to have kind of serverless WordPress working in your browser and stuff.
So e easily could go the same direction as well. So who knows? But you can see there is a. A clear challenge, and it makes much more sense to me why a lot of hosting companies want to buy a lot of these plugins and make a suite up that will run on WordPress because it's just another way of attracting people.
[00:22:33] Nathan Wrigley: Yeah. It'd be interesting to sit inside the boardrooms of some of those big hosting companies and see what their thoughts are on the sort of five year plan and whether this is in fact figuring into it.
[00:22:44] David Waumsley: Hey, there's something that you mentioned to me which I thought was the greatest thing that you said about this topic when that was, you asked the question.
It is h t m L and c s open source. Cuz I think it changes everything. Yeah.
[00:22:55] Nathan Wrigley: That's so weird that I've never even thought about that. I don't, I it just, it's there, it's been there forever. You can use html, you can use css. All you need to do is. Fine tutorials, but I don't really have much insight into how those projects are created.
Who gets to commit to them, who decides? I know it's the, and I always get this wrong, W three C, is that right? Or is it the WC three? I can never get that. Who decides all of this stuff and is it open source? And if it is open source, what does that even mean in this context?
[00:23:31] David Waumsley: I know it's really, and something, we Googled it and I'm not sure if we got a clear answer.
There were certainly people saying, yes, it is open source. It's really interesting, isn't it? It's an, it's still headed by Tim Berners Lee, the creator of the worldwide web. So it is worldwide web so the W three. Consortium is there. That's it. Got it. It's a worldwide web consortium and it's still founded by him.
And I don't know how it is run, how the board is run, but of course it has to run. And another thing that was significant for the web was the first open source browsers, which is the way forward, and now brow, those who run those open source browsers now. Have to work with the W three C, don't they, to move forward how the web will go.
So they have a say in, because obviously there's no point in coming up with new ways to do clever stuff with CSS if the browsers aren't going to support them. Yeah, and we've moved into a new era where for the first time in the last year or so, browsers have decided to work together rather than compete with each other.
[00:24:38] Nathan Wrigley: This is singularly the best thing that ever happened to the internet. Just you and I can both. Remember back in the day where Microsoft had their browser and along came Mozilla and had an open source browser, and that for a period was the in the ascendancy. And then Google came and quickly dominated with their open source chromium or chrome browser.
And what a change that made not having to worry about. If they've got a subset of users using this particular version of this particular browser, we have to inject this little bit of code to, to patch that and put a little bandaid over it. All of that's so great and that really does speak to the power of open source and yeah, the trust that's been put in it.
Yeah, but
[00:25:26] David Waumsley: it just make you wonder, I was talking about liabilities is probably the key thing or dependencies that you build on it. We are absolutely dependent on the W three C and I have no clue about who ha holds any responsibility for the future of H two mell and c s?
Yeah. Which JavaScript itself, absolutely none at all. I just put my
[00:25:49] Nathan Wrigley: trust in it. Yeah. The same would be basic things like dns, I don't really have any understanding of who governs all of that. I. I know that they meet occasionally in a room and exchange keys and things like that, but beyond that, I've no idea who decides all of that stuff.
And it just seems to get better though. I don't really remember any debate. Or maybe I'm wrong, maybe there was, but I don't seem to remember any debate about people getting all head up and worried about they're gonna include this in the CSS spec. They're gonna add this thing. It's gonna be the end of the world.
It always seems to be a, a. A case of, oh, they're gonna add this thing. Oh, that's great. Look, we get to do this new thing like clamp or something like that. Brilliant. We've got a new thing. Never. Oh. Why do they keep bloating c s? It's funny how
[00:26:34] David Waumsley: that is. Yeah, absolutely. We have seen a massive change.
I think in some ways, I, in some ways I see the open sourcer the WordPress is more of a liability than I have before because it's trying to stay relevant. And so that makes it a little bit unstable for me and the type of work I do. And also because of the challenge that's coming to that traditional lamp stack, the fact that.
Those who have always been critical of Apache and how these kind of systems work have helped to develop this way of being able to use JavaScript to do dynamic stuff in the user's browser. And that's clearly going to be the way forward. So there is going to have to be a shift in that way with the kind of edge.
So in some ways a lot of the open source I knew or what I think of as open source has become more of a liability, but, Literally everything I do to escape those kind of dependencies leads me back to open source. Yeah,
[00:27:38] Nathan Wrigley: that's interesting. Yeah. Yeah. If we take the subject of this particular episode, which is is open source a liability?
I've just had a thought. Is our job basically to stand between. The open source and the client. Ah, the open source is great for us because we get this free suite of tools in every regard. Html, C S D N S lamp Stack, and in this case WordPress. We put all of that. It's this great big heap of open source.
And essentially what our job is to do is to stand, is to understand that and give our clients an experience, which means they don't have to care. About the open source. You are basically insulating if something goes wrong. With WordPress, it's your job to understand that and get it fixed.
If something goes wrong with the server, you're probably by proxy paying somebody to understand that and fix it on your behalf. If something goes wrong with dns, we're all screwed, so you can probably just forget about that one. But this is our job is to consume these free tools, offer them up to the client and.
Stand as the guardian to fix things when they go wrong and to understand when things go wrong, to be abreast of the news in the open source communities, the WordPress News, and all of
[00:29:04] David Waumsley: that. Yeah, absolutely. One thing that is quite interesting is that with deprecating stuff, so when you rely on it, you are hoping that it's gonna work forever, but obviously everything has to develop.
But one thing that when you come to H M L and c s have you, They have deprecated certainly. When we've gone to H M L four to five, there were some things that were clearly deprecated there, but have you ever seen these not work in browsers? They all seem to work
[00:29:31] Nathan Wrigley: forever. No. No. There's all sorts of things that have been deprecated over the years.
I'm actually struggling to think of anything, but so a strong instead of a bowl? Yes. That's a perfect example. And yet, doesn't it break? With that in mind. In other words, look, it's better if you stop using that tag, but for now at least anyway, we're just gonna honor it because it would be insane to break a hundred percent of the websites out there.
But hopefully over time those websites will be re-engineered, rebuilt a few years later to the point where everybody knows. But I've not really seen any of those things being switched off. In other words, that tag no longer works. It will literally do nothing. It feels like it's more a question of we've got this better thing, but will, we'll deprecate it?
I guess elegantly might be a good way of describing it. Yeah. I can't think of a single example where I've seen things break as a result. Yeah,
[00:30:26] David Waumsley: I think my stack at the moment is a very nice one. Going to the static route for clients that can be static, using WordPress. It's building, helping me to build the sites, which turn into H T M L, I can also do it through VS.
Code. Again, another open source project with GitHub, yet another open source project. And with these tools, I feel like I've escaped. Pretty much all the dependencies, but when you really think about it, yes, I was gonna say I haven't at all. Yeah,
[00:30:56] Nathan Wrigley: you've just got a different set of dependencies. And the curious thing is that because you are, because you've been in the WordPress space for so long and you've really do dug deeply into that community, all of the weirdness and the disagreements and the controversies, They're aware, they're available to you.
You know them all, but you probably don't know that there's a ton of people in the GitHub community. I'm just making this up, by the way. There, there is actually. Yeah. Yeah. Who just disagree. And there'll be politics there, and there'll be politics everywhere, but you're just not aware of it. So it seems oh, this is pure, this is GitHub is pure nobody's arguing with that, but dig deep enough and I suspect like everything else, because it's adapting, because it's changing, because it's morphing and there's probably no.
There might be an individual in charge, I'm thinking of Linus in terms of GitHub. Yeah. Yeah. But there'll be debates and there'll be confusion and there'll be angst and all of that everywhere, I would've thought. And you just have to swap the WordPress controversies for other controversies.
[00:31:54] David Waumsley: Yeah. Yeah. Certainly if GitHub is yanked from me that causes a real problem. It doesn't, it means that everything I've done still lives on, cuz it's static and can be dumped on any server really, or just. Used in the browser locally. So in some ways I've removed a whole bunch of 'em, but still how I would run the business is still gonna be impeded greatly.
[00:32:14] Nathan Wrigley: Yeah, truly, if you were to build a, a dependency free website, You really are inside of a, of an open source text editor, like something like Notepad Plus on Windows, and you are writing absolutely everything yourself. You're not dependent upon any JavaScript libraries. You're not dependent on anything else.
It's just html, css, and your own bespoke JavaScript, and you're gonna upload that to a server somewhere. And you are gonna maintain it and it's gotta be hell.
[00:32:51] David Waumsley: I think you are right though about that. That is our job to protect, if you like, clients who come to us from the open source.
And I think that runs into something which we didn't talk about, which is other liabilities. When you. Join a platform, GDP accessibility, things like that. Debates we've had in WordPress about should everyone be forced to take their Google fonts outta their themes, that are tapping into Google's own api, because of cases and all of that sort of stuff.
But really, I guess that is our job, isn't it? To do that. And if clients do it themselves, they take that responsibility on.
[00:33:28] Nathan Wrigley: With, I don't really know truly what the definition of something being absolutely open sources, but it feels like you can download a copy of it, you can then modify it, and you can then with, some level of attribution, you can then use that in whichever way fit.
How do you feel that WordPress itself stacks up in that? Because we do have the whole benevolent dictator for life model. We've got Matt Yeah. Who makes a lot of these decisions, and it is open source. You can download it, you can fork it. Classic press was an example, which seems to be limited in terms of its shelf life going forward.
I could be wrong about that, maybe I am, but how do you feel about the true open source nature of WordPress itself?
[00:34:19] David Waumsley: I think, they've definitely been played up the four freedoms of G P L and WordPress's, role in that, which is significant. But I do feel at the moment, because it's become such a complex system, it's a little bit more marketing because.
Realistically, you are not going to take away the modern WordPress and manage it yourself. It's already got 4,000 issues against it on, the project and something close to a thousand bugs at any point. You would've to be quite a huge organization to really say, I'm gonna take WordPress as even, earlier than that, as the classic press tried to do and they've not really been able to.
Kind of bring that together and do a fork of it. Yeah. So I think the four freedoms there I mean it's a, it's a philosophical stance, isn't it? It's a, it, I think both you and I like the idea of open source, it seems a kind of honest thing, but it, in practical terms, I don't think it's, there isn't a freedom there.
[00:35:25] Nathan Wrigley: Yeah. I guess software gets, there's some critical moment where the seesaw tips, where it's just impractical. For it to be forcable and obviously you can, but hang on. Let me rewind that. You can fork it whenever you like. Nobody's saying you can't, but in order for it to function in the normal way that most people use it for there's just some sort of weight pushing you.
There's gravity dragging you back to the inverted commas, the official. Repository. Because there's just too many things, too many lines of code, too much to inspect and all of that kind of thing. I guess that's the case with WordPress. You really are gonna struggle. Unless you've got a very big and dedicated team, you're gonna struggle to fort WordPress and use it reliably over time.
And I guess that's just the nature of open source. At some point people coalesce on a version of it, a a company that's maintaining it. A yeah, a repository of it. And that's the official version. So we go to wordpress.org to download WordPress. Most of us don't go to classic press to download WordPress.
[00:36:40] David Waumsley: And I think because of, you know how you can't do this, it's the same as the client I mentioned earlier, potential client who's stuck on the php 7.4 because it's all dependent on another open source project, which also I think maybe is speeding up on the how quickly it updates to remain relevant itself.
You take it off and then you're really going to have to work with all of that code, see what's going to. You know what's deprecated in the new version, because you're going to need to update because PHP isn't going to keep patching for security after a certain point yeah, you I think in that sense, that kind of freedom is a commitment, to sharing the code with other people to contribute, but in terms of anybody saying, I can take this and make my own, it's not. Not practical, is it?
[00:37:33] Nathan Wrigley: No. Yeah, that's a good point. At the bottom of this list of things that we were gonna talk about today is what open source stuff do we use? I'm curious to know what's on your, what's on your computer or what do you use? Oh
[00:37:46] David Waumsley: gosh. Yeah. That's a really good question. And I guess that's a lot, isn't it? Pad Plus, is that's the first thing I just looked at.
[00:37:54] Nathan Wrigley: Don't if that's, I think it is, but I could be wrong about that. I've got a feeling I don't use Windows anymore. Okay. But I remember in the day I could just simply download it. That's not to say it's open source, but I remember that I could just freely download it and use it.
So that's. That's where I'm getting that
[00:38:11] David Waumsley: from. Yeah, so there's note. Plus. Plus. I'm going through all my icons here. We also have, for my media, I have vlc. Oh yeah, me too. Yeah. I think does most people have that? I also have file Zillow for my ftp. I also have Audacity for any audio recording and that's it.
I have a few other things here that are buried away. Such, I have a terrible, I'm gonna have to find another one. There isn't a good open source software for us Windows users that does photos because I don't like what Windows does cuz it tries to upsell you stuff.
[00:38:50] Nathan Wrigley: Oh okay. You are good though.
You've got loads of stuff. I have definitely got vlc. In fact I make sure that on the Mac, anything which is using. Playback of audio runs through vlc, but I use proprietary software for editing, so I use Logic, so I'm not even using Audacity. The only other things really is I've got I'm using Master Don has, that's an open source sort of social network.
I've got an app called Hand Break, which allows me to compress video. Me too. To make it, yeah, to take it from a big video to a small video. And then it's browsers. That's all you know. I've got every variant of every browser, but that's the only open source stuff that I'm using. Really, I'm. I got sucked into the Mac ecosystem, so I'm on the computer at the moment.
I got sucked into the Mac ecosystem and I've spent money on more or less everything and d dare I say it, I think in most cases the commercial variance are just easier to use and because they're easier to use, I'm going to say that they're better. I'm gonna get shot.
Yeah. Although we.
[00:40:09] David Waumsley: We're touching on what we talked about before, cuz when we think of open source we're, we are going back to old school thinking something that we put on our operating systems, but we were talking about things like pen, pot, which is open source. Yes. Which is that design thing, which is in the browser. Yep.
So a lot of the open source stuff is, Stuff that, I guess I use a whole load more. That's the only one I can think of.
[00:40:29] Nathan Wrigley: Yeah, most things on the internet require some subscription these days, don't they? So yeah, it's harder and harder to find. The only other thing, which is not my computer, but you mentioned it earlier, perhaps before we click record, is I use Android for my mobile operating system.
So I've got an Android phone. I'm not, I know there's some debate about whether. Android itself is truly open source. It's something to do with whether or not you can commit back to the project, and my understanding is that you need to be granted all sorts of permissions and access in order to do that.
But I, you can download it and fork it, but it's the, it's a bit like WordPress. It's so big that I don't suppose anybody apart from major companies like Samsung and what have you, are even able to get into the weeds
[00:41:17] David Waumsley: of doing that. Yeah, absolutely. Are we're near the end. Did we come to a conclusion?
[00:41:23] Nathan Wrigley: Is it a liability? What did we say? Because you know what I think for critical stuff and your government. I think you could easily argue the case that it's a liability. The fact that your citizens access to the internet is going down and you have absolutely no way to troubleshoot the stack because as the cartoon that we mentioned to earlier, which I'll put in the show notes, said, Some random person in Nebraska has been thankless, maintaining a crucial component of that infrastructure, and you don't know what you know.
He's on a camping trip and is un contactable. That is a liability. You'd imagine that in the Pentagon and G C H Q in the uk. They want the bat phone. They want to be able to say something's gone wrong. Pick up the back, back phone, talk to the person, get it fixed. At the point of a gom, if literally you are in trouble unless you do this now.
Yeah. I would imagine that's a great argument, but for me, given that not nothing is mission critical, particularly now, it's not a liability. It's totally the opposite. It's great.
[00:42:29] David Waumsley: Yep. I've got nothing more to add to that. That's, that sums it up. Yeah. It's as much as you allow it to be a liability really, isn't it?
[00:42:37] Nathan Wrigley: Okay. So we dunno what we're doing next, but we do have written down WordPresses expensive, so maybe yeah let's do that. We'll probably do that. All right. Yeah. We'll be back in a couple of weeks. Thanks David. Thank you. Cheers. I hope that you enjoyed that. As always, a pleasure chatting to David about this topic is open source liability.
What do you think? Do you agree? Do you disagree? Did we miss something out? Head over to the WP Builds.com website, search for episode number 327, and leave us a comment there. Please join us on Monday for our this week in WordPress show. We do that live every week, 2:00 PM UK time, and you can leave some comments if you like, and we'll hopefully address those in the show.
Also, on Wednesday, we'll be having our chat with Mark the webinar series about WS Forum. Please join us for that as well and leave some comments. Both of those can be found at WP Builds.com/live at the appropriate time, and we'd really like your participation.
The WP Builds podcast was brought to you today by GoDaddy Pro. GoDaddy Pro the home of managed WordPress hosting that includes free domain SSL and 24 7 support. Bundle that with The Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients, and get 30% off new purchases. You can find out more by heading to go.me/wpbuilds. And we thank GoDaddy Pro for their support of the WP Builds podcast.
Okay, we will be back next week for a podcast episode. It'll be an interview, like I said, back on Monday. The primary objective, though is that you stay safe. Have a good week. Cheesy music fading in. Bye-bye for now.
