I've told you that one of the things I love the most about the WordPress community is how approachable it is.
Another is how generous it can be. I mean, seriously, buying someone a house??
Both of these are expressions of the very same dynamic.
The WordPress community knows how to come together.
When it does it in the name of supporting someone, helping someone, being generous with someone, or educating someone, it's an amazing thing to watch.
I've said it before, but there is no community in the technology world like it, and I've been part of that broader technology community for twenty years.
But there's a way it gathers that is truly unhelpful too.
Have you ever seen a twitter hailstorm about someone who forgot to capitalize a single letter? It's utterly ridiculous.
F*CK! People have been mispronouncing my last name for decades. Can you imagine if I treated people that way in person. Yelling. ALL-CAPPING THEM. Constantly correcting them.
It makes me so insanely pissed when I watch it because it suggests something quite simple:
Some people care more about the capitalization of a letter than a person.
Oh when you see it, it's ugly. Especially when done in public.
Have you seen someone take a shot at someone in public, on a blog post, just because it might be amusing?
I'll be honest. I've done it. I wrote a post two years ago that made a sarcastic joke about another company's technology, and it was just for a quick and easy laugh. Even more recently, I did a review where a few words made it more harsh than it needed to be.
Thank God in both cases I got called on it. I'm sure I've blown it other times without catching it.
But rather than get defensive, I admit that I should be better than that. Because I'm writing in public. Because others will see it. And I have a responsibility not to be a jerk.
We should not look for laughs at the expense of people. We're better than that.
I saw this post with the sentence “Yawn.” and felt sad for our community. Sad that such things still happen.
A little over a year ago, WooThemes raised their prices. In the announcement post, they wrote some things that could have been written better.
Ever seen people ignore the years of service a company has made, simply to show up in comments and thrash them?
It's ugly. Sure, we all have the freedom to write and express ourselves.
But didn't anyone have a mom? Didn't anyone get taught that it was better not to say anything at all, if we had nothing nice to say?
We can stop buying products without being jerks.
I want us to be better
Cory Miller, CEO of iThemes, announced that the legacy system they have been using (aMember) stores passwords in clear text, in their second update after being breached.
The fact that this issue hadn't been resolved or fixed after they were aware of it is painful for them, and for their customers.
But let's be clear about a few things.
- This has nothing to do with their security product, which they purchased recently and isn't related to their old membership system.
- They don't capture or store any financial data on their site. So there is no direct financial data at jeopardy for their customers.
- If users have different passwords for every system they create accounts on, the downstream consequences are minimal for each user.
I'm not excusing them, or their decision not to move faster on upgrading their systems. I'm just saying that this mistake isn't nearly as big a deal if every user took care to have unique passwords (not shared with Facebook, Twitter, Amazon, and their bank accounts).
The fact that most people suck at passwords is something iThemes should have taken into account, but it should cause each of us a bit of pause before lashing out, right?
We each have a need to reflect and consider our own part in things, if we're iThemes customers.
I started changing passwords a couple years ago when I started using LastPass. Today, I'm a lot less stressed about password issues – because one site's breach doesn't mean anything if there's no financial data stored.
We should all get better about our passwords.
Before you thrash someone else…
I want us all to be better in another way too.
Because I've seen all sorts of comments, tweets, and Facebook comments that thrash iThemes and the fact that they hadn't worked on this issue sooner.
The plain text was stored in an older version aMember, a legacy membership system that doesn't encrypt that data. Making matters more complicated is that once memberships are linked to PayPal authorizations, it's very difficult to change things. And then there are integrations back to that membership system.
Migrations like the one they have to do, at other companies, have taken months (some have lasted over a year). That's a big cost to pay. They should have done it but it's not a simple project.
I understand how hard that trade off becomes because of the number of systems that all have to be changed at once. You'd end up halting everything else for a while. That's a hard choice to make.
Especially when the whole system was working.
Especially when no financial data was stored there.
Especially when you keep saying, “yes, soon…”
Should they have done it? Sure. Yes. Absolutely.
But let me ask you a simple question.
Are there things you know you should do that you haven't done?
It's easy to throw stones.
But before you do, please remember this. Because it's the thing I hate about the community when it gathers in the wrong way.
Just make sure you'll never need an ounce of grace in your own lives. Ever.