Just wanted to update you on a few developments with the back-porting of Wordpress 2.5.x security improvements to version 2.3.3.

First, I want to emphasize that I did this largely to show that it was possible, and that Wordpress (Automattic) should consider rolling out such security fixes for older versions as patches rather than forcing "upgrades" to entirely new iterations of Wordpress with many feature changes mixed in with such fixes.

First, I did move the "Retro-fit" to this production blog of mine that is running a customized version of 2.3.3, and things have been going fine.

Here is a screen-shot of the "no frills" login screen that is now missing the formatting that changed with 2.5.1 (as mentioned in the prior post). Since I have the user registration turned off, this is a non-issue for me, I can easily deal with not having a "pretty" login screen.

Keep Reading »

• there is so much unqualified commentary out on Yahoo-MSFT 2day, it’s hard to think straight: most don’t get search, SEO, PPC, monetization [View]
• cont’d: almost no one understands the per-search monetization gap & falsely mixes it up with scale. If they were right, Y! wouldn’t b able 2 [View]
• cont’d: profitably (like 60-80%+) outsource ad serves to GOOG, as just tested/proposed. Heck, most of the commentators don’t get ad serves. [View]

OK, the content of this post is so important that I won’t agonize too much over whether the writing is all that smooth or not.

You may have heard any number of things in recent weeks and months about the need to upgrade to Wordpress 2.5.x because of security issues with the older versions. In fact, it can almost sound as if some people wanted to scare you into upgrading.

Now there have been for a long time issues with the fact that each Wordpress "update" tends to be far from a smooth/pain-free operation for many people, breaking relied-upon plugins, messing up your (possibly custom) themes, and requiring the re-edit of any personal hacks you may have had reason to place directly into the Wordpress core distribution because many things don’t work quite right in there, and pleas to fix them are ignored.

In this case however, there have also been a large number of changes to the Wordpress admin back-end, the usefulness of many of which have been judged to be dubious, or at worst highly problematic (2.5 could delete your text widgets among other things). One look at the Wordpress support forum tells the story. I am not going to get into all of the reasons right now why I am not upgrading to 2.5.x for a long time, if ever. That is for a different post.

Suffice it to say that many top bloggers with an understanding of the tech issues have said they won’t upgrade for a while.

What is important though is that the security fixes that came with 2.5 should in reality be made available as small, "single file copy" patches for anyone deciding to stay with the older version(s) for now. I have said as much on the support forum in several places, most recently on a very active "2.5 backend annoying" thread that actually got shut down my "Mr. Wordpress" Matt Mullenweg himself.

Since they currently seem rather unconcerned with making these fixes available without a wholesale upgrade, I decided to take it upon myself to do so.

Here are the results:

Keep Reading »

• just got some major insights into security issues with Wordpress..working on porting over key fixes that came with 2.5 into 2.3.3 [View]
• cont’d: so’s to avoid upgrading (maybe I’ll never upgrade and run a renegade 2.3.3 "i" branch).. yeah, I’m evil like that.. [View]
• cont’d: in case you didn’t know it, there’s plenty wrong with Wordpress 2.5.x - check out the fall-out here: http://is.gd/bMn [View]

I am not usually in the habit of creating posts with large scale quotations, but in this case, the information that was revealed, but buried in a longish interview (too long for most people’s itchy, "RSS Feed" attention spans :) is so important, and so validates what I’ve been saying for several weeks now, that I am going to break my own rule.

This is from an interview by TechCrunch’s Michael Arrington with Citi Bank analyst Mark Mahaney in regard to the proposed Microsoft-Yahoo deal:

MA: […] I heard that they commissioned an outside study sometime last year [that] suggested that they would have 85% plus increases in cash flow from outsourcing search to Google. […] I think you said that they would go from 4 cents to potentially up to 9 cents per search — is that right? Sort of, 40-90 dollar RPMs on searches?

[…]

MM: […] they actually said that they thought they — they didn’t name Google but it was obviously Google — that the difference in the monetization gap was 60 to 70%. That’s the first time we’d heard or seen Yahoo sign off on this specific gap.

No wonder that Yahoo has been flirting with outsourcing at least some of their paid search ads to Google: It’s instant money in the bank, to the tune of potentially 25-50% higher TOTAL cash flow! (TechCrunch rightly pointed this last one out, but omitted the underlying cause in their write-up.)

I came to a similar conclusion re:"the monetization gap" a week or so ago, just by looking at the respective search shares reported by ComScore, as well as the Q1 earnings numbers by Google and Yahoo.

Obviously, the numbers reported by Mahaney from an in depth study (that was apparently commissioned by Yahoo itself!) are much more authoritative. And to me, they therefore are the true bombshell out of this interview, though Google Q1 earnings were obviously enough of a bombshell to send their stock up over $100 in a few days.

Now beyond this very key admission, the further question obviously is how this portends for the proposed buyout of Yahoo by Microsoft. And here again Mahaney is pulling no punches,  and comes to a conclusion very similar to what I wrote here. Even though the TechCrunch summary of the interview again inexplicably omits his dire predictions.

Keep Reading »

• Did Arrington just miss the biggest key point out of his own (excellent) interview with Citi Analyst Mahaney re: Micro-hoo? [View]
• cont’d: It wasn’t mentioned as a highlight in the post itself (the summary),but some1 alerted me 2 it in a comment over at the Alley Insider [View]
• cont’d: "[vs.] Google - that the [..] monetization gap was 60-70%. That’s the 1st time we’d heard [..] Yahoo sign off on this specific gap." [View]

Some comments I wrote today on this Silicon Alley Insider post on new movements in the Microsoft-Yahoo negotiations ballooned to the point that I determined they would be worth their own expanded post for the benefit of my readers.

More so because they were veering head-long into serious "Business Mind Hacks" psychology issues related to Branding and Positioning.

In response to Henry Blodget’s focusing on the admittedly titillating details of the current negotiations, while mentioning only in passing the likely pernicious effects of the deal in its currently proposed form on both Yahoo and MSFT, I said this:

Why would Henry say "but that’s a different story"?

That is THE story… forget about the short-term, short-sighted, Wall Street angle… none of it will matter if Q1/2009 shows that Micro-hoo has fallen even further behind Google in search/paid search due to all of the distractions that are sure to ensue if this goes through.

Keep Reading »