Tag: automattic

Celebrate Seventeen

0 comments

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

May 27th, 17 years ago, the first release of WordPress was put into the world by Mike Little and myself. It did not have an installer, upgrades, WYSIWYG editor (or hardly any Javascript), comment spam protection, clean permalinks, caching, widgets, themes, plugins, business model, or any funding.

Seventeen years ago, WordPress was first released.

Sixteen years, eleven months ago, I relaunched I relaunched my then-dormant blog. I considered WordPress/b2/cafelog, but went with a now-dead engine called Flip instead.

Fifteen years, ten months ago, in response to a technical failure on the server I was using, I lost it all and had to recover my posts from backups. Immediately afterwards, I took the opportunity to redesign my blog and switch to WordPress. On the same day, I attended the graduation ceremony for my first degree (but somehow didn’t think this was worth blogging about).

Fifteen years, nine months ago, Automattic Inc. was founded to provide managed WordPress hosting services. Some time later, I thought to myself: hey, they seem like a cool company, and I like everything Matt’s done so far. I should perhaps work there someday.

Lots of time passed.

Seven months ago, I got around to doing that.

Happy birthday, WordPress!

Future Challenges for Remote Working

5 comments

When the COVID-19 lockdown forced many offices to close and their staff to work remotely, some of us saw what was unfolding as an… opportunity in disguise. Instead of the slow-but-steady decentralisation of work that’s very slowly become possible (technically, administratively, and politically) over the last 50 years, suddenly a torrent of people were discovering that remote working can work.

Man in sci-fi jumpsuit and futuristic AR goggles.
Unfulfilled promises of the world of tomorrow include flying cars, viable fusion power, accessible space travel, post-scarcity economies, and – until recently – widespread teleworking. Still waiting on my holodeck too.

The Future is Now

As much as I hate to be part of the “where’s my flying car?” brigade, I wrote ten years ago about my dissatisfaction that remote working wasn’t yet commonplace, let alone mainstream. I recalled a book I’d read as a child in the 1980s that promised a then-future 2020 of:

  1. near-universal automation of manual labour as machines become capable of an increasing diversity of human endeavours (we’re getting there, but slowly),
  2. a three- or four-day work week becoming typical as efficiency improvements are reinvested in the interests of humans rather than of corporations (we might have lost sight of that goal along the way, although there’s been some fresh interest in it lately), and
  3. widespread “teleworking”/”telecommuting”, as white-collar sectors grow and improvements in computing and telecommunications facilitate the “anywhere office”

Of those three dreams, the third soon seemed like it would become the most-immediate. Revolutionary advances in mobile telephony, miniaturisation of computers, and broadband networking ran way ahead of the developments in AI that might precipitate the first dream… or the sociological shift required for the second. But still… progress was slow.

At eight years old, I genuinely believed that most of my working life would be spent… wherever I happened to be. So far, most of my working life has been spent in an office, despite personally working quite hard for that not to be the case!

Driver's temperature being checked at the roadside by somebody in full protective equipment.
Apply directly to the head! Commuting looks different today than it did last year, but at least the roads are quieter.

I started at Automattic six months ago, an entirely distributed company. And so when friends and colleagues found themselves required to work remotely by the lockdown they came in droves to me for advice about how to do it! I was, of course, happy to help where I could: questions often covered running meetings and projects, maintaining morale, measuring output, and facilitating communication… and usually I think I gave good answers. Sometimes, though, the answer was “If you’re going to make that change, you’re going to need a cultural shift and some infrastructure investment first.” Y’know: “Don’t start from here.” If you received that advice from me: sorry!

(Incidentally, if you have a question I haven’t answered yet, try these clever people first for even better answers!)

More-recently, I was excited to see that many companies have adopted this “new normal” not as a temporary measure, but as a possible shape of things to come. Facebook, Twitter, Shopify, Square, and Spotify have all announced that they’re going to permit or encourage remote work as standard, even after the crisis is over.

Obviously tech companies are leading the way, here: not only are they most-likely to have the infrastructure and culture already in place to support this kind of shift. Also, they’re often competing for the same pool of talent and need to be seen as at-least as progressive as their direct rivals. Matt Mullenweg observes that:

What’s going to be newsworthy by the end of the year is not technology companies saying they’re embracing distributed work, but those that aren’t.

…some employers trapped in the past will force people to go to offices, but the illusion that the office was about work will be shattered forever, and companies that hold on to that legacy will be replaced by companies who embrace the antifragile nature of distributed organizations.

Distributed Work's Five Levels of Autonomy, by Matt Mullenweg.
I’ve shared this before, I know, but it exudes Matt’s enthusiasm for distributed work so well that I’m sharing it again. Plus, some of the challenges I describe below map nicely to the borders between some of

Tomorrow’s Challenges

We’re all acutely familiar with the challenges companies are faced with today as they adapt to a remote-first environment. I’m more interested in the challenges that they might face in the future, as they attempt to continue to use a distributed workforce as the pandemic recedes. It’s easy to make the mistake of assuming that what many people are doing today is a rehearsal for the future of work, but the future will look different.

Some people, of course, prefer to spend some or all of their work hours in an office environment. Of the companies that went remote-first during the lockdown and now plan to stay that way indefinitely, some will lose employees who preferred the “old way”. For this and other reasons, some companies will retain their offices and go remote-optional, allowing flexible teleworking, and this has it’s own pitfalls:

  • Some remote-optional offices have an inherent bias towards in-person staff. In some companies with a mixture of in-person and remote staff, remote workers don’t get included in ad-hoc discussions, or don’t become part of the in-person social circles. They get overlooked for projects or promotions, or treated as second-class citizens. It’s easy to do this completely by accident and create a two-tiered system, which can lead to a cascade effect that eventually collapses the “optional” aspect of remote-optional; nowhere was this more visible that in Yahoo!’s backslide against remote-optional working in 2013.
  • Some remote-optional offices retain an archaic view on presenteeism and “core hours”. Does the routine you keep really matter? Remote-first working demands that productivity is measured by output, not by attendance, but management-by-attendance is (sadly) easier to implement, and some high-profile organisations favour this lazy but less-effective approach. It’s easy, but ineffective, for a remote-optional company to simply extend hours-counting performance metrics to their remote staff. Instead, allowing your staff (insofar as is possible) to work the hours that suit them as individuals opens up your hiring pool to a huge number of groups whom you might not otherwise reach (like single parents, carers, digital nomads, and international applicants) and helps you to get the best out of every one of them, whether they’re an early bird, a night owl, or somebody who’s most-productive after their siesta!
  • Pastoral care doesn’t stop being important after the crisis is over. Many companies that went remote-first for the coronavirus crisis have done an excellent job of being supportive and caring towards their employees (who, of course, are also victims of the crisis: by now, is there anybody whose life hasn’t been impacted?). But when these companies later go remote-optional, it’ll be easy for them to regress to their old patterns. They’ll start monitoring the wellbeing only of those right in front of them. Remote working is already challenging, but it can be made much harder if your company culture makes it hard to take a sick day, seek support on a HR issue, or make small-talk with a colleague.
Teleworker dressed from the waist up.
On the Internet, nobody knows that you’re only properly-dressed from the waist up. No, wait: as of 2020, everybody knows that. Let’s just all collectively own it, ‘k.

These are challenges specifically for companies that go permanently remote-optional following a period of remote-first during the coronavirus crisis.

Towards a Post-Lockdown Remote-Optional Workplace

How you face those challenges will vary for every company and industry, but it seems to me that there are five lessons a company can learn as it adapts to remote-optional work in a post-lockdown world:

  1. Measure impact, not input. You can’t effectively manage a remote team by headcount or closely tracking hours; you need to track outputs (what is produced), not inputs (person-hours). If your outputs aren’t measurable, make them measurable, to paraphrase probably-not-Galileo. Find metrics you can work with and rely on, keep them transparent and open, and re-evaluate often. Use the same metrics for in-office and remote workers.
  2. Level the playing field. Learn to spot the biases you create. Do the in-person attendees do all the talking at your semi-remote meetings? Do your remote workers have to “call in” to access information only stored on-site (including in individual’s heads)? When they’re small, these biases have a huge impact on productivity and morale. If they get big, they collapse your remote-optional environment.
  3. Always think bigger. You’re already committing to a shakeup, dragging your company from the 2020 of the real world into the 2020 we once dreamed of. Can you go further? Can you let your staff pick their own hours? Or workdays? Can your staff work in other countries? Can you switch some of your synchronous communications channels (e.g. meetings) into asynchronous information streams (chat, blogs, etc.)? Which of your telecommunications tools serve you, and which do you serve?
  4. Remember the human. Your remote workers aren’t faceless (pantsless) interchangeable components in your corporate machine. Foster interpersonal relationships and don’t let technology sever the interpersonal links between your staff. Encourage and facilitate (optional, but awesome) opportunities for networking and connection. Don’t forget to get together in-person sometimes: we’re a pack animal, and we form tribes more-easily when we can see one another.
  5. Support people through the change. Remote working requires a particular skillset; provide tools to help your staff adapt to it. Make training and development options available to in-office staff too: encourage as flexible a working environment as your industry permits. Succeed, and your best staff will pay you back in productivity and loyalty. Fail, and your best staff will leave you for your competitors.

I’m less-optimistic than Matt that effective distributed working is the inexorable future of work. But out of the ashes of the coronavirus crisis will come its best chance yet, and I know that there’ll be companies who get left behind in the dust. What are you doing to make sure your company isn’t one of them?

Automattic Lockdown (days 79 to 206)

13 comments

Since I accepted a job offer with Automattic last summer I’ve been writing about my experience on a nice, round 128-day schedule. My first post described my application and recruitment process; my second post covered my induction, my initial two weeks working alongside the Happiness team (tech support), and my first month in my role. This is the third post, running through to the end of six and a half months as an Automattician.

Always Be Deploying

One of the things that’s quite striking about working on many of Automattic’s products, compared to places I’ve worked before, is the velocity. Their continuous integration game is pretty spectacular. We’re not talking “move fast and break things” iteration speeds (thank heavens), but we’re still talking fast.

Graph showing Automattic deployments for a typical week. Two of the 144 deployments on Monday were by Dan.
Deployments-per-day in a reasonably typical week. A minor bug slipped through in the first of the deployments I pushed on the Monday shown, so it was swiftly followed by a second deployment (no external end-users were affected: phew!).

My team tackles a constant stream of improvements in two-week sprints, with every third sprint being a cool-down period to focus on refactoring, technical debt, quick wins, and the like. Periodic HACK weeks – where HACK is (since 2018) a backronym for Helpful Acts in Customer Kindness – facilitate focussed efforts on improving our ecosystem and user experiences.

I’m working in a larger immediate team than I had for most of my pre-Automattic career. I’m working alongside nine other developers, typically in groups of two to four depending on the needs of whatever project I’m on. There’s a great deal of individual autonomy: we’re all part of a greater whole and we’re all pushing in the same direction, but outside of the requirements of the strategic goals of our division, the team’s tactical operations are very-much devolved and consensus-driven. We work out as a team how to solve the gnarly (and fun!) problems, how to make best use of our skills, how to share our knowledge, and how to schedule our priorities.

Dan in front of three monitors and a laptop.
My usual workspace looks pretty much exactly like you’re thinking that it does.

This team-level experience echoes the experience of being an individual at Automattic, too. The level of individual responsibility and autonomy we enjoy is similar to that I’ve seen only after accruing a couple of years of experience and authority at most other places I’ve worked. It’s amazing to see that you can give a large group of people so much self-controlled direction… and somehow get order out of the chaos. More than elsewhere, management is more to do with shepherding people into moving in the same direction than it is about dictating how the ultimate strategic goals might be achieved.

Na na na na na na na na VAT MAN!

Somewhere along the way, I somehow became my team’s live-in expert on tax. You know how it is: you solve a bug with VAT calculation in Europe… then you help roll out changes to support registration with the GST in Australia… and then one day you find yourself reading Mexican digital services tax legislation and you can’t remember where the transition was from being a general full-stack developer to having a specialisation in tax.

An Oxford coworking space.
Before the coronavirus lockdown, though, I’d sometimes find a coworking space (or cafe, or pub!) to chill in while I worked. This one was quiet on the day I took the photo.

Tax isn’t a major part of my work. But it’s definitely reached a point at which I’m a go-to figure. A week or so ago when somebody had a question about the application of sales taxes to purchases on the WooCommerce.com extensions store, their first thought was “I’ll ask Dan!” There’s something I wouldn’t have anticipated, six month ago.

Automattic’s culture lends itself to this kind of selective micro-specialisation. The company actively encourages staff to keep learning new things but mostly without providing a specific direction, and this – along with their tendency to attract folks who, like me, could foster an interest in almost any new topic so long as they’re learning something – means that my colleagues and I always seem to be developing some new skill or other.

Batman, with his costume's logo adapted to be "VAT man".
I ended up posting this picture to my team’s internal workspace, this week, as I looked a VAT-related calculation.

I know off the top of my head who I’d talk to about if I had a question about headless browser automation, or database index performance, or email marketing impact assessment, or queer representation, or getting the best airline fares, or whatever else. And if I didn’t, I could probably find them. None of their job descriptions mention that aspect of their work. They’re just the kind of people who, when they see a problem, try to deepen their understanding of it as a whole rather than just solving it for today.

A lack of pigeonholing, coupled with the kind of information management that comes out of being an entirely-distributed company, means that the specialisation of individuals becomes a Search-Don’t-Sort problem. You don’t necessarily find an internal specialist by their job title: you’re more-likely to find them by looking for previous work on particular topics. That feels pretty dynamic and exciting… although it does necessarily lead to occasional moments of temporary panic when you discover that something important (but short of mission-critical) doesn’t actually have anybody directly responsible for it.

Crisis response

No examination of somebody’s first 6+ months at a new company, covering Spring 2020, would be complete without mention of that company’s response to the coronavirus crisis. Because, let’s face it, that’s what everybody’s talking about everywhere right now.

Dan in a video meeting, in a hammock.
All workplace meetings should be done this way.

In many ways, Automattic is better-placed than most companies to weather the situation. What, we have to work from home now? Hold my beer. Got to shift your hours around childcare and other obligations? Sit down, let us show you how it’s done. Need time off for COVID-related reasons? We already have an open leave policy in place and it’s great, thanks.

As the UK’s lockdown (eventually) took hold I found myself treated within my social circle like some kind of expert on remote working. My inboxes filled up with queries from friends… How do I measure  output? How do I run a productive meeting? How do I maintain morale? I tried to help, but unfortunately some of my answers relied slightly on already having a distributed culture: having the information and resource management and teleworking infrastructure in-place before the crisis. Still, I’m optimistic that companies will come out of the other side of this situation with a better idea about how to plan for and execute remote working strategies.

Laptop screen showing five people videoconferencing.
Social distancing is much easier when you’re almost never in the same room as your colleagues anyway.

I’ve been quite impressed that even though Automattic’s all sorted for how work carries on through this crisis, we’ve gone a step further and tried to organise (remote) events for people who might be feeling more-isolated as a result of the various lockdowns around the world. I’ve seen mention of wine tasting events, toddler groups, guided meditation sessions, yoga clubs, and even a virtual dog park (?), all of which try to leverage the company’s existing distributed infrastructure to support employees who’re affected by the pandemic. That’s pretty cute.

(It might also have provided some inspiration for the murder mystery party I plan to run a week on Saturday…)

Distributed Work's Five Levels of Autonomy, by Matt Mullenweg.
Matt shared this diagram last month, and its strata seem increasingly visible as many companies adapt (with varying levels of success) to remote work.

In summary: Automattic’s still proving to be an adventure, I’m still loving their quirky and chaotic culture and the opportunity to learn something new every week, and while their response to the coronavirus crisis has been as solid as you’d expect from a fully-distributed company I’ve also been impressed by the company’s efforts to support staff (in a huge diversity of situations across many different countries) through it.

Getting Hired at Automattic

0 comments

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I started at Automattic on November 20, 2019, and it’s an incredible place to work. I’m constantly impressed by my coworkers kindness, intelligence, and compassion. If you’re looking for a rewarding remote job that you can work from anywhere in the world, definitely apply.

I’m still overjoyed and amazed I was hired. While going through the hiring process, I devoured the blog posts from people describing their journeys. Here’s my contribution to the catalog. I hope it helps someone.

I’ve written about my own experience of Automattic’s hiring process and how awesome it is, but if you’re looking for a more-concise summary of what to expect from applying to and interviewing for a position, this is pretty great.

Automattic Transition (days -50 to 78)

11 comments

Since I reported last summer that I’d accepted a job offer with Automattic I’ve been writing about my experience of joining and working with Automattic on a nice, round 128-day schedule.

My first post covered the first 128 days: starting from the day I decided (after 15 years of watching-from-afar) that I should apply to work there through to 51 days before my start date. It described my recruitment process, which is famously comprehensive and intensive. For me this alone was hugely broadening! My first post spanned the period up until I started getting access to Automattic’s internal systems, a month and a half before my start date. If you’re interested in my experience of recruitment at Automattic, you should go and read that post. This post, though, focusses on my induction, onboarding, and work during my first two months.

(You might also be interested in other things I’ve written about Automattic.)

Kitting Up (day -37 onwards)

Dan in front of a crowded desk: two large monitors, a regular-sized monitor, and a laptop are visible, among clutter.
I could possibly do with a little more desk space, or at least a little better desk arrangement, after the house move.

With a month to go before I started, I thought it time to start setting up my new “office” for my teleworking. Automattic offered to buy me a new desk and chair, but I’m not ready to take them up on that yet: but I’m waiting until after my (hopefully-)upcoming house move so I know how much space I’ve got to work with/what I need! There’s still plenty for a new developer to do, though: plugging in and testing my new laptop, monitor, and accessories, and doing all of the opinionated tweaks that make one’s digital environment one’s own – preferred text editor, browser, plugins, shell, tab width, mouse sensitivity, cursor blink rate… important stuff like that.

For me, this was the cause of the first of many learning experiences, because nowadays I’m working on a MacBook! Automattic doesn’t require you to use a Mac, but a large proportion of the company does and I figured that learning to use a Mac effectively would be easier than learning my new codebase on a different architecture than most of my colleagues.

Dan working on a MacBook covered with Automattic stickers, wearing a WordPress Diversity t-shirt.
Working on location, showing some Automattic pride. You can’t really make out my WordPress “Christmas jumper”, hanging on the back of the sofa, but I promise that’s what it is.

I’ve owned a couple of Intel Macs (and a couple of Hackintoshes) but I’ve never gotten on with them well enough to warrant becoming an advanced user, until now. I’ll probably write in the future about my experience of making serious use of a Mac after a history of mostly *nix and Windows machines.

Automattic also encouraged me to kit myself up with a stack of freebies to show off my affiliation, so I’ve got a wardrobe-load of new t-shirts and stickers too. It’s hard to argue that we’re a company and not a cult when we’re all dressed alike, and that’s not even mentioning a colleague of mine with two WordPress-related tattoos, but there we have it.

Dan wearing a WordPress hoodie and drinking from an Automattic bottle.
Totally not a cult. Now let me have another swig of Kool-Aid…

Role and Company

I should take a moment to say what I do. The very simple version, which I came up with to very briefly describe my new job to JTA‘s mother, is: I write software that powers an online shop that sells software that powers online shops.

Xzibit says:
It’s eCommerce all the way down. Thanks, Xzibit.

You want the long version? I’m a Code Magician (you may say it’s a silly job title, I say it’s beautiful… but I don’t necessarily disagree that it’s silly too) with Team Alpha at Automattic. We’re the engineering team behind WooCommerce.com, which provides downloads of the Web’s most-popular eCommerce platform… plus hundreds of free and premium extensions.

There’s a lot of stuff I’d love to tell you about my role and my new employer, but there’s enough to say here about my induction so I’ll be saving following topics for a future post:

  • Chaos: how Automattic produces order out of entropy, seemingly against all odds,
  • Transparency and communication: what it’s like to work in an environment of radical communication and a focus on transparency,
  • People and culture: my co-workers, our distributed team, and what is lost by not being able to “meet around the coffee machine” (and how we work to artificially recreate that kind of experience),
  • Distributed working: this is my second foray into a nearly-100% remote-working environment; how’s it different to before?

To be continued, then.

John wearing a WordPress t-shirt.
I’m not the only member of my family to benefit from a free t-shirt.

Onboarding (days 1 through 12)

I wasn’t sure how my onboarding at Automattic could compare to that which I got when I started at the Bodleian. There, my then-line manager Alison‘s obsession with preparation had me arrive to a thoroughly-planned breakdown of everything I needed to know and everybody I needed to meet over the course of my first few weeks. That’s not necessarily a bad thing, but it leaves little breathing room in an already intense period!

Leslie Knope (Parks & Rec) presents a pile of binders, saying
What it felt like to receive an induction from the first boss I had at the Bod.

By comparison, my induction at Automattic was far more self-guided: each day in my first fortnight saw me tackling an agenda of things to work on and – in a pleasing touch I’ve seen nowhere else – a list of expectations resulting from that day. Defined expectations day-by-day are an especially good as a tool for gauging one’s progress and it’s a nice touch that I’ll be adapting should I ever have to write another induction plan for a somebody else.

Agenda and Expectations Checklist for Dan's first day at Automattic
Both an agenda and a list of expectations for the day? That’s awesome and intimidating in equal measure.

Skipping the usual induction topics of where the fire escapes and toilets are (it’s your house; you tell us!), how to dial an outside line (yeah, we don’t really do that here), what to do to get a key to the bike shed and so on saves time, of course! But it also removes an avenue for more-casual interpersonal contact (“So how long’ve you been working here?”) and ad-hoc learning (“So I use that login on this system, right?”). Automattic’s aware of this and has an entire culture about making information accessible, but it takes additional work on the part of a new hire to proactively seek out the answers they need, when they need them: searching the relevant resources, or else finding out who to ask… and being sure to check their timezone before expecting an immediate response.

Onboarding at Automattic is necessarily at least somewhat self-driven, and it’s clear in hindsight that the recruitment process is geared towards selection of individuals who can work in this way because it’s an essential part of how we work in general. I appreciated the freedom to carve my own path as I learned the ropes, but it took me a little while to get over my initial intimidation about pinging a stranger to ask for a video/voice chat to talk through something!

Meetup (days 14 through 21)

Dan with a 50 South African Rand note.
How cool is South African currency? This note’s got a lion on it!

I’d tried to arrange my migration to Automattic to occur just before their 2019 Grand Meetup, when virtually the entire company gets together in one place for an infrequent but important gathering, but I couldn’t make it work and just barely missed it. Luckily, though, my team had planned a smaller get-together in South Africa which coincided with my second/third week, so I jetted off to get some facetime with my colleagues.

Dan sitting on a rock on Table Mountain, Cape Town, with a sunset in the background
When they say that Automatticians can work from anywhere, there might nonetheless be practical limits.

My colleague and fellow newbie Berislav‘s contract started a few hours after he landed in Cape Town, and it was helpful to my journey to see how far I’d come over the last fortnight through his eyes! He was, after all, on the same adventure as me, only a couple of weeks behind, and it was reassuring to see that I’d already learned so much as well as to be able to join in with helping him get up-to-speed, too.

Dan with a pair of African penguins
The meetup wasn’t all work. I also got to meet penguins and get attacked by one of the little buggers.

By the time I left the meetup I’d learned as much again as I had in the two weeks prior about my new role and my place in the team. I’d also learned that I’m pretty terrible at surfing, but luckily that’s not among the skills I have to master in order to become a valuable developer to Automattic.

Happiness Rotation (days 23 through 35)

A quirk of Automattic – and indeed something that attracted me to them, philosophically – is that everybody spends two weeks early in their first year and a week in every subsequent year working on the Happiness Team. Happiness at Automattic is what almost any other company would call “tech support”, because Automattic’s full of job titles and team names that are, frankly, a bit silly flipping awesome. I like this “Happiness Rotation” as a concept because it keeps the entire company focussed on customer issues and the things that really matter at the coal face. It also fosters a broader understanding of our products and how they’re used in the real world, which is particularly valuable to us developers who can otherwise sometimes forget that the things we produce have to be usable by real people with real needs!

Happiness Live Chat screenshot, customer's view.
Once I’d gotten the hang of answering tickets I got to try my hand at Live Chat, which was a whole new level of terrifying.

One of the things that made my Happiness Rotation the hardest was also one of the things that made it the most-rewarding: that I didn’t really know most of the products I was supporting! This was a valuable experience because I was able to learn as-I-went-along, working alongside my (amazingly supportive and understanding) Happiness Team co-workers: the people who do this stuff all the time. But simultaneously, it was immensely challenging! My background in WordPress in general, plenty of tech support practice at Three Rings, and even my experience of email support at Samaritans put me in a strong position in-general… but I found that I could very-quickly find myself out of my depth when helping somebody with the nitty-gritty of a problem with a specific WooCommerce extension.

Portering and getting DRI (days 60 through 67)

I’ve also had the opportunity during my brief time so far with Automattic to take on a few extra responsibilities within my team. My team rotates weekly responsibility for what they call the Porter role. The Porter is responsible for triaging pull requests and monitoring blocking issues and acting as a first point-of-call to stakeholders: you know, the stuff that’s important for developer velocity but that few developers want to do all the time. Starting to find my feet in my team by now, I made it my mission during my first shift as Porter to get my team to experiment with an approach for keeping momentum on long-running issues, with moderate success (as a proper continuous-integration shop, velocity is important and measurable). It’s pleased me so far to feel like I’m part of a team where my opinion matters, even though I’m “the new guy”.

A woman carries a large cardboard box.
“Here, I found these things we need to be working on.” Pretty much how I see the Porter role.

I also took on my first project as a Directly Responsible Individual, which is our fancy term for the person who makes sure the project runs to schedule, reports on progress etc. Because Automattic more strongly than any other place I’ve ever worked subscribes to a dogfooding strategy, the woocommerce.com online store for which I share responsibility runs on – you guessed it – WooCommerce! And so the first project for which I’m directly responsible is the upgrade of woocommerce.com to the latest version of WooCommerce, which went into beta last month. Fingers crossed for a smooth deployment.

There’s so much I’d love to say about Automattic’s culture, approach to development, people, products, philosophy, and creed, but that’ll have to wait for another time. For now, suffice to say that I’m enjoying this exciting and challenging new environment and I’m looking forward to reporting on them in another 128 days or so.

Third party

0 comments

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

…why would cookies ever need to work across domains? Authentication, shopping carts and all that good stuff can happen on the same domain. Third-party cookies, on the other hand, seem custom made for tracking and frankly, not much else.

Then there’s third-party JavaScript.

In retrospect, it seems unbelievable that third-party JavaScript is even possible. I mean, putting arbitrary code—that can then inject even more arbitrary code—onto your website? That seems like a security nightmare!

I imagine if JavaScript were being specced today, it would almost certainly be restricted to the same origin by default.

Jeremy hits the nail on the head with third-party cookies and Javascript: if the Web were invented today, there’s no way that these potentially privacy and security-undermining features would be on by default, globally. I’m not sure that they’d be universally blocked at the browser level as Jeremy suggests, though: the Web has always been about empowering developers, acting as a playground for experimentation, and third-party stuff does provide benefits: sharing a login across multiple subdomains, for example (which in turn can exist as a security feature, if different authors get permission to add content to those subdomains).

Instead, then, I imagine that a Web re-invented today would treat third-party content a little like we treat CORS or we’re beginning to treat resource types specified by Content-Security-Policy and Feature-Policy headers. That is, website owners would need to “opt-in” to which third-party domains could be trusted to provide content, perhaps subdivided into scripts and cookies. This wouldn’t prohibit trackers, but it would make their use less of an assumed-default (develolpers would have to truly think about the implications of what they were enabling) and more transparent: it’d be very easy for a browser to list (and optionally block, sandbox, or anonymise) third-party trackers could potentially target them, on a given site, without having to first evaluate any scripts and their sources.

I was recently inspired by Dave Rupert to remove Google Analytics from this blog. For a while, there’ll have been no third-party scripts being delivered on this site at all, except through iframes (for video embedding etc., which is different anyway because there’s significantly less scope leak). Recently, I’ve been experimenting with Jetpack because I get it for free through my new employer, but I’m always looking for ways to improve how well my site “stands alone”: you can block all third-party resources and this site should still work just fine (I wonder if I can add a feature to my service worker to allow visitors to control exactly what third party content they’re exposed to?).