Upgrading WordPress Made Easier?

I have been watching the debate over at WordPress Wank over the whole “is WP a bulky bloated blog tool or a fairly medium CMS tool?” question. Well, it sort of began as “whoopee a WP project is included in Google’s Summer of Code” but where nerds and geek abound…..

Anyway, that is pretty much by the by and not what I want to talk about. Read from this comment onwards. Ryan makes the throwaway comment that if that girl again is unhappy with the extra bloaty versions coming out, that it’s just as easy to revert back to version 1.5 or earlier. Yes, yes, you and I and that girl all know that that’s bollocks, particularly with the fact that WP normally updates to fix security holes. So yes, one could revert. But then you’d end up with security holes everywhere, themes not working, plugins not working and a generally crap experience for all. So that’s not a goer. But then it struck me: WP is a bunch of text files. So with this being GPL software surely there must be a method where we can be told that “a hole in version x.x.x can be fixed by changing line 4 from whatever to whatever in comments.php and so on or by installing version x.x.x+1“. That’s a naff way of putting it, but I find upgrading the whole system to be a real PITA. I would much rather just change the relevant lines by hand (or download just the required files) because that way my downtime is reduced, I know what needs to be backed up (or I can just comment out the current lines with an annotation to say “did this on x date because of y reason” and then add in the changed line from new. This means that my plugins don’t need to be switched off, I don’t need to reinstall everything and risk it all breaking. Again. And, more importantly with this being GPL software, I know what the changes are and can decide how to implement them.

Does this sound reasonable? I know there are people out there with far more PHP experience and knowledge (there can’t be people with less, surely) and people who know the inner workings of WP. So would this work or would it break something else. Would the lessened load on the WP servers be a good thing for people who have to download the whole thing because of inexperience or their own needs? Or am I just light headed from lack of sleep?

Advertisements

Posted on 25 April, 2007, in Blogging/WordPress and tagged , , . Bookmark the permalink. 28 Comments.

  1. You know, it’s funny, but I’m getting sick and tired of WordPress’s bloat and extra features which cannot be turned off.

    The problem is WordPress is the end-destination of most bloggers. It has plenty of importers from other blogging systems, but very few other blogging software has decent exporters from WordPress.

    I am considering moving my blog elsewhere if I cannot make the conversion and leave behind hari.literaryforums.org as an archive blog for previous posts.

  2. If you recall a few years back, that’s exactly what I did when moving from blogger to b2evolution… the blog used to be in my “linux” subdomain..

    The “security updates for previous releases” concept isn’t a new one, btw, Ray – the Linux kernel 2.4 is still being maintained in this very fashion. Ubuntu 6.06 is also still getting security updates, and will do for quite some time, rather than forcing everybody to just upgrade to Feisty. All it would need is somebody willing to do it.

    Are you busy these days..? 😉

  3. Dominic, it’s true. WP is getting way too dumbed down for my liking.

    It started out as a geek’s toy, but as time went on and features kept coming in, it has started catering to the kiddie blogger crowd with all those fancy blogging stuff.

    Sometimes this makes me want to start my own blogging system from scratch.

    Maybe I’ll try one using PHP and XML instead of MySQL 😉

  4. Matt has said on numerous occasions that he would not provide patches or incremental update files for new versions of WordPress. His argument is that “regular users” don’t like to use such things, and that it’s not such a burden for power users to download the whole shebang every time.

    Mark Jaquith has been providing patches for new releases with some regularity.

    If you haven’t yet, consider taking a look at Habari, a new PHP blogging package. It’s still rough around the edges, but offers tremendous functionality with far less bloat than WordPress.

  5. I agree with both of you. But Dom, I don’t think the older versions are being maintained and they should be. If, for example, a hole is found in wp_comments.php it makes no sense to me to release WP vX.X.X+1 It would seem far more sensible to release a patch in the form of an explanation or just release that file and instructions in how to replace your existing file. What WP does is the equivalent of releasing new kernels just to fix a particular problem. So, to fix a security hole we’d get 2.6.21, 2.6.22 rather than 2.6.20.1, 2, 3 etc

    Hari – I am also considering switching from WP, not because of the bloat, but because it can be a PITA. Problem is that it is aimed at people who don’t have PHP skillz and just want to start blogging. That said, I may start checking a few different apps out.

  6. Hi Skippy – wasn’t ignoring you, that bloody Akismet marked you as spam. Would never have happened under SK2.

    While I would partially agree with Matt, has he said why he won’t provide incrementals beyond that explanation? It’s a bit of a crappy reason to be honest. It is a total pain in the arse to have to run a full upgrade especially if it just fixes a small handful of files.

    Kudos to Mark Jaquith for providing a useful service, but I would argue that this service should be provided by the main site – what if Mark is too busy/doesn’t want to continue doing this?

  7. And I have checked out Habari – but I’m a bit wary of installing a developer’s release. I’ll wait for an actual release. :monocle::tinfoil:

  8. The 2.0 version will be maintained with security releases until 2010, and if Mark ever stops providing diffs for minor updates I’ll do it myself. 😉

    If you’re feeling extra-savvy, the easiest way to keep up with updates is using SVN. You can checkout from the 2.0 branch and then update with a single command whenever there is a new release, this tutorial might help you get started.

  9. @Hari: loquacity.info? We need developers… 🙂

  10. Ray: I’ve not been involved in WordPress goings-on for a long time, but I know that various discussions had occurred on the WP support forums detailing the reasons why change-only patches weren’t supplied. None of them were particularly compelling to me. As I recall, things like “WordPress is so small to download that it’s no big deal” and “regular users don’t know how to use patch” were used to justify the position.

    As for Habari’s development release: I appreciate your concern. It’s surprisingly stable, and offers a lot of functionality, though it’s true that it is not yet feature complete. Several folks are running their primary site(s) on Habari, and so far everyone’s quite pleased with it. Do please keep an eye on things, and feel free to participate in the mailing list discussions: we value the opinions and insight of everyone who chooses to contribute.

  11. Matt – thanks for the note. Personally, I think it may be less intensive for minor updates (minor as in what needs changing, that is) to have just that file posted with a note to copy that file to wherever and change line x in file y to read WordPress v X.X.X. But thanks for the heads up on the SVN update method.

    Alison – another blog client candidate? 🙂

    Skippy – looking back, I think “wary” may not have been the right word. But I can’t think what the right word is 🙂 As my regular readers know, I have broken my install a couple of times by tweaking and adding and subtracting. With that in mind, do we need someone as destructive as me running this blog on a dev version? We’d never see the posts again! I am following the development of Habari and certainly intend to try it out once it becomes more mature.

  12. Alison, that looks like an interesting project. I’ll take a look at that a bit later on, when I have some free time. 🙂

  13. “Personally, I think it may be less intensive for minor updates (minor as in what needs changing, that is) to have just that file posted with a note to copy that file to wherever and change line x in file y to read WordPress v X.X.X.”

    I agree. We’ve done that with some releases before, and will probably do it again, but oftentimes even minor point security releases will touch 20+ files, and the more files modified the more likely there is to be something missed, which would leave the blog with a false sense of security, or a mistake, which usually brings people to the support forum.

  14. “I don’t think the older versions are being maintained and they should be.”

    As Matt described WordPress 2.0 is being maintained for a long time.

    I don’t think Ryan Filtzer made a “throwaway comment”, because it directly response to Wank’s assertion that 1.5 is good enough for her.

    If someone really did want to maintain 1.5 or any version, I would do what I could to get those patches accepted — though a little link love would be all that was necessary for who ever was maintaining it to be findable.

    Skippy, I think Habari is an awesome initiative. Claiming “far less bloat” when it is incomplete, by your own words, is a strange assertion. It will be interesting if that assertion is substantiated — some friendly competition and collaboration.

    Ray, back to your original questions. With a little bit of subversion (svn) know how you can do the kind of things you described being interested in.
    Try $svn diff http://svn.automattic.com/wordpress/tags/2.1.2 http://svn.automattic.com/wordpress/tags/2.1.3 > wp-2.1.2–2.1.3.diff

    It would be some work, but maybe at some point it will make sense to do something similar to http://www.mozilla.org/security/announce/ with embargoed notices. Will that become customers expectations? I don’t envy the work, and WordPress is simply, but I hope people’s expectations for software quality increases.

    PS. your “Submit Comment” button looks disabled in Linux/Firefox 2.0.0.3 and is a small button.

  15. PPS. Your zene.lifevine.org link in your footer is missing ‘http://’, so it is a relative link.

  16. Matt – good point. Better to have to spend time doing a full upgrade than finish up with an insecure blog. Maybe an arbitrary “tipping point” could be found – if upgrade >= 10 files then do full upgrade 🙂

    Lloyd – well spotted. It’s on the to do list. A list which grows ever longer!

  17. Lloyd old son, you need to talk to Matt: Akismet keeps calling you spam 🙂

    Thanks for the clarification over svn – I think that when the next release is announced I’ll give it a go.

    I like the idea of a security announcement of some description – I can normally tell when a new version is released: it’s always around the same time that I stop glancing over the dashboard. I usually miss the announcements by a few days, without fail!

    And as to the “Submit Comment” button – I know, it’s also on the list. The previous iteration of this theme was great and was working fine and was very visible, this latest version has lots of little niggles and needs tweaking yet further. When I have time 🙂

  18. Lloyd: I believe it’s fair to claim that Habari will be less bloated, insofar as Habari development is taking a pretty strict stance on our core functionality. We are a blogging application, primarily, so the bulk of our efforts are focused on issues pertinent to the posting of blog entries. Additional functionality can be added by plugins, just like WordPress, but we’ll have (I think) a slimmer default installation that focuses on posting entries, and not making blogrolls, or rich text editing, etc.

    I posted to the Habari-dev list about our decision to intentionally omit a rich text editing environment. For those that want it, it should be trivial to install one of many — Drupal does this with tremendous success. That’s a very clear example of how we’re planning to reduce bloat.

  19. That sounds reasonable and doable at first, but I suppose you would quickly hit a dependency wall. That is, some ‘security only fix’ would depend on other major core changes, which in turn depend on yet more core changes, etc. If you were to manually backport security fixes — in effect forking WordPress 1.5 — this proposal could very well work out.

    But instead forking WordPress 1.5, I think it would make more sense to get involved with Habari and make it really simple to switch from WP 1.5 to Habari. You save on bloat, and you get to do something cool at the same time 😀

  20. Wow some pretty illustrious company out here.

    Matt, the thing that really bothered me was that 2.0.x and 2.1 series have nothing really substantial above 1.5.x (as far as features related to core blogging goes), but it has become quite huge and bulky.

    I appreciated the optional WYSIWYG editor, but unfortunately its usefulness is limited because it doesn’t produce 100% XHTML compliant output (TinyMCE’s fault) and also the new autosave feature is so bugging me that I am even tempted to throw my old blog and start elsewhere with a new blogging tool.

    I like WordPress’s templating and theming system and is probably the best out there and its got the biggest active plugin and theme community, but sometimes I think that too much popularity has made WP go off in new directions which is not always appreciated by the old guard.

  21. I know it’s completely irrelevant, but I thought you might like to know that Technorati thinks it’s been 55 days since you last posted to this blog..

  22. Technorati is not very clever or accurate anyway 😛

  23. Dom – as Hari said, Technorati isn’t that accurate 🙂 It says that it’s 4 days now.

  24. I don’t think Ryan Filtzer made a “throwaway comment”, because it directly response to Wank’s assertion that 1.5 is good enough for her.

    Thanks for the clarification on that Lloyd. No one seemed to pick that up.

    BTW, I not sure what features people find so interfering. The WYSIWYG turns off. Mark Jaquith offers Clutter Free which turns off most elements on the post screen.

    If you want more/less features in WP, contract a developer to make you exactly what you need. That’s what I do, when I can’t do it myself.

    Echoing what I’ve said before, WP gives everyone options. If you don’t like the default WP, do something about it.

  25. Ryan, I know, that is the point but… let me give you an example of how developers’ attitudes differ.

    Recently a couple of b2evolution developers posted comments on my blog about my review of b2evo. Their attitude was hardly like this. They were so open to suggestions and comments and were polite too. They appreciated the fact that I, a lowly nobody, gave their software a review and even clarified some of the points – and I was not even a b2evolution user. None of the WP devs seem to have this openness of mind when listening to their *own* users.

    It’s not about being FOSS or not. It’s about developers attitude and I think the point here is that the WP developers seem too to be chasing popularity rather than merit. You’re deciding on features based on how many people want them, not on what’s good for WordPress… It’s showing now… I don’t think you even have a vision of where you want to see WP going – or if you do, you haven’t communicated it to users properly.

    So, we all know what you mean – it’s FOSS and we can take your code and change it. To be frank, I don’t have to even do that. I’d find it easier if I can create my own blogging system from scratch… The point is about acknowledging existing users’ concerns about developing and accepting that there are areas where you’ve fallen behind since 1.5.

    If we could all easily convert from WP to another blogging system, we would do it and not keep complaining. There are numerous issues in converting content from one tool to another which makes it extremely difficult practically. So I am forced to continue using WordPress if only to preserve my past content.

  26. Oh and you want an example of a feature that cannot be turned off? smart quotes and autosave comes to mind readily. I’ll think of some more later.

  27. Theres some plugins for wordpress 2.5 which is great that can do auto upgrades. I’d advise updating the sql first though not backing up your data can be severe.

  28. I agree – but don't you have to make your directories world writable first to use the plugins?

%d bloggers like this: