Enrico Rubboli


Software Engineer and Enterpreneur
Playing with bitcoin - machine learning - go-lang - ruby - python
Preparing tortellini on demand


The era of the cheap web

|

Free as in “a free beer” (as Stallman’d say). People doesn’t use tools like joomla or wordpress because they’re free as in freedom, but because they’re gratis. Welcome to the world of the cheap web.

The cheap web is a market, and it’s a huge one. But it’s a place that is dominated by asymmetric-information between buyers and sellers as in the market of lemons (George Akerlof, Michael Spence, and Joseph Stiglitz won the Nobel Price for this research). What happens in the market of lemons is that the quality of goods fall.

Wordpress leads the cheap web because it comes with thousand of free (beers) plugins you (or your webmaster) can click-install. Unfortunately when wordpress was first developed there were no APIs to build plugins or themes on, so programmers developed the habit of patching the source code in a huge spaghetti code mix of contents and presentation stuff.

Just in the last couple of years I’ve received at least a dozen of calls from people seeking for help because their websites were compromised. I’ve been able to realize what happened almost all the times and it was always because of some wordpress plugin (and a couple of themes). All these guys paid a great deal of money to get into the world of the cheap web.

Wordpress Exploits List

Unfortunately there’s no escape for the guys at Automattic other than write a security layer able to prevent plugins and themes developers to introduce vulnerabilities (or at least mitigate common flaws). But that would mean to break compatibility with all the existing stuff. In other words, the only way is to move wordpress on a different kind of market, where there are better competitors.

In a tradeoff between security and costs if you’re in the market where free is as in freedom breaking the compatibility to get the needed security is a natural choice, because it’s what the end users wants. But in the market of lemons (the cheap web) end users are not able to understand security and anyway it would be too much expensive for them to implement, so wordpress decided to trade costs for security.

I really hope this embarassing situation will change in the future and the guys at automattic will find a clever solution for a migration to a more secure platform.