Squirrel Notes Issue #30

This issue was published on Wednesday, June 5, 2019.

The Human Problem: I wrote a long piece on the human element of CMS and how we're very quick to blame software for our issues.

Software Isn't the Problem

We blame software limitations for what ails our organizations. If only we had better software, things would be different. There’s no point trying to be better, because we’re hobbled by poor software.

Some of this might be true, certainly. But a non-trivial portion of it isn’t. We put too much emphasis on software’s abilities to make up for our shortcomings.

I checked in with some friends, and there are about a dozen quotes from various people around the industry.


A Bit of Drupal History: I enjoy finding early mentions of CMS in mainstream publications. As near as I can tell, this is the first mention of Drupal in the NY Times, from 2009.

Software System's Fans Gather to Talk Code

The article was about a “Drupal Camp” (not a "DrupalCon") that seemed to have about 70 people.

Interestingly, this might have only been the first explicit mention of Drupal. Back in 2003, Drupal got a big boost when it was used for “DeanSpace,” which was a virtual collaboration platform for supporters of Howard Dean: The Dean Connection

Zack Rosen [...] started the project, originally called Hack for Dean, after reading about Dean on the campaign Web site for 20 minutes. [...] He recruited an unpaid team of nearly a hundred programmers to write software for the campaign that would allow the many disparate, unofficial Dean Web sites to communicate directly with one another and also with the campaign.


WordPress Stealth Security Fix Via Emojis: Tucked away in an article about emojis, I found a note claiming WordPress used an inventive strategy to patch a critical vulnerability without announcing it.

WordPress [...] made a major update to their systems in 2015 under the guise of “enabling emoji support.” What they actually did was patch a critical security vulnerability that allowed cross-site scripting attacks in some multibyte character situations. In essence (and this is only a tiny exaggeration): a quarter of the internet was saved from hacking by adding emoji support.

This is the only place I've heard of it. I looked through all the changelogs for 2015 and couldn't find any references to emoji support (though 4 of the 5 “fixed a cross-site scripting vulnerability”). This might have been for the commercial hosted version, rather than the open-source project.


The NY Times Text Editor: Here's a lovely article from the NY Times explaining their new text editor, which is based on a framework I had never heard of that's designed specifically for building rich text editors (I didn't even know that was a thing…).

Building a Text Editor for a Digital-First Newsroom

I love that the NY Times is willing to write articles like this, explaining their process. They certainly don't have to, but it's a fantastic way for us to peer into the inner workings of a massive publishing operation.


WordPress Anniversary: Earlier this week, Jon Erlichman gave us this simple tweet which noted:

On this day in 2003: WordPress launches.

It even has a screencap of the first WordPress interface. (Erlichman is a Bloomberg anchor who has nothing to do with CMS, he just does a lot of “on this day” tweets.)