Own Your Mistakes
The last week has seen two major failures on the Internet. The most important difference between the two failures is not what failed or why it failed or how it failed, but how the organizations handled those failures.
Last Tuesday, Google’s web-based Gmail service was out for about 100 minutes. 100 minutes is a long time on the Internet, and an eternity when you consider that there are 150 million Gmail users. That is a lot of people unable to check their mail. Google identified the problem quickly, but it took them the better part of two hours to get the solution deployed.
Also in the last week, a worm has been wandering the Internet attempting to break into WordPress-based sites, and has succeeded in a number of cases, including Robert Scoble’s Scobleizer.com.
Google and WordPress.org both had egg on their face, but only one of them handled it well.
When Gmail failed, Google apologized. They accepted responsibility for the outage and included details about steps they were taking to prevent a recurrence.
When WordPress suffered multiple public hacks this week, Matt Mullenweg released his own apology of sorts. Unfortunately, where Google accepted the blame, Mullenweg was less contrite, placing much of the blame on the individual bloggers for not keeping their software up to date. Granted, he tried to cage it in a teamwork analogy, but that just made it seem like he is doing his part and we are letting him down.
Does he have a point? Sure. There have been so many releases of WordPress in part because the Wordpress.org team has been responsive to security problems. But a fix is only helpful if it gets deployed, which is the responsibility of the individual bloggers. Google doesn’t have this problem with Gmail; they run the software themselves. Ditto for FaceBook, Twitter, Blogger and even WordPress.com, the hosted version of WordPress. So, yes, we the individual users of the WordPress software should keep our installs up to date. We should also make sure we use good passwords, and make backups, and take other basic security steps.
None of that matters. Any validity to his arguments was obviated by his cavalier attitude and finger-pointing. A little humility goes a long way and Mullenweg’s “apology” has only angered other bloggers.
Mullenweg should have done as Google did. Take the blame and say how you will prevent similar problems in the future. We all make mistakes, but if you want to keep people’s trust you have to own up to those mistakes. The truth is there have been some bad security bugs in WordPress that never should have been there. No software is perfect, but WordPress needs to be better. They need to move from their reactive security approach to a proactive one. If Mullenweg and his team are not up to the task, they need to get some security experts to comb through the code.
Mullenweg owes it to hundreds of thousands of users to own his mistake.
Leave a comment