this post was submitted on 13 Oct 2024
71 points (97.3% liked)
Technology
59427 readers
3469 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I got lost in this wordpress thing. Tried to read few (probably low quality informed-as-I-am) articles and now I'm even more lost. Can someone ELI5 what's going on, who's the good guy, who's the bad guy, whether wordpress (product) is to be avoided, etc. Thank you.
Tl;Dr is that matt mullenweg saw that other people were making money from free open source software, and his capitalism boner is trying to fuck everyone over.
He has control over both WPEngines competition and the non-profit Foundation, and is using his Foundation position to try extort his for-profit company's competition. Typical CEO behaviour.
This isn't accurate. The issue is that part of that open source software is using non-open source APIs which are paid for by the WordPress Foundation. Making money off open source software is harmless and AFAIK he has no issues with that. However, using an enormous amount of resources where your foundation needs to pay $$$$$ for without contributing anything is what this is about.
The same issue is with Linux, for example. The OS is open source, but the repositories are hosted be e.g. Canonical, which needs to pay to maintain them and for the enormous amount of bandwidth and usage from people updating their packages. That isn't free.
It's very common for companies which fork Ubuntu / Debian to contribute back in some meaningful way, whether that's source code or donations.
WP Engine doesn't contribute anything.
This buries the lede quite a bit.
Mullenweg effectively runs both the non-profit organization Wordpress.org and is the CEO of Automattic, a for profit conpany that sells support for Wordpress (and a direct competitor to WPEngine).
A large part of Wordpress functionality is kept behind an Automattic plugin that forces any Wordpress site using it to collect telemetry/data for Automattic.
The update servers for Wordpress plugins are hardcoded to use Automattic's servers, and this is not configurable or changable unless you modify the Wordpress source code itself.
With Mullenweg's position over both the non-profit org and Automattic, he has direct control over these choices. If he's doing this for the sake of open source, why is he gating things that should be core functionality behind a data collection scheme? If there are problems with load on the update servers, why has no effort been made to allow the community to host update servers themselves that check update hashes against Automattic? That would significantly reduce the load on the for-profit resources (that you called APIs). At the very least, the setting needs to be something exposed to the user and configurable without modifying the source code. Otherwise he's complaining about a problem he has created.
It's also worth noting that at no point has Mullenweg tried to set up any sort of free vs paid tier of access to his update servers. This is a specifically targeted campaign. He has also not publically provided evidence of the increased load by WPEngine despite publically shooting off about a ton of other things that would be best saved for the courtroom.
Mullenweg has also publicly stated some very questionable things about how the resources of the non-profit and his for-profit are intermingled, which may have some legal repurcussions. But that's more of a footnote.
Wordpress's license makes explicit exception to copyright to allow anyone to use "WordPress" or "WP".
The initial reasoning (and I believe the lawsuit) for Mullenweg's attempt to claim 8% of all WPEngine profit, is explicitly based on the claim that they are breaching copyright due to their use of "WP".
So while I agree that lack of upstream contribution and the amount of load on the upgrade servers are important and valid reasons to try and seek some contribution, that is not the angle he took to start this.
At one point during all of this, he switched off the WordPress plugin update servers for all users with no warning.
Now he's done a direct hostile takeover of his competitor's plugin. Of the two security issues, WPEngine disclosed both of them themselves and had already fixed one. There was no evidence that they were going to stop and not fix the other, and the issue is of questionable severity. The main change Automattic did to the plugin was to remove the code that checked for an upgraded/upsold license, effectively cracking the plugin to offer paid features for free.
With the long history of WordPress, I find it incredibly hard to believe that there are not a considerable number of other plugins containing upsells, so the implication that those somehow are in violation of terms is weak.
In my opinion, we have someone in the perfect position to make changes to ensure the upgrade server load (the only quantifiable reason for all this mess) never would have been able to be a problem in the first place. He has singled out the largest competitor to his own for-profit company and targeted them specifically instead of announcing blanket changes that would apply to anyone causing their level of load on his systems. He has taken incredibly poorly thought out and reactionary steps intended to spank his competitor that have had far larger negative effects for the rest of his users and customers. He has and continues to make very piblic statements that any sane lawyer would tell him to keep his fucking mouth shut about. Now he has once again singled out his largest competitor, taken one of their paid products, and modified it to be free rather than creating his own implementation with the problems fixed and no upsells.
Matt Mullenweg has not done anything explicitly evil, wrong, or super obviously illegal. But he's doing a hell of a lot of very concerning and questionable things when he had every opportunity to prevent any of this from ever being a problem in the first place.
I have no love for WPEngine, but Matt isn't a saint and is ridiculously mismanaging all of this.
Just want to point out, that apparently WordPress.org is not owned by the foundation but rather Matt himself, which many people are confused about. It should probably not be used as a stand-in way to refer to the foundation.
https://www.pluginvulnerabilities.com/2024/09/30/who-owns-the-wordpress-website-and-wordpress-org/
That's hell of a twist at the end. I would argue he did all of that and may be looking at jail time.