109 points by ValentineC 5 days ago | 59 comments
paulgb 5 days ago
This is a great point. By weaponizing the fact that Automatic controls the plugin registry against a rival by doing something (at best) dangerously adjacent to a supply chain attack, WP Engine stands out now as uniquely immune to that type of attack.
This whole thing makes me sad, I used to use wordpress back in the 2000s and even had some plugins in the directory at the time. I was rooting for Matt but the more I read about this the more it seems like Automattic isn't the good actor here.
icodemuch 5 days ago
benatkin 4 days ago
Judged on its merits and not an exaggeration, I predict that the court of public opinion is going to go the same way as the court of law – a light pushback.
stogot 4 days ago
WorldWideWebb 4 days ago
benatkin 4 days ago
Now, the owner of a package could do a supply chain attack (with a very short chain which is why I think the concept is overhyped), and it would be a supply chain attack, but it wouldn’t be a man in the middle attack. WordPress took over ownership of it but they haven’t published malicious to it. Back when WP Engine owned it they could have published a malicious update and it would be a supply chain attack but with a very short chain unless the user installed a project that depended on it and caused it to automatically be installed.
WorldWideWebb 4 days ago
benatkin 4 days ago
WorldWideWebb 4 days ago
Anywho - I’m not looking to get into an argument with a random internet stranger so have a good one.
drchaos 4 days ago
benatkin 4 days ago
Sometimes a patch isn’t enough so there is something like SilverWolf. That’s kinda like ACF/SCF.
benatkin 4 days ago
labster 4 days ago
That said it is absolutely scummy and dumb, and a sign that Automattic puts its own whims ahead of its clients’ stability. Even if this issue gets settled tomorrow, we now know that Automattic is an irrational actor. Who is going to choose a software platform for new projects where every week a new drama unfolds?
benatkin 4 days ago
They're more human than the WP Engines of the world, though.
labster 4 days ago
No one wants to talk about what WP Engine does, because Matt is making own-goals twice a week.
hn_throwaway_99 4 days ago
That is, WP Engine's cardinal sin (according to their detractors) appears to be that they make a ton of money from WordPress but they don't contribute back "sufficiently" to the ecosystem. I believe (as someone who has contributed a bunch to different open source projects) that this is complete and total bullshit. Since when do individual open source creators get to decide "how much" other people/companies need to "give back"? There is a very good reason open source licenses explicitly specify what you can and can't do with code. If you don't like that, you shouldn't be releasing your code as open source. More to the point, even outside of WP Engine's legal obligations (which nobody is really seriously believing they are in violation of, Matt's post-hoc ridiculous claims of trademark infringement notwithstanding), I think the arguments that they were a bad actor in the community were false, too, especially given Matt's actions.
Other open source creators have discovered that the economics of the cloud world means that it's easier for hosting providers to make a lot of money off open source projects than the original creators of that open source software. And while this may suck, many of these other creators handled this situation in a sane, adult manner, e.g. by forking and relicensing their software, or also see the whole nascent "fair source" movement. What they haven't done is decide to hold the whole community hostage because they decide, after the fact, that they're "owed" 8% of another company's revenue.
Seriously, I'd be interested to hear any rational argument about what WP Engine did that was so objectionable. If the best they can come up with is "they don't support infinite versions as the default out of the box", you'll have to excuse me if I don't think that's some sort of cardinal sin.
benatkin 4 days ago
I’m not saying you’re doing this deliberately but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context. People have forgotten a lot of the drama with FAANGs during these two decades and their leaders were never held to account.
What WP Engine has done is be soulless. They got acquired by a private equity firm, which makes them like a FAANG. The ways they’ve acted are more visible to WordPress than they are to us - they undermined the way they operate with other big hosts whose datacenters communicate with their datacenters, and users with their support. Matt explains it pretty well in this video: https://youtu.be/WU3sd1kDFLg?si=Og9QZ4_onwhbwvB3
hn_throwaway_99 4 days ago
I will only speak for myself, but I find this to be baloney. I'm not judging "open source leaders" more harshly - I'm judging a single open source leader, Matt Mullenweg, harshly solely due to his own actions and statements.
You say "What WP Engine has done is be soulless." That's kind of my whole point - I don't give a fuck, at all, that WP Engine is "soulless". First, they're a hosting company, not a church. My fundamental issue with Matt's behavior in the first place is that just because a company is "soulless", i.e. whatever line he has in his head that is the "minimum" a company should have to contribute back because they use open source software he first created, that he gets to do a shakedown, take over what was their largest open source contribution in the first place, and then demand 8% of their revenue.
Frankly, I don't believe any of this moralistic framing in the first place. I think he saw WP Engine as an "unfair" competitor to WordPress.com, and his actions are simply to cripple a business competitor.
benatkin 4 days ago
On purpose, no. But it's a question of interest. People seem to have a lot of interest in going after open source tech leaders that they don't have for going after closed source tech leaders, partly because any time they go after closed source tech leaders they have to deal with paid defenders (many who are simply paid by being on the much larger payroll, partly funded by government contracts obtained through bribery).
If you'd have judged a FAANG the same way but don't ever get around to judging them, that amounts to being more harsh with open source leaders.
hn_throwaway_99 4 days ago
einsteinx2 4 days ago
I’ve read this sentence 5 times over and still have no idea what you mean by this? How does a company being acquired by a private equity firm make them like a multinational public company? What does being “like a FAANG” mean to you?
As an aside, Automattic was an investor in WP Engine and sold their shares to that same private equity firm.
lesuorac 4 days ago
Go find people on the street and ask them to name the CEO of WordPress and then ask them to name the CEO of Google. Like the average person doesn't criticize an open source leader because they have no idea who they are.
In any sort of big tech thread there are tons of criticisms about privacy violations, basic functionality, lack of support, etc.
However, more to the thread. If say Amazon yoink'd Apple's store and started selling Amazon Basic Macbooks on it there would be complaints.
CRConrad 3 days ago
No, but by even mentioning that you're rather slyly implying they might be.
And apparently forgetting — or trying to obfuscate — that the one person we know is doing something deliberately here is mr Mullenweg.
> but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context.
The relevant context here is what he is doing now.
SahAssar 4 days ago
* The wordpress foundation (and wordpress.org) is not independent enough from Matt & Automattic
* taking over a package in a package registry with automatic updates is really, really bad
benatkin 4 days ago
I see people call for this, and I'd like to see that energy used to call for antitrust against Facebook, which grew at the same time as WordPress. https://en.wikipedia.org/wiki/Federal_Trade_Commission_v._Me....
I don't think they meant to express the intention of it being independent when creating a nonprofit. I think they just created a nonprofit because that's what made the most sense of the available options. I think a B Corp is more along the lines of what was intended.
SahAssar 4 days ago
Even now it seems like Matt is trying to shroud himself in open-source as a defense. If so the foundation should be more independent.
Lash_LaRue 4 days ago
I would further bet that Matt's either on drugs or maybe has a brain tumor or some other undiagnosed medical condition. Only an insane person would destroy their entire reputation and life's work like this.
TheNewsIsHere 2 days ago