Rendered at 01:31:15 GMT+0000 (Coordinated Universal Time) with Wasmer Edge.
paulgb 2 days ago [-]
> Amusingly, in its war against WP Engine, Automattic might have created the single best advertisement for their chief rival. WP Engine now has proof it’s immune to unauthorized plugin takeover.
This is a great point. By weaponizing the fact that Automatic controls the plugin registry against a rival by doing something (at best) dangerously adjacent to a supply chain attack, WP Engine stands out now as uniquely immune to that type of attack.
This whole thing makes me sad, I used to use wordpress back in the 2000s and even had some plugins in the directory at the time. I was rooting for Matt but the more I read about this the more it seems like Automattic isn't the good actor here.
icodemuch 2 days ago [-]
This seems like a pretty damning indictment of Automattic. The WordPress foundation (that they presumably set up) may have rules that give them legal cover for some of the moves they’re making, but it’s going to hurt them in the court of public opinion. I think that matters to developers, who are the people ultimately responsible for choosing whether or not to contribute to / use their product. It’s true that migration cost might prevent churn from these actions right now but stopping the train of logic there seems short sighted. What about all the business that they may have received in the future that they might not get now because they’ve tarnished their brand?
benatkin 2 days ago [-]
I don't see it catching on that this is a "supply-chain attack" (from the article, but what came to mind when you said that it seems pretty damning). It isn't an attack because it's done deliberately by the owner (yes, owner) of the platform users are downloading from and not some upstream platform. The part of the chain involved is only one level deep. Maybe it's time to stop hyping up the term "software supply chain" because it gives me You Wouldn't Download a Car vibes.
Judged on its merits and not an exaggeration, I predict that the court of public opinion is going to go the same way as the court of law – a light pushback.
stogot 2 days ago [-]
The article mentions they made subtle changes that broke websites. One user had 150 broken client sites and had to fix one by one. If that happened to me I’d consider it a supply chain attack
WorldWideWebb 2 days ago [-]
How is this not a supply chain attack? Mattomatic literally took over a plugin that WPE owns/maintains by co-opting its plugin URL/slug. They renamed the plugin but took control over the URL that everyone’s plugin points to for updates. Literal MITM attack.
benatkin 2 days ago [-]
wordpress.org isn’t an intermediary, they’re the publisher, so they can’t be in the middle, and they can’t be MITM
Now, the owner of a package could do a supply chain attack (with a very short chain which is why I think the concept is overhyped), and it would be a supply chain attack, but it wouldn’t be a man in the middle attack. WordPress took over ownership of it but they haven’t published malicious to it. Back when WP Engine owned it they could have published a malicious update and it would be a supply chain attack but with a very short chain unless the user installed a project that depended on it and caused it to automatically be installed.
WorldWideWebb 2 days ago [-]
Wordpress.org is not the publisher of that plugin - WPE is. Wordpress.org was just hosting it in their plugin directory, which is where just about the entire community goes to for plugins. I’d guess that because of this drama, more plugin publishers will choose to not publish theirs in the directory anymore.
I’ll use npm as an example. When someone not at npm runs npm publish, their npm client sends a request for their package to be published, which to me shows that the person isn’t the publisher because they aren’t requesting for themselves to publish the package. But I see how it might be confusing.
WorldWideWebb 2 days ago [-]
npm is a good analogy to this, but I don’t see how either one would be considered the publisher. Those are indexes/directories/whatever-you-want-to-call-it of packages/WP plugins. Another example would be something like GitHub. If GitHub (Microsoft) decided to take over the repo URL of a rival’s repository, I don’t think there would be any ambiguity about who was in the wrong.
Anywho - I’m not looking to get into an argument with a random internet stranger so have a good one.
drchaos 2 days ago [-]
If npm or Ubuntu would deliberately replace a package with their own implementation, without giving you notice or making this opt-in, would you call that a supply-chain attack? I would, unless the original package contained malicious code (which is not the case with WPE's custom fields plugin)
benatkin 2 days ago [-]
Ubuntu patches all the time. WordPress could have done exactly the same with patches! Good idea.
Sometimes a patch isn’t enough so there is something like SilverWolf. That’s kinda like ACF/SCF.
benatkin 2 days ago [-]
That's LibreWolf.
labster 2 days ago [-]
It’s only technically a supply chain attack. Pretty much all they did was apply a security patch and remove the other company’s IP. It doesn’t really attack a user or put anyone at risk, which is what you normally mean with an attack, so it sounds hyperbolic.
That said it is absolutely scummy and dumb, and a sign that Automattic puts its own whims ahead of its clients’ stability. Even if this issue gets settled tomorrow, we now know that Automattic is an irrational actor. Who is going to choose a software platform for new projects where every week a new drama unfolds?
2 days ago [-]
benatkin 2 days ago [-]
> Automattic is an irrational actor
They're more human than the WP Engines of the world, though.
labster 2 days ago [-]
Indeed. To err is human.
No one wants to talk about what WP Engine does, because Matt is making own-goals twice a week.
hn_throwaway_99 2 days ago [-]
I'll talk about what WP Engine does, because I've been following this whole saga and I think they've done nothing wrong. Worse, I'm pissed that some open source folks are defending Matt's position that's basically "well, open source is whatever I say it is".
That is, WP Engine's cardinal sin (according to their detractors) appears to be that they make a ton of money from WordPress but they don't contribute back "sufficiently" to the ecosystem. I believe (as someone who has contributed a bunch to different open source projects) that this is complete and total bullshit. Since when do individual open source creators get to decide "how much" other people/companies need to "give back"? There is a very good reason open source licenses explicitly specify what you can and can't do with code. If you don't like that, you shouldn't be releasing your code as open source. More to the point, even outside of WP Engine's legal obligations (which nobody is really seriously believing they are in violation of, Matt's post-hoc ridiculous claims of trademark infringement notwithstanding), I think the arguments that they were a bad actor in the community were false, too, especially given Matt's actions.
Other open source creators have discovered that the economics of the cloud world means that it's easier for hosting providers to make a lot of money off open source projects than the original creators of that open source software. And while this may suck, many of these other creators handled this situation in a sane, adult manner, e.g. by forking and relicensing their software, or also see the whole nascent "fair source" movement. What they haven't done is decide to hold the whole community hostage because they decide, after the fact, that they're "owed" 8% of another company's revenue.
Seriously, I'd be interested to hear any rational argument about what WP Engine did that was so objectionable. If the best they can come up with is "they don't support infinite versions as the default out of the box", you'll have to excuse me if I don't think that's some sort of cardinal sin.
benatkin 2 days ago [-]
I see a pattern of open source leaders being judged more harshly than proprietary software leaders. I think it’s because of a feedback loop. It started before the current crop of social media. People saw they could criticize Theo de Raadt more easily than Google because Google had its own weird nerds about a decade before the phenomenon with Elon Musk. These defenders were encouraged by the money and connections of the people they were defending, which is greater than those of the open source leaders.
I’m not saying you’re doing this deliberately but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context. People have forgotten a lot of the drama with FAANGs during these two decades and their leaders were never held to account.
What WP Engine has done is be soulless. They got acquired by a private equity firm, which makes them like a FAANG. The ways they’ve acted are more visible to WordPress than they are to us - they undermined the way they operate with other big hosts whose datacenters communicate with their datacenters, and users with their support. Matt explains it pretty well in this video: https://youtu.be/WU3sd1kDFLg?si=Og9QZ4_onwhbwvB3
hn_throwaway_99 2 days ago [-]
> I see a pattern of open source leaders being judged more harshly than proprietary software leaders.
I will only speak for myself, but I find this to be baloney. I'm not judging "open source leaders" more harshly - I'm judging a single open source leader, Matt Mullenweg, harshly solely due to his own actions and statements.
You say "What WP Engine has done is be soulless." That's kind of my whole point - I don't give a fuck, at all, that WP Engine is "soulless". First, they're a hosting company, not a church. My fundamental issue with Matt's behavior in the first place is that just because a company is "soulless", i.e. whatever line he has in his head that is the "minimum" a company should have to contribute back because they use open source software he first created, that he gets to do a shakedown, take over what was their largest open source contribution in the first place, and then demand 8% of their revenue.
Frankly, I don't believe any of this moralistic framing in the first place. I think he saw WP Engine as an "unfair" competitor to WordPress.com, and his actions are simply to cripple a business competitor.
benatkin 2 days ago [-]
> I'm not judging "open source leaders" more harshly
On purpose, no. But it's a question of interest. People seem to have a lot of interest in going after open source tech leaders that they don't have for going after closed source tech leaders, partly because any time they go after closed source tech leaders they have to deal with paid defenders (many who are simply paid by being on the much larger payroll, partly funded by government contracts obtained through bribery).
If you'd have judged a FAANG the same way but don't ever get around to judging them, that amounts to being more harsh with open source leaders.
hn_throwaway_99 2 days ago [-]
Whatever man. I think this is all completely irrelevant to the current WordPress saga, not to mention that I totally disagree with your 0-evidence hypothesis in the first place that people are somehow more critical of open source leaders. FWIW, there is plenty in my HN comment history lambasting Google's fall from technically-admired leader to "just another big company led by the bean counters".
einsteinx2 1 days ago [-]
> They got acquired by a private equity firm, which makes them like a FAANG.
I’ve read this sentence 5 times over and still have no idea what you mean by this? How does a company being acquired by a private equity firm make them like a multinational public company? What does being “like a FAANG” mean to you?
As an aside, Automattic was an investor in WP Engine and sold their shares to that same private equity firm.
lesuorac 2 days ago [-]
Eh, I'm not completely convinced open source leaders are judged more harshly.
Go find people on the street and ask them to name the CEO of WordPress and then ask them to name the CEO of Google. Like the average person doesn't criticize an open source leader because they have no idea who they are.
In any sort of big tech thread there are tons of criticisms about privacy violations, basic functionality, lack of support, etc.
However, more to the thread. If say Amazon yoink'd Apple's store and started selling Amazon Basic Macbooks on it there would be complaints.
CRConrad 1 days ago [-]
> I’m not saying you’re doing this deliberately
No, but by even mentioning that you're rather slyly implying they might be.
And apparently forgetting — or trying to obfuscate — that the one person we know is doing something deliberately here is mr Mullenweg.
> but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context.
The relevant context here is what he is doing now.
SahAssar 2 days ago [-]
Regardless of all else I'm hoping we can all agree on:
* The wordpress foundation (and wordpress.org) is not independent enough from Matt & Automattic
* taking over a package in a package registry with automatic updates is really, really bad
benatkin 2 days ago [-]
> The wordpress foundation (and wordpress.org) is not independent enough from Matt & Automattic
I don't think they meant to express the intention of it being independent when creating a nonprofit. I think they just created a nonprofit because that's what made the most sense of the available options. I think a B Corp is more along the lines of what was intended.
SahAssar 2 days ago [-]
I don't think anyone thinks of Meta or Facebook products as open-source in the same way as WordPress (they have open source projects but none that are as core to their business as WordPress is to Automattic).
Even now it seems like Matt is trying to shroud himself in open-source as a defense. If so the foundation should be more independent.
Lash_LaRue 2 days ago [-]
I don't know if they committed "theft" under criminal law, but I would bet lots of money that Automattic is going to get obliterated by the complaint filed by WP Engine, probably including injunctive relief. Tortious interference in a contract is normally difficult to prove because one of the elements is malice or intent to cause harm, but Matt basically handed WP Engine's lawyers all the ammo they would ever need during his yappy media tour.
I would further bet that Matt's either on drugs or maybe has a brain tumor or some other undiagnosed medical condition. Only an insane person would destroy their entire reputation and life's work like this.
badlibrarian 2 days ago [-]
Once the self-sabotage is over perhaps we can dig into the self-dealing.
pushedx 2 days ago [-]
Under which open source license was ACF originally released? That would help to answer the question.
patmorgan23 2 days ago [-]
Forking ACF is not the issue, automatic is perfectly within their rights to do that. Hijacking the ACF WordPress.org page and having everyone who uses WordPress.org for plugin updates to auto update to the fork is the problem.
chii 2 days ago [-]
> Hijacking the ACF WordPress.org page
is it a hijacking, if they own that page in the first place? The community placed trust on that owner of the page to be impartial, which was shown to be false here of course.
This means that this community page/list should no longer be trusted, and an alternative be sought out.
pushedx 2 days ago [-]
IANAL, but the only expressly illegal thing that they seem to have done is maintain the "acf" tag, and used the "advanced-custom-fields" URL, which could be trademark violations.
I'm sure there are other laws that are relevant here related to deception and misuse of the subscription to the plugin updates by the 2 million users involved.
Legal issues aside, this is an extreme erosion in trust for any user of the WordPress.org platform. They can no longer have confidence that their commerical (or non-commerical) plugin won't be chopped up and have its users stolen at any moment.
CRConrad 1 days ago [-]
> Legal issues aside, this is an extreme erosion in trust for any user of the WordPress.org platform. They can no longer have confidence that their commerical (or non-commerical) plugin won't be chopped up and have its users stolen at any moment.
Not just the plug-in creators, but those (“stolen”) plug-in users, too. There is an example in TFA, the guy who had to update many (150, IIRC?) of his customers’ sites after the plug-in was switched out from under him.
bmacho 2 days ago [-]
> is it a hijacking, if they own that page in the first place? The community placed trust on that owner of the page to be impartial
I would say yes, it is hijacking. It is very very similar to any MITM attack ever, like anyone in the looong chain of trust deciding that they will do something with the trust they have. Like, can your ISP redirect google.com to their own google.com? They surely can, and it probably wouldn't even break their contract with you. It would be a trademark infringement, probably GDPR violation, but not much else.
Since WordPress.org acts as a traditional package repository, they can: serve you the package, or don't serve you the package for various reasons. Everything else is hijacking or worse, especially if the intent is just to turn you their user, and the result is to break your website. Even if you don't have a contract with them that they will serve WP Engine's unmodified plugin to you.
yurishimo 2 days ago [-]
GPL. All WordPress code is GPL and plug-ins need to call WP APIs to register themselves with the CMS.
bzmrgonz 2 days ago [-]
[flagged]
CRConrad 1 days ago [-]
No, not as far as I can see.
In order to make your claim plausible, you'd have to
1) Tell us exactly what “sins” those are; and
2) Above all, explain WTF they have to do with this.
yoddler 2 days ago [-]
[flagged]
pessimizer 2 days ago [-]
This debate is extremely dumb, and everybody gish gallops and implies something terrible when they try to explain what Automattic is doing wrong, because they can't figure it out. So they instead give reasons why they insist it will be bad for his business (isn't that his business?) and pretend like that's him "technically" not doing anything tortious. It's not technical, the lawsuit from WPE is there to read. It's silly, and if it's not thrown out it will be because the judge needs time to understand the complexities of the license (and the promise that "Wordpress" will be turned over to the community after Automattic, who has an exclusive license to the trademark, shuts down.)
Using the reasons that you think this is a bad business decision as proxy reasons why he's wronged everyone making a living from his work is a veiled threat. Don't threaten to leave, just leave.
Maybe the problem is this haunting by the "Spirit of Open Source" where people insist that they have all of these rights that aren't in the license. Wordpress is not open source. It is Free Software. You already own it. Fork it if you want. If WPEngine is already doing almost as much business as Wordpress.com, they can handle everything themselves. If people love WPEngine more, they can leave. Don't whine when the value proposition for WPEngine changes after they have to take care of everything themselves, and they start violating the Spirit of Open Source until their bottom line looks better again.
I'm swearing an oath to violate the Spirit of Open Source wherever I see a hint of it, I'm just sticking to the licenses. The Spirit of Open Source somehow makes already wealthy people feel entitled to everything in the world. Free Software is important to me, and the people who make it should be as aggressive as will financially benefit them, as long as they abide by the letter of the GPL. The software is what's important, not that your half-billion dollar business is built on top of somebody else's half-billion dollar business. That's a you-problem.
Also, this is just straight up abuser behavior towards this guy. He doesn't do what you want with what is his, so you degrade him and accuse him of stealing his own property. It's hard to watch.
I'm going to stop commenting on these threads, but this mobbing is ridiculous. I hope he's emotionally stable; but a lot of tech CEOs aren't, and his awkward reactions to the pitchforks don't give me confidence. If you're compulsively reading all of these threads, stop now. Stay strong and know that 95% of this is coming from people who are directly connected to this financially and just don't want to be inconvenienced.
asmor 2 days ago [-]
The "spirit of open source" or whatever implicit terms come with the piece of free software was that Matt/Automattic are good stewards of the software, especially in regards to it being hardcoded to use to wp.org. It's incredibly silly to throw that goodwill away when you're load-bearing for almost half the web. These actions will create forks with different stewards and at worst fragment the codebase.
CRConrad 1 days ago [-]
> This debate is extremely dumb,
Well, yes... At least some contributions to it certainly are.
> and everybody gish gallops and implies something terrible when they try to explain what Automattic is doing wrong, because they can't figure it out
Funny, I thought I'd seen several perfectly cogent explanations of exactly what mr Mullenweg and Automattic is doing wrong, both here in this thread and in TFA.
The only thing that looks remotely like a Gish Gallop to me is your post. (And perhaps those of benatkins.)
mediumsmart 2 days ago [-]
maybe they made a commit to some open source that they stole in broad daylight.
stevenicr 2 days ago [-]
The title made me wonder where they would go with this,
then it starts with "Imagine Apple decided Spotify was a big enough business threat that it had to take unfair measures to limit Spotify’s growth on the App Store."
Um, okay - apple's store is not open, and spotify is not open source - so the article is over in it's first line..
but let go further
Lock Spotify out of its developer ecosystem - sharecropping on someone else's land has risks - good thing about then a plugin or theme gets kicked out of wordpress.org's system is that WP users can "sideload" from anywhere with any sort of 'jailbreaking', you don't even need to click/tap 'it's okay to load from outside sources' (point 1 from the story)
point 3 - this is completely false - see https://wordpress.org/news/ - and everyone got to see news about this in the wp-admin dashbaord (I think I recall from more than one source)
the other 4 points are eye-roll worthy from me, again see point one.
This is not the first time a similar thing has happened with the wordpress plugin or theme directory.
The rest of this post is clearly very one sided and includes other falsehoods such as "The response was universally negative:"
Growing tired of the article, I scroll and I see a headline "Is WP Engine the only enterprise-ready WordPress hosting provider left"
are you kidding me?
Disagree with the entire piece.
and a return how about "Imagine Apple decided Spotify was a big enough business"... that they could easily afford to pay 30% of the proceeds they make from an app that lives in their ecosystem so that Apple can continue to develop, secure and grow
- so that the app could enjoy those benefits and all can grow..
and if they didn't pay up, they get kicked out of the Apple store,
I mean that would be outrageous!
And you could re-write the article replacing automatic with apple.. oh wait.
pessimizer 2 days ago [-]
> then it starts with "Imagine Apple decided Spotify was a big enough business threat that it had to take unfair measures to limit Spotify’s growth on the App Store."
> Um, okay - apple's store is not open, and spotify is not open source - so the article is over in it's first line..
Exactly. "Imagine that Apple wrote a GPL streaming music app, and Spotify was a redistributor of that app with almost no changes, but also used some of their own infrastructure to serve part of the backend of their fork. Now imagine that the reseller started doing nearly as much business as Apple with the app, but barely contributed any code. Apple asks Spotify to contribute more, Spotify replies 'lol.' Then, Apple tells Spotify that they can't call their fork 'Apple Music' anymore, and bans the Spotify fork from relying on Apple's infra for what Spotify doesn't find profitable to do."
CRConrad 1 days ago [-]
> Um, okay - apple's store is not open, and spotify is not open source - so the article is over in it's first line..
Only for people (wilfully?) blind to the screamingly obvious parallel.
stevenicr 6 hours ago [-]
As mentioned later in the comment, the real parallel to consider is that this whole thing (I believe, am I wrong?) started with:
Matt/Wordpress asking for (sizable) donation from wp-engine, and them refusing (maybe they offered an amount but balked at what was being suggested?)
and then they got kicked out of the 'wordpress store' (.org directory and access to it)
my limited understanding is that Apple demands you pay 30% of what you make from your apps, regardless.. and I think fortnite and a couple others have balked at that and got kicked out..
my DDG first result suggests Matt asked for 8% of wp-engine revenues..
and given that automattic/wp does WAY more for enhancing and securing the actual thing that their users use, compared to what Apple does for fortnites code..
seems that the parallel the author attempts to draw with Apple and it's store is hilarious- it actually shows that Matt is asking for less and providing more to wp-engine.. way more.
cycomanic 2 days ago [-]
It's worth pointing out that even Apple (whom the auther uses as an exam to illustrate the point) has engaged in similar behavior. Not quite as bad, i.e. they didn't take over an app, but they have suddenly blocked apps from updating when the app had similar functionality to one they released.
bmacho 2 days ago [-]
Throwing someone out from a marketplace is .. quite common. They (marketplace owners/publishers) don't need much reasoning for it, and I'm sure they did it many times bc they've perceived on of their clients dangerous to them, or wanted to take over their businesses.
But silently redirecting the users to yourself is practically unheard of, and it is indeed a red line.
SahAssar 2 days ago [-]
That is not as bad, taking the url, auto-updates, reviews, etc. makes it so much worse. Apple might be anticompetitive, but replacing the app via auto updates is really bad.
idm_guru 2 days ago [-]
This is a trademark dispute. WP-Engine uses the trademark, and made a tactical decision not to license it. Their thought was better to ask for forgiveness later then pay up front. Protecting your trademark is critical for an organization governing an open source product. Just look at Docker to see what happens when you lose control of your trademark. Last I checked, most owners aggressively protect their trademark. It's one of the few IP protections open source companies have. Why are you all defending the freeloading open source strip miner? Is WP Engine's use of the trademark fair use? Something tells me that they will end up settling this out of court...
Lash_LaRue 2 days ago [-]
Bollocks and hallucinatory nonsense. The trademark page had made it abundantly clear that use of "WP" was not protected by trademark and only made it an issue ex-post-facto when Matt decided one day that he didn't like the competition. The trademark claims are bollocks, nonsense, bogus — entirely without merit.
If you don't like your open source work being used by others to do for-profit things then don't license it as GPL or don't open source it to begin with. You can't retroactively come out and complain after the fact once you've already given all your IP away and made it abundantly clear that "WP" isn't a trademark, and BY THE WAY the jurisprudence on trademark law makes it difficult to even try to claim a trademark or servicemark from two letters put together!
idm_guru 2 days ago [-]
We will see. You can say it's bollocks, but I'm betting you are not an IP lawyer. Silverlake, the PE firm that acquired WP-Engine has a gaggle of IP lawyers that assessed the risk before the investment. Were they right or wrong? Like any sporting event, everyone has a strong opinion before the game. But it's only the final score that matters. I'm wishing Automatic the best of luck.
edanm 2 days ago [-]
Even if you agree with the trademark claim (I have no idea one way or the other), the way that Automattic is acting is wrong, pure and simple.
idm_guru 2 days ago [-]
No one ever won a law suit by putting forward a tepid case. They will position for maximum damage as a bargaining position, just like any of you would.
edanm 2 days ago [-]
Are you talking about Automattic? I'm not talking about the lawsuit, I'm talking about the things surrounding. Especially the checkbox when logging into Wordpress.org in which you must proclaim you aren't affiliated with WPEngine.
That is simply terrible behavior, one that impacts users, not just WPEngine. I personally will never use Wordpress again because of this.
CRConrad 1 days ago [-]
If we want to read mr Mullenweg’s unfiltered (and undigested...) thoughts on the matter we can easily find them directly from him.
If you want to contribute your own take to the discussion, you'd have to... You know, develop a take of your own; not just regurgitate his.
This is a great point. By weaponizing the fact that Automatic controls the plugin registry against a rival by doing something (at best) dangerously adjacent to a supply chain attack, WP Engine stands out now as uniquely immune to that type of attack.
This whole thing makes me sad, I used to use wordpress back in the 2000s and even had some plugins in the directory at the time. I was rooting for Matt but the more I read about this the more it seems like Automattic isn't the good actor here.
Judged on its merits and not an exaggeration, I predict that the court of public opinion is going to go the same way as the court of law – a light pushback.
Now, the owner of a package could do a supply chain attack (with a very short chain which is why I think the concept is overhyped), and it would be a supply chain attack, but it wouldn’t be a man in the middle attack. WordPress took over ownership of it but they haven’t published malicious to it. Back when WP Engine owned it they could have published a malicious update and it would be a supply chain attack but with a very short chain unless the user installed a project that depended on it and caused it to automatically be installed.
https://www.advancedcustomfields.com
Anywho - I’m not looking to get into an argument with a random internet stranger so have a good one.
Sometimes a patch isn’t enough so there is something like SilverWolf. That’s kinda like ACF/SCF.
That said it is absolutely scummy and dumb, and a sign that Automattic puts its own whims ahead of its clients’ stability. Even if this issue gets settled tomorrow, we now know that Automattic is an irrational actor. Who is going to choose a software platform for new projects where every week a new drama unfolds?
They're more human than the WP Engines of the world, though.
No one wants to talk about what WP Engine does, because Matt is making own-goals twice a week.
That is, WP Engine's cardinal sin (according to their detractors) appears to be that they make a ton of money from WordPress but they don't contribute back "sufficiently" to the ecosystem. I believe (as someone who has contributed a bunch to different open source projects) that this is complete and total bullshit. Since when do individual open source creators get to decide "how much" other people/companies need to "give back"? There is a very good reason open source licenses explicitly specify what you can and can't do with code. If you don't like that, you shouldn't be releasing your code as open source. More to the point, even outside of WP Engine's legal obligations (which nobody is really seriously believing they are in violation of, Matt's post-hoc ridiculous claims of trademark infringement notwithstanding), I think the arguments that they were a bad actor in the community were false, too, especially given Matt's actions.
Other open source creators have discovered that the economics of the cloud world means that it's easier for hosting providers to make a lot of money off open source projects than the original creators of that open source software. And while this may suck, many of these other creators handled this situation in a sane, adult manner, e.g. by forking and relicensing their software, or also see the whole nascent "fair source" movement. What they haven't done is decide to hold the whole community hostage because they decide, after the fact, that they're "owed" 8% of another company's revenue.
Seriously, I'd be interested to hear any rational argument about what WP Engine did that was so objectionable. If the best they can come up with is "they don't support infinite versions as the default out of the box", you'll have to excuse me if I don't think that's some sort of cardinal sin.
I’m not saying you’re doing this deliberately but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context. People have forgotten a lot of the drama with FAANGs during these two decades and their leaders were never held to account.
What WP Engine has done is be soulless. They got acquired by a private equity firm, which makes them like a FAANG. The ways they’ve acted are more visible to WordPress than they are to us - they undermined the way they operate with other big hosts whose datacenters communicate with their datacenters, and users with their support. Matt explains it pretty well in this video: https://youtu.be/WU3sd1kDFLg?si=Og9QZ4_onwhbwvB3
I will only speak for myself, but I find this to be baloney. I'm not judging "open source leaders" more harshly - I'm judging a single open source leader, Matt Mullenweg, harshly solely due to his own actions and statements.
You say "What WP Engine has done is be soulless." That's kind of my whole point - I don't give a fuck, at all, that WP Engine is "soulless". First, they're a hosting company, not a church. My fundamental issue with Matt's behavior in the first place is that just because a company is "soulless", i.e. whatever line he has in his head that is the "minimum" a company should have to contribute back because they use open source software he first created, that he gets to do a shakedown, take over what was their largest open source contribution in the first place, and then demand 8% of their revenue.
Frankly, I don't believe any of this moralistic framing in the first place. I think he saw WP Engine as an "unfair" competitor to WordPress.com, and his actions are simply to cripple a business competitor.
On purpose, no. But it's a question of interest. People seem to have a lot of interest in going after open source tech leaders that they don't have for going after closed source tech leaders, partly because any time they go after closed source tech leaders they have to deal with paid defenders (many who are simply paid by being on the much larger payroll, partly funded by government contracts obtained through bribery).
If you'd have judged a FAANG the same way but don't ever get around to judging them, that amounts to being more harsh with open source leaders.
I’ve read this sentence 5 times over and still have no idea what you mean by this? How does a company being acquired by a private equity firm make them like a multinational public company? What does being “like a FAANG” mean to you?
As an aside, Automattic was an investor in WP Engine and sold their shares to that same private equity firm.
Go find people on the street and ask them to name the CEO of WordPress and then ask them to name the CEO of Google. Like the average person doesn't criticize an open source leader because they have no idea who they are.
In any sort of big tech thread there are tons of criticisms about privacy violations, basic functionality, lack of support, etc.
However, more to the thread. If say Amazon yoink'd Apple's store and started selling Amazon Basic Macbooks on it there would be complaints.
No, but by even mentioning that you're rather slyly implying they might be.
And apparently forgetting — or trying to obfuscate — that the one person we know is doing something deliberately here is mr Mullenweg.
> but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context.
The relevant context here is what he is doing now.
* The wordpress foundation (and wordpress.org) is not independent enough from Matt & Automattic
* taking over a package in a package registry with automatic updates is really, really bad
I see people call for this, and I'd like to see that energy used to call for antitrust against Facebook, which grew at the same time as WordPress. https://en.wikipedia.org/wiki/Federal_Trade_Commission_v._Me....
I don't think they meant to express the intention of it being independent when creating a nonprofit. I think they just created a nonprofit because that's what made the most sense of the available options. I think a B Corp is more along the lines of what was intended.
Even now it seems like Matt is trying to shroud himself in open-source as a defense. If so the foundation should be more independent.
I would further bet that Matt's either on drugs or maybe has a brain tumor or some other undiagnosed medical condition. Only an insane person would destroy their entire reputation and life's work like this.
is it a hijacking, if they own that page in the first place? The community placed trust on that owner of the page to be impartial, which was shown to be false here of course.
This means that this community page/list should no longer be trusted, and an alternative be sought out.
I'm sure there are other laws that are relevant here related to deception and misuse of the subscription to the plugin updates by the 2 million users involved.
Legal issues aside, this is an extreme erosion in trust for any user of the WordPress.org platform. They can no longer have confidence that their commerical (or non-commerical) plugin won't be chopped up and have its users stolen at any moment.
Not just the plug-in creators, but those (“stolen”) plug-in users, too. There is an example in TFA, the guy who had to update many (150, IIRC?) of his customers’ sites after the plug-in was switched out from under him.
I would say yes, it is hijacking. It is very very similar to any MITM attack ever, like anyone in the looong chain of trust deciding that they will do something with the trust they have. Like, can your ISP redirect google.com to their own google.com? They surely can, and it probably wouldn't even break their contract with you. It would be a trademark infringement, probably GDPR violation, but not much else.
Since WordPress.org acts as a traditional package repository, they can: serve you the package, or don't serve you the package for various reasons. Everything else is hijacking or worse, especially if the intent is just to turn you their user, and the result is to break your website. Even if you don't have a contract with them that they will serve WP Engine's unmodified plugin to you.
In order to make your claim plausible, you'd have to
1) Tell us exactly what “sins” those are; and
2) Above all, explain WTF they have to do with this.
Using the reasons that you think this is a bad business decision as proxy reasons why he's wronged everyone making a living from his work is a veiled threat. Don't threaten to leave, just leave.
Maybe the problem is this haunting by the "Spirit of Open Source" where people insist that they have all of these rights that aren't in the license. Wordpress is not open source. It is Free Software. You already own it. Fork it if you want. If WPEngine is already doing almost as much business as Wordpress.com, they can handle everything themselves. If people love WPEngine more, they can leave. Don't whine when the value proposition for WPEngine changes after they have to take care of everything themselves, and they start violating the Spirit of Open Source until their bottom line looks better again.
I'm swearing an oath to violate the Spirit of Open Source wherever I see a hint of it, I'm just sticking to the licenses. The Spirit of Open Source somehow makes already wealthy people feel entitled to everything in the world. Free Software is important to me, and the people who make it should be as aggressive as will financially benefit them, as long as they abide by the letter of the GPL. The software is what's important, not that your half-billion dollar business is built on top of somebody else's half-billion dollar business. That's a you-problem.
Also, this is just straight up abuser behavior towards this guy. He doesn't do what you want with what is his, so you degrade him and accuse him of stealing his own property. It's hard to watch.
I'm going to stop commenting on these threads, but this mobbing is ridiculous. I hope he's emotionally stable; but a lot of tech CEOs aren't, and his awkward reactions to the pitchforks don't give me confidence. If you're compulsively reading all of these threads, stop now. Stay strong and know that 95% of this is coming from people who are directly connected to this financially and just don't want to be inconvenienced.
Well, yes... At least some contributions to it certainly are.
> and everybody gish gallops and implies something terrible when they try to explain what Automattic is doing wrong, because they can't figure it out
Funny, I thought I'd seen several perfectly cogent explanations of exactly what mr Mullenweg and Automattic is doing wrong, both here in this thread and in TFA.
The only thing that looks remotely like a Gish Gallop to me is your post. (And perhaps those of benatkins.)
then it starts with "Imagine Apple decided Spotify was a big enough business threat that it had to take unfair measures to limit Spotify’s growth on the App Store."
Um, okay - apple's store is not open, and spotify is not open source - so the article is over in it's first line..
but let go further
Lock Spotify out of its developer ecosystem - sharecropping on someone else's land has risks - good thing about then a plugin or theme gets kicked out of wordpress.org's system is that WP users can "sideload" from anywhere with any sort of 'jailbreaking', you don't even need to click/tap 'it's okay to load from outside sources' (point 1 from the story)
point 3 - this is completely false - see https://wordpress.org/news/ - and everyone got to see news about this in the wp-admin dashbaord (I think I recall from more than one source)
the other 4 points are eye-roll worthy from me, again see point one.
This is not the first time a similar thing has happened with the wordpress plugin or theme directory.
The rest of this post is clearly very one sided and includes other falsehoods such as "The response was universally negative:"
Growing tired of the article, I scroll and I see a headline "Is WP Engine the only enterprise-ready WordPress hosting provider left"
are you kidding me?
Disagree with the entire piece.
and a return how about "Imagine Apple decided Spotify was a big enough business"... that they could easily afford to pay 30% of the proceeds they make from an app that lives in their ecosystem so that Apple can continue to develop, secure and grow
- so that the app could enjoy those benefits and all can grow.. and if they didn't pay up, they get kicked out of the Apple store, I mean that would be outrageous!
And you could re-write the article replacing automatic with apple.. oh wait.
> Um, okay - apple's store is not open, and spotify is not open source - so the article is over in it's first line..
Exactly. "Imagine that Apple wrote a GPL streaming music app, and Spotify was a redistributor of that app with almost no changes, but also used some of their own infrastructure to serve part of the backend of their fork. Now imagine that the reseller started doing nearly as much business as Apple with the app, but barely contributed any code. Apple asks Spotify to contribute more, Spotify replies 'lol.' Then, Apple tells Spotify that they can't call their fork 'Apple Music' anymore, and bans the Spotify fork from relying on Apple's infra for what Spotify doesn't find profitable to do."
Only for people (wilfully?) blind to the screamingly obvious parallel.
Matt/Wordpress asking for (sizable) donation from wp-engine, and them refusing (maybe they offered an amount but balked at what was being suggested?)
and then they got kicked out of the 'wordpress store' (.org directory and access to it)
my limited understanding is that Apple demands you pay 30% of what you make from your apps, regardless.. and I think fortnite and a couple others have balked at that and got kicked out..
my DDG first result suggests Matt asked for 8% of wp-engine revenues..
and given that automattic/wp does WAY more for enhancing and securing the actual thing that their users use, compared to what Apple does for fortnites code..
seems that the parallel the author attempts to draw with Apple and it's store is hilarious- it actually shows that Matt is asking for less and providing more to wp-engine.. way more.
But silently redirecting the users to yourself is practically unheard of, and it is indeed a red line.
If you don't like your open source work being used by others to do for-profit things then don't license it as GPL or don't open source it to begin with. You can't retroactively come out and complain after the fact once you've already given all your IP away and made it abundantly clear that "WP" isn't a trademark, and BY THE WAY the jurisprudence on trademark law makes it difficult to even try to claim a trademark or servicemark from two letters put together!
That is simply terrible behavior, one that impacts users, not just WPEngine. I personally will never use Wordpress again because of this.
If you want to contribute your own take to the discussion, you'd have to... You know, develop a take of your own; not just regurgitate his.