- cross-posted to:
- [email protected]
- technology
- [email protected]
- cross-posted to:
- [email protected]
- technology
- [email protected]
I got lost in this wordpress thing. Tried to read few (probably low quality informed-as-I-am) articles and now I’m even more lost. Can someone ELI5 what’s going on, who’s the good guy, who’s the bad guy, whether wordpress (product) is to be avoided, etc. Thank you.
Tl;Dr is that matt mullenweg saw that other people were making money from free open source software, and his capitalism boner is trying to fuck everyone over.
He has control over both WPEngines competition and the non-profit Foundation, and is using his Foundation position to try extort his for-profit company’s competition. Typical CEO behaviour.
This isn’t accurate. The issue is that part of that open source software is using non-open source APIs which are paid for by the WordPress Foundation. Making money off open source software is harmless and AFAIK he has no issues with that. However, using an enormous amount of resources where your foundation needs to pay $$$$$ for without contributing anything is what this is about.
The same issue is with Linux, for example. The OS is open source, but the repositories are hosted be e.g. Canonical, which needs to pay to maintain them and for the enormous amount of bandwidth and usage from people updating their packages. That isn’t free.
It’s very common for companies which fork Ubuntu / Debian to contribute back in some meaningful way, whether that’s source code or donations.
WP Engine doesn’t contribute anything.
This buries the lede quite a bit.
Mullenweg effectively runs both the non-profit organization Wordpress.org and is the CEO of Automattic, a for profit conpany that sells support for Wordpress (and a direct competitor to WPEngine).
A large part of Wordpress functionality is kept behind an Automattic plugin that forces any Wordpress site using it to collect telemetry/data for Automattic.
The update servers for Wordpress plugins are hardcoded to use Automattic’s servers, and this is not configurable or changable unless you modify the Wordpress source code itself.
With Mullenweg’s position over both the non-profit org and Automattic, he has direct control over these choices. If he’s doing this for the sake of open source, why is he gating things that should be core functionality behind a data collection scheme? If there are problems with load on the update servers, why has no effort been made to allow the community to host update servers themselves that check update hashes against Automattic? That would significantly reduce the load on the for-profit resources (that you called APIs). At the very least, the setting needs to be something exposed to the user and configurable without modifying the source code. Otherwise he’s complaining about a problem he has created.
It’s also worth noting that at no point has Mullenweg tried to set up any sort of free vs paid tier of access to his update servers. This is a specifically targeted campaign. He has also not publically provided evidence of the increased load by WPEngine despite publically shooting off about a ton of other things that would be best saved for the courtroom.
Mullenweg has also publicly stated some very questionable things about how the resources of the non-profit and his for-profit are intermingled, which may have some legal repurcussions. But that’s more of a footnote.
Wordpress’s license makes explicit exception to copyright to allow anyone to use “WordPress” or “WP”.
The initial reasoning (and I believe the lawsuit) for Mullenweg’s attempt to claim 8% of all WPEngine profit, is explicitly based on the claim that they are breaching copyright due to their use of “WP”.
So while I agree that lack of upstream contribution and the amount of load on the upgrade servers are important and valid reasons to try and seek some contribution, that is not the angle he took to start this.
At one point during all of this, he switched off the WordPress plugin update servers for all users with no warning.
Now he’s done a direct hostile takeover of his competitor’s plugin. Of the two security issues, WPEngine disclosed both of them themselves and had already fixed one. There was no evidence that they were going to stop and not fix the other, and the issue is of questionable severity. The main change Automattic did to the plugin was to remove the code that checked for an upgraded/upsold license, effectively cracking the plugin to offer paid features for free.
With the long history of WordPress, I find it incredibly hard to believe that there are not a considerable number of other plugins containing upsells, so the implication that those somehow are in violation of terms is weak.
In my opinion, we have someone in the perfect position to make changes to ensure the upgrade server load (the only quantifiable reason for all this mess) never would have been able to be a problem in the first place. He has singled out the largest competitor to his own for-profit company and targeted them specifically instead of announcing blanket changes that would apply to anyone causing their level of load on his systems. He has taken incredibly poorly thought out and reactionary steps intended to spank his competitor that have had far larger negative effects for the rest of his users and customers. He has and continues to make very piblic statements that any sane lawyer would tell him to keep his fucking mouth shut about. Now he has once again singled out his largest competitor, taken one of their paid products, and modified it to be free rather than creating his own implementation with the problems fixed and no upsells.
Matt Mullenweg has not done anything explicitly evil, wrong, or super obviously illegal. But he’s doing a hell of a lot of very concerning and questionable things when he had every opportunity to prevent any of this from ever being a problem in the first place.
I have no love for WPEngine, but Matt isn’t a saint and is ridiculously mismanaging all of this.
Just want to point out, that apparently WordPress.org is not owned by the foundation but rather Matt himself, which many people are confused about. It should probably not be used as a stand-in way to refer to the foundation.
https://www.pluginvulnerabilities.com/2024/09/30/who-owns-the-wordpress-website-and-wordpress-org/
Matt Mullenweg Apparently Personally Owns the Website
The author of the post quoted in the previous section seems to treat it as a given the Matt Mullenweg owns the WordPress website. The closest we have found to confirmation of that is screenshots apparently from a WordPress Slack were he apparently wrote this:
W.org belongs to me, it’s not part of the foundation or any trust, I run it in an open way that allows lots of folks to participate but they don’t own it.
And this:
I have direct and root access to the account (and everything on w.org) because I started it.
Matt Mullenweg has not done anything explicitly evil, wrong, or super obviously illegal.
That’s hell of a twist at the end. I would argue he did all of that and may be looking at jail time.
I don’t think there’s a good guy. Both parties suck here.
I mean, one was always for-profit and didn’t try to hide it. WPE is within the rights to do that. Meanwhile, Matt preaches open-source while acting like a manchild and showing just how controlled it all is by him alone. The only real brand being tarnished is WordPress. I’ve seen more people say their next site will be with a different CMS. Sad.
From what I understand, WordPress has been attacking WPengine more or less out of nowhere and is trying to destroy their business because their product competes with Wordpress.com (for many, many years now)