Most active commenters
  • maxbond(6)
  • that_guy_iain(3)

←back to thread

ACF Plugin no longer available on WordPress.org

(www.advancedcustomfields.com)
221 points michaelcampbell | 12 comments | 13 Oct 24 15:44 UTC | HN request time: 0.204s | source | bottom
1. maxbond ◴[13 Oct 24 19:43 UTC] No.41830919[source]
To me this is indistinguishable from an account takeover attack executed by an insider. I doubt any prosecutor would be interested, but to my eyes WordPress.org has violated the CFAA by accessing WordPress instances outside the bounds of their authorization. They were authorized to modify WordPress instances in ways ACF prescribed, not in ways of their own choosing.

I'm not saying I'd like to see Mullenweg in chains, I wouldn't. But WP.org's escalating legal exposure is really concerning. I feel like we're at risk of losing a cornerstone of the web. People are talking about a different open source CMS eating their lunch, but I think the more likely scenario is that people move to Square Space, Wix, Facebook, et cetera, and open source content management becomes niche.

replies(3): >>41831345 #>>41832352 #>>41833355 #
2. btown ◴[13 Oct 24 20:34 UTC] No.41831345[source]
IMO it's also notable that Mullenweg is in this state of mind and also has access to Tumblr data, with a history of allegedly doxxing the relationships between anonymous user blogs based on non-public information [0]. One doesn't need to agree with the moderation decision, or take sides on the political context around it, to understand that there is a tremendous amount of centralized power here, that norms are going out the window, and that an entire ecosystem is at risk.

[0] https://techcrunch.com/2024/02/22/tumblr-ceo-publicly-spars-...

replies(1): >>41831650 #
3. maxbond ◴[13 Oct 24 21:12 UTC] No.41831650[source]
In hindsight this should've been all the warning anyone needed.

In the future, when a BDFL telegraphs that they're willing to abuse their powers like this, we need to fork immediately. Open source is more important than any single project or any single BDFL. We can't allow open source to appear risky or unreliable relative to proprietary software, subject to the whims of volatile personalities.

Open source is kind of like libraries - an institution for the collective good people managed to erect in the past that would be neigh impossible to replicate today. Imagine convincing companies in any other industry to collaborate openly and freely with their competitors merely because it's good for society as a whole. You'd be labeled a socialist and laughed out of the room.

If we lose it, it's probably gone for good.

replies(1): >>41832418 #
4. RadixDLT ◴[13 Oct 24 22:39 UTC] No.41832352[source]
people will move to drupal
5. LamaOfRuin ◴[13 Oct 24 22:49 UTC] No.41832418{3}[source]
Companies don't, as a rule, do this in software either. They make projects open source or contribute to open source projects because it's good for them. This is just as true in other industries. This is how every industry standard and protocol or similar works. It is beneficial to the participating companies and does not threaten them.
replies(1): >>41832769 #
6. maxbond ◴[13 Oct 24 23:49 UTC] No.41832769{4}[source]
It's not that they don't benefit from collaborating, it's that they don't benefit as much as they could by demanding a royalty or licensing fee. Why shouldn't they? Everyone expects to be paid for their services. They're leaving money on the table for the benefit of the public at large.

Most of the "open" standards from other industries that I'm familiar with require a license, and certainly aren't open to participation by anyone and everyone. Let alone allowing you to modify and redistribute them.

But in software we've created a culture with different expectations. And I don't think we should take that for granted.

7. that_guy_iain ◴[14 Oct 24 01:31 UTC] No.41833355[source]
Well, they're literally getting sued with one of the counts being computer fraud so it's going to end up in front of a judge at some point.
replies(1): >>41833468 #
8. maxbond ◴[14 Oct 24 01:52 UTC] No.41833468[source]
I doubt the case will make it to trial. I think they'll be settling in the next few weeks. But I did double check, and you're right of course, the complaint does allege they violated the CFAA when they cut off access from WP.org infrastructure.
replies(1): >>41839536 #
9. that_guy_iain ◴[14 Oct 24 17:10 UTC] No.41839536{3}[source]
Matt isn't going to settle. Automattic while Matt is in charge is not going to settle. And the lawsuit will be cheaper for WP Engine to take to trial than giving in to the demands. And considering what Matt has done the past few weeks, I really can't see WP Engine being in the mood to settle anytime soon.
replies(1): >>41840288 #
10. maxbond ◴[14 Oct 24 18:18 UTC] No.41840288{4}[source]
We'll have to see. I could certainly be wrong. But I doubt WP Engine has qualms about settling (given the right terms) and I imagine Mullenweg will start receiving big invoices for lawyers that tell him they aren't confident they'll win at trial. He may not have much of a choice.

But anything can happen. If 12 weeks passes and the suit is ongoing, then I'll be happy to admit I was wrong.

replies(1): >>41840507 #
11. that_guy_iain ◴[14 Oct 24 18:40 UTC] No.41840507{5}[source]
This won't be going to trial in 12 weeks. The discovery alone is going to be massive considering what has happened.

I'm pretty sure Matt has been dropped by one law firm, he's also had the chef lawyer for Automattic accept a buyout which I think is fair to assume this drama is the reason. Automattic's current in house lawyer commented on here that lawyers can't control their clients. Which I think is fair to assume that Matt is ignoring legal advice. Matt already knows this lawsuit is going to cost millions. And he's pouring petrol on it.

replies(1): >>41840585 #
12. maxbond ◴[14 Oct 24 18:48 UTC] No.41840585{6}[source]
I misspoke, I meant if the suit was ongoing.