Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-04-01 08:03:45

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

WP theme site ddos-ing competitors

It’s a tough world out there.

I’m so glad I found Txp when I did and stayed with it. And I’m very grateful to all those at the helm of it over the years, who have made conservative and wise decisions to keep it what it is. You know who you are. You know what I mean. I don’t think Dean could have done better, in retrospect. More popularity would have been more hassle on many levels. Things have worked out just fine. In the race between the tortous and hair, Textortous is looking good. Slow, steady, and long-term.

Offline

#2 2019-04-01 08:38:23

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,190
Website

Re: WP theme site ddos-ing competitors

Destry wrote #317425:

I’m so glad I found Txp when I did and stayed with it. […] Textortous is looking good. Slow, steady, and long-term.

This and that + 100. many (many) thanks to the few people (you do know who you are) who have coded TXP over the years, without bloat, without being everything except the kitchen sink.

ps – not the first time I hear about questionable (ahem) behaviour in the WP eco-system.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#3 2019-04-01 11:26:38

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,447
Website GitHub

Re: WP theme site ddos-ing competitors

I’m glad I found Txp too when I was hunting for a CMS back in 2006.

The behaviour of pipdig is deplorable in any sense of the word, despite their vague assurances of retribution against hackers and whatnot. Unfortunately, this is endemic of the “just make it work, dammit” culture. Who checks code? Who knows what’s going on when you hit that Install button?

I’m guilty on my phone to a degree. Even though it’s rooted, I still only have limited understanding of what goes on under the hood. Compared to a PC where I can build one from scratch and have a working knowledge of at least enough of the manner in which the OS works, phone OSs are a black box. Why is the “essential” Google Play Services routinely drawing 35% of the battery drain compared to only 13% a few weeks ago? Damned if I know what nefarious tech is going on as a “service” to me or to deliver a “feature” I didn’t know I needed in a recent update. All I know is it pisses me off to have to charge the battery twice as often.

Similarly, if the update mechanism for WP plugins is automatic and – crucially it seems – outside the domain of WordPress itself with a direct link to the manufacturer of the code, content can be silently pushed and few will know what the code in an update does.

That’s another of the reasons I don’t like auto-update for plugins. We have grand plans for improving plugin support channels but none of them require a feature that automatically updates plugin code. Notification, sure. Verification step prior to install, with code displayed: absolutely. But silent install? Nope.

Of course, it’s technically possible to do this from within a plugin and we have no control over that, but we would actively discourage users from doing that and do not plan to build bypass mechanisms into the core. If any plugins employ such mechanisms, please let us know.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#4 2019-04-01 18:07:27

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: WP theme site ddos-ing competitors

I hadn’t heard about any of this. What a mess.

Even more so because they seem to have been really good at customer service and so have a lot of non-technical users rushing to their defense.

It is actually worse than ddosing competitors, though. According to someone who looked at the code, they can actually use it to remotely delete a blog they don’t like.

Offline

#5 2019-04-01 18:17:36

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: WP theme site ddos-ing competitors

Bloke wrote #317438:

Similarly, if the update mechanism for WP plugins is automatic and – crucially it seems – outside the domain of WordPress itself with a direct link to the manufacturer of the code, content can be silently pushed and few will know what the code in an update does.

I didn’t think you could autoupdate plugins in WordPress but it is possible to set that up.

How to Enable Automatic Updates for WordPress Plugins

And looking at it, this is a serious security flaw. You add a line of PHP code to the functions.php for a specific theme. Which many users probably never look at when they are buying a theme. Which allows a potentially unscrupulous developer to include it.

Offline

#6 2019-04-01 20:41:52

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: WP theme site ddos-ing competitors

michaelkpate wrote #317443:

I didn’t think you could autoupdate plugins in WordPress but it is possible to set that up.

Which allows a potentially unscrupulous developer to include it.

count on it


…. texted postive

Offline

Board footer

Powered by FluxBB