Wordpress.org released Secure Custom Fields "PRO" version with ACF pro features
59 points by ValentineC a day ago | 47 comments
  • KolmogorovComp a day ago |
  • AstroJetson a day ago |
    Ugg. I'd like to hope that Matt had hired better legal advice.

    But that didn't happen. Matt this isn't going to end well for anyone. The first rule of holes is "STOP DIGGING" Can you put down the shovel for awhile and try talking to people?

  • legitster a day ago |
    It will be interesting when Matt changes his story yet again and issues yet another non-apology.

    At this point I'm honestly surprised there are not criminal charges. Just blatantly stealing another business's property/storefront, and then threatening to do the same to other businesses is a shockingly brazen thing to do.

    • pixxel a day ago |
      > Just blatantly stealing another business's (WP Engine) property/storefront

      Context: WP Engine is controlled by Silver Lake, a private equity firm with $102 billion in assets under management

      • angoragoats a day ago |
        Your statement is both true and not at all relevant to the parent comment.
        • cdolan 20 hours ago |
          People love to hate private equity

          Somewhere between $1m and $102b you become the enemy

          • angoragoats 19 hours ago |
            Yes, sure. It's still not relevant to what the parent comment said.
      • kmeisthax a day ago |
        Addl. Context: Matt Mullenweg was invested in WP Engine before Silver Lake bought him out.
      • legitster 20 hours ago |
        Automattic is owned by a group of private investors worth trillions of dollars.

        The "private equity" angle is a rhetorically meaningless point made by an out-of-touch bully trying to put a moralistic spin on his own greed.

    • cosmotic a day ago |
      What exactly was stolen?
  • daft_pink a day ago |
    It’s just whatever for most people using Wordpress is the most practical thing and who cares about wpengine.
    • oysterville a day ago |
      Quite the broad paint brush. Many of us will look at a train going off of the rails and make different travel plans.
    • noirbot a day ago |
      Do you not think the endgame of this is to funnel everyone to Automattic and then raise the rates now that he's exerted a monopoly over Wordpress hosting? Because at this point, I don't see what other exist he has here. This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.
      • defnotai 20 hours ago |
        I doubt this, there are dozens of hosting options for WP out there.

        I think he was threatened by WPEngine’s approach as a more popular offering than Wordpress.com and decided to go scorched-earth on them instead of trying compete on the merits of their product. He’s threatening anyone that tries to build bespoke hosting with extra tools like ACF.

      • kmeisthax 19 hours ago |
        > This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.

        Automattic doesn't own WordPress, for two reasons:

        1. WordPress is a fork of b2/cafelog, developed by Michel Valdrighi, and that fork was made under GPL terms

        2. WordPress does not have a contributor license agreement or other policy that would require licensing or assigning ownership of upstream contributions to Automattic in a way that would allow them to shirk their responsibilities under the GPL

        They're betting on those bankrupting lawsuits never coming because the plaintiffs can't afford to front them. That's a common risk calculation made by private equity owned companies - of which Automattic is also one[0], they're owned by BlackRock.

        Automattic does not have a monopoly over WordPress hosting. They bullied several of the major players in the managed WordPress space into paying trademark licensing fees. WP Engine, being exactly the kind of skinflint operation Matt accuses them of, didn't pay up, but they're absolutely going to stick around. The worst thing Matt can do is extract damages and demand a rebrand (since, well, "WP Engine" really does sound like "WordPress Engine"). He can't legally prevent anyone from hosting WordPress.

        [0] Yes, every accusation really is a confession.

  • hi_hi a day ago |
    Legalities aside, isn't this the end game for most profit driven companies? Isn't Matt just doing his job here, trying to drive an increase in revenue?

    I'm not saying I like it, but, ethics aside (and lets not play dumb here, when do ethics drive business, unless it affects profit), I'm struggling to understand all the outrage over his actions?

    • tliltocatl a day ago |
      Not behaving in such a way that will cause people to avoid you in the future isn't about ethics. It's about reputation.
      • hi_hi 20 hours ago |
        Don't ethics and reputation go hand in hand?
    • noirbot a day ago |
      But the legalities are the important part of this. You may as well say "Legalities aside, robbing your competitors at gunpoint is a good idea, if unethical". He's essentially setting up a system where if you ever make too much money off of his project, he's very willing to extort you and do plenty of unethical and likely illegal things to you. That's extremely important to the considerations of companies who may be interested in going into business with Wordpress.
      • pessimizer 21 hours ago |
        Pretty sure "legalities aside" was meant to mean "without any comment on the legalities" not "throw the legalities aside!"

        When you say "likely illegal" you're trying to talk about legality without knowing about legality.

        • axelthegerman 20 hours ago |
          I have no clue what you're trying to say or add to the parent comment.
        • noirbot 16 hours ago |
          Sure, but saying "isn't this just what any capitalist would do" necessarily demands a discussion of the legalities. Trying to ignore if it's legal or not in a discussion of if it's a normal end game for all companies is absurd. If it was legal to murder your business rivals, then sure, it would likely be fairly normal to do so, but it's not, so what's the point of mentioning it?

          The outrage over his actions is specifically because it's likely not legal or ethical. Compare to the stuff Tim Sweeney is doing in his fight with Apple - he's done a lot of stuff that I would say is decidedly unethical, but understandable. It's also things where he's willing to pay the costs of doing it. Matt seems to fully believe this is legal, ethical, and completely justified and deserves to be lauded.

    • viraptor 20 hours ago |
      There's lots of companies with leadership that prioritises ethical approach. It's sad that people don't realise it these days / think it's that uncommon. (I've read this opinion here at least 3 times recently)
      • hi_hi 17 hours ago |
        I wasn't suggesting there weren't ethical companies. Indeed, I would hope, given the amount of companies out there, some high percentage of them were ethical. I agree they are overshadowed though.

        I would probably add it's hard to know if a company is acting ethically (whatever that means) or not, unless there's some kind of formal certification which does this?

    • axelthegerman 20 hours ago |
      Except that for profit companies usually stay within the legal limits - or if they don't their smart and calculated about it.

      This guy is just going nuts and most likely non of his actions would be looked at favourably in any legal dispute.

      And if the most likely outcome of a legal dispute is loosing then that's not really a good way to try increasing revenue/profits.

      On top of that if your business is founded on open source and you're behaving like this you're destroying that whole foundation - and burning the whole thing down likely won't increase and profits either

    • karaterobot 20 hours ago |
      Destroying your company's brand is not the end game for most profit-driven companies. It's usually the end state, to be fair, but an end game is something you're trying to achieve, not something you're bungling you way into like this.
  • throwaway888abc a day ago |
    Isn't this theft ?
    • kmeisthax 21 hours ago |
      Morally, kind of.

      Legally, even taking the whole "copyright infringement equals theft" attitude at face value, it's not, because WordPress is GPL and GPL explicitly forbids adding new restrictive terms to the license, and also forbids combining it with more restrictively licensed code. In fact, in the past, Automattic did to Envato what they did to WP Engine specifically because Envato had taken the position that nulled plugins are infringing.

      Of course, Automattic is now suing Festingervault for hosting nulled plugins, because Matt Mullenweg doesn't have principles, he has emotions.

      • beeboobaa6 21 hours ago |
        It's a plugin, not a modification of WordPress. Wordpresses license is irrelevant.
        • viraptor 20 hours ago |
          Plugins as code that is integrated with WP are still required to be GPL-compatible. Unless you want to connect to your plugin through some layer of networking and a GPL licensed proxy, your plugins need to be open as well.

          Specifically running something as basic as register_activation_hook() means you're linking with WP-provided code.

        • jazzyjackson 20 hours ago |
          Whether a plugin is standalone or a combined program (and therefore a derivation) is apparently a matter of debate. Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress. [My read of 0] This is intuitive enough for me, if you can't use my plugin without WordPress, then really what I'm shipping is WordPress + my changes.

          However, some plugins are distributed with a "split license", the php that integrated with WordPress is GPLd, but JavaScript, css, other assets are under a different license. [1] I don't think this has been tested in court one way or another. Matt of course considers this heresy [2]

          [0] https://www.gnu.org/licenses/gpl-faq.en.html#GPLPlugins

          [1] https://www.contentpowered.com/blog/wordpress-plugins-free-g...

          [2] https://ma.tt/2015/07/licenses-going-dutch/?utm_source=perpl...

          • dragonwriter 20 hours ago |
            > Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress.

            Given that reimplementing an API for interoperability is at least sometimes not a violation of copyright (see, e.g., Oracle v. Google), using a datastructure defined in a piece of software providing a plugin API to interoperate with it cannot make the resulting software exist only as a combination with the software providing the API, since it relies only on some software providing the same API, not necessarily the particular software that originally provided the API.

        • kmeisthax 19 hours ago |
          The GPL is strategically ambiguous as to the meaning of the word "program" and "combine". The licensing terms could be taken to be relative to UNIX concepts like processes, since Stallman had a very UNIX-centric worldview; but the FSF has been very clear that they consider "program" to be more expansive a definition than that[0].

          While there are some cases in which two GPL programs could be said to live in the same address space[1] (or PHP interpreter), WordPress plugins are very much designed to integrate with WordPress and modify its behavior. From a copyright perspective, that smells awfully like a derivative work, and thus all the usual GPL licensing language and copyleft would apply here. Ergo, I'm writing these opinions under the assumption that WordPress plugins have to also be GPL.

          [0] For example, they consider proxying out to a separate network service to not escape the bounds of a GPL "Program".

          [1] It's very rare nowadays to see separate programs live in the same address space. Classic Mac OS did this; but I don't think anyone is going to take someone to court over retrocomputing hobbyist software. Linus argues that you can have proprietary kernel modules as long as they only touch user-mode API stuff, but that's because they have a specific licensing exception that makes the UAPI outside the bounds of the GPL copyleft. The web is the only place where you could have GPL Programs coexist within the same isolation boundary.

      • jkaplowitz 21 hours ago |
        Even if the GPL does apply to Wordpress plugins, one of the comments in the linked Reddit thread notes he’s stripping out WP Engine copyright notices in this hijacked plugin. The GPL does not allow him to do that.
      • 3np 21 hours ago |
        What do you mean by "nulled"?
        • malfist 20 hours ago |
          Checks for activation have been null routed so they always succeed. Common way to crack software protections
      • flutas 20 hours ago |
        He is removing copyright notices from it, which...yeah not at all legal.
  • dotancohen a day ago |
    The Secure Custom Fields extension page [1] states this:

      > Features
  > - Millions of Users
    And also states this in the sidebar:

      > Active installations: Fewer than 10
    That seems to support the accusations that this code is simply the nulled version of ACF's paid extension.

    [1] https://wordpress.org/plugins/secure-custom-fields/

  • ChrisArchitect 21 hours ago |
  • DamnInteresting 21 hours ago |
    I have a Wordpress site I've been operating since 2005. In recent days I've seen notifications that a Wordpress core update is available, and I find myself very reluctant to install it. I no longer trust this organization. But I also don't want to fall behind on security updates. What an unnecessary mess.