EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.31.13

Back Door (Automatic Update) in WordPress and What It Means to Techrights

Posted in Site News at 8:21 am by Dr. Roy Schestowitz

Matt Mullenweg

Author: Ronny Siegel

Summary: Techrights is moving to Drupal now that WordPress introduces back doors as part of the core package

Techrights was always a WordPress-based Web site. I have been with the WordPress for nearly a decade and I met its co-founder (Mike Little) for coffee about 8 years ago, back when I was more actively involved in the development side. That was around the time this Web site started. It used WordPress 2.0 for quite a few years (and since the very start) because this version was a long-term support release (as required for inclusion in Debian GNU/Linux software respositories). Contrary to some smears and lies, Techrights never got cracked in any way whatsoever. It’s build very securely and only DDOS attacks took it down. Around 2009 there was an upgrade which resulted in very little change to the site’s appearance as consistency was a priority. In response to DDOS attacks it also added a cache proxy and more CPU cores. To the outsider (visitor), this site today looks very similar to how it looked 7 years ago. But this aging look makes it less suitable for its breadth. In fact, a blogging platform was outgrown when we added a Wiki (later in the same year) and now we deal with issues of organisational nature. WordPress has just had a release with automatic updates [1,2] (security risk in itself, but it’s toggled off by default, for now) and there is already a bugfix release [3], which in many cases will get installed automatically even though it has no security-related fixes. This can be risky if the update mechanism gets hijacked (as has happened before to other companies). Governments can compel companies to misuse this mechanism or secretly take over it* in order to install Trojan horses in the background (targeting particular sites). In any event, automatic updates come with risks that are backdoor-like; Drupal, a European project, does not have this issue, at least not yet. The front page of this site is now Drupal-powered and it is a sign of things to come. The plan is — one way or another — to make Drupal the primary component of the site without disrupting or even changing the old pages. The transition can be slow, but we’re determined to make it happen.

____
* The NSA is good at covert action and Automattic would be easy pickings for it, not just because it’s US-based (packets can be sniffed and decrypted for passwords). While I have enormous trust and respect for Matt Mullenweg, who is a charming man of integrity, I very much doubt he can challenge his government technically and legally. An intervention-free remote update mechanism is a trade-off between security and so-called ‘national security’ (the oppressors’ power). Remember that WordPress got backdoored once before (core — not plugins — in version 2.1.1). Linux too was a victim, a few years earlier (it was developed and hosted in the United States at the time). The very existence of backdoor-like mechanism is begging to be abused. Experience teaches that it does get abused, and far more often than most of us choose to believe. The more subversive sites become, the bigger a target they become for authorities’ ‘legalised’ cracking teams.

Related/contextual items from the news:

  1. WordPress 3.7 introduces automatic updates

    The WordPress team has announced the release of version 3.7 which makes WordPress more secure. The release is named “Basie” in honor of Count Basie.

  2. WordPress 3.7 Debuts, Improving Security for Millions
  3. WordPress 3.7.1 Maintenance Release
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Wednesday, October 21, 2020

    IRC logs for Wednesday, October 21, 2020



  2. Living Humbly (With Older Technology or None) is More Compatible With Privacy- and Freedom-Respecting Technological Lifestyle

    Simplicity sometimes trumps so-called 'novelty', especially when it comes to human rights and users' freedom



  3. Reasons Why You (and Everybody Else) Should Join the Fight for Software Freedom

    Society is being closely watched and controlled (more so during/after the latest pandemic) and people must carefully consider the true importance of resisting proprietary technology (controlled remotely by state actors)



  4. Ways and Means to Reduce One's Dependency on Google's Various Monopolies and Near-Monopolies

    Getting rid of Google means a lot more than embracing DumbDumbGo (DDG) or some other sites that spy just like Google; we're taking stock of some options



  5. The European Commission is Still M.I.A. Regarding EPO Corruption (and the EPO's Management Plays Dirty, as Always)

    There's no change in the EU; the EUIPO and EPO enjoy complete and total immunity/impunity, with the Commission being manned by those who are deeply complicit



  6. 10 Reasons Why All This 'Edge for Linux' Coverage is a Total Farce

    The fake hype surrounding "Edge" is an inauthentic hype/buzz campaign made to coincide with anti-Google sentiments spread by Microsoft front/pressure groups



  7. Microsoft's IIS Has Collapsed Again This Past Month (and IIS Will Not and Cannot Survive This Way)

    Netcraft shows that Microsoft's decline further accelerates in the Web servers space; IIS is becoming financially unviable



  8. Links 21/10/2020: Alpine 3.12.1, Tor Browser 10.0.2

    Links for the day



  9. [Meme] US Department of Justice Should Have Taken on Microsoft Again, Not Google

    When lobbying, connections and political sway determine the actions of the American government it's hardly surprising that Bill Gates gets the Trump administration to fight for him (to make him even richer)



  10. [Meme] Banning Words, Gaslighting Volunteers

    What happens when institutions are themselves in violation of a CoC (institutional violation) and massive corporations that fund such institutional violations are defending demonisation of the individual (squashing ‘uncomfortable’ voices, even volunteers’)



  11. IRC Proceedings: Tuesday, October 20, 2020

    IRC logs for Tuesday, October 20, 2020



  12. Links 21/10/2020: $8000 GNU/Linux Desktop, Tails 4.12, Open Infrastructure Foundation and Firefox Release

    Links for the day



  13. Never Feed the Internet Trolls, No Matter How Tempting It Becomes

    The tactics for removing critics of abuse (by framing them as "abusive") have evolved a lot in recent years; the best course of action is to never entertain provocateurs in any way whatsoever (just ignore them, give them no attention which they crave and feed on)



  14. Bill Gates: “I'm Not a Lawyer” (He Dropped Out of College, Where He Studied Law Before and After Breaking the Law Chronically)

    How Microsoft blackmailed other companies into supporting nothing but Microsoft and Windows; Bill Gates repeatedly lied to the interrogators about it, then said "I'm not a lawyer" (IANAL) even though he went to college to become one, just like his father who died last month



  15. Microsoft Has Not Changed Since Being Investigated (and Prosecuted) for Crimes at a Federal Level

    The media keeps telling us a bunch of worthless junk about Gates "saving the world" and Microsoft becoming a "nice" and "gentle" (or "soft") company, but nothing could be further from the truth



  16. Stick a Fork in the Open Source Initiative (OSI). OSI is Dead. Microsoft Bought OSI.

    OSI leadership proudly showing early signs of 'prognosis negative'; the OSI can never and will never recover from this; Microsoft killed it



  17. Links 20/10/2020: OpenZFS 2.0 RC4 and Trisquel GNU/Linux 9.0

    Links for the day



  18. People With God Complex Must Never be Allowed in Positions of Power

    The attack on Linus Torvalds — an attack which at his own expense/peril he fails to recognise/acknowledge — seeks to put both projects that he founded right in Microsoft’s palm



  19. IRC Proceedings: Monday, October 19, 2020

    IRC logs for Monday, October 19, 2020



  20. Corporate Media: GNU/Linux Can Only Succeed If/When Microsoft Dominates Everything Inside It

    The corporate takeover (or handover) of GNU/Linux would not have been possible without complicity of corruptible (bribed) media



  21. Bill Gates Explains How Microsoft and Apple Leverage Software Patents in Their Cross-Licensing Deals (to Perpetuate Duopoly/Shared Monopoly)

    A look back at Apple's and Microsoft's use or misuse of bogus software patents in bargaining (in effect excluding those who have not amassed tens of thousands of patents)



  22. Standards and Choices

    GNU/Linux is a very standards-based platform; having lots of choices (e.g. distros to choose from) isn’t the principal problem — or nowhere near the extent sabotage and illegal tactics by Microsoft have been



  23. IBM's “Emb(RACE)” Campaign is an Insult to History and Historians

    IBM wishes to be seen as some heroic saviour and warrior for black girls; this requires serious if not torturous revisionism to be believed



  24. There Are Too Many Types of Cars...

    "Choice is malicious," say the antagonists



  25. Reversal of Narratives by Internet Trolls (Spinning Reaction to Their Trolling as 'Abuse')

    Organisations that engage in demonisation of people (typically those who expose the abuses of such organisations) somehow evade the standards of Codes of Conduct, as if Codes of Conduct are covertly designed not to protect individuals but to empower those who already have all the powers (or front for powerful people/corporations)



  26. Ongoing (Albeit Secret) Campaign of Patent Extortion Against GNU/Linux Distributions Using Software Patents, Even Expired Ones in Europe

    GNU/Linux distros attacked by software patents, even in Europe where no such patents are supposed to exist (or have any legal bearing)



  27. Links 19/10/2020: Linux 5.9-ck1/MuQSS, Linux Kodachi 7.3

    Links for the day



  28. Java's James Gosling is Wrong. Free Software Advocates Never Suggested or Insinuated That Money-Making Was Ethically Wrong.

    The honorable James Gosling mischaracterises the stance of Free software advocacy, portraying it like it is an issue of money rather than respect for users



  29. Maybe This is What Codes of Conduct Were Made for? Or to Prevent? (Updated)

    When people bemoan the abuse they receive from a so-called 'anti-harassment' team (covering up corporate corruption in a project by ousting people) this is the kind of thing they receive from colleagues or former colleagues



  30. Media Contradicts Itself, Redefines Proprietary Software as 'Open'... for Microsoft

    Proprietary GitHub is being spun as Microsoft going "open" (nothing could be further from the truth) in another EEE-type move with diffusion and confusion


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts