10.31.13

Gemini version available ♊︎

Back Door (Automatic Update) in WordPress and What It Means to Techrights

Posted in Site News at 8:21 am by Dr. Roy Schestowitz

Matt Mullenweg

Author: Ronny Siegel

Summary: Techrights is moving to Drupal now that WordPress introduces back doors as part of the core package

Techrights was always a WordPress-based Web site. I have been with the WordPress for nearly a decade and I met its co-founder (Mike Little) for coffee about 8 years ago, back when I was more actively involved in the development side. That was around the time this Web site started. It used WordPress 2.0 for quite a few years (and since the very start) because this version was a long-term support release (as required for inclusion in Debian GNU/Linux software respositories). Contrary to some smears and lies, Techrights never got cracked in any way whatsoever. It’s build very securely and only DDOS attacks took it down. Around 2009 there was an upgrade which resulted in very little change to the site’s appearance as consistency was a priority. In response to DDOS attacks it also added a cache proxy and more CPU cores. To the outsider (visitor), this site today looks very similar to how it looked 7 years ago. But this aging look makes it less suitable for its breadth. In fact, a blogging platform was outgrown when we added a Wiki (later in the same year) and now we deal with issues of organisational nature. WordPress has just had a release with automatic updates [1,2] (security risk in itself, but it’s toggled off by default, for now) and there is already a bugfix release [3], which in many cases will get installed automatically even though it has no security-related fixes. This can be risky if the update mechanism gets hijacked (as has happened before to other companies). Governments can compel companies to misuse this mechanism or secretly take over it* in order to install Trojan horses in the background (targeting particular sites). In any event, automatic updates come with risks that are backdoor-like; Drupal, a European project, does not have this issue, at least not yet. The front page of this site is now Drupal-powered and it is a sign of things to come. The plan is — one way or another — to make Drupal the primary component of the site without disrupting or even changing the old pages. The transition can be slow, but we’re determined to make it happen.

____
* The NSA is good at covert action and Automattic would be easy pickings for it, not just because it’s US-based (packets can be sniffed and decrypted for passwords). While I have enormous trust and respect for Matt Mullenweg, who is a charming man of integrity, I very much doubt he can challenge his government technically and legally. An intervention-free remote update mechanism is a trade-off between security and so-called ‘national security’ (the oppressors’ power). Remember that WordPress got backdoored once before (core — not plugins — in version 2.1.1). Linux too was a victim, a few years earlier (it was developed and hosted in the United States at the time). The very existence of backdoor-like mechanism is begging to be abused. Experience teaches that it does get abused, and far more often than most of us choose to believe. The more subversive sites become, the bigger a target they become for authorities’ ‘legalised’ cracking teams.

Related/contextual items from the news:

  1. WordPress 3.7 introduces automatic updates

    The WordPress team has announced the release of version 3.7 which makes WordPress more secure. The release is named “Basie” in honor of Count Basie.

  2. WordPress 3.7 Debuts, Improving Security for Millions
  3. WordPress 3.7.1 Maintenance Release
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 06/06/2023: Angie 1.2.0, New EasyOS and EndeavourOS Released

    Links for the day

  2. Gemini Links 06/06/2023: OpenKuBSD, GrapheneOS, and More

    Links for the day

  3. Links 06/06/2023: OpenSUSE Plans for Leap

    Links for the day

  4. Gemini Links 06/06/2023: Bubble 4.0, Neutral News, and Older Bits

    Links for the day

  5. IBM's War on Open (Look at the Pattern of Layoffs at Red Hat)

    By abandoning OpenSource.com and OpenOffice.org/LibreOffice IBM sends out a clear signal that it doesn’t understand or simply does not care about the community of Free software users; its siege against the FSF and other institutions never ended and today we look at who’s being laid off or shown the door (the work environment is intentionally being made worse)

  6. Links 06/06/2023: IceWM 3.4.0 and Liveslak 1.7.0

    Links for the day

  7. Gemini Links 06/06/2023: Apple Might Kill VR, Tea Tea Deluxe 1.2.7 and Tea Land

    Links for the day

  8. IRC Proceedings: Monday, June 05, 2023

    IRC logs for Monday, June 05, 2023

  9. Links 05/06/2023: Debian 12 Almost Ready, Hong Kong 'Cannot' Remember Tiananmen Massacre

    Links for the day

  10. Gemini Links 05/06/2023: New Ship in Cosmic Voyage, Stack Overflow Moderator Strike

    Links for the day

  11. IRC Proceedings: Sunday, June 04, 2023

    IRC logs for Sunday, June 04, 2023

  12. Links 04/06/2023: Unifont 15.0.05 and PCLinuxOS Stuff

    Links for the day

  13. Gemini Links 04/06/2023: Wayland and the Old Computer Challenge

    Links for the day

  14. StatCounter: GNU/Linux (Including ChromeOS) Grows to 8% Market Share Worldwide

    This month’s numbers from StatCounter are good for GNU/Linux (including ChromeOS, which technically has both GNU and Linux); the firm assesses logs from 3 million sites and shows Windows down to 66% in desktops/laptops (a decade ago it was above 90%) with modest growth for GNU/Linux, which is at an all-time high, even if one does not count ChromeOS that isn’t freedom- or privacy-respecting

  15. Journalism Cannot and Quite Likely Won't Survive on the World Wide Web

    We’re reaching the point where the overwhelming majority of new pages on the Web (the World Wide Web) are basically junk, sometimes crafted not by humans; how to cope with this rapid deterioration is still an unknown — an enigma that demands hard answers or technical workarounds

  16. Do Not Assume Pensions Are Safe, Especially When Managed by Mr. EPOTIF Benoît Battistelli and António Campinos

    With the "hoax" that is the financial assessment by António Campinos (who is deliriously celebrating the inauguration of illegal and unconstitutional kangaroo courts) we urge EPO workers to check carefully the integrity of their pensions, seeing that pension promises have been broken for years already

  17. Links 04/06/2023: Why Flatpak and Wealth of Devices With GNU/Linux

    Links for the day

  18. Gemini Links 04/06/2023: Rosy Crow 1.1.3 and NearlyFreeSpeech.NET

    Links for the day

  19. IRC Proceedings: Saturday, June 03, 2023

    IRC logs for Saturday, June 03, 2023

  20. Links 04/06/2023: Azure Outage Again (So Many!) and Tiananmen Massacre Censored

    Links for the day

  21. Links 03/06/2023: Qubes OS 4.2.0 RC1 and elementaryOS Updates for May

    Links for the day

  22. Gemini Links 03/06/2023: Hidden Communities and Exam Prep is Not Education

    Links for the day

  23. Links 03/06/2023: IBM Betraying LibreOffice Some More (After Laying off LibreOffice Developers)

    Links for the day

  24. Gemini Links 03/06/2023: Bubble Woes and Zond Updates

    Links for the day

  25. Links 03/06/2023: Apache NetBeans 18 and ArcaOS 5.0.8

    Links for the day

  26. IRC Proceedings: Friday, June 02, 2023

    IRC logs for Friday, June 02, 2023

  27. The Developing World Abandons Microsoft Windows, GNU/Linux at All-Time Highs on Desktops/Laptops

    Microsoft, with 80 billion dollars in longterm debt and endless layoffs, is losing the monopolies; the media doesn’t mention this, but some publicly-accessible data helps demonstrate that

  28. Links 02/06/2023: Elive ‘Retrowave’ Stable and Microsoft's Half a Billion Dollar Fine for LinkeIn Surveillance in Europe

    Links for the day

  29. Linux Foundation 'Research' Has a New Report and Of Course It Uses Only Proprietary Software

    The Linux Foundation has a new report, promoted by Clickfraud Spamnil and others; of course they’re rejecting Free software, they’re just riding the “Linux” brand and speak of “Open Source” (which they reject themselves)

  30. Links 02/06/2023: Arti 1.1.5 and SQL:2023

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts