10.31.13

Gemini version available ♊︎

Back Door (Automatic Update) in WordPress and What It Means to Techrights

Posted in Site News at 8:21 am by Dr. Roy Schestowitz

Matt Mullenweg

Author: Ronny Siegel

Summary: Techrights is moving to Drupal now that WordPress introduces back doors as part of the core package

Techrights was always a WordPress-based Web site. I have been with the WordPress for nearly a decade and I met its co-founder (Mike Little) for coffee about 8 years ago, back when I was more actively involved in the development side. That was around the time this Web site started. It used WordPress 2.0 for quite a few years (and since the very start) because this version was a long-term support release (as required for inclusion in Debian GNU/Linux software respositories). Contrary to some smears and lies, Techrights never got cracked in any way whatsoever. It’s build very securely and only DDOS attacks took it down. Around 2009 there was an upgrade which resulted in very little change to the site’s appearance as consistency was a priority. In response to DDOS attacks it also added a cache proxy and more CPU cores. To the outsider (visitor), this site today looks very similar to how it looked 7 years ago. But this aging look makes it less suitable for its breadth. In fact, a blogging platform was outgrown when we added a Wiki (later in the same year) and now we deal with issues of organisational nature. WordPress has just had a release with automatic updates [1,2] (security risk in itself, but it’s toggled off by default, for now) and there is already a bugfix release [3], which in many cases will get installed automatically even though it has no security-related fixes. This can be risky if the update mechanism gets hijacked (as has happened before to other companies). Governments can compel companies to misuse this mechanism or secretly take over it* in order to install Trojan horses in the background (targeting particular sites). In any event, automatic updates come with risks that are backdoor-like; Drupal, a European project, does not have this issue, at least not yet. The front page of this site is now Drupal-powered and it is a sign of things to come. The plan is — one way or another — to make Drupal the primary component of the site without disrupting or even changing the old pages. The transition can be slow, but we’re determined to make it happen.

____
* The NSA is good at covert action and Automattic would be easy pickings for it, not just because it’s US-based (packets can be sniffed and decrypted for passwords). While I have enormous trust and respect for Matt Mullenweg, who is a charming man of integrity, I very much doubt he can challenge his government technically and legally. An intervention-free remote update mechanism is a trade-off between security and so-called ‘national security’ (the oppressors’ power). Remember that WordPress got backdoored once before (core — not plugins — in version 2.1.1). Linux too was a victim, a few years earlier (it was developed and hosted in the United States at the time). The very existence of backdoor-like mechanism is begging to be abused. Experience teaches that it does get abused, and far more often than most of us choose to believe. The more subversive sites become, the bigger a target they become for authorities’ ‘legalised’ cracking teams.

Related/contextual items from the news:

  1. WordPress 3.7 introduces automatic updates

    The WordPress team has announced the release of version 3.7 which makes WordPress more secure. The release is named “Basie” in honor of Count Basie.

  2. WordPress 3.7 Debuts, Improving Security for Millions
  3. WordPress 3.7.1 Maintenance Release
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day

  2. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission

  3. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention

  4. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)

  5. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day

  6. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel

  7. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)

    Balabhadra (Alex) Graveley was promoting .NET (or Mono) since his young days; his current job at Microsoft is consistent with past harms to GNU/Linux, basically pushing undesirable (except to Microsoft) things to GNU/Linux users; Tomboy used to be the main reason for distro ISOs to include Mono

  8. Dr. Andy Farnell on Teaching Cybersecurity in an Age of 'Fake Security'

    By Dr. Andy Farnell

  9. IRC Proceedings: Sunday, November 28, 2021

    IRC logs for Sunday, November 28, 2021

  10. Links 29/11/2021: Linux 5.16 RC3 and Lots of Patent Catch-up

    Links for the day

  11. By 2022 0% of 'News' Coverage About Patents Will Be Actual Journalism (Patent Litigation Sector Has Hijacked the World Wide Web to Disseminate Self-Promotional Misinformation)

    Finding news about the EPO is almost impossible because today’s so-called ‘news’ sites are in the pockets of Benoît Battistelli, António Campinos, and their cohorts who turned the EPO into a hub of litigation, not science; this is part of an international (worldwide) problem because financial resources for journalism have run out, and so the vacuum is filled/replaced almost entirely by Public Relations (PR) and marketing

  12. Trying to Appease Those Who Never Liked Free Software or Those Who Blindly Loved All Patent Monopolies to Begin With

    It’s crystal clear that trying to appease everyone, all the time, is impossible; in the case of the EPO, for example, we hope that exposing Team Battistelli/Campinos helps raise awareness of the harms of patent maximalism, and when speaking about Free software — whilst occasionally bashing the alternatives (proprietary) — we hope to convince more people to join the “Good Fight”

  13. Links 28/11/2021: Laravel 8.73 Released, GitHub Offline for Hours

    Links for the day

  14. IRC Proceedings: Saturday, November 27, 2021

    IRC logs for Saturday, November 27, 2021

  15. Links 27/11/2021: Nvidia’s DLSS Hype and Why GNU/Linux Matters

    Links for the day

  16. [Meme] Linus Gabriel Sebastian Takes GNU/Linux for a (Tail)'Spin'

    If you’re trying to prove that GNU/Linux is NOT Windows, then “haha! Well done…”

  17. GNU/Linux is for Freedom and It'll Gain Many Users When (or Where) People Understand What Software (or Computing) Freedom Means

    Software that respects people's freedom (and by extension privacy as well) is an alluring proposition; those who choose to try GNU/Linux for the wrong reasons are likely the wrong target audience for advocates

  18. Amid Reports of Microsoft's Competition Crimes in Europe...

    European companies are complaining, but they seem to overlook the principal aspect of an imperialistic system with bottomless pockets (almost 30 trillion dollars in debt already; US national debt soared again last month); Microsoft is shielded by a political system with military (“defence”) as bailout budget to help cushion international expansion for data grab and technical leverage, as we've seen in the case of EPO (this is all political, not technical, and should thus be treated as a political/corruption issue)

  19. Is Linus Trolling the GNU/Linux Community?

    This new video responds to what many sites have been provoked into amplifying

  20. Links 27/11/2021: Tux Paint 0.9.27 and SeaMonkey 1.1.19 in EasyOS

    Links for the day

  21. [Meme] Keeping Our Distance From Microsoft

    The OSI is the dagger, the Linux Foundation is the knife, and many others are the sword by which Microsoft tries to get into the very heart of GNU/Linux and extinguish the Free software movement

  22. Microsoft Edge Encourages Indebted Americans to Guilt-spend Just in Time for Christmas

    Guest post by Ryan, reprinted with permission

  23. IRC Proceedings: Friday, November 26, 2021

    IRC logs for Friday, November 26, 2021

  24. 38+ Years of GNU and 19+ Years of FSF Associate Membership

    “On November 25, 2002,” Wikipedia notes, “the FSF launched the FSF Associate Membership program for individuals.” As the above video points out, it all started almost 40 years ago.

  25. Gemini as a Platform for Gamers

    Contrary to what people often assume (or are led to assume), even without client-side scripting Gemini can accomplish a great deal; early adopters, many of whom are technical, test the limits of the very minimalistic (by design and intention) specification

  26. Improved Workflows: Achievement Unlocked

    Today we've completed a bunch of small projects that can make us more efficient (e.g. more Daily Links per day, more articles); the above video was recorded many hours ago to accompany the outline below

  27. Links 26/11/2021: New Complaint About Microsoft Competition Crimes in Europe, EuroLinux 8.5, GhostBSD 21.11.24, and Kiwi TCMS 10.5 Released

    Links for the day

  28. Links 26/11/2021: F35 Elections, Whonix 16.0.3.7, OSMC's November Refresh With Kodi 19.3

    Links for the day

  29. IRC Proceedings: Thursday, November 25, 2021

    IRC logs for Thursday, November 25, 2021

  30. IRC Proceedings: Wednesday, November 24, 2021

    IRC logs for Wednesday, November 24, 2021

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts