Ugg. I'd like to hope that Matt had hired better legal advice.
But that didn't happen. Matt this isn't going to end well for anyone. The first rule of holes is "STOP DIGGING" Can you put down the shovel for awhile and try talking to people?
I have a Wordpress site I've been operating since 2005. In recent days I've seen notifications that a Wordpress core update is available, and I find myself very reluctant to install it. I no longer trust this organization. But I also don't want to fall behind on security updates. What an unnecessary mess.
Legally, even taking the whole "copyright infringement equals theft" attitude at face value, it's not, because WordPress is GPL and GPL explicitly forbids adding new restrictive terms to the license, and also forbids combining it with more restrictively licensed code. In fact, in the past, Automattic did to Envato what they did to WP Engine specifically because Envato had taken the position that nulled plugins are infringing.
Of course, Automattic is now suing Festingervault for hosting nulled plugins, because Matt Mullenweg doesn't have principles, he has emotions.
Even if the GPL does apply to Wordpress plugins, one of the comments in the linked Reddit thread notes he’s stripping out WP Engine copyright notices in this hijacked plugin. The GPL does not allow him to do that.
The GPL is strategically ambiguous as to the meaning of the word "program" and "combine". The licensing terms could be taken to be relative to UNIX concepts like processes, since Stallman had a very UNIX-centric worldview; but the FSF has been very clear that they consider "program" to be more expansive a definition than that[0].
While there are some cases in which two GPL programs could be said to live in the same address space[1] (or PHP interpreter), WordPress plugins are very much designed to integrate with WordPress and modify its behavior. From a copyright perspective, that smells awfully like a derivative work, and thus all the usual GPL licensing language and copyleft would apply here. Ergo, I'm writing these opinions under the assumption that WordPress plugins have to also be GPL.
[0] For example, they consider proxying out to a separate network service to not escape the bounds of a GPL "Program".
[1] It's very rare nowadays to see separate programs live in the same address space. Classic Mac OS did this; but I don't think anyone is going to take someone to court over retrocomputing hobbyist software. Linus argues that you can have proprietary kernel modules as long as they only touch user-mode API stuff, but that's because they have a specific licensing exception that makes the UAPI outside the bounds of the GPL copyleft. The web is the only place where you could have GPL Programs coexist within the same isolation boundary.
Whether a plugin is standalone or a combined program (and therefore a derivation) is apparently a matter of debate. Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress. [My read of 0] This is intuitive enough for me, if you can't use my plugin without WordPress, then really what I'm shipping is WordPress + my changes.
However, some plugins are distributed with a "split license", the php that integrated with WordPress is GPLd, but JavaScript, css, other assets are under a different license. [1] I don't think this has been tested in court one way or another. Matt of course considers this heresy [2]
> Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress.
Given that reimplementing an API for interoperability is at least sometimes not a violation of copyright (see, e.g., Oracle v. Google), using a datastructure defined in a piece of software providing a plugin API to interoperate with it cannot make the resulting software exist only as a combination with the software providing the API, since it relies only on some software providing the same API, not necessarily the particular software that originally provided the API.
Plugins as code that is integrated with WP are still required to be GPL-compatible. Unless you want to connect to your plugin through some layer of networking and a GPL licensed proxy, your plugins need to be open as well.
Specifically running something as basic as register_activation_hook() means you're linking with WP-provided code.
It will be interesting when Matt changes his story yet again and issues yet another non-apology.
At this point I'm honestly surprised there are not criminal charges. Just blatantly stealing another business's property/storefront, and then threatening to do the same to other businesses is a shockingly brazen thing to do.
Do you not think the endgame of this is to funnel everyone to Automattic and then raise the rates now that he's exerted a monopoly over Wordpress hosting? Because at this point, I don't see what other exist he has here. This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.
> This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.
Automattic doesn't own WordPress, for two reasons:
1. WordPress is a fork of b2/cafelog, developed by Michel Valdrighi, and that fork was made under GPL terms
2. WordPress does not have a contributor license agreement or other policy that would require licensing or assigning ownership of upstream contributions to Automattic in a way that would allow them to shirk their responsibilities under the GPL
They're betting on those bankrupting lawsuits never coming because the plaintiffs can't afford to front them. That's a common risk calculation made by private equity owned companies - of which Automattic is also one[0], they're owned by BlackRock.
Automattic does not have a monopoly over WordPress hosting. They bullied several of the major players in the managed WordPress space into paying trademark licensing fees. WP Engine, being exactly the kind of skinflint operation Matt accuses them of, didn't pay up, but they're absolutely going to stick around. The worst thing Matt can do is extract damages and demand a rebrand (since, well, "WP Engine" really does sound like "WordPress Engine"). He can't legally prevent anyone from hosting WordPress.
I doubt this, there are dozens of hosting options for WP out there.
I think he was threatened by WPEngine’s approach as a more popular offering than Wordpress.com and decided to go scorched-earth on them instead of trying compete on the merits of their product. He’s threatening anyone that tries to build bespoke hosting with extra tools like ACF.
Legalities aside, isn't this the end game for most profit driven companies? Isn't Matt just doing his job here, trying to drive an increase in revenue?
I'm not saying I like it, but, ethics aside (and lets not play dumb here, when do ethics drive business, unless it affects profit), I'm struggling to understand all the outrage over his actions?
But the legalities are the important part of this. You may as well say "Legalities aside, robbing your competitors at gunpoint is a good idea, if unethical". He's essentially setting up a system where if you ever make too much money off of his project, he's very willing to extort you and do plenty of unethical and likely illegal things to you. That's extremely important to the considerations of companies who may be interested in going into business with Wordpress.
Sure, but saying "isn't this just what any capitalist would do" necessarily demands a discussion of the legalities. Trying to ignore if it's legal or not in a discussion of if it's a normal end game for all companies is absurd. If it was legal to murder your business rivals, then sure, it would likely be fairly normal to do so, but it's not, so what's the point of mentioning it?
The outrage over his actions is specifically because it's likely not legal or ethical. Compare to the stuff Tim Sweeney is doing in his fight with Apple - he's done a lot of stuff that I would say is decidedly unethical, but understandable. It's also things where he's willing to pay the costs of doing it. Matt seems to fully believe this is legal, ethical, and completely justified and deserves to be lauded.
Except that for profit companies usually stay within the legal limits - or if they don't their smart and calculated about it.
This guy is just going nuts and most likely non of his actions would be looked at favourably in any legal dispute.
And if the most likely outcome of a legal dispute is loosing then that's not really a good way to try increasing revenue/profits.
On top of that if your business is founded on open source and you're behaving like this you're destroying that whole foundation - and burning the whole thing down likely won't increase and profits either
Destroying your company's brand is not the end game for most profit-driven companies. It's usually the end state, to be fair, but an end game is something you're trying to achieve, not something you're bungling you way into like this.
There's lots of companies with leadership that prioritises ethical approach. It's sad that people don't realise it these days / think it's that uncommon. (I've read this opinion here at least 3 times recently)
I wasn't suggesting there weren't ethical companies. Indeed, I would hope, given the amount of companies out there, some high percentage of them were ethical. I agree they are overshadowed though.
I would probably add it's hard to know if a company is acting ethically (whatever that means) or not, unless there's some kind of formal certification which does this?
The Secure Custom Fields extension page [1] states this:
And also states this in the sidebar: That seems to support the accusations that this code is simply the nulled version of ACF's paid extension.[1] https://wordpress.org/plugins/secure-custom-fields/
Ugg. I'd like to hope that Matt had hired better legal advice.
But that didn't happen. Matt this isn't going to end well for anyone. The first rule of holes is "STOP DIGGING" Can you put down the shovel for awhile and try talking to people?
Any recommended article/link to get the backstory on this situation?
This article is the canonical recap of what's happened:
- https://joshcollinsworth.com/blog/fire-matt
Also:
- https://bullenweg.org/ (formerly bullenweg.com: https://news.ycombinator.com/item?id=41957829)
"Matt Mullenweg is showing the world that he’s one of the pettiest CEOs out there."
https://slate.com/technology/2024/10/wordpress-wpengine-matt...
Thanks.
The Mullenweg/WPE thing is the one I recommend:
https://gist.github.com/adrienne/aea9dd7ca19c8985157d9c42f7f...
It is a chronology published as a GitHub gist.
Maybe it is sometimes okay that people get what they deserve based on their actions? Whatever the result here will be.
Otherwise they will never learn. Is it more okay to do questionable things first and then later hide behind lawyer than just keeping doing it openly?
If your IP is blocked https://eddrit.com/r/Wordpress/comments/1gy8bud/wordpressorg...
I have a Wordpress site I've been operating since 2005. In recent days I've seen notifications that a Wordpress core update is available, and I find myself very reluctant to install it. I no longer trust this organization. But I also don't want to fall behind on security updates. What an unnecessary mess.
Isn't this theft ?
Morally, kind of.
Legally, even taking the whole "copyright infringement equals theft" attitude at face value, it's not, because WordPress is GPL and GPL explicitly forbids adding new restrictive terms to the license, and also forbids combining it with more restrictively licensed code. In fact, in the past, Automattic did to Envato what they did to WP Engine specifically because Envato had taken the position that nulled plugins are infringing.
Of course, Automattic is now suing Festingervault for hosting nulled plugins, because Matt Mullenweg doesn't have principles, he has emotions.
Even if the GPL does apply to Wordpress plugins, one of the comments in the linked Reddit thread notes he’s stripping out WP Engine copyright notices in this hijacked plugin. The GPL does not allow him to do that.
It's a plugin, not a modification of WordPress. Wordpresses license is irrelevant.
The GPL is strategically ambiguous as to the meaning of the word "program" and "combine". The licensing terms could be taken to be relative to UNIX concepts like processes, since Stallman had a very UNIX-centric worldview; but the FSF has been very clear that they consider "program" to be more expansive a definition than that[0].
While there are some cases in which two GPL programs could be said to live in the same address space[1] (or PHP interpreter), WordPress plugins are very much designed to integrate with WordPress and modify its behavior. From a copyright perspective, that smells awfully like a derivative work, and thus all the usual GPL licensing language and copyleft would apply here. Ergo, I'm writing these opinions under the assumption that WordPress plugins have to also be GPL.
[0] For example, they consider proxying out to a separate network service to not escape the bounds of a GPL "Program".
[1] It's very rare nowadays to see separate programs live in the same address space. Classic Mac OS did this; but I don't think anyone is going to take someone to court over retrocomputing hobbyist software. Linus argues that you can have proprietary kernel modules as long as they only touch user-mode API stuff, but that's because they have a specific licensing exception that makes the UAPI outside the bounds of the GPL copyleft. The web is the only place where you could have GPL Programs coexist within the same isolation boundary.
Whether a plugin is standalone or a combined program (and therefore a derivation) is apparently a matter of debate. Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress. [My read of 0] This is intuitive enough for me, if you can't use my plugin without WordPress, then really what I'm shipping is WordPress + my changes.
However, some plugins are distributed with a "split license", the php that integrated with WordPress is GPLd, but JavaScript, css, other assets are under a different license. [1] I don't think this has been tested in court one way or another. Matt of course considers this heresy [2]
[0] https://www.gnu.org/licenses/gpl-faq.en.html#GPLPlugins
[1] https://www.contentpowered.com/blog/wordpress-plugins-free-g...
[2] https://ma.tt/2015/07/licenses-going-dutch/?utm_source=perpl...
> Sounds like if you so much as use a data structure defined by WordPress, then by distributing your software you're really distributing a modified version of WordPress.
Given that reimplementing an API for interoperability is at least sometimes not a violation of copyright (see, e.g., Oracle v. Google), using a datastructure defined in a piece of software providing a plugin API to interoperate with it cannot make the resulting software exist only as a combination with the software providing the API, since it relies only on some software providing the same API, not necessarily the particular software that originally provided the API.
Plugins as code that is integrated with WP are still required to be GPL-compatible. Unless you want to connect to your plugin through some layer of networking and a GPL licensed proxy, your plugins need to be open as well.
Specifically running something as basic as register_activation_hook() means you're linking with WP-provided code.
What do you mean by "nulled"?
Checks for activation have been null routed so they always succeed. Common way to crack software protections
He is removing copyright notices from it, which...yeah not at all legal.
It will be interesting when Matt changes his story yet again and issues yet another non-apology.
At this point I'm honestly surprised there are not criminal charges. Just blatantly stealing another business's property/storefront, and then threatening to do the same to other businesses is a shockingly brazen thing to do.
What exactly was stolen?
> Just blatantly stealing another business's (WP Engine) property/storefront
Context: WP Engine is controlled by Silver Lake, a private equity firm with $102 billion in assets under management
Automattic is owned by a group of private investors worth trillions of dollars.
The "private equity" angle is a rhetorically meaningless point made by an out-of-touch bully trying to put a moralistic spin on his own greed.
Addl. Context: Matt Mullenweg was invested in WP Engine before Silver Lake bought him out.
Your statement is both true and not at all relevant to the parent comment.
People love to hate private equity
Somewhere between $1m and $102b you become the enemy
Yes, sure. It's still not relevant to what the parent comment said.
Can we just link to the thing: https://wordpress.org/plugins/secure-custom-fields/
It’s just whatever for most people using Wordpress is the most practical thing and who cares about wpengine.
Do you not think the endgame of this is to funnel everyone to Automattic and then raise the rates now that he's exerted a monopoly over Wordpress hosting? Because at this point, I don't see what other exist he has here. This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.
> This is pure "I own all of Wordpress and it's no longer open source and I can charge anything I want" or he's going to be bankrupted by the lawsuits.
Automattic doesn't own WordPress, for two reasons:
1. WordPress is a fork of b2/cafelog, developed by Michel Valdrighi, and that fork was made under GPL terms
2. WordPress does not have a contributor license agreement or other policy that would require licensing or assigning ownership of upstream contributions to Automattic in a way that would allow them to shirk their responsibilities under the GPL
They're betting on those bankrupting lawsuits never coming because the plaintiffs can't afford to front them. That's a common risk calculation made by private equity owned companies - of which Automattic is also one[0], they're owned by BlackRock.
Automattic does not have a monopoly over WordPress hosting. They bullied several of the major players in the managed WordPress space into paying trademark licensing fees. WP Engine, being exactly the kind of skinflint operation Matt accuses them of, didn't pay up, but they're absolutely going to stick around. The worst thing Matt can do is extract damages and demand a rebrand (since, well, "WP Engine" really does sound like "WordPress Engine"). He can't legally prevent anyone from hosting WordPress.
[0] Yes, every accusation really is a confession.
I doubt this, there are dozens of hosting options for WP out there.
I think he was threatened by WPEngine’s approach as a more popular offering than Wordpress.com and decided to go scorched-earth on them instead of trying compete on the merits of their product. He’s threatening anyone that tries to build bespoke hosting with extra tools like ACF.
Quite the broad paint brush. Many of us will look at a train going off of the rails and make different travel plans.
Legalities aside, isn't this the end game for most profit driven companies? Isn't Matt just doing his job here, trying to drive an increase in revenue?
I'm not saying I like it, but, ethics aside (and lets not play dumb here, when do ethics drive business, unless it affects profit), I'm struggling to understand all the outrage over his actions?
But the legalities are the important part of this. You may as well say "Legalities aside, robbing your competitors at gunpoint is a good idea, if unethical". He's essentially setting up a system where if you ever make too much money off of his project, he's very willing to extort you and do plenty of unethical and likely illegal things to you. That's extremely important to the considerations of companies who may be interested in going into business with Wordpress.
Pretty sure "legalities aside" was meant to mean "without any comment on the legalities" not "throw the legalities aside!"
When you say "likely illegal" you're trying to talk about legality without knowing about legality.
I have no clue what you're trying to say or add to the parent comment.
Sure, but saying "isn't this just what any capitalist would do" necessarily demands a discussion of the legalities. Trying to ignore if it's legal or not in a discussion of if it's a normal end game for all companies is absurd. If it was legal to murder your business rivals, then sure, it would likely be fairly normal to do so, but it's not, so what's the point of mentioning it?
The outrage over his actions is specifically because it's likely not legal or ethical. Compare to the stuff Tim Sweeney is doing in his fight with Apple - he's done a lot of stuff that I would say is decidedly unethical, but understandable. It's also things where he's willing to pay the costs of doing it. Matt seems to fully believe this is legal, ethical, and completely justified and deserves to be lauded.
Except that for profit companies usually stay within the legal limits - or if they don't their smart and calculated about it.
This guy is just going nuts and most likely non of his actions would be looked at favourably in any legal dispute.
And if the most likely outcome of a legal dispute is loosing then that's not really a good way to try increasing revenue/profits.
On top of that if your business is founded on open source and you're behaving like this you're destroying that whole foundation - and burning the whole thing down likely won't increase and profits either
Destroying your company's brand is not the end game for most profit-driven companies. It's usually the end state, to be fair, but an end game is something you're trying to achieve, not something you're bungling you way into like this.
Not behaving in such a way that will cause people to avoid you in the future isn't about ethics. It's about reputation.
Don't ethics and reputation go hand in hand?
There's lots of companies with leadership that prioritises ethical approach. It's sad that people don't realise it these days / think it's that uncommon. (I've read this opinion here at least 3 times recently)
I wasn't suggesting there weren't ethical companies. Indeed, I would hope, given the amount of companies out there, some high percentage of them were ethical. I agree they are overshadowed though.
I would probably add it's hard to know if a company is acting ethically (whatever that means) or not, unless there's some kind of formal certification which does this?