The world of WordPress, one of the most popular technologies for creating and hosting websites, is going through a very heated controversy. The core issue is the fight between WordPress founder and Automattic CEO Matt Mullenweg and WP Engine, which hosts web sites built on WordPress.
WordPress technology is open source and free, and it powers a huge chunk of the Internet — around 40% of websites. Websites can host their own WordPress instance or use a solution provider like Automattic or WP Engine for a plug-and-play solution.
In mid-September, Mullenweg wrote a blog post calling WP Engine a “cancer to WordPress.” He criticized the hoster for disabling the ability for users to see and track the revision history for every post. Mullenweg believes this feature is at the “core of the user promise of protecting your data” and said that WP Engine turns it off by default to save money.
He also called out WP Engine investor Silver Lake and said they don’t contribute sufficiently to the open source project, and said that WP Engine’s use of the “WP” brand has confused customers into believing it is part of WordPress.
Advertisement
The legal battle
In reply, WP Engine sent a cease and desist letter to Mullenweg and Automattic to withdraw their comments. It also said that its use of the WordPress trademark was covered under fair use.
The WordPress Foundation also changed its Trademark Policy page and called out WP Engine, alleging the hosting service has confused users.
Advertisement
“The abbreviation ‘WP’ is not covered by the WordPress trademarks, but please don’t use it in a way that confuses people. For example, many people think WP Engine is ‘WordPress Engine’ and officially associated with WordPress, which it’s not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress,” the updated page reads.
WP Engine Ban, community impact, and trademark battle
Mullenweg then banned WP Engine from accessing the resources of WordPress.org. While elements plug-ins and themes are under open source license, providers like WP Engine have to run a service to fetch them, which is not covered under the open source license.
In response to the incident, WP Engine said in a post that Mullenweg had misused his control of WordPress to interfere with WP Engine customers’ access to WordPress.org.
Advertisement
“Matt Mullenweg’s unprecedented and unwarranted action interferes with the normal operation of the entire WordPress ecosystem, impacting not just WP Engine and our customers, but all WordPress plugin developers and open source users who depend on WP Engine tools like ACF,” WP Engine said.
Mullenweg wrote a blog post clarifying that the fight is only against WP Engine over trademarks. He said Automattic has been trying to broker a trademark licensing deal for a long time, but WP Engine’s only response has been to “string us along.”
The WordPress community and other projects feel this could also happen to them and want clarification from Automattic, which has an exclusive license to the WordPress trademark. The community is also asking about clear guidance around how they can and can’t use “WordPress”.
Advertisement
The WordPress Foundation, which owns the trademark, has also filed to trademark “Managed WordPress” and “Hosted WordPress”. Developers and providers are worried that if these trademarks are granted they could be used against them.
Developers have expressed concerns over relying on commercial open source products related to WordPress, especially when their access can go away quickly.
We’re thrilled to welcome Bret Taylor to TechCrunch Disrupt 2024. As the former co-CEO of Salesforce, founder of Quip, former CTO of Facebook, the co-creator of Google Maps, and current chairman of the board at OpenAI, Taylor needs very little introduction.
Bret Taylor is one of the most influential players in the world of enterprise and SaaS, so we invited him to join us for a fireside chat on our SaaS Stage at Disrupt 2024 on October 29.
In our conversation with Bret, we’ll explore his innovative AI startup, Sierra, recently launched in partnership with former Google executive Clay Bavor. Sierra envisions AI agents as the next major technological breakthrough, much like the rise of websites and mobile applications. These agents could become crucial digital resources for businesses, ultimately enhancing the digital customer experience.
Join us at Disrupt 2024, taking place at Moscone West in San Francisco from October 28-30, as we delve into this topic with Bret, along with a host of other insights. Register your passes today and enjoy savings of up to $600. This offer ends tonight at 11:59 p.m. PT.
Steam just removed its forced arbitration policy, opening the door for lawsuits against its parent company, Valve. In an update on Thursday, Steam says its subscriber agreement “now provides that any disputes are to go forward in court instead of arbitration.”
Many companies include a forced arbitration clause in their user agreement, waiving a person’s right to a trial in court. Arbitration involves settling a dispute outside a legal system before an impartial third party. This method is often faster but may not get the best results for consumers, as arbitrators don’t need to consider the law when issuing a decision.
Previously, Steam’s user agreement said, “you and Valve agree to resolve all disputes and claims between us in individual binding arbitration” for all disputes related to Steam, your account, hardware, or the company’s content and services. The new agreement eliminates any mention of a binding arbitration policy.
Steam doesn’t say why it decided to suddenly remove the forced arbitration clause. As pointed out by 404 Media, a group of plaintiffs recently challenged Valve’s forced arbitration policy and were able to file a class action lawsuit over Steam’s dominance.
19-inch server cabinets with integrated fire protection from Lehmann IT
19-inch server cabinets with integrated fire protection can basically be placed in all locations where there is an increased risk of fire in order to optimally protect the devices located in the server cabinet as well as all relevant data. For this purpose, we at Lehmann IT have developed and designed various solutions that can be used for numerous applications and requirements.
When should a server cabinet with fire protection be considered?
Basically, a 19-inch server cabinet with an integrated fire protection function can never hurt, as fires can occur anytime and anywhere, often caused by electricity or human error. However, these models are especially interesting for companies that want to place the cabinets in locations with increased fire risk.
As a rule, however, fire-protected server cabinets are used in the industrial sector. In times of Industry 4.0 and the advancing digitalization of industrial processes, reliable IT infrastructures are increasingly needed in production halls. These are often subject to high temperatures because the machines used there radiate heat during operation or the production processes themselves require these temperatures. In addition, the amount of dust is very high, which is also harmful to unprotected IT equipment. This is because this dust accumulates on and in the equipment and can sometimes clog air slots and fans, which has a strong negative impact on air circulation in the cabinet, resulting in so-called hot spots. At these points, there is an extremely high temperature locally, which can cause considerable damage to the equipment.
Advertisement
Especially in industrial halls, IT equipment should therefore be well protected, which is why the purchase of a server cabinet is inevitable. Since the risk of fire in these industrial halls is very high due to the high temperature or the use of highly flammable substances, it is recommended to immediately choose a model with integrated fire protection. In the event of a fire, this will not only protect the equipment but also all the data stored on the servers.
What consequences can fire have for IT equipment?
Even small and quickly contained fires can cause damage with high costs. Even server racks without integrated fire protection can be severely affected in a very short time. If a fire is not quickly detected and appropriately fought, IT equipment will be very badly damaged as a result of sooting and corrosion. Smoke development also has severe consequences for the servers, routers, and switches in the cabinet. The technology is no longer salvageable as a result of a fire, and the data on the devices can also be irretrievably lost. A server cabinet with fire protection not only protects the devices themselves but also gives you enough time to save the data.
How does fire protection in the server cabinet work?
The fire protection server cabinets are certified according to the relevant DIN and EN guidelines and offer fire resistance of approximately 90 minutes. In addition, the models comply with the IP54 protection class, which is an indicator of protection against dust and water, however, both of which can also be potential hazards for server cabinets in industrial halls. The surface of the server cabinets is highly resistant to chemicals and moisture. The cabinets have sensors that measure the exhaust air temperature and smoke development in the cabinet. If this is too high, all ventilation openings are immediately closed.
According to the European classification EN 13501-1, our server cabinets have the marking As1d0. The “A” indicates that the cabinet itself does not contribute to the fire, which is the highest rating for this fire safety aspect. The “s1” (for low smoke emission) and “d0” (no burning drip) markings are also the highest indexes for the aspects considered, according to the EN directive.
Advertisement
The classification EN 13501-2 is also important for the classification of fire protection for various devices. Our cabinets have the specification EI 90, which means that the cabinet is fire resistant for 90 minutes. The inner and outer walls of the server cabinet are non-load-bearing, as no loads are applied to them. This is expressed by the two letters “EI”.
Lehmann IT – Your partner for server cabinets
If you have questions about our server and network cabinets or need help choosing a suitable model, we are the right contact for you. We are looking forward to your inquiry.
NVIDIA Container Toolkit and GPU Operator were carrying a critical vulnerability that allowed threat actors access to the underlying host’s file system, experts have warned.
Cybersecurity researchers at Wiz discovered and reported the flaw, tracked as CVE-2024-0132, and carries a vulnerability score of 9.0/10 – critical, to Nvidia on September 1, 2024.
It is described as a Time-of-Check Time-of-Use (TOCTOU) vulnerability. To be abused the tools need to be set up in default configurations – then, a threat actor could craft a special container image that grants them access to the host file system.
Different environments at risk
“A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering,” the company said in a security advisory.
Advertisement
The bug affected all NVIDIA Container Toolkit versions to v.1.16.2, and all NVIDIA GPU Operator versions until 24.6.2, which were the first ones to have addressed the flaw. It is also worth mentioning that the vulnerability does not work when Container Device Interface (CDI) is used.
“The urgency with which you should fix the vulnerability depends on the architecture of your environment and the level of trust you place in running images,” the researchers said in their technical write-up. “Any environment that allows the use of third party container images or AI models – either internally or as-a-service – is at higher risk given that this vulnerability can be exploited via a malicious image.”
They stressed that single-tenant compute environments could be at risk if a user downloads a malicious container image from an untrusted source, giving the crooks access to the workstation. In orchestrated environments such as Kubernetes (K8), an attacker with permission to deploy a container could access data and secrets of other applications running on the same node or cluster.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Facebook parent company Meta has been fined €91m (£75m) by the Irish Data Protection Commission (DPC) following an investigation into the storage of passwords.
An inquiry was launched in April 2019 after Meta notified the DPC that it had inadvertently stored certain passwords of social media users on its internal systems without encryption.
The DPC submitted a draft decision to other European data watchdogs in June 2024.
No objections were raised by the other authorities.
Advertisement
Meta has been found to have four breaches of General Data Protection Regulation (GDPR).
DPC deputy commissioner Graham Doyle said: “It is widely accepted that user passwords should not be stored in ‘plaintext’ considering the risks of abuse that arise from persons accessing such data.
“It must be borne in mind, that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.” he added.
The decision, which was made by the commissioners for data protection, Dr Des Hogan and Dale Sunderland, and notified to Meta on 26 September, includes a reprimand and a fine.
That fine was also issued by Ireland’s DPC; the largest fine imposed under the EU’s GDPR privacy law.
In 2022, Meta was fined €265m (£220m) after data from 533m people in 106 countries was published on a hacking forum having been “scraped” from Facebook years earlier.
You must be logged in to post a comment Login