Quite a day for news…or at least, for exciting drama and wild stories.
Let’s start with Linux
You Will Be Hacked in Two Weeks
There’s word going around about a Remote Code Exploit (RCE) that “impacts all GNU/Linux systems”. A dire CVE screenshot has been shown and claims have been made that RedHat and Canonical have rated this a staggering 9.9 out of 10, which essentially means that an attacker could destroy all of Western Civilization.
Read more in this deleted Twitter thread.
At this point, we must invoke the adage that “extraordinary claims require extraordinary proof”. It’s possible this claim is true…it’s also possible it’s some adolescent fantasy. The author’s rants about devs sure reads like someone putting on airs.
If it did exist, what it could be is interesting. This is a remote exploit that gives complete access, and the claim is “all” GNU/Linux. That rules out a firewall.
What else is common and remotely accessible? Not every distro ships with a firewall, and if this was an ssh vuln (again, not every…) then it would be beyond Linux. Maybe something in the network stack. Does Linux use a homegrown TCP/IP stack or BSD’s like everyone else (including Windows, IIRC)?
I think it has to be something in the network stack, or else the claimant is playing fast and loose with words.
It would be funny if it was in the IPv6 stack and most sites were safe because they didn’t have IPv6 turned on.
WordPress Goes Nuclear and So Does WP-Engine
Yesterday, Attomatic/Wordpress.com/Wordpress.org published a long angry screed accusing WP-Engine of genocide, terrorism, human trafficking, motion picture distribution, and worst of all – I hope you’re sitting down – turning off revision history!
Yes, it’s true – people who host on WP-Engine do not have a revision history! GASP!
Attomatic’s rant is full of high-octane invective…which actually comes across as kind of reedy and whiny. Examples:
“…the content is sacred…”
“…It strikes to the very heart of what WordPress does, and they shatter it, the integrity of your content…”
“They are strip-mining the WordPress ecosystem…”
“…they are a cancer to WordPress…”
Perhaps the UN High Commissioner for Human Rights needs to get involved.
The root of the matter seems to be that WP-Engine is making money hosting WordPress. No seriously, that’s the reason. Both Attomatic and WP-Engine have revenue in the $500m range, but Attomatic (as the developer of WordPress) contribute far more to the code, which benefits WP-Engine.
This of course is completely illegal because the WordPress license states…oh wait. Anyone can host WordPress. Huh. So really, shouldn’t Attomatic be pumping its fist about every single shared hosting company in the world?
OK, whatever, Matt Mullweg has gone around the bend.
But then the story took a whole other turn. WP-Engine today filed a cease-and-desist order:
Stunningly, Automattic’s CEO Matthew Mullenweg threatened that if WP Engine did not agree to pay Automattic – his for-profit entity – a very large sum of money before his September 20th keynote address at the WordCamp US Convention, he was going to embark on a self-described “scorched earth nuclear approach” toward WP Engine within the WordPress community and beyond. When his outrageous financial demands were not met, Mr. Mullenweg carried out his threats by making repeated false claims disparaging WP Engine to its employees, its customers, and the world. Mr. Mullenweg has carried out this wrongful campaign against WP Engine in multiple outlets, including via his keynote address, across several public platforms like X, YouTube, and even on the WordPress.org site, and through the WordPress Admin panel for all WordPress users, including directly targeting WP Engine customers in their own private WordPress instances used to run their online businesses.
Well that puts a new spin on the rant. BTW, that “very large sum of money” is in the tens of millions.
It’s a riotously fun read. Apparently, Mullenweg was demanding payment and threatening to “go nuclear” in his keynote right up until the time we went on stage of WordCamp, texting the WP-Engine board with threats right up until he started his presentation. See the texts in the PDF.
You can watch Mullenweg’s Wordcamp presentation here. He reads his memo to a jazz accompaniment. You really can’t make this stuff up.
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Only Four Days Left in RackNerd’s September Giveaway!Want Some Free Entries? - September 26, 2024
- Get a Dedi for $25/Month in Buffalo, Los Angeles, Dallas, or Chicago from ColoCrossing! Cheap VPS Deals, Too! - September 25, 2024
- WordPress v. WP-Engine Thermonuclear War, and Every Linux Box is About to be Hacked - September 24, 2024
Leave a Reply