x1gma

This has nothing to do with licensing. [...] If you're going to run a business that depends on open-source software, there’s an expectation of contributing back or, at the very least, not exploiting the resources of a non-profit.

Sorry, but you have absolutely no idea what you're talking about. It's absolutely and only a licensing issue, and as a user of open source software you are obligated to do what the license states. WordPress is licensed under GPL, which explicitly allows software being run for any purposes, explicitly including commercial purposes. The giving back part would come into play if WPE would use WordPress as part of their own software - which they don't.

WPE did what the license, and therefore Matt and Automattic allowed them to. Matt decided to try and literally extort money from them, before going on his fully fledged meltdown.

Whether WPEs business model is morally questionable is irrelevant. They did play by the rules. Matt did not.

And the situation is not new, as far as I remember redis was the last big player in that situation. But they also did play by the rules, they changed their license starting from a given version, made big hosters that made money by redis-as-a-service pay for using redis, and took the L like grown ups by losing their FOSS community and having valkey as a hard fork and direct competitor now. No drama, no meltdowns, no shit storms and no lawyers involved.

You also don't get to randomly change license terms because you're having a childish meltdown because someone earns money with an open source product while according to the terms of the license of the said product.

You also don't steal code from a user of your platform and maliciously redirect to your fork.

This is not about WPE vs Matt's lack of brain cells. This is also not about hardlining on what's open source or not. But Matt needs to lose this fight, not only because of his decisions, but because if he wins, he not only successfully burned down WordPress, but the open source ecosystem as a whole.

If you publish something with a license that allows people to earn money without paying a share to you, don't be butthurt if people won't do that. And if you don't want that - change the license properly and carry the consequences.

Bethesda brought HD texture packs for Skyrim and Fallout, yes. But they are free DLCs and came out several years after release. Bethesda did a paid modding shop.

But this is a feature that other games just have, that's paid, on a preorder full price AAA game that's already more expensive than other games.

Stop trying to compare, this is a whole new precedent of greed and mtx.

Isn't Ubuntu Pro basically just an extended support for a set of universe packages for their LTS versions and free for private use?

How is making enterprises pay for extended LTS because of corporate no-update-just-insert-coin mentalities even remotely close to ransomware?

Like I get everyone who doesn't like Ubuntu for various reasons, but this sounds completely dumb to me.

NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths

This is the winner. Combine that with a vastly bigger group of inexperienced developers (and I'm willing to die on that hill), and you have a lot of people running node / npm as an admin / root user, who have close to zero idea what they are doing, hitting their project with third party dependencies left and right for no particular reason (left-pad, is-number, ansi console and similar useless crap), and then your dependency management allows for code execution. Also, from my personal feeling, it seems that npm simply cannot properly audit the packages due to the sheer mass. From a technical standpoint it's close to trivial to put your malware onto npm, and then you just need to get someone to install your package, which is way simpler than in other package managers

The smallest footprint for an actual scripting probably will be posix sh - since you already have it ready.

A slightly bigger footprint would be Python or Lua.

If you can drop your requirement for actual scripting and are willing to add a compile step, Go and it's ecosystem is pretty dang powerful and it's really easy to learn for small automation tasks.

Personally, with the requirement of not adding too much space for runtimes, I'd write it in go. You don't need a runtime, you can compile it to a really small zero dependency lib and you have clean and readable code that you can extend, test and maintain easily.

haven't actually proven to be effective at stopping cheaters

This is what OP said, and it's completely correct. It's not that much impact in comparison to "regular" anti cheat systems. And both of those only detect either cheap/bad or known hacks.

Server-sided and data based anti cheats is what would actually be a huge step up. You're running a 8 K/D in a game where the best players are between 1-2? Banned. You just flicked two enemies within 100ms? Banned. Suspicious activity that's not that blatant needs to be reviewed.

The thing is - that's fucking expensive, complicated and needs to be done one a per-game basis, and since its just cheaper to throw you under the bus with a kernel anticheat and claim it's the best one, that's being done.

Read up on the dangers.

Anything is beatable, hackable and abusable given the time and resources, and it shouldn't be my system because some idiotic management took the decision to enforce ring0 access anti cheat to ban some percent more hackers.

No one said that anti cheat efforts do not make an impact, but the impact of ring0 anti cheats is massively overrated

I'm very interested to hear what went wrong.

We'll probably never know. Given the impact of this fuck up, the most that crowdstrike will probably publish is a lawyer-corpo-talk how they did an oopsie doopsie, how complicated, unforseen, and absolutely unavoidable this issue has been, and how they are absolutely not responsible for it, but because they are such a great company and such good guys, they will implement measures that this absolutely, never ever again will happen.

If they admit any smallest wrongdoing whatsoever they will be piledrived by more lawyers than even they'd be able to handle. That's a lot of CEO yachts in compensations if they will be held responsible.

Right, completely forgot that locking exists in SVN, and I guess it definitely makes sense if you're collaboratively editing unmergeable files.

Thanks!

Serious question, why do they use SVN, as in what does SVN better than Git for the department using it?

It's not surprising per se, but it's something that people should be more aware of. And a lot of this consumption is not providing global services (like the Google search or workspace suite) but the whole AI hype.

I didn't find numbers for Google or Microsoft specifically, but training ChatGPT 4 consumed 50 GWh on its own. The daily estimates for queries are estimated between 1-5 GWh.

Given that the extrapolation is an overestimate and calculating the actual consumption is pretty much impossible, it's still probably a lot of energy wasted for a product that people do not want (e.g. Google AI "search", Bing and Copilot being stuffed into everything).