It’s only technically a supply chain attack. Pretty much all they did was apply a security patch and remove the other company’s IP. It doesn’t really attack a user or put anyone at risk, which is what you normally mean with an attack, so it sounds hyperbolic.
That said it is absolutely scummy and dumb, and a sign that Automattic puts its own whims ahead of its clients’ stability. Even if this issue gets settled tomorrow, we now know that Automattic is an irrational actor. Who is going to choose a software platform for new projects where every week a new drama unfolds?
I'll talk about what WP Engine does, because I've been following this whole saga and I think they've done nothing wrong. Worse, I'm pissed that some open source folks are defending Matt's position that's basically "well, open source is whatever I say it is".
That is, WP Engine's cardinal sin (according to their detractors) appears to be that they make a ton of money from WordPress but they don't contribute back "sufficiently" to the ecosystem. I believe (as someone who has contributed a bunch to different open source projects) that this is complete and total bullshit. Since when do individual open source creators get to decide "how much" other people/companies need to "give back"? There is a very good reason open source licenses explicitly specify what you can and can't do with code. If you don't like that, you shouldn't be releasing your code as open source. More to the point, even outside of WP Engine's legal obligations (which nobody is really seriously believing they are in violation of, Matt's post-hoc ridiculous claims of trademark infringement notwithstanding), I think the arguments that they were a bad actor in the community were false, too, especially given Matt's actions.
Other open source creators have discovered that the economics of the cloud world means that it's easier for hosting providers to make a lot of money off open source projects than the original creators of that open source software. And while this may suck, many of these other creators handled this situation in a sane, adult manner, e.g. by forking and relicensing their software, or also see the whole nascent "fair source" movement. What they haven't done is decide to hold the whole community hostage because they decide, after the fact, that they're "owed" 8% of another company's revenue.
Seriously, I'd be interested to hear any rational argument about what WP Engine did that was so objectionable. If the best they can come up with is "they don't support infinite versions as the default out of the box", you'll have to excuse me if I don't think that's some sort of cardinal sin.
I see a pattern of open source leaders being judged more harshly than proprietary software leaders. I think it’s because of a feedback loop. It started before the current crop of social media. People saw they could criticize Theo de Raadt more easily than Google because Google had its own weird nerds about a decade before the phenomenon with Elon Musk. These defenders were encouraged by the money and connections of the people they were defending, which is greater than those of the open source leaders.
I’m not saying you’re doing this deliberately but if you look at how long Matt Mullenweg has been leading WordPress, I think that puts the drama into context. People have forgotten a lot of the drama with FAANGs during these two decades and their leaders were never held to account.
What WP Engine has done is be soulless. They got acquired by a private equity firm, which makes them like a FAANG. The ways they’ve acted are more visible to WordPress than they are to us - they undermined the way they operate with other big hosts whose datacenters communicate with their datacenters, and users with their support. Matt explains it pretty well in this video: https://youtu.be/WU3sd1kDFLg?si=Og9QZ4_onwhbwvB3
> I see a pattern of open source leaders being judged more harshly than proprietary software leaders.
I will only speak for myself, but I find this to be baloney. I'm not judging "open source leaders" more harshly - I'm judging a single open source leader, Matt Mullenweg, harshly solely due to his own actions and statements.
You say "What WP Engine has done is be soulless." That's kind of my whole point - I don't give a fuck, at all, that WP Engine is "soulless". First, they're a hosting company, not a church. My fundamental issue with Matt's behavior in the first place is that just because a company is "soulless", i.e. whatever line he has in his head that is the "minimum" a company should have to contribute back because they use open source software he first created, that he gets to do a shakedown, take over what was their largest open source contribution in the first place, and then demand 8% of their revenue.
Frankly, I don't believe any of this moralistic framing in the first place. I think he saw WP Engine as an "unfair" competitor to WordPress.com, and his actions are simply to cripple a business competitor.
> I'm not judging "open source leaders" more harshly
On purpose, no. But it's a question of interest. People seem to have a lot of interest in going after open source tech leaders that they don't have for going after closed source tech leaders, partly because any time they go after closed source tech leaders they have to deal with paid defenders (many who are simply paid by being on the much larger payroll, partly funded by government contracts obtained through bribery).
If you'd have judged a FAANG the same way but don't ever get around to judging them, that amounts to being more harsh with open source leaders.
Whatever man. I think this is all completely irrelevant to the current WordPress saga, not to mention that I totally disagree with your 0-evidence hypothesis in the first place that people are somehow more critical of open source leaders. FWIW, there is plenty in my HN comment history lambasting Google's fall from technically-admired leader to "just another big company led by the bean counters".
> People seem to have a lot of interest in going after open source tech leaders
Also, this: Often there's more OSS users (since usually it's free).
If 1% of the users are angry, that could mean many more angry people for a popular OSS project, and comments here at HN, than for some similar proprietary software?
> They got acquired by a private equity firm, which makes them like a FAANG.
I’ve read this sentence 5 times over and still have no idea what you mean by this? How does a company being acquired by a private equity firm make them like a multinational public company? What does being “like a FAANG” mean to you?
As an aside, Automattic was an investor in WP Engine and sold their shares to that same private equity firm.
Eh, I'm not completely convinced open source leaders are judged more harshly.
Go find people on the street and ask them to name the CEO of WordPress and then ask them to name the CEO of Google. Like the average person doesn't criticize an open source leader because they have no idea who they are.
In any sort of big tech thread there are tons of criticisms about privacy violations, basic functionality, lack of support, etc.
However, more to the thread. If say Amazon yoink'd Apple's store and started selling Amazon Basic Macbooks on it there would be complaints.
That said it is absolutely scummy and dumb, and a sign that Automattic puts its own whims ahead of its clients’ stability. Even if this issue gets settled tomorrow, we now know that Automattic is an irrational actor. Who is going to choose a software platform for new projects where every week a new drama unfolds?