WordPress Forces User Conf Organizers To Share Social Media Credentials, Arousing Suspicions (theregister.com) 34
Simon Sharwood, reporting for The Register: Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks. The order to share creds came from an employee of Automattic, the WordPress host whose CEO happens to be Matt Mullenweg, co-creator of WordPress.
A letter sent to WordCamp organizers explains that the creds are needed due to "recurrent issues with new organizing teams losing access to the event's social media accounts." So far, so sensible. But the requirement to share creds comes in the middle of a nasty spat in the WordPress community, sparked by Mullenweg's efforts to have rival hosting biz WP Engine license the WordPress trademark or devote more staff to working on the open source content management system's code.
A letter sent to WordCamp organizers explains that the creds are needed due to "recurrent issues with new organizing teams losing access to the event's social media accounts." So far, so sensible. But the requirement to share creds comes in the middle of a nasty spat in the WordPress community, sparked by Mullenweg's efforts to have rival hosting biz WP Engine license the WordPress trademark or devote more staff to working on the open source content management system's code.
BDFL (Score:1)
Re: (Score:2)
In this case, the "benevolent" part definitely deserves a [citation needed].
Now if you'd chosen to use "pissy", "spiteful", or "pique-filled"... those are apparent, so no further clarification would've been required.
In my day, we had four digits, and we liked it! (Score:5, Informative)
Re: (Score:2)
People can just "flip" one day, so to speak. Could be due to stress and/or not being able to handle authority ("mad with power"), or it could be an actual, physical condition in the brain.
I'm leaning away from thinking that this guy is that stupid, and more tward that there is seriously something wrong with him, neurologically.
Re: (Score:2)
People can just "flip" one day, so to speak. Could be due to stress and/or not being able to handle authority ("mad with power"), or it could be an actual, physical condition in the brain.
I'm leaning away from thinking that this guy is that stupid, and more tward that there is seriously something wrong with him, neurologically.
Probably just fell into his own idiocy. That happens for some "leaders." Especially those that really suck at leadership. They start to think micromanaging and dictatorial rule are the only ways forward, truly believing in their own superiority until they are smacked in the face by someone or something far superior to them. For some, that's death. For others, just a good solid prison sentence. Or crossing the wrong person at the precisely correct moment to merit a violent reaction.
At any rate, this public m
Wow (Score:4, Interesting)
I've heard of burning it all down around you, but this guy brought nukes.
Re: (Score:2)
Mishandled company accounts? (Score:5, Insightful)
If the organizers' accounts are company accounts, Then they need to be setup that way, as company-managed accounts.
Give the credentials to the corporate IT administrator only.
And grant the individual users post access instead of sharing credentials.
It's a violation of Terms of Service on just about any social media site for users to share Logins and Passwords.
Re: (Score:3)
It's a violation of Terms of Service on just about any social media site for users to share Logins and Passwords.
Came here for this.
"Dear Automattic drone,
Just to be clear, you are specifically asking us to violate the [social-media-platform] Terms of Serivce?
Thank you,
[Conference Organizer]"
Re: (Score:2)
admins should be able to reset passwords anyways? why "share"
Re:Mishandled company accounts? (Score:5, Informative)
If the organizers' accounts are company accounts, ...
WordCamps are organized by local Wordpress user communities, not owned by Automattic. Heck, as far as I can tell, Automattic hasn't even provided sponsorship for any of them.
Re: (Score:2)
WordCamps are organized by local Wordpress user communities, not owned by Automattic.
I see. The camps are organized by local communities, But it seems that Automattic believes they are the entity that decides who gets to do it, or at least the company who gets to control who gets to be listed as a "Wordcamp" and use the Wordcamp name and branding capital.
So, unless there is some argument about that; it does seem that whoever that company is would have ultimate control over the branded official acco
Re: (Score:2)
While this is how it should be, it's not how even major companies do it, sadly. I directed the social media program for one of the largest computer companies in the world. I was given the login credentials to all their accounts. Not just social media but associated Google and other accounts too.
Too frequently folks aren't going to sit around waiting for IT to set up those accounts and properly provision things out to users. That bottleneck is what causes others to work around it.
Exit Stage Left... (Score:4, Insightful)
Re: (Score:2)
Not over this. Really, this is no different than if some specific Linux distro's maintainer went batsh*t crazy.
Now if you use Wordpress and your site is hosted on wordpress.org... it's definitely time to look for a new hosting provider.
Re:Exit Stage Left... (Score:5, Funny)
I hear that WPEngine is a pretty good alternative
Passwords are like underwear. (Score:4, Insightful)
1. You should change them regularly.
2. You shouldn't leave them where other people can see them.
3. You should never loan them out to strangers.
Re:Passwords are like underwear. (Score:5, Insightful)
1. You should change them regularly.
I take issue with that. In my opinion, unless there's an indication that a password has been compromised, there should be no reason to change it. Changing passwords often leads to a) users writing the password down somewhere and b) using the same password with iterators at the end. On the other hand if someone tells me that a password needs to be changed because it was compromised, I'm less likely to use the same password with an incremental iterator at the end.
Re: (Score:2)
NIST agrees with you:
"Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." - https://pages.nist.gov/800-63-... [nist.gov]
Re: (Score:2)
Dont' use someone else's.
"So far, so sensible" (Score:5, Insightful)
No, it's not sensible in any way, shape or form. Sounds like Automattic are asking for passwords so that they can take unpopular or otherwise inconvenient social media posts themselves in case someone doesn't want to comply. This is potentially criminal - both asking for credentials and trying to make unauthorised changes.
Sure Mullenweg, here ya go (Score:3)
My creds-
Facebook
Username: lickmyballs
Password: gofuckaduck
Instagram
Username: gotohell
Password: youshiteatingcunt
X/Twitter
Username: yourmomisawhore ...and so forth
Password: yourdadisalsoawhore
Re: (Score:2)
Once I was so pissed with a web site's password policy (not only combinations/length, but also "too similar to previously used password". How would they know unless they saved my plain-text passwords somewhere or enumerated my character usage in them?) I used "FuckYourMom@#$000". Unfortunately, eventually, I also has to screw their dad, lick their sister, and toss their aunt's salad.
Re: (Score:2)
You can test removing each character (and all possible truncations) and compare its hash to a previous password's hash. You don't need to store plain text for that.
Re: (Score:2)
That won't identify "badPassword1" as a precursor to "badPassword2". Not unless you've saved "badPassword1".
Re: (Score:2)
You first need to define what is "too similar". Is "bad12Password" similar to "bad34Password"? I would argue that it is, indeed. So that automatically invalidates changing just one character. Now you're up to changing two characters. They can be upper or lower case, numeric, special characters. So we're up to about 80. So that's 6400 iterations for each position in a password. For a password with a length of 12, you're talking about 70000 iterations. Is that really reasonable and workable?
Re: (Score:1)
Buh-bye Wordpress. (Score:2)
Migrating from WordPress to Drupal [reddit.com]
Migrating from other CMS to Drupal: A Step-by-Step Guide for 2024 [optasy.com]
Re: (Score:3)
How is that an improvement ?
No Way - Violates all security principles (Score:1)
WordCamps sounds scary (Score:2)
Are these Wordpress re-education camps?
Censorship/anti-competitive practices/coercion. What's next? The purges?
It's just a CMS. Calm down.