Wordpress, you make it so hard to defend you -- or do automatic updates anymore
-
So Wordpress just released a new version, 4.9.3. Since Wordpress long ago implemented an auto-update feature-- mainly for security reasons, to quickly patch bugs & flaws-- sites started auto-updating to 4.9.3.
Except 4.9.3 had a particular bug in it. Specifically, it broke Auto-Update. Yup, it broke auto updated and, I quote WordPress here, "for whatever reason... wasn't discovered before 4.9.3's release".
So now anyone who DID auto update is forever stuck on 4.9.3, unless they manually update. Except the whole point of auto-update was to not require manual updates, because many WordPress owners aren't techie people, so they don't know how to manually update, meaning the benefit of auto-updating (bug and security fixes) has been destroyed.
You can bet your ass that vulnerabilities that effect 4.9.3 are going to suddenly become VERY valuable, since there will be a good number of dormant sites that will never get updated.
-
@lorne-kates on the other hand, if they'd never had auto update to start with... we'd have the same situation we have now, except years ago.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
we'd have the same situation we have now, except years ago
Years ago WordPress had a lot more security holes
-
A part of me wants Microsoft to hire WP devs to work on Windows 10.
-
@gąska They already did, they work on Windows Update
-
@timebandit last time I checked, it still updated correctly.
-
That's odd. When I got this email from WordFence, I went and checked my site, and it was on 4.9.4. I never told it to update to 4.9.4, so... apparently something worked! And I'm quite sure it wasn't my hosting provider, as the updated post theorizes--they're massive s over there.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
last time I checked, it still updated correctly.
Yeah, we never read about someone having an issue with Windows Update
-
@timebandit the main issue people have is that it exists.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
the main issue people have is that it exists
Personally, I don't have any issue with it.
Thanks Ian Murdock
-
fuck why does every thread on this site turn into a discussion about windows 10
-
@bb36e because PHP is finally (mostly) gone, so we moved to the next item on our priority list.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
because PHP is finally (mostly) gone
Gone where ?
-
@timebandit I see significantly less PHP jobs, PHP hostings, PHP tutorials, PHP WTFs, etc. than in 2011.
-
@gąska FYI: more than 60% of websites are running on WordPress, which is PHP.
We're DOOMED
-
@timebandit FYI: more than 50% of people in the world don't even have internet. And they're just as irrelevant as your 60% of personal blogs with zero market value.
I'm sure there are lots of business websites using Wordpress. But I think most of them are in maintenance mode, and everything new is as far from PHP as possible. Though I have absolutely no sources on that and put zero effort in research.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@timebandit I see significantly less PHP jobs, PHP hostings, PHP tutorials, PHP WTFs, etc. than in 2011.
Mmmm, search bubble.
-
@timebandit Fuck, I'm sure WordPress update is a work of art compared to Windows Update.
-
I'm going to be the one to say it: this is not Wordpress' fault, it's due to our broken infrastructure. Most software shouldn't have to handle its own updates.
-
@anonymous234 said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
I'm going to be the one to say it: this is not Wordpress' fault, it's due to our broken infrastructure. Most software shouldn't have to handle its own updates.
It's Xcopy-deployed, so infrastructure doesn't know where it is. Even if it did, you can't necessarily update all the instances on the system (users may have customized it or have other reasons to not upgrade).
I'm all for a better, more consistent upgrade experience - but Wordpress isn't a good place to start.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@timebandit last time I checked, it still updated correctly.
Tell that to the two security updates that have failed to install ever since the Meltdown BS happened. And retry every day.
-
@anonymous234 said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@timebandit Fuck, I'm sure WordPress update is a work of art compared to Windows Update.
I know you hate Windows Update, but we can actually check the code for WordPress... and historically, it's sucked ass.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@timebandit FYI: more than 50% of people in the world don't even have internet. And they're just as irrelevant as your 60% of personal blogs with zero market value.
I'm sure there are lots of business websites using Wordpress. But I think most of them are in maintenance mode, and everything new is as far from PHP as possible. Though I have absolutely no sources on that and put zero effort in research.
I was asked for quotes on implementing a business system in PHP as recently as last week.
There is nothing in my profile anywhere suggesting that I have ever touched PHP even with a long pole so why they asked me about it I have no idea. But PHP is still alive and kicking, in some sense at least.
But at least people are not asking me to create a facebook operating system office suite in PHP anymore.
-
@anonymous234
Yes, this.
This is why i hate bringing in another LAMP type application in the company. Muggins needs to be on top of the updates, as they are all updated in different ways.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@timebandit I see significantly less PHP jobs, PHP hostings, PHP tutorials, PHP WTFs, etc. than in 2011.
Not sure if that's good because anything new that's bound to be written in it has a better chance of being decently written, because damn it, if they're using it they have a good reason... or it will become worse because the only people still using it will keep on writing code like it's still the PHP4 days...
-
@powerlord said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
I know you hate Windows Update, but we can actually check the code for WordPress... and historically, it's sucked ass.
I'm sure Windows Update's code is wonderful engineering work of art
-
@timebandit said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@powerlord said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
I know you hate Windows Update, but we can actually check the code for WordPress... and historically, it's sucked ass.
I'm sure Windows Update's code is wonderful engineering work of art
You mean the thing that supposedly used an exponential runtime algorithm on XP, making svchost search updates forever?
Which they then, also supposedly, fixed but I had the same fucking problems again on Vista and 7 machines, always leading me to disable updates and installing WSUS Offline updater. Yes, work of art indeed.
-
Ah, Wordpress... possibly the biggest POS ever made, and the only thing that marketing people "know how to use" (except they don't and I get stuck troubleshooting). Our last marketing "expert" convinced the bigwigs to move our site to Wordpress, and then promptly quit shortly thereafter, leaving us with this POS to maintain. Before that we had static HTML files that developers could edit as needed (and our site is static content anyway).
Fortunately, I was able to stand my ground and not make Wordpress publicly accessible. It is in a subdirectory with apache only allowing access through whitelisted IPs. We then use a plugin called Simply Static that crawls Wordpress and saves everything as static files, to the directory that apache then serves as our site.
Our logs are full of bots attempting to exploit what looks like Wordpress, but is not. Plus we don't have to be on the upgrade treadmill, so I can update Wordpress when I have time to go through and check that everything still works. Or never.
-
@quijibo said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Ah, Wordpress... possibly the biggest POS ever made
You never worked with phpBB, did you?
-
@timebandit I made no claims about how the code for Windows update looks/works, but I'm too lazy to look up which logical fallacy you used to derive that. Probably affirming the consequent, but I'm way too lazy to look it up.
-
@topspin said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
disable updates
Guys, 40 items is way too much for computers to handle...
-
@tsaukpaetra I dunno, 1099511627776 seems like a pretty big number to me.
-
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
-
@lorne-kates said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
All of them.
-
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@lorne-kates said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
All of them.
All your base are belong to us?
-
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@lorne-kates said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
All of them.
Well, minimum is Base-5 or the digit
4
wouldn't be used…
-
@dkf said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@lorne-kates said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
All of them.
Well, minimum is Base-5 or the digit
4
wouldn't be used…You're assuming
4
is the fourth digit in the series.
-
@tsaukpaetra we're reaching the levels of pedantry that shouldn't be even possible!
-
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@dkf said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@lorne-kates said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
Guys, 40 items is way too much for computers to handle...
In which base?
All of them.
Well, minimum is Base-5 or the digit
4
wouldn't be used…You're assuming
4
is the fourth digit in the series.I'm assuming that symbols have reasonably conventional meanings. Otherwise I could just say teakettle. Teakettle teakettle teakettle, teakettle. Teakettle?
-
@dkf Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo.
-
@dkf said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
reasonably
Tsk tsk tsk...
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@dkf Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo.
Oi! That made sense! We'll have none of that round here!
-
@dkf said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@dkf Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo.
Oi! That made sense! We'll have none of that round here!
I demand photographs of the receipts!
-
@tsaukpaetra said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@topspin said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
disable updates
Guys, 40 items is way too much for computers to handle...
It's not 40, it's 2^40. Something in the update system is infected by Shlemiel The Painter's algorithm.
-
@gąska said in Wordpress, you make it so hard to defend you -- or do automatic updates anymore:
@tsaukpaetra we're reaching the levels of pedantry that shouldn't be even possible!
Here? Never!