> A feature known as the Download Monitor plug-in created a webpage with the clear URL which provided a link to the live version, which bypassed the need for authentication. This rendered the protections on the ‘future’ function of WordPress redundant as it bypassed the required authentication needed to gain access to the pre-uploaded document.
WordPress is a nice piece of software, but the plugin situation is getting worse and worse. (Too many pending updates, premium features and constant upselling, selling of plugins to new sketchy owners...)
The main issue is that there isn't any governance to the plugin store. Once you have a plugin in there, you have free reign to do whatever you want with it. Getting it in there is a PITA though. For example, a library author and I created a plugin, but they wouldn't let me submit it because I wasn't the other author, and they wouldn't let him submit it because he wasn't me. True story.
TBF there is some scrutiny on existing plugins, the team is just extremely understaffed (it’s ran by volunteers after all). I got involved in a plugin that ended up getting de-listed for some minor ToS violations after several years of being “fine”, they re-reviewed the plugin with the same rigor as a new submission.
Kudos to these volunteers, but as long as one single company continues to insist on owning all the resources of the plugin and theme directories, I don't think they deserve to continue profiting from volunteer labor.
> WordPress is a nice piece of software, but the plugin situation is getting worse and worse
The plugin situation is a mess largely because Wordpress isn't a nice piece of software.
It's popular, and functionally it's great, but the codebase is really showing its age. Wordpress has never properly rearchitected because it would break plugins on a scale that would endanger its dominance.
It's not age, it started very, very bad. If they'd fixed the horrible schema and the code a decade and a half ago, plugins would have been a lot easier to write (and a lot safer.)
To an outsider, its entire plugin ecosystem is so odd. Like the conversation about “nulled” plugins, where someone removes license-checking code from GPL-licensed plugins and then redistributes them, and whether that’s moral, or even legal, which of course it is, because that’s the entire point of the GPL.
I am an experienced lead developer specializing in custom WordPress development. I design and develop high-performance websites that are accessible and easy to use.
I've spent the last 3 years leading the marketing website for CoderPad.io leading the redesign and building out the marketing website. It included over 70+ custom, reusable components and a living style guide to track their usage --> https://coderpad.io/styleguide/
On the side I run DummyImage.com which serves 150+ million requests, 30+ million unique visitors per month.
I'm a senior web developer specializing in custom WordPress development with experience working in startups, creative agencies, world-renowned non-profits, and large media companies. Love bringing componentized websites to life utilizing custom design systems with an intuitive user-friendly backend. I've spent the last 3 years leading the marketing website for CoderPad integrating WordPress with HubSpot/Salesforce, designing marketing emails, and building analytic funnels for business insight.
I run DummyImage.com which handles 1.5 million unique visitors and 5 million requests per day.
thanks. I am looking for my own videos and particulary not youtube. The idea is to host my own videos on my site to be able to search them. Therefore looking for an opensource solution
If it is just for your own videos, you don't need a video search solution - you need a transcription process or service. Then you would have timestamped words/phrases, which you could put into a database and just query/search that DB.
Yikes. Wasn't aware of that one. Thanks for sharing it.
I like smart contracts but you really have to be super careful with them, and ideally they should all be audited by a third party before launch, to help catch stuff like this. But even that's not a guarantee crap like this won't happen sometimes.
1) Upgradeable - where an authority has the right to replace the live contact at any time and rug-pull everyone. That's not trustless, and it's no better than running an app in AWS.
2) Non-upgradeable - where you simply have a self-funding bug bounty waiting to get popped. Even if they're audited.
They're not smart, and they're not interesting, to me anyways.
Re: Upgradeable contracts, there is often some governance method that removes the power from just one person, but there's usually also a time-delay, so that in theory at least, users of the contract can see that an upgrade has happened and remove their interaction with it if they don't like the new contract.
This is quite different from having money in a bank where policy changes and government seizures or freezes may happen without warning.
