pdavisnwa

@samuel Wood (Otto)

Thanks for the answers.

Oddly enough, that’s exactly the sort of reasoning people use to have automatic updates in the first place.

That is people, and from one person to the next, there exists great variance in the priorities they place on this or that thing.

– The API now uses SSL-only, and the relevant root certificates are included in WordPress. Spoofing that would be most difficult because it’s not relying on the network to validate the SSL certificates.

Yes, it used not to, which is why I chose to do SFTP and HTTPS to maintain my sites. Nonetheless, however difficult the protocols chosen by WordPress may be to spoof, it is not impossible. I just prefer to be in control of that risk myself. If it blows up, then I am right there to see it. If it gets hacked because I am compromised, then I know where it came from.

Again, I appreciate your response and your time.

Thank you.

@marj Wyatt

I think the heart of the issue here is that some in both of the developers and in the community have forgotten certain core principles that originally drove WordPress to be open source and GPL in the first place.

I place a certain trust in the open source community that I do not place in the commercial side of the business. Generally, that trust has not been misplaced. However, in a zeal for security, the developers and their defenders have spent currency they did not have. They have forgotten that developers SERVE the community, and not the other way around.

WordPress is a good product. I like it and have recommended it to others. However, I see an attitude rising here among the developers and their defenders that is not good. They need to honestly evaluate why they are doing what they are doing. If the answer is not satisfactory, then the best thing to do is move on.

I was particularly disturbed by Andrew Nevin’s “go find another CMS” reply to me. That is an invitation for people to leave WordPress and reduce it’s user base. It is a counter-productive answer.

I would dearly love to see the chips fall the right way in this matter. I will be disappointed if they do not.

@andrew Nevins

So, who deleted part of the conversation where you told me I needed to go to another CMS?

If you didn’t like my reply, you should not have been dismissive toward me.

Kindly put my posts back up, as I was contributing to the topic until you, Andrew, decided to treat me like a child.

WordPress violated basic rules of computing and software. All I did was point that out, and say that it was inexcusable. You then decided to dismiss me as if my concerns were groundless.

@andrew Nevins

Who do you think I am?

It really is irrelevant who you are. At this point you are an apologist for the inexcusable conduct of the WordPress team.

That makes you every bit as bad as they are with regard to this matter.

You may be a fine individual in every other respect, but don’t apologize or rationalize the inexcusable breach of the most basic rules of computer usage:

1. Never take control from the user.
2. Never do anything to a user without their permission.

These two unwritten codes of conduct have been around since the earliest days of computing. Only the unscruplous and arrogant violate these rules.

Man, I work as a Network Tech in a company with over 400 users. I never touch a users profile without their permisson, unless they have first violated company policy and are under investigation.

Moreover, we tell them upfront in the Computer User Policy that the PC and network they use are subject to change, and updates will be done from time to time without warning.

Now, compare that relationship to the relationship WordPress users have with WordPress. Just where does WordPress get off determining that MY SITE needs to be updated without MY EXPRESS PERMISSION?

In your vernacular: Dude, get real.

You all have violated one of the first rules of computer usage:

Never take control away from the user.

You did, and I am quite upset.

I do not care how “safe” the updates supposedly are. You have NOT tested every possible configuration of WordPress there can be. You will break someone’s site, albeit unintentionally, but broken nonetheless. I wonder, will you contribute your personal time to fixing what you then broke? Will you fix their damaged reputation?

I wonder, do you all think you can undo damage once it has been done? Can you all now magically go back in time and fix a problem you precipitated by your “helpful” feature so there is NO IMPACT?

I seriously doubt it.

The automatic update feature was implemented WITHOUT user permission, and without proper notification – which is an absolute No-No. (I’m sorry, but “read the release notes” is NOT proper notification to the user for such a significant change to the features of the software.)

This implementation, and the replies I read from the WordPress team, smack of arrogance, and a “know-it-all” attitude.

By the way, since when did the WordPress team decide they were God?

The more I think about this, the more upset I get at the utter presumption of such action.

Same problem as described above. I did what you said to do ev3rywh3re. However, when I turned every option back on, it still gave me a blank editor area and no buttons.

I did it twice, exactly as you stated. Fail both times. But, the second time I started turning off options on the Configure Editor page. I found that the Font Tools option caused everything to blank out.

Hope this helps.

In your wp-config file you will find the following line:

define(’DB_CHARSET’, ‘utf8′);

Comment it out or remove it. This caused me considerable grief when I upgraded a couple of weeks ago. There is a conflict between the way your MySQL database is setup and the above line in the config file.

What I went through figuring it out is detailed here:

http://reproachofmen.org/blog/?p=102

I pray this helps.