If Fastest Cache was only a free plugin, I’d give the dude a bit of credit. But it’s not free - his commercial versions are dramatically overpriced considering that he seems to write a new SQLi every odd numbered release. This is overpriced, garbage software and dude can go fuck himself. At this point, I’d happily call this level of negligence criminal.
I've only seen the free versions, so I agree if you are charging it should be better quality.
Personally, I wish programming was treated as "proper engineering", in the same way as bridge building -- there are standards, and you get in serious trouble if you build a bridge, it falls down, and it was clearly your fault.
Of course, people should still be allowed to "build a bridge in their backyard", they just have to put clear warning signs on it, and if a company uses an "illegal bridge", it's their fault when it falls down.
We might still get there, we are still in the early days, similar to when there were no building standards and they fell down / burnt down regularly. After there were enough major disasters, people started demanding better.
Physics is a rule set that never changes, hence engineering standards can be built around it.
Qualitative systems like programming languages have an immeasurable amount of variation and complexity and are extremely difficult to monitor and enforce standards around.
What’s required is a better stack that is less error prone. If programmers can’t make the mistakes in the first place, they won’t happen.
The basic rules of logic which CPUs use and much easier than physics, and have been fixed liner (see quantum mechanics and relativity). I am ignoring CPU bugs here, but then again I wouldn't expect a law to blame programmers for those, same way a builder wouldn't be blamed for defect concrete they couldn't have known about.
Also, new building materials are created all the time, tested, then allowed if they meet fixed safety standards.
This isn't a smartphone. It is a server that other people (that you specifically get to target) have to use.
It is your responsibility to verify your supply chain. If you can't do that, maybe you shouldn't operate a website that collects user information.
At least before cloud you would have to set up bare metal services which gave people an idea of what they were actually assembling. The fancy control panels and one click installs have created a group of overly entitled administrators who can't admin and won't take any responsibility for running shit, misconfigured, off the shelf services from companies they didn't even vet.
You are missing the point. This is a freemium plugin listed in the WordPress plugin directory. They (WordPress) are being negligent by exposing users to that kind of code without any warning, enabling users to install this directly from they WP Admin area.
One should expect at least a red flag, but as always they just care about numbers.
I completely get the point. We are looking at both sides of the same coin. Read my comment again. We are both describing the same problem from different angles.
You claim that WordPress has a responsibility to vet the submissions on their plugin repo in the same way that Apple vets apps on the app store.
I think this level of abstraction has made web operators lazy. I think WordPress.org has a responsibility to host everybody's code and that it is your responsibility as a website operator to vet that code before you let your server run it. Just because you pay for Github or financially contribute to an app on Github doesn't shield you from bad code that another Github user has submitted.
Nevermind WordPress and all of the plugins they host are GPLv2, which means.....(verbatim) "BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW."
