[kwlug-disc] free software - pwned

Paul Nijjar paul_nijjar at yahoo.ca
Fri Jan 14 22:51:35 EST 2011 

On Fri, Jan 14, 2011 at 09:13:01AM -0500, Insurance Squared Inc. wrote:
> Here's a very interesting article on free wordpress  themes:

> http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/

>
> Here's the summary.  Top 10 results of a search for 'free wordpress  
> themes' results in 1 safe site (wordpress), one that's iffy, and 8 that  
> contain malicious code.

I think "malicious" might be a strong word.  Most of the flags were
for obfuscated content that contained backlinks, as opposed to code
intended to root your Wordpress install. I guess this content might be
harmful for those who are trying to keep their Google rank high,
though. So yeah, malicious.

I have mixed feelings about this:

- On the one hand, many eyeballs are making for shallower bugs, if
  you consider backlinks bugs.
- On the second hand, there's something about theme culture here that
  rubs my inner open-source advocate the wrong way. The ambiguity of
  the word "free" strikes again.
- On the third hand, the existence of plugins that check themes for
  such skeezy tactics is a good thing, and maybe those plugins will
  get better. Whether people will run these plugins is another matter.
- On the fourth hand, this is one reason I rely on gatekeepers for my
  code, which brings up another two hands: trusted APT repositories
  and the Apple Store. Although the sites mentioned in this blog post
  are repositories, clearly they are not reputable ones.
- On the fifth hand, maybe the reason these repositories have such
  high rankings is because of the backlinks embedded in their themes!

I'm running out of hands, so I should stop. 


> Might be worth a response from the folks at Drupal :).  As for me, I  
> guess rather than having a slow day at the office I need to go replace  
> all the free wordpress themes I'm running on my server.

Well, at least Wordpress has a vibrant theme ecosystem. (Dagnabit.
Where did I leave my asbestos pants?)

- Paul (who remembers reading about when asbestos were cool)

-- 
http://pnijjar.freeshell.org

More information about the kwlug-disc mailing list