Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

Links 03/05/2026: Insolvent US Bailing Out Google, Microsoft, Amazon, Nvidia, Oracle, OpenAI, and SpaceX
Links for the day
All-Time Lows for Windows in Spain and Portugal
data which became publicly available less than 24 hours ago in statCounter
 
SLAPP Censorship - Part 66 Out of 200: Alex Graveley Did Illegal Things, Then Asserted Mentioning Those Illegal Things is Privacy Violation
Alex Graveley "has suffered damage and distress" when the public found out he told women to kill themselves
The Corrupt Lecture the Non-Corrupt - Part XII - Outsourcing Everything to Microsoft, Which is Illegal
Today's EPO isn't about technology or law
Melissa Chan on Why Press Freedom Matters to Everyone, Not Just Journalists
dispelling a myth
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 03, 2026
IRC logs for Sunday, May 03, 2026
Gemini Links 04/05/2026: Another Old Web Pillar Gone and Simple Lobsters Mirror for Gemini
Links for the day
SLAPP Censorship - Part 65 Out of 200: Graveley and Garrett Claims Are Word-by-Word Similar (They Also Collaborated All Along)
We'll keep it short today
IBM Has a Long and Rich History of Showing Chatbots Bear No Business Prospects (From Jeopardy to Watson Healthcare and McDonalds)
Watson Healthcare is already in the dustpan, so they are rebranding it again
Europe Decoupling is Bad News for GAFAM, Especially Bad to Microsoft
Countries want independence
India Needs to Recognise That the World Wide Web is Monoculture in India
In the US, a judge with Indian roots dealt with a case related to this; why won't India?
All-Time Lows for Windows Down Under
seeing the demise of Windows in Australia (historically a slow or low adopter of GNU/Linux) is good news
Linux Kernel Tainted by Software Patents That Make Linux Worse and the 'Linux' Foundation is Compiling Bribes to Enable This (Promotion of Monopolies and Tolerance of Software Patenting)
Why you need to reboot when a serious bug is found in Linux? "Licencing"...
IBM's Kyndryl Accounting Fraud Explained and More Recently the Insiders Talk About Mass Layoffs
Judging by how the media totally ignored 800+ layoffs at IBM's Confluent and 400+ layoffs at Red Hat a few weeks ago don't expect to hear anything about Kyndryl layoffs
Links 03/05/2026: Water Shortages Crises and Slop Fakes "Are Coming for Your Bank Account" (Slop-Enabled Fraud)
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XI - EPO 'Products' to Cement Asian and American Monopolies
Only a fool would believe Lame Duck Campinos
Microsoft Windows Falls Below 9% in South Africa
As one can expect, GNU/Linux is measured as going up in France
Gemini Links 03/05/2026: The Black Side of the Web, LiveJournal, Chimarrão
Links for the day
A Month Since Mass Layoffs at Red Hat (400+ Engineers Laid Off), The Media Didn't Cover It
We are very concerned about the state of the media
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 02, 2026
IRC logs for Saturday, May 02, 2026
Gemini Links 02/05/2026: Strange Psychosis and TUIs
Links for the day
Links 02/05/2026: Microsoft Has Begun Rebranding Vista 11 as 'XBox' (Because the Console is Dying), Slop Rejected by Oscars
Links for the day
IBM's CEO 10 Years Ago in IBM-Sponsored Forbes: "For those willing to embrace [blockchains], the future will indeed be bright."
How well did this prediction materialise?
SLAPP Censorship - Part 64 Out of 200: Not Amused by Repeated Threats (to "Shut Down" My "Existence" While Mentioning My Wife Too)
it's about censorship
RightsCon Cancellation as a Data Point in a World Gone Astray
RightsCon should not even be controversial
The NHS is Under Attack by Anthropic and Microsoft (or Their Lemmings That Infect the NHS)
They are kidding themselves if they seriously believe Web-facing source code repositories are the real threat to patients
cPanel is Not Linux, cPanel is Proprietary Software
It's fair to say I've used cPanel for 23 years
Links 02/05/2026: Gen Z is Turning Against Slop and OpenAI/Microsoft Rift Explained
Links for the day
Storage and Memory Prices Are Rising Not Because of High Demand (Production Can Match Demand), It's Partly Because of Price-Fixing (Same as Food Price Increases)
Sophisticated robberies are still robberies
Thousands of Layoffs at IBM, So IBM Pays Mainstream Media to Claim That IBM is Hiring (Paid Lies)
This is a story about the media failing us, not just IBM failing as a company
A Look at DataStax Bluewashing (IBM and Layoffs)
IBM is a place that many people leave or get pushed out of
Gemini Links 02/05/2026: Leaving Session, Alhena 5.5.7, and Slop Failing Customers
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 01, 2026
IRC logs for Friday, May 01, 2026