Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

LLM Slop is Not Reliable, Constitutes No Process of 'Thinking'; There's No Thought Process at All, No Grasp or Understanding, Let Alone Context
Lies have become the "business model" [...] More people ought to talk about it and explain to other people what LLMs really are
Not a Security Expert If You Cannot Manage to Keep Online a Simple Two-User Mastodon Instance Somebody Else Built
From uptime of ~99% to maybe 80%
Microsoft Has All the Symptoms of a Dying Company (Mass Layoffs of the People Who Built the Company)
the company's debt is going through the ceiling
For Effective 'Finlandisation' (Not Digital Sovereignty) to Be Replaced by Autonomy Finland Needs to Think Like GNU (Software Freedom), Not Linux (Openwashing Source, Plus LLM Slop and Killswitches)
What is 'Finlandisation'?
IBM's Kyndryl in Trouble: Mass Layoffs, Payroll Problems, Buybacks (in Company Whose Debt is Almost Twice Its Total Value), and Soon $9 Per Share (Down Over 80%)
Kyndryl is done. Stick a fork in it.
ICYMI: GNU/Linux Did Not Start in Finland
If we're honest/true to ourselves, we need to recognise history for what it is, not what some corporations (like GAFAM) want it to be
 
"AI" Became a New Name or Placeholder for Debt
Because they will only ever lose money for this thing with "tokens" or "potential"
"Microsoft Goodwill and Intangible Assets" Down Two Years in a Row, According to Microsoft
Microsoft cannot sell these, so what is their real relevance?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 15, 2026
IRC logs for Friday, May 15, 2026
IBM: Shares Down 30%, Mass Layoffs, IBM Says "Goodwill" Grew by 10% to Over a Third of the Company's Total "Worth"
According to IBM
Microsoft LinkedIn Layoffs "Very Likely Higher" Than 1,000 People
Microsoft is bleeding
The Corrupt Lecture the Non-Corrupt - Part XXIV - Luis Berenguer Giménez at the EPO (European Patent Office) Became the Punchline of EPO Staff
"the fact that Luis was caught with cocaine causes laughter. The use of cocaine in itself is not the real shocking bit."
IBM Keeps Culling Essential Linux, Fedora, GNOME, and GTK Staff
Over a month ago IBM laid off over 400 Red Hat engineers
Cisco Cuts Nearly 4,000 Jobs Because of Debt, Nothing to Do With Slop
The media keeps talking about revenue, not profits
Gemini Links 15/05/2026: UDP Game Forwarding Over SSH, Avoiding LLMs, and Alhena 5.5.9
Links for the day
Links 15/05/2026: Electric Company Shuns Entire Town to Prioritise Only Data Centres, Saudi Arabia and U.A.E. Carried Out Secret Attacks in Iran
Links for the day
Focus is Important, Focus is Everything
We are still running 6 multi-part series in tandem
Guest Post on False Marketing and PR Blitzes by Anthropic
A lot of people my age are just tired of the nonsense
Links 15/05/2026: UK antitrust regulator is officially investigating Microsoft Office, Anthropic’s Fraudulent Lies About Mythoslop Don't Withstand Scrutiny
Links for the day
IBM is Googlebombing the Media With Fake Numbers to Promote Fake Technology
a classic example of why much of today's media cannot be trusted (anymore)
Up to 10,000 Microsoft Layoffs in a Couple of Months
Many ways to skin a cat
Truth Hurts. People Hurt by Truth Aren't Entitled to Compensation.
Family members aren't exempt
SLAPP Censorship - Part 77 Out of 200: They Never Knew How to Handle Women (Except to Attack Them)
The case against us was really quite simple
Update on Sirius Open Source in 2026 (When Your Former Employer Commits Crimes and Nobody is Held Accountable)
I did not envision myself spending several years (even 4 years after leaving that company) challenging the system for tolerating and even covering up corruption
Codecs and Software Patents - Part VII - Entering Phase II, the Battle Against Companies That Normalise Taxed (by Patents on Mathematics) Codecs
In the next few part we'll deal with the impact on Free software, including the GNU Project
The Corrupt Lecture the Non-Corrupt - Part XXIII - Cocaine Use at the EPO's Top-Level Management "Adds Up" and Worsens Things "Over Time"
"cocaine use knocks the IQ down permanently a tiny bit with each use. Over time that adds up."
Gemini Links 15/05/2026: Slop Fatigue and Banning LLM Use
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 14, 2026
IRC logs for Thursday, May 14, 2026
Links 14/05/2026: Health Science, Cheeto Meets Pooh, and Facebook Staff Loathing the CEO
Links for the day
Gemini Links 14/05/2026: Early Morning Practice and Number to Roman Numeral Converter
Links for the day
FSF Advertises the Father of Software Freedom Giving a Talk in Germany (a Digital Sovereignty Interest Hub, Sponsor of Free Software)
Free Software vs malware and the need for reverse engineering
Cybershow (UK) Shaping Up to be a Neat and Very Large Gemini Capsule
If only more platforms did the same, plenty of energy would be spared, "old" machines would be totally suitable (even with 20 tabs open), as we'd focus on substance, not bells and whistles
SLAPP Censorship - Part 76 Out of 200: The Problem With the United Kingdom Allowing Americans to File Lawsuits by Proxy (Relayed by "Hired Guns")
Solicitors in UK warned not to act as ‘hired guns’ to silence critics of super-rich
When Microsoft's LinkedIn Goes Offline All Your Fake Friends/Connections and Manufactured 'Status' Will be Gone
Many people quit social control media because they recognise it for what it truly is
Major Setback for IBM in the Courtroom, the Demolition of IBM is Proving Costly
Kyndryl is a sign of how IBM ("mother ship") is run and where IBM is heading
Links 14/05/2026: Willful Ignorance and Mass Layoffs at Microsoft
Links for the day
Gemini Links 14/05/2026: Rewatching V for Vendetta, JPEG XL, and Platform Migrations
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XXII - What the Science Says About Cocaine in the Workplace (EPO President, Mr. Campinos, Please Take Note)
What the science says
European Patent Office (EPO) President, Mr. Campinos, Ignoring Its Staff While Protecting His Friends
the President is covering up cocaine use while ignoring his own workers
Slop Cannot Replace Everybody (the Story of Perl and Universities)
Quantity where abundance exists is without merit; quality is what people opt for as they have limited time and patience
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 13, 2026
IRC logs for Wednesday, May 13, 2026