Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

The Grapevine Says IBM's American RAs (Mass Layoffs) Soon to Follow European RAs, PIPs and "Reviews" as Pretext for a Likely Baseless Dismissal: The days of honourable corporations and work ethics are long gone it seems...
Links 23/01/2026: Growing Censorship, Intel Falls (Another Bubble, Propped Up by Cheeto Bailout), and Huge GAFAM Layoffs Continue: Links for the day
Working for Freedom Makes You a Target: it's not about what you do but about who gets served
Claim That IBM Mass Layoffs Began Again in Europe, With Rumours It'll Close Offices: Unless IBM issues a statement (admission) to the media or issues WARN notices (in the US), the lousy media will simply assume - however wrongly - that nothing is happening and there's nothing to report
The "Alicante Mafia" - Part IX - EPO Budget Funnelled Into Cocaine and Moreover Rewards Cocaine-Addicted Management for Getting Busted by Police: Any day that passes without European media and European politicians doing anything about it merely discredits the media and the EU (or national governments)
Senior management and HR email privacy: Martin Ebnoether (venty), Axel Beckert (xtaran) & Debian abuse in Switzerland: Reprinted with permission from Daniel Pocock
Pierre-Elliott Bécue, ANSSI & Debian cybertorture: Reprinted with permission from Daniel Pocock
MJ Ray, Micah Anderson & Debian on drugs, prostitution at DebConf6 fight: Reprinted with permission from Daniel Pocock
Excellence in Ethics: a list of victories for the truth: Reprinted with permission from Daniel Pocock
Richard Stallman Giving Public Talk, Answering Questions From the Audience: We understand (from the organisers) that there will be a video of the talk
Forbes Covers in 2026 What Was Already Clear for Over a Decade: Microsoft's BitLocker 'Encryption' is a Back Door: One that's promoted by the loudest boosters of UEFI 'secure boot' as well
Links 23/01/2026: Minus 24 deg C in South Korea, "Iran Internet Blackout Passes Two-Week Mark": Links for the day
Gemini Links 23/01/2026: "Witch Watch" and English on the Net: Links for the day
Projection Tactics - Part IV: SLAPP by Americans Against Techrights (UK) to Hide Serious Abuses Against American Women: "PRs need to stop being complicit in suppression of information via SLAPPs"
Reminder That "Linux" in the Site's Name (and Domain) Does Not Imply Authentic Journalism About GNU/Linux: the sad fact that some once-legitimate sites became slopfarms
Further Comments Illuminate Observations Regarding IBM's Layoffs (RAs) Plan for Europe: Some shed light on the expected scale
Appeasing Bullies Doesn't Work: The reason we're still here and very active is that we're good at what we do
How Microsoft Will Tell Shareholders That the Business is Failing in a Few Days: It'll resort to "AI" storytelling (lying about slop having potential for some unspecified future year)
Flying to See Today's Talk by Richard Stallman: It's probably not too late to reserve a seat for today's talk
The Fall of Freenode Didn't Kill IRC and the Web's Issues (Not Limited to LLM Slop) Didn't Kill Everything: As long as there are enough people willing to keep the simple (or "old") stuff it'll refuse to die
GAFAM Layoffs by Performance Improvement Plans (PIPs) Hide the Real Scale of Their Financial Troubles: the "official" numbers of layoffs will never tell the true story
'Domesticated' Animals Not More Valuable Than Free-range Wildlife, Proprietary ('Commercial') Software Isn't Better Than Free Software: the proprietary software giants (companies like SAP or Microsoft) have a lot of lobbyists
Richard Stallman Won't Talk About "AI", He'll Talk About Chatbots and LLMs Lacking Any Intelligence: This really irritates people who dislike the message; so they attack the person
Slopfarms Still Fed by Google, Boosting Fake 'Articles' That Pretend to Cover "Linux": At this point about 80-90% of the search results appear not to be slopfarms
Gemini Links 23/01/2026: The Danish Approach to Deepfakes and Random vi Things: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, January 22, 2026: IRC logs for Thursday, January 22, 2026
Five Years Ago, After We Broke the Story About Richard Stallman Rejoining the FSF's Board, All Hell Broke Loose (for Me and My Family): They generally seem to target anyone who thinks Richard Stallman (RMS) should be in charge or thinks alike about computing
Links 22/01/2026: Slop Fantasy About Patents, Retirement in China Now Reached at Age Seventy: Links for the day
Gemini Links 22/01/2026: Why Europe Does Not Need GAFAMs, XScreenSaver Tinkering, FlatCube: Links for the day
Salvadorans' Usage of GNU/Linux Measured at Record Levels: All-time high
Links 22/01/2026: Ubisoft Layoffs Disguised as "RTO", US "Congress Wants To Hand Your Parenting To GAFAM", Americans' Image Tarnished Among Canadians (Now Planning to "Repel US Invasion"): Links for the day
10 Easy Steps to Follow for Digital Sovereignty in Nations That Distrust GAFAM et al: When "enough is enough"
No, the Problem at IBM/Red Hat Isn't Diversity: Microsoft Lunduke also openly shows his admiration for Pedo Cheeto
Do Not Link to Linuxiac Anymore, Linuxiac Became a Slopfarm: now Linuxiac is slop
Dr. Andy Farnell Explains Why Slop Companies Like Anthropic and Microsoft 'Open' 'AI' Basically Plunder and Rob People: This article was published last night at around 10
Richard Stallman (RMS) at Georgia Tech Tomorrow: After the talk we'll write a lot about "cancel culture" and online mobs fostered and emboldened in social control media
Software Patents by Any Other Name: There is no such thing as "AI" patents
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 21, 2026: IRC logs for Wednesday, January 21, 2026
The "Alicante Mafia" - Part VIII - Salary Cuts to Staff, 100,000 Euros to Managers Busted Using Cocaine (for Doing Absolutely Nothing, Just Pretending to be "Sick"): Today we look at slides from the union
Gemini Links 22/01/2026: Forest Monk, Aurora Observation, and Arduino Officially Launches the More Powerful Arduino UNO Q 4GB Single-Board Computer: Links for the day
Next Week is Close Enough for Wall Street Storytelling About 'Efficiency' by Layoffs for "AI": This coming week GAFAM and others will tell some creative tales about how "AI" something something...
Google News Still a Feeder of Slop About "Linux", Which Became Rarer in 2026: Our main concern these days is what happened to Linuxiac. Bobby Borisov became a chatbots addict.
Links 21/01/2026: "Snap Settles Lawsuit on Social Media Addiction" and Attempts in the US to Revive Software Patents: Links for the day
Links 21/01/2026: Microsoft 'Open' 'Hey Hi' in More Trouble, US Has "Brown Shirts" Problem: Links for the day
Yesterday Afternoon The Register MS Published Paid Microsoft SPAM Disguised as an Article About "AI PCs": The Register MS cannot help itself, can it? [...] Follow the money.
Microsoft's XBox is in Effect Dead Already, Now It's a Streaming and Advertising Platform: Expect many layoffs soon
Richard Stallman's Talk at Georgia Tech is Just 2 Days Away: We're still curious to see how malicious people (or trolls) in social control media will try to slant his talk as "bad"
EPO's Web Site Misused for Propaganda About Illegal Kangaroo Courts to Distract From EPO Scandals and Judicial Crisis in Europe: UPC is illegal and unconstitutional
The "Alicante Mafia" - Part VII - The Industrial Actions Began Yesterday, Here's Why: The "Alicante Mafia" might not last much longer
Gemini Links 21/01/2026: Edible Circuits and "Sayonara HTTP": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 20, 2026: IRC logs for Tuesday, January 20, 2026
IBM Hides Its Own Destruction (and Red Hat's): It's like scenes out of '1984', which is what a now-famous advertisement from Apple compared IBM to

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts