Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

openai.com Traffic Said to Have Fallen 50% in the Past Three Months, Reports Say It Nearly Ran Out of Money to Borrow
After the slop frenzy all we'll have left is environmental destruction
Rudeness and Vulgarity Won't Stop Journalism About Free Software
we seem to be on the right path
IBM Plans for Layoffs Becoming Clearer With "Employee Reviews"
Of course this impacts Red Hat as well
 
The "Alicante Mafia" - Part VII - The Industrial Actions Began Yesterday, Here's Why
The "Alicante Mafia" might not last much longer
Gemini Links 21/01/2026: Edible Circuits and "Sayonara HTTP"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 20, 2026
IRC logs for Tuesday, January 20, 2026
IBM Hides Its Own Destruction (and Red Hat's)
It's like scenes out of '1984', which is what a now-famous advertisement from Apple compared IBM to
LLM Slop Not Dead Yet, Examples of Slop About "Linux"
We wish to see the totals down to zero
Links 20/01/2026: Cheeto Blackmails France Into 'Peace' While Looking to Annex EU, Mass Layoffs in Capgemini (Microsoft Reseller/Promoter) in France
Links for the day
Gemini Links 20/01/2026: Boxing and "Inbox Zero" Success
Links for the day
Windows and Slop Declining While Microsoft Silences Critics
Microsoft tries to suppress facts while faking 'demand' by imposing slop on everybody, everywhere
IBM Kills OzLabs, Signalling An Attack on Free Software (a Sign for Red Hat)
ibiblio also appears to have died (or experiences critical issues)
Red Hat Vice President Leaving After Nearly Two Decades
IBM's culture of secrecy is not compatible with Free software
Links 20/01/2026: "ChatGPT Health" (Latest Distraction From Being Insolvent) Flops and Raises Concerns, "The U.S. Military Faces a Reckoning on Greenland"
Links for the day
Readers Pleased With Layout Changes
Two days ago we began improving clarity and accessibility in the site
IBM is Outsourcing Red Hat's Fedora to Slop to 'Save Money'
If IBM cared about quality rather than alleged "cost savings" (cutting corners), it would assign more IBM staff to Fedora, but instead the exact opposite happened, with the likes of Cotton and Miller removed from the project
European Patent Office (EPO) Industrial Actions Formally Start in Two Hours
As per the latest (revised) action plan, today workers will slow down their work and limit patent grants
Microsoft Under Fresh Investigation by the Italian Competition Authority
In 2025 we kept a running tally of 30,000+ Microsoft layoffs, so 40k this year would not be unthinkable
The "Alicante Mafia" - Part VI - More Strikes Planned at the EPO, Starting This Month
Yesterday we said that friends of Berenguer or inside Berenguer's circle may have left
Gemini Links 20/01/2026: New Tea, Using a Roku at a Hotel, and "Voltage-Based Power Management for Any Raspberry Pi"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 19, 2026
IRC logs for Monday, January 19, 2026
If You Don't Want "Linux" to Become "Windows", Then Follow GNU
GAFAM isn't a friend of Linux; it's only a user in the same sense clients are "users" of a brothel
Links 19/01/2026: National Broadcasters on World or Local Affairs Up to a Week Ago
Links for the day
Gemini Links 19/01/2026: Game Boy and "The Lounge" (IRC) for the Elderly
Links for the day
Slopfarms in Google News (at Least Three Today) With Fake 'Articles' About "Linux"
Google itself is trying to promote its own slop ("Overview") at the expense of original and credible sources
Links 19/01/2026: ChatGPT’s Defects and The Guardian on Why So-called "AI Companies Will Fail"
Links for the day
This is What the Slop Bubble Popping Can Look Like
Maybe not an overnight collapse, but getting there gradually
IBM Quiet About Its Plan for Red Hat Amid Accelerated Bluewashing
Something is going on at Red Hat
The "Alicante Mafia" - Part V - It Seems Like Some People Are Already Leaving "The Mafia"
they have a rough idea of what's coming
Microsoft Means War, Microsoft is on the Side of ICE
Microsoft, people-ready
More Confirmatory Rumours Regarding "Massive" Red Hat Layoffs
Ecosystem and sales said to be targeted
Proprietary UNIX is What We'll Have If IBM Red Hat Gets Its Way
IBM Red Hat wants to control everything, even if that means killing everybody
Free Software in Times of Peace (and Times of War, Too)
GAFAM and IBM are war companies
Founder of GNU/Linux (RMS) Speaks in US University (College) This Week
The auditorium has very high capacity and this is his "college comeback" talk in the United States
Office Meetings Are Most Useful to the Least Productive Workers
In my "office life" days I really didn't like meetings
LinuxSecurity and Linuxiac Are Still Slopfarms, Even Anthony Pell Does It
We suppose waiting another month or another year won't change a thing
Claim That the Board of Directors at IBM Isn't Happy With How the Company is Run
IBM tries to project an image of strength to the whole world, especially to its clients
Links 18/01/2026: Legal Trouble for xAI, Climate Concerns, Data Breaches and More
Links for the day
'Vibe Coding', Chatbots, and Other Bots (e.g. "Agents" Disguised as "Superintelligence") Aren't Saving You Time
False marketing, FOMO marketing tactics
Gemini Links 19/01/2026: Analog Cameras and Plucker in 2026, US Losing Acceptability in Europe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 18, 2026
IRC logs for Sunday, January 18, 2026