Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

A Can of WORMS - Part I - Trying to Throw RMS Under the Bus at MIT and Everywhere Else: This series won't give air to online 'trolls'
Mobbing at the European Patent Office (EPO) - Part I - An Introduction: When the series ends, some time around the second or third EPO strike of this year, we'll contact the relevant authorities and plead for intervention
The Solicitors Regulation Authority (SRA) Delusion - Part I - Who Regulates This Regulator? (Only Itself!): We won't self-censor or prematurely terminate this series
Norway Almost Trusts Russia More Than the Bill Gates (Sleeping With Young Russian Girls) Company, Microsoft: Microsoft represents crime
Riddle Us This... (Jim Zemlin and Bill Gates): Do these people even understand the literal meaning of "safe space"?
Is "Nobel Prize for Peace" a Sick Person's 'Code Word' for Gangbanging Now? Ask Bill Gates.: Watch all the Gates apologists getting all silenced/silent
BBC Gaslights Women Sexually Exploited (Many Under Legal Age) for Its Rich Sponsor, Bill Epsteingate (Gates): Is this a national broadcaster or a propaganda tool "For Rent"?
Microsoft 'Open' 'AI' Reportedly About to Become Bankrupt, Seeking Emergency Cash Infusion (Loans): the money promised to Microsoft 'Open' 'AI' failed to arrive
Gemini Links 31/01/2026: Deep Ice and Slide Rules: Links for the day
Writing About Abuse: Never ever allow misogynists to get their way if you strive to live in a decent society
MIT DEDP MicroMasters online learner's blog post about cover-up linked to resignation of Swiss financial regulator: Reprinted with permission from Daniel Pocock
Salary Erosion Procedure (SAP) as the Primary Reason for EPO Strikes: They focus on financials, as the corruption aspects are un-sayable or unspeakable, except in private
IBM Bluewashing: Feels Like IBM is Scuttling Neudesic (and Some of Red Hat): We recently saw some Red Hat staff joining a Microsoft proxy
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, January 30, 2026: IRC logs for Friday, January 30, 2026
Microsoft Stock Collapsing Due to the Slop Bubble and Microsoft is Hiding Budget 'Black Holes': Microsoft does not perform like it tells "the media" and "the market"
Gemini Links 30/01/2026: Love and Cultivation, Gemtext Anchors: Links for the day
Will Jim Zemlin Also Sell His Daughter or Only the "Linux" Brand (and Linux Foundation) to Bill Epsteingate?: Torvalds "ate a bug"
The Epstein Files Don't Say the Ages of Those "Russian Girls" Bill Epsteingate Exploited: This E-mail was sent around the time an arrest was made for pedophilia
Only One in 33 EPO Staff Voting on the Strike Opposed It: Kudos to all those who participated in the strike
Still Hoping for "Slop Zero" in 2026: We've also noticed that linuxiac.com shows a glimmer of hope this week
Links 30/01/2026: Waymo Crashing Into 'Small People' (Children), Microsoft at Risk Due to Slop Debt: Links for the day
Amutable’s Management and Founders Are 100% Microsoft!: It'll be focused on promoting Microsoft's agenda in everything it does
IBM Tries to Get Rid of Workers Without Paying Them (and It Appears to be Working): be sure to speak to people who actually work there
He Has No Money, But He Has Power, He Has a Voice: That's why they envy and attack him
Free Software in Swiss Media This Week: RMS is still going places with his Migros bag (Swiss retail giant)
TV Programs Disseminate False Numbers of Microsoft Layoffs (About 31,000 Laid Off Last Year, Not Including PIPs, Contractors and so on): large-scale layoffs are inevitable, no matter how long Microsoft delays or procrastinates
Links 30/01/2026: Microsoft's "OpenAI Is Headed For Bankruptcy" and Bitcoin Crashes: Links for the day
Why Would Anybody be Afraid of Talking to Richard Stallman?: We need to get rid of the baseless stigma
Amutable is a Microsoft Proxy Like Xamarin, With Some IBM/Red Hat Staff Added for Good Measure: Amutable chasing money and trying to impose TPM etc. on everybody
The Letter Sent to the Ringleader of the Alicante Mafia This Week: Call for industrial actions to stop the salary erosion of EPO staff
EPO on Strike: organisation operating outside the Rule of Law
Oracle's Debt Exploded by 22 Billion Dollars in 6 Months, the Ponzi Scheme With Scam Altman Was Classic 'Pump and Dump': The founder of Oracle now uses his wealth for right-wing ideological reasons, nothing else
Facebook ('Meta') is Dead Meat, This GAFAM Company's Debt Exploded by Almost 33 Billion Dollars in Just 3 Months (11 Billion Per Month): we can expect many sales/contracts to get canceled
Australia's top nurse takes on Musk, Zuckerberg & rogue health influencers, birthkeepers: Reprinted with permission from Daniel Pocock
Affirming What We Already Know: Solicitors Regulation Authority (SRA) is Profoundly Incompetent: "SRA ordered to pay solicitor £50k in costs after failed prosecution"
The "Alicante Mafia" - Part XVI - The Associates of Mr. Cocainegate Don't Want to Talk About Cocainegate (Right of Reply): Nobody wanted to talk about cocaine at the EPO
The "Open Source" (Corporate Openwashing) Fake Community Rejects Democracy, Open Source Initiative is in Effect Dead: This is basically the end of the OSI
Cracks and Holes in Microsoft's Slop Bubble (Also, Windows is Declining): "More Bad News For Xbox As Microsoft Blames Gaming For An Annual Decline In Its PC Business"
Microsoft's Debt Exploded by More Than 20 Billion Dollars This Past Year, Says Microsoft: Expect more mass layoffs
Strike at the EPO Today: Next month we'll start a new EPO series
State of the Slop and The Register MS Runs Ads as 'Articles': Yesterday we could not find much slop about "Linux"
Gemini Links 30/01/2026: Announcing Crossyword and SYN Attack: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, January 29, 2026: IRC logs for Thursday, January 29, 2026
Gemini Links 29/01/2026: Naps, Letting Go, and Terribly Cold Weather: Links for the day
Links 29/01/2026: Kennedy Center Officials Resigning and Amazon to Cut 16,000 Jobs: Links for the day
Goodbyes to Red Hat and IBM: PIPs let them do the same with less "wasted" on severance or with obscene narrative-shaping
RMS Was Right 35 Years Ago: Stallman’s viewpoints have remained the same
The Need to Understand the Projection Tactics Against RMS: There's an old and common saying (or "wisdom") about who's guilty when there's a fart in elevators (lifts)
Links 29/01/2026: Neocities Is Blocked by Microsoft, “Intellectual Freedom Centers” as the New "Intelligent Design": Links for the day
Microsoft XBox Dying Not Only as a Console, Reveals Microsoft: Microsoft is trying to rebrand or repurpose the brand
Don't be Mistaken, Microsoft Boasts About Money That Does Not Exist and Revenue (Buying From Oneself!) Is Not Income: the company's debt grew
Fedora is IBM and There's Hardly Any Community Left: It's more like an onboarding mechanism for unpaid labour at (and for) IBM
IBM's Financial Performance in IBM's Own Words: Money Down, Debt Up Sharply: IBM isn't a healthy company
In Dominica, GNU/Linux Has Risen to All-Time High in 2026: a lot of America is moving to Free software this year
The "Alicante Mafia" - Part XV - EPO is on Strike Tomorrow, Lots to be Angry About (Except Money): We'll soon finish the series
Gemini Links 29/01/2026: "Lady Audley's Secret" and "The Value Of Our Fear" (Carney's Speech): Links for the day
Emmanuel Macron on Europe's GAFAM Addiction/Dependence: "There is No Such Thing as Happy Vassalage": Microsoft has long worked to prevent commodification
It's Official, Mass Layoffs at IBM Again (2026): In a matter of days we'll just see how much IBM's debt has grown
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 28, 2026: IRC logs for Wednesday, January 28, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts