Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

SLAPP Censorship - Part 58 Out of 200: 5RB and Brett Wilson LLP Helped Garrett and Graveley Make Equivalent of GAFAM NDAs Superficially 'Enforceable' in the UK, Using Threats: laziness results in many hours and high lawyers' fees
"A single witness shall not rise up against a person regarding any wrongdoing or any sin that he commits; on the testimony of two or three witnesses a matter shall be confirmed." (Deuteronomy 19-21): The spouse of Garrett repeatedly points out that Garrett can barely code or can only do so very poorly
Rust People Sabotage Stability for the Sake of a Falsely-Promised 'Security': Set aside severe performance issues, poor handling of "edge cases", general bugs, lack of compatibility, and even crashes
Huge Strike at the European Patent Office (EPO) This Coming Friday (May 1st): International Worker’s day
Journalistic Malpractice: Helping Microsoft Paint 'Voluntary' Layoffs (Before PIPs) as "Buyouts": What does this tell us about today's media?
The Man IBMers Regard or Already See as Likely Successor of Krishna (or Next CEO of IBM) is a Slop Fanatic: How dangerously misguided
The Corrupt Lecture the Non-Corrupt - Part VI - Management of the European Patent Office (EPO) Covered Up Cocaine Use, Even Colleagues Not Informed: the self-described "fu--ing president"
Who Controls Fedora? IBM and GAFAM.: Don't for a moment believe that IBM understands GNU/Linux. We are quite certain nobody in IBM's Board of Directors uses it.
State of Slop About GNU/Linux: As the incentive to publish is reduced (competing with slop is no fun), the effort/money invested in stories goes down
Links 26/04/2026: Korean Inflation, GLP-1 Drugs Linked to Cognitive Impairment, Lithuania's Public Broadcaster LRT Besieged: Links for the day
Hopefully Smooth Sailing in OS Upgrade: There are some contingencies at hand
Links 25/04/2026: "Horrible Economics of AI Are Starting to Come Crashing Down", More Restrictions Placed on Social Control Media: Links for the day
Getting Aggressive Suggestive of Loss - Part IV - Shutting Down My Existence: Would anyone out there tolerate such messages sent from burner accounts?
Gemini Links 26/04/2026: Gemini Movie Database (or GeminiMDB) and Star Trek III: Links for the day
Weeks Before Linux Removed Over 100,000 Lines of Code Due to Slop 'Bug Reports' Microsoft Paid 'Linux' Foundation to Advance Slop in the Name of 'Security': What can possible go wrong? Both for security and for stability.
Tracking Ages of People: To stay "safe" tell us your age
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 25, 2026: IRC logs for Saturday, April 25, 2026
SLAPP Censorship - Part 57 Out of 200: 5RB and Brett Wilson LLP Made the Garrett and Graveley Particulars of Claims a Lot Like Photocopies!: They seem very much irritated that I speak about this
Links 25/04/2026: Nokia Wins Embargo in Kangaroo Court Where Judges Are Salaried Nokia Staff (UPC), Allison Pearson Defamation Case (UK) Succeeds, Smokey Robinson and "Puff Daddy" (US) Fail: Links for the day
Gemini Links 25/04/2026: Weekly Echoes, Gemtext Tables, and Using Offpunk: Links for the day
Corporate Media Did Not Specify What Microsoft Means by "Buyouts" (Layoffs), It May Be Hardly Different From Severance: Time will tell, but investigative journalism hardly exists anymore, so we won't hold our breath
The Corrupt Lecture the Non-Corrupt - Part V - "Diversity" and "Inclusion" at EPO Means Sleeping With Sister of "Cocaine Communication Manager" and Making Them Millionaires: Remember that top applicants or key stakeholders of the EPO are already complaining about a lack of quality
Links 25/04/2026: Fake GAFAM Valuations (Gripping the Market Based on False Accounting), "Evidence Isn't Just for Research", and "Putin Defends Mobile Internet Outages": Links for the day
Dr. Andy Farnell on Why Calling Slop or Chaff "Hey Hi" (AI) Harm Us All, Except for "Ten or Twenty Rich Industrialists": "words to avoid"
Internet Trolls Likely Trying to Distract From the Demise of IBM, Problems With Red Hat: there seems to be trolling online aimed at suppressing discussion
Debian Upgrade Coming Up (Soon): Yesterday we contacted the datacentre staff about it
Getting Aggressive Suggestive of Loss - Part III - Threats From Burner Accounts Formally Treated as a Crime: Countries that cannot preserve freedom from self-censorship are countries where free press ultimately cannot prevail
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, April 24, 2026: IRC logs for Friday, April 24, 2026
Gemini Links 25/04/2026: 3.4k+ Capsules, Microsoft Layoffs, Call for Nuclear Disarmament, "Internet is Sad and Lonely": Links for the day
Links 24/04/2026: Zelenskyy Says Ukraine's War Position "Most Stable", Samsung Workers on Strike Due to Pay: Links for the day
Recent Happenings at IBM Reaffirm Rumours About the CEO; He Might be Resigning (or Pushed Out) Soon: If the rumours are true (no, we did not check those tax records for ourselves), it's not unthinkable that IBM is already doing what Apple did months ago
Gemini Links 24/04/2026: Public Reticulum Gateway Node, Smol Computers, and Old E-mail: Links for the day
Links 24/04/2026: Intel Abandoning Computer Freedom (Even Further), Iran Reports That American Software and Hardware Remotely Sabotaged/Hijacked During War: Links for the day
24/7 Wall St. Editor-In-Chief and CEO Calls IBM Is "America’s Worst Big Tech Company", Talent is Leaving, Supposedly Strategic Units Culled: 21 hours ago by Douglas A. McIntyre
The Great Wonders of Slop "Efficiency": Thankfully nothing was lost in the transmission and lots of work (datacentre emissions) got "done"
IBM's Debt Increased Over $5 Billion in 3 Months While IBM Laid Off Many in Europe, US, Confluent, HashiCorp, and Red Hat: An increase of $5,000,000,000+ in debt in just 3 months!
IBMers Expect Another Giant Wave of Layoffs, Talk (and Sing) About the PIPs: The media won't be covering the key facts
Drama at the European Patent Office (EPO) This Week: We'll be covering the EPO quite a lot this weekend and next week
As We Predicted, Francophonie Countries in the EU and Outside the EU Dumping Microsoft for National Security Reasons: We expected Belgium or some other Francophonie place to do so next
Even to Microsoft Insiders It Seems Like XBox Has Already Died or Surrendered to the Japanese Companies: Now the Microsoft layoffs are evident for people to see
EPO Cocainegate Escalates - Part VI - The Strikes Go On and On (Major Strike Today): We'll be covering this later today in relation to what the Office dubs "ethics"
Absolutely Terrible Journalism About Microsoft Layoffs This Week: 7 hours ago by Leila Sheridan
SLAPP Censorship - Part 56 Out of 200: 5RB and Brett Wilson LLP's Copy-Paste Machination for Garrett and Graveley: Here is another straightforward example of their junior barrister overusing copy-paste on his Mac
Getting Aggressive Suggestive of Loss - Part II - Lawyers Are Not "Hired Guns" (and Should Never Act Like Ones): The matter is being investigated
Nadella is Killing Microsoft. Slop Kills It Even Faster.: A decade from now we'll look back at slop like we look back at skateboards
Huge Microsoft Layoffs Coming Shortly (With Financial Report): There will be lots of slop layoffs. Be ready. It's a bubble.
Gemini Links 24/04/2026: Data Breaches and Unofficial Gemini Protocol Specification Archive: Links for the day
Microsoft Offers About 10,000 of Its Senior American (Read: Expensive) Workers to be Laid Off: How many slopfarms and media parrots play along?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, April 23, 2026: IRC logs for Thursday, April 23, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts