Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

More IBM Layoffs in India: If IBM cannot afford to retain workers in India, then something is truly "out of control" at IBM
Dr. Richard Stallman Has Done No Harm to the GNU Project or the FSF (He Had Benefited Both, Always, Even After the Attacks on Him Began): Some people try to prevent Dr. Stallman from speaking or having a platform where many people can hear him
Microsoft Isn't Denying the Mass Layoffs: Still silence from Microsoft
In Western Africa GNU/Linux Flirts With 5% Market Share: there's a gradual increase in GNU/Linux usage there
Gemini Links 09/01/2026: Pro1 X Repair and the Mercury Protocol: Links for the day
No, Microsoft Did Not Deny the Q1 Mass Layoffs (Microsoft Can Delay These): Maybe they disperse or delay the layoffs (changing plans), but the layoffs are going to happen
EPO People Power - Part XXIX - Getting DER SPIEGEL, FAZ, Deutschlandfunk and Sueddeutsche Zeitung (SZ) to Cover EPO Scandals: We kindly ask our readers to contact their local media and urge it to cover the scandals
GNU/Linux May be Approaching 10% "Market Share" in Montenegro: The surge started around 2021
At IBM, "Employee Reviews" (or Appraisals in the UK) Are a "Trojan Horse" for RAs (Mass Layoffs), a Waste of Time: comments from IBMer serve to suggest that appraisals can be precursors
'Vice Coding' is Not "AI", It's a Sewer, It is Junk: Linus Torvalds was wrong. 'Vibe coding' isn't good for anything.
Links 09/01/2026: Technical Blogging Lessons Learned and Google's Gmail Getting a Lot Worse: Links for the day
Escaping GAFAM Colonialism Requires Homegrown Free Software: GNU/Linux now measured at 3% in Zambia
GNU/Linux at 4% in Saudi Arabia, Says statCounter: Some years ago Windows fell to a "market share" of just 11% there
Links 09/01/2026: Cambodia and China Extradition, "NATO’s High-risk Patrols Near Ukraine": Links for the day
Only One Person in Charge of Fedora is Not IBM Staff: This is not a community project, it's just a way for IBM to onboard unpaid volunteers
This Is Not a Drill, GNU/Linux is Really Going 'Mainstream' on Laptops (and Desktops): It is important to explain to people software freedom
IBM Albany Layoffs: not only did many in the site lose their job; there's more to come "and likely another one in February" (weeks from now)
EPO Workers' Industrial Action to Include Many Strikes, to Last Several Months: In some ways, The Hague and Bavaria are becoming almost indistinguishable from Moscow
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, January 08, 2026: IRC logs for Thursday, January 08, 2026
Gemini Links 08/01/2026: "New Year, Old Plans" and Alex's "Butlerian Jihad": Links for the day
LLM Slop About "Linux" Scarce and of Very Low Quality: At this rate, we reckon there may be one (or zero) per day by year's end
IBM's "Forever Layoffs" (to Bypass Warnings or Notices as Required by WARN Act): There is a bunch of speculations about when the next "major round" of RAs will be
Attempts to Undermine This Site's Latest Series Using Intimidation, Threats, and Presumptuous Accusations: threatening language is less effective when everyone is an alibi
Links 08/01/2026: "Golden Smartphone" Scam and Riseup Account Issues: Links for the day
Links 08/01/2026: Possible "Collapse of NATO Over Greenland"; Journalistic Malpractice and "US Voters Hate Slop": Links for the day
EPO People Power - Part XXVIII - A Sensitive Issue for Germany and The Netherlands: If Germans who read this series can communicate this to public officials or to their media, maybe they can strike a nerve and get the ball rolling
Age Discrimination at IBM Discussed Amid Mass Layoffs (Especially in the United States): Workers are anxious. Are they next to face the axe?
Gemini Links 08/01/2026: Potentiometer Calculator, Power Outages, Why You Should Abandon Discord for IRC (e.g. Ergo), and Formatting Gopher Posts: Links for the day
Links 08/01/2026: More Software Patents Squashed, White House Repeats Misinformation From the Kremlin: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 07, 2026: IRC logs for Wednesday, January 07, 2026
The Free Software Foundation (FSF) Looking to Add Associate Members: "Celebrate '26 by helping us reach our New Year's goal before Jan. 16: join as an associate member today. You will help the FSF remain strong and independent to empower technology users everywhere. Join us today and help us reach our goal of 100 new associate members!"
Only Google is Still Spreading Lots of Slopfarms' Fake News and Plagiarism About Linux: 2 days' worth of Google News spewing crap out about "Linux"
Georgia Institute of Technology (Georgia Tech) Formally Announces Upcoming Richard Stallman Talk: Room 100, Scheller College of Business
Links 07/01/2026: Europe's 'Binding Commitments' on Ukraine's Security, "Venezuelan Leaders Project Independence": Links for the day
Gemini Links 07/01/2026: Smart Toaster and Social Control Media Fatigue: Links for the day
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals): Narcissists and sociopaths are like that
Even Microsofters Now Speak About Microsoft Reportedly Planning to Sack 10% of Its Staff (as Early as This Month, or 2 Weeks From Now) as Real Income Falls: Microsoft buying from Microsoft isn't real income, it is accounting fraud
The four freedoms and GNU/Linux naming controversy, by Akira Urushibata: Social control media owned and run by 'broligarchs' keeps attacking RMS for insisting on names that include GNU
Crans-Montana, Le Constellation: journalists, victims' families, ProtonMail users at risk, police raids: Reprinted with permission from Daniel Pocock
GNU/Linux Reaches All-Time High in Tanzania: This month (and year) GNU/Linux is measured at an all-time high there, based on the data that statCounter can see
Open Source Initiative (OSI) Not Doing Its Job, Instead It's Promoting Microsoft Ponzi Schemes: it participates in Microsoft's Ponzi scheme, which helps Microsoft distract from or excuse the mass layoffs
Links 07/01/2026: Microsoft ChatGPT Killing People and Microsoft "Github monopoly is destroying the open source ecosystem": Links for the day
The Register MS: Installing Free Software on Your Device is 'Sideloading': This is a form of propaganda
Mass Layoffs in Microsoft's XBox Soon, Just Like We've Said for Months: IBM and Microsoft are heading in a similar trajectory and are hiding how bad things are using similar tactics
Mozilla's Assisted Suicide, Assisted by GNOME: Firefox is meant to get better all the time, but instead it gets worse
Now It's a Mainstream Media (MSM) Story: Microsoft Layoffs Coming, They'll be Vast (and They Blame "AI", As Usual!): the books were cooked (accounting fraud) to hide what really went on
Frankly Getting Sick of Slop About "AI" (Slop): Calling everything out there "AI" serves nobody and nothing but the Ponzi scheme
Stick to the Science, the Facts, the Observable Reality: Science is at the heart of this site
Africa's Search Market Has Been Unfavourable to Microsoft: In Africa, as we've just noticed, Bing is moving down, even more sharply this year
Slideshare is Slop: Be sure fools will rewrite history online
Gemini Links 07/01/2026: Looking at 2026, Linux Anti-Minimalism, Diode Function Generators, and Inkscape: Links for the day
Projection Tactics - Part I: What is "Serious Harm"? Or Whose?: the most serious harm was done to us
Links 07/01/2026: More Signs XBox the Console is Dead/Dying, Convicted Felon Repeats Threats of Greenland Annexation: Links for the day
EPO People Power - Part XXVII - Science- and Principles-First Journalism About Issues That Matter: journalism became so shallow that nowadays it can be replaced by bots
Media Gaslighting Dooms the Media: this "AI" gaslighting is done because publishers get paid to do so
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 06, 2026: IRC logs for Tuesday, January 06, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts