Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

Of Course GNU/Linux Has Reached All-Time High in Africa in 2026: Africa will, on average, gravitate towards Free software or whatever costs less
IBM Buys, Then Disposes/Sacks, the Staff (That It Paid For): Any money gained is spent buying some more companies to add/join up their revenue, even if the debt surges and there's little integration going on (misfits absorbed)
Time for Microsoft to Rebrand to Fit the Vapourware (Ponzi Scheme): something between Meta and Alphabet
The Real GNU Anniversary (Not Manifesto or Announcement) is Today: the development, not the manifesto
GNU/Linux Usage Said to Have Doubled in Oceania: it's hard to discount or dismiss Oceania as a bunch of "coconut islands"
No, Writing Isn't in Decline, Some of the Large and Centralised Platforms Are: Slop isn't really competition, just a passing fad and pure noise
The Reputation Issue Is Not Our Fault: Trying to squash words (and people) merely diverts more attention to them
To The Register MS, ARM Means Microsoft Windows (Follow the Money): the Free software community can campaign and run sites (like the one below), but it cannot afford to bribe so-called 'news' sites like Microsoft and its OEMs do
IBM's CEO Makes No Sense: "IBM CEO Aravind Krishna on what’s really driving tech layoffs"
Links 05/01/2026: Tensions in Korea, Ukrainians See "Double Standard" in a US Russia-Style Invasion: Links for the day
Gemini Links 05/01/2026: Farewell to CBS Reality, Being On-Call, Digital Ad Spendings: Links for the day
Remember That Nobel Prizes Are All Named After the Inventor of Explosives (Even a "Nobel Prize for Peace"): These rewards are only as valuable as the reputation they earn for themselves
Baidu and Yandex Have Overtaken Microsoft in Asia: how about all the Bing layoffs?
Googlebombing for Bill Epsteingate: Maybe the slopfarms too can help him cover up
From GNU/Linux Boosting to Slop-Boosting Career: It is sad to see someone who devoted many years of his life producing GNU/Linux stories stooping down to this "AI" boot-licking
Links 05/01/2026: Slop Ruining Children's Minds, "Complicity of the Press in US Violence": Links for the day
Microsoft's Windows Falls Below 20% in the UK: After a lot of years of advocacy and hard work
There's No Such Thing as "AI Godfather", Stop Repeating This Pure Nonsense!: Infantile or corruptible media that plays along with slop or uses slop will perish
Gemini Links 05/01/2026: "Poverty and Hunger", "Entrepreneurial Family", "Abandoning Obsidian for Logseq": Links for the day
Links 05/01/2026: A Shrinking Canadian Economy, Brigitte Bardot's Environmentalism Recalled, Unredacted Epstein Files: Links for the day
Microsoft Allegedly Uses Performance Improvement Plans (PIPs) to Hide the Massive Scale of Company-Wide Layoffs: Just like IBM; they meanwhile talk a bunch of nonsense about "AI" to distract from their commercial calamity
Battles Are Won in the Court of Public Opinion: Many "systems" rely on the mere perception or appearance of legitimacy
GNU/Linux Share in Mongolia More Than Doubles: they probably lack any genuine excitement for "hey hi PCs"
Whistleblowing is About Understanding Boundaries and Risks: The bottom line is, people typically find out the truth at the end
EPO People Power - Part XXV - While EPO Managers Snort Cocaine the Staff Compiles 'Insurance Files' to Expose EPO Corruption: In this increasingly authoritarian world we need more whistleblowers
"The European Patent Reform" That Represents a Gross Violation of Laws, Constitutions, and Conventions (in Order to Make the Rich Even Richer, Mostly Outside Europe): How far and how long will EPO corruption go?
GNU/Linux Distribution "Ultimate Edition" Fixes Its Web Site (Apparently Compromised Months Ago): they dealt with the issue before media shame and a catastrophe of trust
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, January 04, 2026: IRC logs for Sunday, January 04, 2026
Gemini Links 04/01/2026: 64-bit Addressing and 39th Chaos Communication Congress: Links for the day
Windows Was Always the Punchline: What did we count to calculate taxes?
GNU/Linux Surges to About 4% in Peru This Year: one of the poorest counties in America
This Year Our Adoption of IRC Turns 18: We have used IRC for this site since 2008
The Doors Are Closing, Windows Closing Too: Microsoft wants more vendor lock-in, but at risk that this desire will simply alienate and drive away many users
The FSF's Program Manager, Dr. Miriam Sabrina Bastian, Left in October to Lead Climate School: We are not sure why Miriam Bastian decided to leave the Free Software Foundation (FSF)
Outline of Slop, LLMs, IBM, and Things to Come: This coming week and weekend will be very productive irrespective of how much "news" gets published by other sites
Links 04/01/2026: War Without Borders, "Large Hadron Collider Being Shut Down": Links for the day
Links 04/01/2026: US Imperialism in Greenland and Venezuela, "Climate Protesters Face Greater Risk of Crackdown Amid Rising Authoritarianism": Links for the day
2026 Should be the Year We All Stop Saying "AI" and Call Things What They Really Are: Don't give anyone the satisfaction of this misguided belief there's any intelligence there
Ponzi Schemes Are Useful (to Corrupt CEOs): Pathetic, corruptible so-called 'media' is bagging bribes to perpetuate the lies about "AI" (slop)
GNU/Linux at All-Time High in Algeria: In 2026 it hit a new all-time high
Online Mobbing (and Worse) Disguised as 'Free Speech': People who say they believe in "free speech" have been trying hard to silence RMS and squash the FSF
A 'Cancer That Attaches Itself' to Bulgaria?: "Cancer" is what Microsoft called GNU/Linux
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, January 03, 2026: IRC logs for Saturday, January 03, 2026
Body-Shaming Using Fakes: a lot of the people who casually claim "defamation" are themselves defaming loads of people every day
GNU/Linux "Market Share" in Switzerland More Than Doubled Last Year, Based on statCounter: GNU/Linux continues its considerable growth
EPO People Power - Part XXIV - Today or Tomorrow You Should Write to National Representatives (Delegates) at the EPO in Your Country: Keep up the pressure!
Red Hat and IBM Layoffs, Staff Kept Quiet About it, WARN Act Skirted/WARN Notices Avoided: What a terrible company to be in
XBox Layoffs Imminent, More Appalling Sales Figures Published: Expect many layoffs in the gaming division
Slop Still Rare: So far a good start for 2026
Gemini Links 03/01/2026: Climbing, Waking Up, and Social Control Media Woes: Links for the day
Links 03/01/2026: Growing Censorship, Another US Invasion, and Will Smith 'Cancelled': Links for the day
Links 03/01/2026: Twitter Turns From Disinformation Powerhouse to Production and Dissemination of Child Pr0n, "New China Cybersecurity Law Becomes A Reality In 2026": Links for the day
Gemini Links 03/01/2026: Formatting Text for Gopher and Text-only Websites: Links for the day
Unverified Claim: Mass Layoffs at Microsoft to Start Around Week 3 (or 4) of This Month: Let's wait and see if the claim above is from an insider who has inside knowledge
Firefox Fell Below 1% in Asia: less than 1 in 100 Web users is detected/assumed to be using Firefox
Links 03/01/2026: Ryanair Fines and Facebook Misleads Regulators: Links for the day
New Record High for GNU/Linux in Benelux in 2026: If the above trends stand (throughout the year), then we can begin talking more seriously about a post-GAFAM Europe
In the Search Engine Market, Microsoft is Falling Behind Russia's Yandex: The so-called 'AI industry' is a boy that cries wolf
A Year of Relaxation, But Also of Hardcore Whistleblowing: Expect industrial action some time soon
The More Influential Richard Stallman (RMS) Becomes, the More Aggressive Attacks on Him (and the FSF) Will Get: We've meanwhile noticed disinformation being spread in social control media
GNU/Linux Reaches All-Time High of 5% in Indonesia (Not Counting Chromebooks and Android): There are also related events in Indonesia and SUSE in particular seems to have been popularised there
EPO People Power - Part XXIII - António Campinos Knows He's Extremely Vulnerable at This Time: Campinos should never have been put in charge
Gemini Links 03/01/2026: New Organisation System (Notebooks) and "2026 Already Off to an Amazing Start": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, January 02, 2026: IRC logs for Friday, January 02, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts