Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

Hard to Find a Job After Working for Microsoft (Back Doors Giant, Bribery Hub): It generally looks like people who chose to serve Microsoft's agenda don't end up too well
Altering Perceived Reality to Make It Seem Like Microsoft is Thriving, Not Failing: pretend XBox did not die
Confluent Insiders: IBM Laid Off Over 800 at Confluent, Not Just 800: For the record, the layoffs at Confluent won't be over. After the bluewashing there will be "IBM RAs" impacting Confluent folks, aside from PIPs
Where and How to Spot LLM Slop: Many people correctly perceive LLMs as a site's downfall, a step towards the abyss
Links 25/03/2026: Nations Return to Russian Oil and Burning Wood: Links for the day
The World Wide Bots: The shape of the Web is so bad that bots exceed humans in some places
Links 26/03/2026: Solicitors Regulation Authority (SRA) Closes 101 Law Firms in 2 Years, "Please Compensate the Work You Appreciate": Links for the day
Regaining Software Freedom Means Regaining Control Over Programs That Run on Our Devices: Richard Stallman will speak in Italy
Microsoft Secure Boot Removes Users' Choice: Has Greenland banned Microsoft and 'secure' boot yet?
IBM Pushes Workers Out, It Does Not Count Them as "Layoffs": The number of IBM layoffs can be as large as tens of thousands per year
Microsoft Lost 31% Of Its Alleged "Value" in Five Months, Then It Got Downgraded: In 2026 Microsoft focuses on keeping the layoffs silent
SLAPP Censorship - Part 24 Out of 200: The Failed Effort by Brett Wilson LLP to Strike Out My Lawsuit and My Wife's Lawsuit Against Garrett (the Master Allowed Our Lawsuits to Proceed): This is lawfare
Official New Figures Show That Solicitors Regulation Authority (SRA) Sees Rise in Dishonesty Among Law Firms Forcibly Shut Down ('Euthanised' Due to Misconduct): It's rather if in our little country as many as 16 law firms were found to be so dishonest that they needed to be shut down
Back to Normalcy: In our datacentre at least
IBM is "Increasing Its Temporary and Part-time Headcount" While Net Headcount Falls (Despite Buying Many Companies and Their Workforce): Headcount is a rather superficial yardstick.
EPO Union Decides to Continue Industrial Actions, Next Strike in Four Days: The latest strike had the highest participation rate
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 25, 2026: IRC logs for Wednesday, March 25, 2026
Microsoft's "Silent Layoffs" in Slop Clothing: "AI-powered transformation" is just a euphemism for mass layoffs
Public Talk by Richard Stallman in Half a Day "at the Engineering and Architecture Campus of Cesena of the University of Bologna": He'll probably attract a fairly large crowd
Gemini Links 26/03/2026: Buying a House, Stargazing, OFFLFIRSOCH 2026: Links for the day
Gemini Links 25/03/2026: Resisting Authoritarianism and Why Slop Needs to Go Away: Links for the day
Fedora Maintainer-ship Using Slop (Mistakes) Would Make Fedora Less Reliable: It won't produce reliable code or stable systems one can rely upon
IBM's "Legacy Employees" (Experienced Workers, IBM Management Dubs Them 'Dinobabies'): This notion of "legacy employees" seems like something overlapping with "expensive" (well paid) staff, even if not entirely equivalent
EPO's "Current Industrial Actions Are Likely to Intensify Further.": There is another strike in 5 days
This Morning The Register MS Published Slop Promotion With the Term "AI" 15 Times In It. The Register MS Was (As Usual) Paid to Do This: This is not a serious publisher
SLAPP Censorship - Part 23 Out of 200: We Were Right All Along (for 2 Years) About Third Party Funding and Willingness to 'Break the Bank' in Pursuit of "Revenge": How much damage can a person do to oneself in pursuit of cover-up of legitimate technical concerns?
Gnome Foundation Inc is in Trouble: the agenda is set GAFAM and IBM rather than donors
Links 25/03/2026: Airports Further Militarised, "Slopification and Its Discontents", Microsoft 'Open' 'Hey Hi' Shutting Things Down: Links for the day
Gemini Links 25/03/2026: Blogging Fright and Absolutely Useless 'Apps' Made by Slop Machines: Links for the day
Rise in Energy Prices Will Significantly Accelerate the Death of So-called "AI Companies": It should be noted that fake news about Microsoft OpenAI doubling workforce (mere words, not actions) can serve as a nice distraction from the death of Sora due to divestment
It's Always a Question of Trust: There's a widespread stigma of lawyers being manipulative and chronically dishonest
Solicitors Regulation Authority (SRA) Must More Carefully Investigate or Assess the Financial State of Law Firms in the UK: We'll cover this in depth in the future
GAFAM Mozilla Removes Theora Support, Now GNU Needs to Re-encode Videos: Mozilla used to mean something to Free software advocates
An Open Admission Profits Depend on Addiction: Proprietary software tends to be like this
IBM Americas President Ayman Antoun Comes to OpenText, Weeks Ahead the Mass Layoffs Begin: Is that what IBM will be good at?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 24, 2026: IRC logs for Tuesday, March 24, 2026
SLAPP Censorship - Part 22 Out of 200: When You Complain People Impersonate You in IRC (But You Yourself Impersonate People in IRC and Lock Them Out of Their IRC Handles): We'll cover this with direct evidence some time soon
Gemini Links 24/03/2026: Junk Drawer Time Capsule and Building Outside Alire: Links for the day
Not Much LLM Slop About "Linux" Lately, It Only Ever Comes From the Same Few Sites: As long as only few such sites use LLM slop we can skip and avoid them
Links 24/03/2026: "Epic Lays Off Over 1000 Employees" and US in Financial Trouble According to the Fed: Links for the day
The "Media" Does Not Only 'Miss' Mass Layoffs: "The Treasury just declared the U.S. insolvent. The media missed it"
The Empty Suits of IBM Managers (NIH or "Nothing Invented Here"): IBM's management adopted the business model of parasites
2012: 'Secure' (Microsoft-Controlled) Boot Has Not (Yet) Been Made Obligatory. 2026: systemd Has Not Implemented Age Verification: should we stop calling "nazi" everyone we don't agree with?
More Threats (Including Physical Threats) Against Us Are a Dumb Move: It's like a "hit list" (targets list) and I shall keep the police duly informed
New Example of Pentagon in "Feminist" Clothing Inside Fake News of Publishers Paid to Promote Outsourcing to US ("Clown Computing") and American Slop: Google now pays money to promote Google as a friend of women
Hating Techrights is a Career: but is it good for civil society?
Dr. Stallman’s Work Will Never be Considered 'Mainstream' Because He Rejects and Works Against the So-called 'Mainstream': Try to be more like Stallman
The New Layoffs: 'Silent Layoffs', 'Secret Layoffs', 'Quiet Layoffs', 'Passive Layoffs' 'Stealth Layoffs', and Unannounced Layoffs Disguised as Return-to-Office (RTO Mandates): The US needs to revisit and fix the WARN Act
EPO "Cocaine Communication Manager" - Part IX - Cocaine Addicts in Charge of the EPO Attacking Families of EPO Staff: Things like being high-profile and being a serious drug addict aren't opposites
What Feminism in Science Means (Codes of Conduct Don't Tackle the Real Issues): Universality matters, more so in a project or community that's said to build the "universal operating system" (Debian)
SLAPP Censorship - Part 21 Out of 200: It's About Behaviour Online, Not How Much Money From Shadowy Third Parties Gets Spent on Lawyers and Two Barristers: 75+ KG of legal papers, 2 cases, 2 barristers (one hiding in the metadata) and maybe two law firms (also hiding in the metadata) against two modest people in Manchester seems disproportionate and vindicative
Links 24/03/2026: "Airports on ICE" and "Have You Paid Your “Intuit Tax”?": Links for the day
Gemini Links 24/03/2026: Slop Interview and Why Slop Makes Lousy Code: Links for the day
Richard Stallman to Give Public Talk This Thursday at the University of Bologna (Italy): Hardly the first time he speaks in Bologna
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, March 23, 2026: IRC logs for Monday, March 23, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts