Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

IBM Cannot Even Do Payroll, Now a "Legitimate Target" of Iran
Missiles or not, it seems like IBM systems will be targeted more by cybercriminals
Microsofters' SLAPP Censorship - Part 10 Out of 200: Showing Public Tweets is Not a Privacy Violation, But This Isn't About Justice, It's About Censorship
It's time to put a stop to this abuse of process (which is what the Judge deemed it to be last year)
 
Priorities in 2026
2026 is an interesting year
Willis Towers Watson (WTW) Producing More Propaganda for EPO "Cocaine Communication Managers"
The Local Staff Committee The Hague (LSCTH) has this new paper about Willis Towers Watson (WTW) and its annual EPO-sponsored propaganda, pretending all is well when things are clearly dire
Head of Microsoft Office and Microsoft 360 is Leaving Microsoft Amid Problems and Mass Layoffs
Microsoft is like a "legacy" company
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 12, 2026
IRC logs for Thursday, March 12, 2026
Gemini Links 13/03/2026: "Someone to Take Over Antenna" and Random Seed/RNG
Links for the day
By Expanding to Advocacy of Ponzi Schemes and Bill Epsteingate (Sex Trafficking), Linux Foundation Revenue Grew to $220,730,594, But Salary of Linus Torvalds Not Even in Top 10 Anymore!
true!
In the Name of Transparency, Today We Show Our Defence and Counterclaim
already uploaded by the other side
Links 12/03/2026: Heating Bills to Soar, "Banks in Gulf Evacuate Their Offices"
Links for the day
Gemini Links 12/03/2026: On Phone Anxiety and Bjorn "Looking for Someone to Take Over Antenna"
Links for the day
Cultification: best candidates avoiding Debian leader elections
Reprinted with permission from Daniel Pocock
Richard Stallman (RMS) et al Cited in 'Nature' (Journal/Site) Today, "CODE beyond FAIR"
Under Open Access
The Register MS, on Verge of Collapse, Keeps Promoting a Ponzi Scheme for China
Publishers that participate in this simply don't care about their readers
Overview of False Narratives and Lies Used to Lower Salaries at the European Patent Office (EPO), Abandoning Patent Quality and the EPC
Many of the latter slides are the same as Munich's
Links 12/03/2026: Atlassian Layoffs, GAFAN Covering up Slop-Induced Outages, "Age-verification in Operating Systems and the Internet"
Links for the day
The EPO's President, Who Covers Up Cocaine Use, is Trying to Suppress Communication Between EPO Staff Under the Guise of 'Privacy' (and in Defiance of a Court Ruling)
Why does Europe's second-largest institution: 1) curtail communication among staff (including union) and 2) go out of its way to avoid obeying a court order from ILOAT in Geneva?
Exactly One Week Before Next EPO Strike, Media Intentionally Not Mentioning EPO Strikes
One form of propaganda technique/s involves the systematic suppression of certain topics, or of particular "narratives"
Suicide of disgruntled employee? Bus fire at Kerzers / Chiètres, Switzerland, at least six dead
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 11, 2026
IRC logs for Wednesday, March 11, 2026
Gemini Links 12/03/2026: "on Urbit" and the True Cost (or Criticism) of "Social Control Media"
Links for the day
Slop About "linux" in Google News
Once people recognise that those sites are fake it's hard to 'unsee' what they are
An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part V - Attempts to Take Down and Suppress Criticism of Back Doors Controlled by Microsoft and the American Government
The cost of maintaining illusions
IBM's Payroll: Cannot Even Pay the People What They're Legally Entitled to
How financially-stressed is IBM at this point?
Slides From the European Patent Office (EPO) Explain Why They're Striking, How They're Striking, and What Comes Next
A week from now the strike will go ahead
GAFAM Datacentres Are Facilities of War, So Risk of Downtime by Missiles or State-Sponsored Cracking Has Vastly Increased
How safe is your business in "clown computing" or DCs marked as some "legitimate targets" at wartime?
Companies That Take Away Blood and Sweat From the Community to Sell a Ponzi Scheme to Everybody
We need Free software that is run by communities
1,234 People Gather Online to Plan Next EPO Strikes and Other Industrial Actions
yesterday an online gathering orchestrated the next moves by EPO staff
Links 11/03/2026: Fake Videos Swarm YouTube, "Ukraine Can Now Manufacture ‘China-Free’ Drones"
Links for the day
Gemini Links 11/03/2026: Lagrange for iOS and Android and "Turning a Folder of Git Repos Into Project Launcher"
Links for the day
Kafkaesque: Unlawful Activities in the UK to Cover Up Unlawful Activities in the United States of America
Why is bribery and even extortion seen is OK? Because rich people do those things?
Former IBM Executive, Ron Hovsepian, Doomed S.u.S.E. (SUSE)
SUSE is like a child nobody wants to raise
Quiet Layoffs or Silent Layoffs Alleged at Microsoft
Will some investigative journalists do their job now and ask Microsoft tough questions?
After a Long Lull LinuxTeck (linuxteck.com) Came Back Only as a Slopfarm
Unlike Linuxiac, LinuxTeck wasn't very active in recent years
Links 11/03/2026: EPO and USPTO Software Patents Thrown Out Again, Copyright Concerns Over Slop (Plagiarism Using Buzzwords)
Links for the day
Microsofters' SLAPP Censorship - Part 9 Out of 200: 5RB Barrister Does Not Even Know the Name of His Own Client (That He Was Paid Well Over $200,000 to 'Speak' or 'Cover' for)
If you assault women in the United States, there's a barrister available for you in the UK
IBM's Fedora is Now Led by GAFAM Slop
The official word of Fedora is partly slop
IBM 'Dinobabies' Speak Out
"They want newbies out of school at a much cheaper rate"
Links 11/03/2026: "Drill, Baby, Drill" and Social Control Media Recognised as Threat to Democracy
Links for the day
5 Years Since Freenode Conflict
IRC isn't going away
A Week Ahead of Next EPO Strike the Staff Representatives Show the Administrative Council That the Office Lost the Best Staff, It's No Longer Attractive
the message circulated regarding the open letter to the Administrative Council
Jeff Bezos as an Individual Said to Have Enough Capital to Buy IBM
Assuming a market capitalisation of 234.70 billion
Starting Soon: Another New Series About Richard Stallman
There are some inside stories we can tell
Gemini Links 11/03/2026: School, Code Slop, and "Fancy Weapons"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 10, 2026
IRC logs for Tuesday, March 10, 2026