Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

'Dark Patterns' or a Trap at the European Patent Office (EPO)
insincere if not malicious E-mail from the EPO's dictators
There's an Abundance of Articles About the New Release of Kali Linux, But This One is a Fake
It can add nothing except casual misinformation (fed back into the model to reinforce lies)
IBM's Leadership Ruining Lives of People Who Thought Working for IBM Would be OK
Nobody gets fire-lined for buying IBM?
The United States' Authorities Ought to Become Enforcers of the General Public License (GPL) for National Security's Sake
US federal agencies ought to pursue availability of code and GPL compliance (copyleft), not bans
The Problem of Microsoft Security Problems is Microsoft (the Solution is to Quit Microsoft) and "Salt Typhoon" Coverage Must Name CALEA Back Doors
Name the holes, not those who exploit them.
A "Year of Efficiency"
No, we don't mean layoffs
 
Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
Windows Update is obligatory, so...
The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
Microsoft's All-Time Lows in Macao and Hong Kong
Microsoft is having a hard time in China, not only for political reasons
[Meme] "It Was Like a Nuclear Winter"
This won't happen again, will it?
If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
Microsoft barely has a grip on this country. It used to.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 19, 2024
IRC logs for Thursday, December 19, 2024
Gemini Links 19/12/2024: Fast Year Passes and Advent of Code Ongoing
Links for the day
Twitter is Going to Fall Out of Top 100 Domains as Clownflare (DNS MitM) Sees It
evidence of Twitter's (X's) collapse
[Meme] Making Choices at the EPO
Decisions, decisions...
Large and Significant Error Correction in South America?
Windows now has less than half what Android achieved in terms of "market share"
Links 19/12/2024: Astronaut Record and Observer Absorbed
Links for the day
Links 19/12/2024: Seven Dirty Words and Isle Release v0.0.3 (Alpha)
Links for the day
Links 19/12/2024: Nurses Besieged by "Apps", More Harms of Social Control Media Illuminated
Links for the day
15 Countries Where Yandex is Already Seen to be Bigger Than Microsoft (in Search)
Georgia, Syrian Arab Republic, Cyprus, Moldova, Ukraine, Armenia, Azerbaijan, Kyrgyz Republic, Uzbekistan, Kazakhstan, Turkmenistan, Tajikistan, Belarus, Turkey, and Russia
Links 19/12/2024: Magnitude 7.3 Earthquake and Privacy Camp
Links for the day
Gemini Links 19/12/2024: Port Of Miami Explosion, TurboQOA, Gnus
Links for the day
Fake Articles About 'Linux'
Dated yesterday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 18, 2024
IRC logs for Wednesday, December 18, 2024
FSF Has Made It Halfway to Its Target (Funding Goal) a Week Before Christmas Day
$400,000 definitely seems reachable now, especially if they extend the "deadline"
[Meme] The Master Churnalist
Speaking of press releases being passed off as "journalism"
Spamnil's TFiR: Still Pretending Press Releases Are 'Articles' (TFiR 'Originals' as Plagiarism or Fluff)
Same as last year
Links 18/12/2024: Zakir Hussain Dies, TuneIn Layoffs
Links for the day
Links 18/12/2024: Karate Love and Advent of Code
Links for the day
Windows (or Microsoft) Has Become the "One Percent" (Market Share) in Chad
How long before it falls below 1%?
Arvind Krishna, IBM's CEO, Will Eventually Suck Up to Donald Trump Like His Predecessor Did or the Watson Family Did With Adolf Hitler
Literally Hitler
Being a Geek Need Not Mean Being Sedentary
"In the past 18 months," Berkholz writes, "I’ve lost 75 pounds and gone from completely sedentary to fit, while minimizing the effort to do so (but needing a whole lot of persistence and grit)."
GAFAM Kissing the Ring of the Mafia Don
"resistance" to dictatorship and defenders of democracy?
Slop Spaghetti From the Chef, Second Time Today
Fresh slop ready out the oven!
IBM - Like Microsoft - Lies About the Number of People It's Laying Off (Several Tens of Thousands, Not Counting R.T.O. "Silent" Layoffs and Contractors/Perma-Temps)
How many waves of silent layoffs have we seen so far at IBM this year?
Links 18/12/2024: EU Launches Probe Into TikTok (At Last!)
Links for the day
Links 18/12/2024: Doha/Qatar Trafficking, Bloat Comfort Zone, and Advent of Code 2024
Links for the day
Saving What's Left of Decent and Independent Journalism on the Web
We increasingly (over time) try to make local copies (hosted on our server) of important documents; it's hard to rely on third parties
[Meme] Microsoft's Latest Marketing Pitch
"Stop Being Poor; buy a new PC with TPMs"
In South Africa, a Very Large Nation, Web Developers Can Already Ignore Microsoft Browsers (Edge Measured Below 3% in 55 Nations)
The dumb assumption you must naively test with Microsoft browsers is no longer applicable in a lot of places
Open Source Initiative (OSI) is the Voice of Bill Gates and Satya Nadella
Not hard to see what they've done with the money
Microsoft Boasts That Its (Microsoft-Sponsored) "Open Source AI" Propaganda Got Cited in Media (That's Just What the Money Did)
This is a grotesque openwashing campaign
In Many Places Around the World, Perhaps as Expected, Yandex is Nearly Bigger Than Microsoft (Like in Several African Countries)
Microsoft may soon fall to "third place" in search
Keeping Productive This Christmas
We've (pre)paid for hosting till almost January 2026 and fully back on the saddle
IBM and Canonical Leave Money on the Table Because Microsoft Pays Them Not to Compete and Instead Market Windows, WSL, Microsoft 'Clown Computing', and TPMs
Where are the regulators?
Other Editors Who Agree "Hey Hi" (AI) is Just Hype But Won't Say So Publicly as It Might Upset Key Sponsors
Some media would gladly participate in a scam to make money
Brian Fagioli's Latest "Linux" Article Appears to be Fake
Another form of plagiarism/ripoff using bots?
IBM (and Red Hat) is a Patent Troll, Still Leveraging Software Patents to Extract Money Out of Other Companies by Suing Them
Basically, when it comes to patents, IBM is demonstrably part of the problem, not the solution
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 17, 2024
IRC logs for Tuesday, December 17, 2024