Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

British Justice Minister Sarah Sackman Blasts Solicitors Regulation Authority (SRA)
The "legal industry" is due for "some reckoning"
Someone at Association for Computing Machinery (ACM) is Censoring the Birthday Greetings to Richard Stallman
Some people remember
Links 16/03/2026: Moscow Experiencing Cellphone Internet Outages, "Salman Rushdie Is Tired of Talking About Free Speech"
Links for the day
 
Links 17/03/2026: American Fentanylware (TikTok) Investors Implicated in Kickbacks, "Big Oil Knew It Was Wrecking Louisiana’s Coast"
Links for the day
For Third Time in a Week The Register MS Runs Google SPAM That Paints Google as an Ally of Women (Which is False, They're Womanisers)
What does that make The Register MS to women?
GAFAM Deprecating Old Videos ("Content") by Removing the Support for Their Format for No Good Reason
"Security" is not a valid excuse
Credit/Debit Cards Have Long Been Called Plastics, Over Time They're Becoming More Like Pure Plastics
They cost less than a dollar to manufacture
The European Patent Office (EPO) Holds a Public Demonstration Tomorrow and It'll be Live-streamed
The EPO's workforce was meant to be capable of speaking many languages and have extensive experience in the sciences
People Who Attacked Techrights Also Attacked My Mother
Picking on old ladies because you don't like Free software advocates is never OK
Little Community Element Left in CentOS
CentOS, unlike Fedora, was meant to be long supported and solid
Social Control Media is Cancel Culture (Companies Like Facebook Also Punish/Ban Accounts for Mentioning "Linux" and Lobby for Anti-Linux Legislation)
The masters of Social Control Media decide what ideas can and cannot be expressed
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 16, 2026
IRC logs for Monday, March 16, 2026
The European Patent Office (EPO) Illegally Transitioning Into 'Gig' 'Economy' Equivalent (a Shop for Patent Monopolies in Europe)
for scabs aka SEALs
At Least Six EPO Strikes Next Month (Yes, Six!)
The pressure intensifies over time
Several MPs Blast Solicitors Regulation Authority (SRA) for Inaction and Ineffective Action This Week
"Four MPs have written to the SRA"
Microsofters' SLAPP Censorship - Part 14 Out of 200: The Abusive Cases of the Serial Strangler From Microsoft and His Litigation Buddy Garrett Did Cause "Serious Harm"
claims were de facto abandoned at the trial
Today's Discussions About How IBM Pushes Workers Out
The corporate media keeps trying - baselessly and in vain - to paint everything that happens with the "hey hi" brush
Linux Teck (linuxteck.com) and Ubuntu PIT (ubuntupit.com) Are Botspam
now they just keep experimenting by trashing their sites and reputation
Links 16/03/2026: Arctic Security and 'Mr. Nobody Against Putin'
Links for the day
Gemini Links 16/03/2026: KN95 Skins and CSS Surprises
Links for the day
Debian is Dying for Some of the Same Reasons IBM's Fedora is Rapidly Dying
Prioritising CoC censorship, not communities
The Register MS is Again Femmewashing GAFAM (Which Makes Widows) in Exchange for Money
This is a moral issue because they betray or harm women and prop up authoritarian regimes
Gemini Links 16/03/2026: AB 1043, Lagrange Android Beta 47, and Poetry
Links for the day
"Slop-forking" or "Vibe-forking" as the New 'Noble' Plagiarism
New Cloudflare Slop Project?
EPO "Cocaine Communication Manager" - Part VII - Cult Mentality, Mobbing, Nepotism
Does the EPO actually believe in the law?
2026 Microsoft Layoff Rumours
Surely if we had properly-functioning media, then someone would investigate this rather than rely on official statements from Microsoft and WARN notices
EPO Strike This Week
contact your national representatives about it
Gemini Links 15/03/2026: "Create Opportunities for Good Things to Happen", DOSbook, and Bitcoin Criticism
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 15, 2026
IRC logs for Sunday, March 15, 2026
Pirate Praveen Arimbrathodiyil & Debian denouncing volunteers, hiding romances
Reprinted with permission from Daniel Pocock
Links 15/03/2026: WB Games Montréal Undergoes Layoffs, "Swiss Reject Cuts to Public Broadcasting"
Links for the day
Gemini Links 15/03/2026: Messages in Bottles and Audio Streaming in Lagrange for Android
Links for the day
Microsofters' SLAPP Censorship - Part 13 Out of 200: Abuse of Process to Make False Accusations of UKGDPR Violations
familiar barrister and same lawyers
Thrown Under the Microsoft Bus
Microsoft wants disposable contractors
Quitting IBM and "Rumors of an Upcoming RA [Mass Layoffs] in April 2026"
Blue layoffs or "RAs" were confirmed upfront by the CFO
GNU/Linux Distro Builders Barely Paid Enough to Pay Basic Bills, Chief of "Linux" Foundation (Not Even Using Linux!) Increases His Own Salary by Over 50% in 5 Years
Salaries or compensation correlate with the ability to exploit people, not to create things
What Puts the Brakes on GNU/Linux Adoption on Laptops and Desktops is Monopoly Control (or Monoculture) Over the Distros
Distros that adopt systemd are controlled by IBM and GAFAM
The "Zero-Sum" Fallacy
Fallacies like "zero-sum" - especially in the context of foreign affairs including war - are utterly ruinous
A Happy Birthday to Richard Stallman
Richard Stallman will turn 73
Jürgen Habermas is Dead, But the Politicised, Inherently Corrupt, Corporatised Court for Patents That He Inspired Is Not
In the news throughout the weekend
Mountains of Abuses of Process by Brett Wilson LLP on Behalf of Americans and Sometimes at the Expense of British Taxpayers
a virtual "limited liability"
linuxteck.com FUD by LLM Slop, ubuntupit.com Passes the Slop Baton
Unless they get back to doing long-form authentic articles, as opposed to slop, no good will come out of it
Links 15/03/2026: New Shortages, Lynx Populations Depletion
Links for the day
Sruthi Chandran & Debian Diversity, Favoritism, Hidden Conflicts of Interest
Reprinted with permission from Daniel Pocock
software in the public domain
Reprinted with permission from Alex Oliva
Links 15/03/2026: Slop "Bubble Driving Interest in Chip Alternatives" and Wildlife Erosion Reported
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 14, 2026
IRC logs for Saturday, March 14, 2026