Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

IBM May Well Be Laying Off Over 13,500 and Up to 27,000 Staff This Week When It Says "Single-Digit Percentage of Our Global Workforce": It's not yet possible to know how many people IBM gets rid of
Early Unverified Figures About Scale of Latest IBM Layoffs: the real scale of the RAs will remain elusive
How Techrights Search Works: Hopefully bots won't use it
Techrights Became a Lot More Productive as a Result of Attacks on It: By default, it's safe to assume anything on the Web is garbage, especially in social control media
Unverified Rumours: IBM Cuts Will Continue Another ~10 Days, Managers Will Invite Those Impacted for 1-on-1 Meetings: Right now IBM likes diversity because with adoption of low-paid demographies it gets to pay workers less for the same work
analytics.usa.gov: Vista 11 Scarcely Used, GNU/Linux Increasingly Dominant (Microsoft Loses "Goodwill", Depletes Cash Equivalents, and Debt Soars): "Total current assets" fell by more than 2 billion dollars in the past 3 months
Not Only Mass Layoffs at IBM But Complete Shutdowns "Amid A.I. Boom": apparently about 10,000 layoffs, not counting those who got pushed out by PIPs and other means
Slopwatch: linuxbsdos.com, Linux Journal, LinuxSecurity, Brian Fagioli, and WebProNews: Either Google doesn't care about the integrity of Google News or it deems slop to be acceptable
Gemini Links 05/11/2025: Affirmation, GnuPG, and While Loops: Links for the day
Links 05/11/2025: Economic Trouble in France and US Bombing All Over the World Without Declaration of War or Congress Approving: Links for the day
Red Hat Staff Also Impacted by Latest IBM Layoffs With Focus on North America and Software, Infrastructure: After the bluewashing never expect to see news about "Red Hat layoffs", just as "Tivoli layoffs" aren't to be expected
Coming Soon: Part 4 About the EPO's Substance Abuse (Breaking Laws to Fake 'Production' and Profiting From Unlawful Monopolies): Notice how quiet the EPO's management has been lately
For the Record: We Never Named Staff of the Law Firm That's Attacking Us, Except the One the Firm is Named After!: Just to affirm and be sure, I've used our new search facility
Links 05/11/2025: Medicare Privatisation and "Breaker Box Economy": Links for the day
Techrights Search Will Come Early: Maybe tomorrow
It Seems Like GNOME/IBM Don't Like Women and When Budget is Limited Only Women Take the Fall: Seems like a very patriarchal, GAFAM-controlled Foundation
"Last Day" as in "IBM Sacked Me" (Cruel Euphemisms): "The entire design and research technical leadership at IBM was laid off in the past year, including this round"
Shadow Crew and Ads Disguised as Articles: That The Register MS runs articles that are paid-for fluff isn't unprecedented
Vista 11 "Market Share" Has Fallen This Month, Based on statCounter: The US government's own data shows the same thing this month
This is How Mainstream Media, Boosted or Parroted by Slopfarms, Spins IBM's Commercial Failure and Mass Layoffs as "AI": Some say "software focus", but most just resort to buzzwords and blame-shifting hype
Resisting Misogynists: Rianne has already added close to 100,000 pages to this site
Starting November on a Strong Note: All in all, this month started well for us as we have good, accurate publications with considerable impact
Fake Retirements Help IBM Keep the Layoff Figures Down: Yesterday we read that it was quite cruel how IBM (or Red Hat) compelled staff to pretend to be happily leaving or "retiring" when the reality was, they had been pushed out with some "package"
Cocaine at the European Patent Office Now a Subject in YouTube, Media Will Revisit the Topic: "The Cocaine Patent Office" is no joking matter
Gemini Links 05/11/2025: "Wuthering Heights" and "Winter is Coming": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 04, 2025: IRC logs for Tuesday, November 04, 2025
2 Days Until Site Anniversary Party, Search Likely to Launch Same Day: We're now just two days away from the nineteenth anniversary of the site
Richard Stallman's 2005 Article on Why Patents on Software Should be Denied: If patent law had been applied to novels in the 1880s, great books would not have been written. If the EU applies it to software, every computer user will be restricted, says Richard Stallman
"Last Day" at IBM and Red Hat as "Stealth Layoffs" (They Force People to Pretend It's Wilful): So the real extent of the layoffs is being kept 'undercover'
Slopwatch: The WebProNews Slopfarm and the Serial Slopper: The Web is ill
Links 04/11/2025: Tensions Around Belarus Grow, Turkey’s Hype-inflation Continues: Links for the day
Corporate Media That Fails to Report Cocaine at EPO is Totally Failing to Report Mass Layoffs at IBM: How come nobody anywhere writes about this week's RAs?
Search @ Techrights: Almost There Now (Maybe an Anniversary Gift): Just to be very clear, search would not be unprecedented at Techrights
At IBM, Layoffs Start at 1AM (at Night): not a single English-speaking site covers the news about the layoffs
Links 04/11/2025: Google Cloud Account Engages in Censorship of the Innocent, arXiv Spammed by LLM Slop: Links for the day
EPO Cocaine Chronicles: Our Aim Will be to Ensure This Becomes a Mainstream Media Topic, Not a Suppressed Scandal (Which the German State Deems Embarrassing and Detrimental to Its Pan-European Patent Franchise): At the EPO, and perhaps in German media as well, people "fall upwards" (they get rewarded for bad things)
Envy Makes People Do Self-Harming Things (and Harm to Others): Online communities that can be deemed successful are built around trust, mutual respect, and collective accomplishment
Static Site Generators (SSGs) Made Techrights Better, Faster, Easier to Manage: Consider adopting SSGs if you still use a CMS such as WordPress
But he Was Born in Manchester! (Origin Stories): Borussia Dortmund does not exist!
What Julian Darley Wrote About the Stallman Talk Regarding "AI" in Oxford (2025): From LinkedIn (Microsoft)
GNU/Linux is American, Not Finnish: It started in Boston, not in Helsinki
'Hacker' 'News' Makes Dumb Assertions Against Smart People: A logical fallacy
We Turned Down Every Settlement Offer Because Truths Aren't Determined in Bank Accounts: Without free press, there won't be free society
"All truths are easy to understand once they are discovered; the point is to discover them." -Galileo Galilei: This site is educational
Why I'm Always Proud of the Site I've Devoted My Life to: As a graffiti around the corner from our home says, "be a better person"
Standing Up or Standing for What's True But Inconvenient: Bad actors need to be called out
Many People Have Said That They "Leave" IBM in Recent Days (Ahead of Mass Layoffs): So the real extent of layoffs is greater than what's publicly stated (there are silent layoffs) [...] Whatever IBM says about the scope, scale, or magnitude of the "RAs", it doesn't tell the full story
Media Coverage Regarding IBM is Vapourware and LLM Slop: With slop images, too
statCounter Says GNU/Linux Rose to 4% in the Russian Federation: Adoption of Vista 11 has been embarrassingly weak
Corruption is Not a Joke: we'll try to limit our use of humour to avoid misunderstandings or misinterpretations
The Slopfarm WebProNews is Overwhelming "linux" Results in Google News: Google News is slop
The Fall of IBM: What Happened?: Just like the EPO continues riding some old reputation acquired in the 1970s IBM relies on old myths like, "nobody gets fired for buying IBM."
IBM's CEO Already Has the Excuse for the Latest Wave of Mass Layoffs: Only days ago the CEO told a bunch of nonsense
Links 04/11/2025: Conflicts, Politics, and IPv6 at Home: Links for the day
Gemini Links 04/11/2025: Entering WiFi Passwords and Programming Rambles: Links for the day
Arch Linux Seems Like the New Debian: Arch users (btw!) are growing in relative and absolute share
Analytics From US Government Affirm a Trend: Microsoft's "Market Share" in Search is Falling: the data set is large
Holding Institutions Such as the EPO Accountable Through Public Information: Speaking truth to power is never easy
Techrights Will Contact German Media About the EPO's Substance Abuse: This scandal won't "go to waste"
EPO Staff Losing Holidays, as Usual, as the Office Increases Profits by Illegally Granting Invalid Patents While Reducing Salaries: How much more can the staff endure and generally tolerate?
Free Software Does Not Always Speak for Itself, It Needs Advocates: Legal matters that relate to sharing of code will be discussed
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, November 03, 2025: IRC logs for Monday, November 03, 2025
The Register MS Continues Looking for Money in Promotion of the "AI" Ponzi Scheme: That The Register MS participates in this deceit rather than tackle/debunk it says a lot about The Register MS
IBM Layoffs in "Software", This Likely Impacts Red Hat as Well: Many people say "software" people are impacted
Escaping Proprietary Software, Not Just Escaping Microsoft: To take control of your life adopt GNU/Linux
A Lot of Fake News About Microsoft Headcount (Also: Microsoft's Debt Rose by About 24 Billion Dollars in Past 12 Months): If you see some headline about Microsoft's CEO making claims about hirings, look away
Techrights Turns 19 in Three Days: It would be nice to meet for a chat
Akira Urushibata on How Grokipedia Fails to Work: The Grokipedia article gives the wrong character for the "Ko" on "Koan"
Links 03/11/2025: Data Breaches, Wars, and Digital Censorship: Links for the day
Gemini Links 03/11/2025: Poetry, Old Androids and Small Shells: Links for the day
The Rumour Was True, Mass Layoffs at IBM Today: How widespread the layoffs are (or how they're disguised, e.g. PIPs) is hard to assess
Links 03/11/2025: Internet Anniversary: Links for the day
Two Years of Uptime: Reboots are seldom involuntary
Richard Stallman is Giving Another Talk in Less Than a Fortnight: in two weeks' time (13 days from now)
Windows Falls Below 20% in the UK: Many people choose to leave Windows altogether
Microsoft's Search Business Falls to Lowest Point in 2 Years, Based on statCounter: what can Microsoft sell other than shares in Microsoft?
Evidence Regarding Layoffs at Red Hat: Seems like IBM layoffs
Microsoft: Our "Goodwill" Value Grew More Than Tenfold Since 2011: Hallmark of pseudo-economics
GNU/Linux as a Boarding Pass: being mostly analogue is still feasible
Links 03/11/2025: Lack of Trust in LLMs and Windows TCO at Jaguar: Links for the day
Gemini Links 03/11/2025: Books in October and Change: Links for the day
Mozilla Firefox Won't Survive and Many Sites Don't Work With It (Compatibility Abandoned): The Web has become monocultural
Debian is Non-Free: Devuan might be worth looking into
Slopwatch: Brian Fagioli and LinuxSecurity: This is a real problem and most certainly a big problem because when people try to find real information about security and GNU/Linux they instead read "word salads" made by bots
Four Reasons to Party With Us in Four Days, Celebrating the Four Freedoms: Today we expect to be back to a more-or-less regular publication pace
Links 03/11/2025: The "Smartphone Panopticon" and Belarus' Hybrid Attacks on EU Intensify: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, November 02, 2025: IRC logs for Sunday, November 02, 2025

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts