Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

IBM Culling Workers or Pushing Them Out (So That It's Not Framed as Layoffs), Red Hat Mentioned Repeatedly Only Hours Ago
We all know what "reorg" means in the C-suite
 
Jonathan Carter & Debian: fascism hiding in broad daylight
Reprinted with permission from disguised.work
Gunnar Wolf & Debian: fascism, anti-semitism and crucifixion
Reprinted with permission from disguised.work
Links 01/05/2024: Take-Two Interactive Layoffs and Post Office (Horizon System, Proprietary) Scandal Not Over
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 01, 2024
IRC logs for Wednesday, May 01, 2024
Embrace, Extend, Replace the Original (Or Just Hijack the Word 'Sudo')
First comment? A Microsoft employee
Gemini Links 02/05/2024: Firewall Rules Etiquette and Self Host All The Things
Links for the day
Red Hat/IBM Crybullies, GNOME Foundation Bankruptcy, and Microsoft Moles (Operatives) Inside Debian
reminder of the dangers of Microsoft moles inside Debian
PsyOps 007: Paul Tagliamonte wanted Debian Press Team to have license to kill
Reprinted with permission from disguised.work
IBM Raleigh Layoffs (Home of Red Hat)
The former CEO left the company exactly a month ago
Paul R. Tagliamonte, the Pentagon and backstabbing Jacob Appelbaum, part B
Reprinted with permission from disguised.work
Links 01/05/2024: Surveillance and Hadopi, Russia Clones Wikipedia
Links for the day
Links 01/05/2024: FCC Takes on Illegal Data Sharing, Google Layoffs Expand
Links for the day
Links 01/05/2024: Calendaring, Spring Idleness, and Ads
Links for the day
Paul Tagliamonte & Debian: White House, Pentagon, USDS and anti-RMS mob ringleader
Reprinted with permission from disguised.work
Jacob Appelbaum character assassination was pushed from the White House
Reprinted with permission from disguised.work
Why We Revisit the Jacob Appelbaum Story (Demonised and Punished Behind the Scenes by Pentagon Contractor Inside Debian)
If people who got raped are reporting to Twitter instead of reporting to cops, then there's something deeply flawed
Free Software Foundation Subpoenaed by Serial GPL Infringers
These attacks on software freedom are subsidised by serial GPL infringers
Red Hat's Official Web Site is Promoting Microsoft
we're seeing similar things at Canonical's Ubuntu.com
Enrico Zini & Debian: falsified harassment claims
Reprinted with permission from disguised.work
European Parliament Elections 2024: Daniel Pocock Running as an Independent Candidate
I became aware that Daniel Pocock had decided to enter politics
Publicly Posting in Social Control Media About Oneself Makes It Public Information
sheer hypocrisy on privacy is evident in the Debian mailing lists
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 30, 2024
IRC logs for Tuesday, April 30, 2024
[Meme] Sometimes Torvalds and RMS Agree on Things
hype around chatbots
[Video] Linus Torvalds on 'Hilarious' AI Hype: "I Hate the Hype" and "I Don't Want to be Part of the Hype", "You Need to Be a Bit Cynical About This Whole Hype Cycle"
Linus Torvalds on LLMs
Colin Watson, Steve McIntyre & Debian, Ubuntu cover-up mission after Frans Pop suicide
Reprinted with permission from disguised.work
Links 30/04/2024: Wireless Carriers Selling Customer Location Data, Facebook Posts Causing Trouble
Links for the day
Frans Pop suicide and Ubuntu grievances
Reprinted with permission from disguised.work
Links 30/04/2024: More Google Layoffs (Wide-Ranging)
Links for the day
Fresh Rumours of Impending Mass Layoffs at IBM Red Hat
"IBM filed a W.A.R.N with the state of North Carolina. That only means one thing."
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
I was always "on-call" and my main role or function was being "on-call" in case of incidents
Mark Shuttleworth's (MS's) Canonical is Promoting Microsoft This Week (Surveillance Slanted as 'Confidential')
Who runs Canonical these days? Why does Canonical help sell Windows?
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
In Debian, there is a long history of deaths, suicides, and mysterious disappearances
Federal News Network is Corrupt, It Runs Propaganda Pieces for Microsoft
Federal News Network used to be OK some years ago
What Mark Shuttleworth and Canonical Can to Remedy the Damage Done to Frans Pop's Family
Mr. Shuttleworth and Canonical as a company can at the very least apologise for putting undue pressure
Amnesty International & Debian Day suicides comparison
Reprinted with permission from disguised.work
[Meme] A Way to Get No Real Work Done
Walter White looking at phone: Your changes could not be saved to device
Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks
People are forgetting the value of nature and other human beings
Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More)
The United States (US) was 17 when these rankings started in 2002
Record Productivity and Preserving People's Past on the Net
We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 29, 2024
IRC logs for Monday, April 29, 2024
Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists
Links for the day
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal
Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial
Reprinted with permission from disguised.work
Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
Today we start re-publishing articles that contain unaltered E-mails