Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

Estimates of Microsoft Layoffs: 3,000 Staff to be Culled Just in Gaming, How Many in Other Divisions?
Now the XBox division has its own "fall guy", but it is a woman
Straw Man Arguments Against Rust
If anything, it teaches the importance of auditing packages
Tesla Debt Rose Sharply, Sales Declined, Wall Street's Claim of Tesla "Value" is Merely a Fairytale (and Not Just Tesla)
We would gladly sell land on Mars to anyone who honestly believes a company that loses money is somehow "worth" trillions in Wall Street
Stop Calling Losses "Investment"
XBox is losing money, it is a sinkhole
For Justice We Need More Speech, Not Less Speech
When you attack something you are just giving that something a bigger platform
SLAPP Censorship - Part 107 Out of 200: Keeping Law Accessible to Everybody
We'll have stories related to this in the future
Links 15/06/2026: Slop "Beg Bounties", Wall Street Fakes 'Worth', and Arkansans Saved PBS
Links for the day
Gemini Links 15/06/2026: Dating Oaks, Simulation, and Theremin
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 14, 2026
IRC logs for Sunday, June 14, 2026
Links 14/06/2026: Energy Cost and Reality Strikes at Heart of Slop Bubble, 75 Data Center Build-outs "Successfully Blocked"
Links for the day
Microsoft CEO Says XBox is Not a Sustainable Business
"Now, we have to turn this into a sustainable business," he said about XBox
MElon (MUSK, Elon) is a Trillionaire Like Penguins Are Mammals
Have media outlets told the truth?
Unlikely Heroes
One personal hero who is not alive (anymore) is Navalny
Bruce Schneier Was Probably Wrong About Slop
Right now politicians who openly speak in favour of slop are committing "political suicide"
SLAPP Censorship - Part 106 Out of 200: 100 Kilograms of Legal Papers
When one party's communications and filings weigh at about 3 KG of paper and another's... at about 100 KG of paper
Links 14/06/2026: More Google Layoffs, Wall Street Deems Companies That Lose Money "Worth" Trillions
Links for the day
Gemini Links 14/06/2026: "The Universe is a Hologram", "Matrix Brain Download", and "Happy 0th Year"
Links for the day
European Patent Office (EPO) Series: Battistelli's "Baltic Crusader"
Gilles Requena, Battistelli's erstwhile "Baltic Crusader" and the loyal servant of his successor Campinos
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 13, 2026
IRC logs for Saturday, June 13, 2026
Links 13/06/2026: University of Nottingham Confirms Data/System Breach, Courts Fuming at Fraudulent Lawyers Who Fling LLM Slop at Them
Links for the day
Gemini Links 13/06/2026: World Cups and 做人
Links for the day
Microsoft's XBox "Bloodbath" Seems to Have Already Begun (Informally), Studios Allegedly to Face Shutdowns, Layoff Notices Handed Out, 100% Layoffs in Some Cases, 10% in Others or on Average
So is a complete closure/shutdown imminent? (Compulsion Games in this case)
Discussing Morale at IBM and Conversations Regarding IBM Layoffs (Disguised as Other Things)
Trolling can be a form of censorship
European Patent Office (EPO) Series: All the President's Men
Gilles Requena,Patrice Pellegrino, and Sandro Mendonça
SUEPO Elections Coming Up, Union Leaders at Europe's Second-Largest Institution (EPO) to be Determined Soon
The staff union of the European Patent Office (SUEPO) is having an election soon
SLAPP Censorship - Part 105 Out of 200: When Bad Legal Advice Results in Your Client, Dale Vince, Ordered to Pay £600k - or 801,930 United States Dollar (USD) - to the Person Frivolously Sued (Lord Bailey of Paddington)
"A judge has ruled that Dale Vince must pay punitive costs to Lord Bailey of Paddington, the Tory peer, over the 'unexplained abandonment' of his" SLAPP
How Long for Can American Taxpayers Justify Bailing Out Microsoft?
How many times need the American taxpayers give Microsoft money for vapourware that's neither necessary nor delivered?
IBM is Importing/Exporting Corporations' Regime of Censorship (Hiding the Wrongdoing) to Free Software Communities
Is IBM protecting criminals in the name of "manners"?
Links 13/06/2026: Microsoft’s XBox Crisis and "Apple Deepfakes"
Links for the day
Gemini Links 13/06/2026: Why Humans Are Mostly Right Handed and "Getting Things Done"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 12, 2026
IRC logs for Friday, June 12, 2026