Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

Sonny Piers Finally Spills the Beans on GNOME Cover-up, Points Finger at Robert McQueen, Misusing "Defamation" to Silence Critics of Wrongdoing
Robert McQueen, who is extremely connected to Garrett (they share digital nests)
Techrights Was Months Ahead of "XBox" News (Mass Layoffs)
Next: end of XBox as a console
More Commentary on June 2026 IBM Layoffs and Why They Happen
It sounds a lot like what happened to the EPO
 
Links 13/06/2026: Microsoft’s XBox Crisis and "Apple Deepfakes"
Links for the day
Gemini Links 13/06/2026: Why Humans Are Mostly Right Handed and "Getting Things Done"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 12, 2026
IRC logs for Friday, June 12, 2026
SLAPP Censorship - Part 104 Out of 200: Exactly Two Years Ago Brett Wilson LLP Humiliated or Weaponised Our Solicitor's Judaism in an Effort to Censor and Gag Us
dated 12/06/24
Half a Year Since Slopwatch Died
To Google's credit, it did manage to delist a lot of slopfarms in recent months
Links 12/06/2026: Science, Windows TCO, and More
Links for the day
"AI" 46 Times in One 'Article' Because The Register MS Got Paid to Push it
Today is just another opportunity to remind people that the slop bubble and GPU bubble are based on inauthentic fake 'journalism'
Gemini Links 12/06/2026: FTP and Gopher, Cluster Outage Postmortem After Cleaning by Wife
Links for the day
European Patent Office (EPO) Series: Transcending Partisan Rivalry in the National Interest
Up until now, Campinos has generally been regarded as a Portuguese "asset" on the international stage
Gratitude to Whistleblowers or Sources of Techrights
Whistleblowers are what makes journalism work
Links 12/06/2026: "NearlyFreeSpeech" No More, Openwashing by Google (DiffusionGemma)
Links for the day
Today There's a Massive EPO Strike (Like Every Friday), Workers Explain Further Cuts Despite the EPO Making More Income by Granting Illegal Patents (or Invalid Patents Illegally)
"Recent exchange with the Administration on the implications of the SAP on the Education and Childcare Allowance"
The Cyber Show: Remember That Code is Art
The article is very long, very profound, and speaks of "the next installation"
Communicating With Freedom - Part IV - Quibble Now in quibble.chat, Open for Contributions Via Codeberg
Today we continue the series about Quibble
European Patent Office (EPO) Series: The Importance of Having "Pals from the Palacete"
for his reappointment bid to succeed, Campinos will need to be able to rely on the support of both the Portuguese Prime Minister, Luís Montenegro, and the President of the European Council, António Costa
Cyber Show on How Updates or Upgrades Break Workflows, Even in Free Software
"We did a big upgrade on the AV production pipeline"
Discussions About IBM Layoffs in June, Including by RTO and PIPs
mass layoffs are becoming increasingly difficult to conceal
Gemini Links 12/06/2026: Decks and Work Essay
Links for the day
"Rolling Strikes" Continue at the European Patent Office, the Administrative Council Needs to Take Action Against Crooked Office Management
This coming weekend we'll talk about some of the other issues and concerns expressed by the union
Only Days After Mass Layoffs in Microsoft's Azure There Are Headlines About Much-Expected XBox Layoffs
XBox as a console is basically dead or "fast-dying"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 11, 2026
IRC logs for Thursday, June 11, 2026
Links 11/06/2026: Disputes Over Copyright Infringement, Failure to Meet Climate Goals, "ChatGPT Caught Recommending “Products” That Are Just Scams"
Links for the day
Gemini Links 11/06/2026: Programmable Systems and Slop "is Coming for Your Serifs"
Links for the day
SLAPP Censorship - Part 103 Out of 200: Telling People What They Know and Don't Know About Death Threats They Receive
patronising letters sent on behalf of the Serial Strangler from Microsoft
IBM Genies in the Bottle
for ordinary people working who at at IBM, it's not hard to see that IBM is floundering
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 10, 2026
IRC logs for Wednesday, June 10, 2026
Links 11/06/2026: LF Openwashing of Slop and "Azerbaijan Bans TikTok and Other Social Media Apps in School"
Links for the day
European Patent Office (EPO) Series: The Centre (in Portugal) Falls Apart…
Luís Montenegro became embroiled in a conflict-of-interest controversy
IBM Lost About 18% of Its "Market Value" This Month
In IBM's case, a lot of the latest "pump" was Arvind's "quantum" hype/fantasy