Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

It's Friday Night Again, So Microsoft is Again Shelving (Under Weekend Lull) Nightmare News for XBox Staff: It did the same thing when the chiefs of XBox got canned
Censorship of Information Unflattering to IBM (or GAFAM): Years ago we gave a platform to a censored Microsoft whistleblower
Silent Layoffs at Microsoft in 2026: Time will tell is there are investigative journalists out there who will quit parroting Microsoft (e.g. false layoff figures) and relying on LLMs controlled by Microsoft to spew out false "facts" for them
SLAPP Censorship - Part 91 Out of 200: Legal Aid in Support of Freedom of the Press and British Women (Attacked by Americans): bolstered by prominent counsels
Codecs and Software Patents - Part XII - GNU's Web Site Will Soon Have Many Recent Talks by Chief GNUisance Richard Stallman (RMS): GNU videos being transcoded or converted into AV1
The Register MS Has Just Published Fake Article That Mentions "AI" 23 Times. "Sponsored by Arm." It Does This Every Day.: A lot of the time we see this term everywhere in "the news" simply because slop pushers are paying for it
SQLite Under DDoS Attack by Slop Reports or Fake 'Bugs' (Just Like cURL and Many Other Projects): Even Linus Torvalds is starting to talk about this
IBM: The B Turns From "Business" to "Bailouts" to "Buybacks" ("IBM is the Next Intel"): Trying to shore up the falling share price/stocks while veteran workers and Vice President (with high salaries) are cut off
Links 30/05/2026: More GAFAM (Amazon) Mass Layoffs, Peter Schiff Warns of Trillion-Dollar Slop Bubble Waiting to Implode: Links for the day
Slop is Plagiarism: Trillions of dollars down the drain, invested in a dud
Gemini Links 30/05/2026: Rehabilitation and Taming Emacs Cache and Temporary Files: Links for the day
Richard Stallman (RMS) Talks and Secure Transmission of Private Communications in Formats Everybody Can Access With Free Software: Maybe the FSF should step up a bit the campaign to use Free software to communicate with one another
General Consultative Committee (GCC) Discusses Working Conditions of Employees of the European Patent Office (EPO): On the agenda: Salary Erosion Procedure, Breastfeeding Policy, New Amicale Framework, Public Holidays 2027
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 29, 2026: IRC logs for Friday, May 29, 2026
Links 29/05/2026: "Spyware Economy" and Cuba's Energy Crisis: Links for the day
Gemini Links 29/05/2026: Rap Rant and LLMs Criticised: Links for the day
Akira Urushibata on Misleading Numbers From Anthropic's Project Glasswing (False Marketing by FUD Tactics): Posted yesterday and approved a short while ago
[Video] Richard Stallman's Rapperswil (Switzerland) Talk Online: accessible without proprietary software
Trusting Trust is an Old Issue, Predating Rust and LLM Slop by Over Half a Century: Microsoft Lunduke wants to make a case against Rust and slop (LLMs), but the issues he addresses aren't exactly new or unique
California Should Have Abandoned So-called 'Age‑Verification Laws', Not Make Exemptions (for Now): This has nothing to do with 1) children 2) safety 3) safety of children
Links 29/05/2026: Cory Doctorow on Why the Internet Feels So Broken, American Pope on Defederation: Links for the day
Techrights Does Not Censor Information About IBM, It Platforms and Retains Suppressed Voices From Inside IBM: They don't like it when people criticise the management [...] panic attacks mentioned
Bob (Robert) Cringely Devoted Three Years of His Life Trying to Profit From LLM Slop and Now He Sounds Off, It's Just Not Working and It Can Crash the Economy Soon: "The labs raising money at valuations with too many zeros are happy"
Techrights After About 60,000 Articles in 20 Years: Sites fail if they don't offer anything new or if they wrongly believe that adopting slop to parrot other sites will give them exposure
Organised Plunder or Robbery: GAFAM and Hardware Companies Rely on Media Bribery to Perpetuate False Narratives and to "Drive Sales" (and Drive Prices Upwards): The price-fixing seems plausible and, if so, we need to demand action
Linux Foundation Destroys the Identity and History of Linux: Groklaw's PJ was thorn on the side of LF sponsors
The Problem of Microsoft Crimes: Opposing crime isn't "hatred"
The Fall of Slop (Even Microsoft Admits There's a Problem): If Microsoft admits that slop is too expensive and is for "entertainment purposes" because it cannot be relied upon, why would anyone other than the pushers and profiteers still insist that slop bears potential?
Red Hat Will Die Inside a Dying IBM: IBM isn't where Red Hat came to thrive but where it came to die
Very Large Strike at the European Patent Office Today, "Production" Sank a Huge Deal: At this pace, we might be looking at tens of thousands fewer European Patents being granted this year
Gemini Links 29/05/2026: Leadership and Religion, the Board Game (Second Edition): Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, May 28, 2026: IRC logs for Thursday, May 28, 2026
Links 28/05/2026: Pakistan and Afghanistan Are Still Fighting, Iranians Back Online: Links for the day
"LLMs Are Not Much More Than Plagiarism Engines": the impact of LLMs on communities and software projects
Is Slop Profitable Yet? No.: Everything is a giant minus
Bob (Robert) Cringely Has Just Explained That After 3 Years of Hard Work It Became Apparent LLM Slop is Unfit for Purpose in Courts: Added moments ago to Daily Links
Links 28/05/2026: LibreSSL 4.3.2, "Jeff Bezos Is Afraid Of What Comes Next", Measles Making a Comeback: Links for the day
PCs That Are Made to 'Expire' and 'Secure' Boot Contributing to Planned Obsolescence: People who are responsible for this ought to be held accountable
Evil, Faceless Corporation: Google Steals Money From You If You Don't Purchase an Android Device for MFA: At this point, under the guise of "hey hi" (slop) Google is firing tens of thousands of workers
People Go Back to Basics, Abandon Microsoft's GitHub to Avoid Slop: The media didn't pay any attention to GitHub's de facto chief quitting Microsoft only a few months ago
SLAPP Censorship - Part 90 Out of 200: When Efforts to Silence His Spouse and Also the Wife of a Blogger in Another Continent Only Give More Exposure to Embarrassing Information: The Garrett trial ended in October 2025
IBM - Much Like the European Patent Office (EPO) - Gives the President (Head of Board and CEO) All the Money While Staff Drowns in High Inflation Rates: They're discussing the same sort of thing we often see mentioned in the EPO
"THE REGISTER EXPLAINER" as "Paid-for SPAM" at The Register MS With "AI" 40 Times in the Short Page: What will be left of The Register MS in a few years?
2025: EPO President Campinos Breaks the Cookie Jar, Steals Another Million Euros While His "Brother-in-Law" Does Cocaine at the Office and Staff Prepares Rolling, Indefinite Strikes: any additional month of Campinos in charge of the EPO is a liability not just to the EPO but the EU as well
Gemini Links 28/05/2026: Dumping Microsoft GitHub, Gopher Rabbit Hole: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 27, 2026: IRC logs for Wednesday, May 27, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts