Binary 'Security' Vastly Inferior to Free Software Patching

Dr. Roy Schestowitz

2014-12-30 17:29:00 UTC
Modified: 2014-12-30 17:38:34 UTC

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.

"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.

UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective. ⬆

Social Control Media and GAFAM as National Security Threats (Domestically and More So Abroad): "Algorithms control messages, swayed 2024 presidential election"
It's Not a GAFAM World Anymore and There Are Far More Operating Systems Than Google's, Apple's, and Microsoft's: we're not getting the full picture of what's happening
Microsoft's XBox is Going Away Like Microsoft's Skype (Slowly But Surely, Then All at Once): XBox is dying rapidly
Codecs and Software Patents - Part IV - Things Got So Bad That Some Laptop Sales Got Banned in the EU (Over Software Patents!): If software patents lead to such severe outcomes, shouldn't the media pay closer attention to the problem?
Gemini Links 08/05/2026: Slop Falsely Marketed to Greedy Administrators and New Official Maintainer of Antenna Confirmed: Links for the day
Links 08/05/2026: French Prosecutors Seek Charges Against MElon, Europe Wants Young People Without Skinnerboxes (Smartphones): Links for the day
2,000-4,000 More Layoffs Expected at IBM's Kyndryl, Some Say Over 10,000 Layoffs: They use euphemisms like "restructuring" or "rebalancing"
Gemini Links 08/05/2026: Dissociated Pride and Prejudice, Smallnet Protocols Roundup: Links for the day
Links 08/05/2026: Slop Profiteer NVIDIA (and Circular Financing/Accounting Fraud Leader) May Be Liable for Mass Copyright Infringement, Kyndryl (IBM) Layoffs: Links for the day
Outgoing OSI Chief Was Paid by Microsoft to Advocate for GPL Violations (Using the OSI's Name). Now, Inside OIN, He Says GPL Violations Are 'Freedom'.: It seems like only compromised people can be "allowed" to run today's OSI
SLAPP Censorship - Part 70 Out of 200: Microsoft's Graveley Injunction Request 100% the Same as Garrett's (Pure 'Copy-paste', Not Even a Word or Single Character Changed!): Not so funny at all
Over 97% of the 'Linux' Foundation's Budget Goes Not to Linux: There is a term for this: mission creep
Cloudflare is a Giant Pile of Debt, Now There Are Mass Layoffs and Media Coverage About This is Churnalism, Sometimes by Slopfarms (False Excuses): If Cloudflare goes under, it'll be great news
NDAs as a Price Tag on Criticism (or Honest Expressions of Opinion): What ever happened to accountability? Suppressed by reverse bribes (via NDAs)?
Internal Microsoft Communications Confirm: "Buyout" Offer Worse Than a Year's Salary and Microsoft Offers "Retirement" to Young People Who Cannot Retire: Does that sound like a good offer or marching orders?
Site Overhauls at Cybershow and at analognowhere.com (Less is More!): They seem to be replacing the heavy PHP backend with static HTML pages
The Corrupt Lecture the Non-Corrupt - Part XVI - EPO Had Data Breaches, Covered Them Up, Now Lectures Staff That Didn't Do It and Didn't Cover It Up: Imagine what would happen to staff if (non-anonymously) blowing the whistle on management leaking and then covering up EPO data breaches
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, May 07, 2026: IRC logs for Thursday, May 07, 2026
Mass Layoffs at IBM's Kyndryl, Slop Won't Save Kyndryl: Kyndryl is a "done deal". It's done. It's finished.
Kyndryl Holdings Inc Falls Almost 15% in 2 Days, What Does That Tell Us About IBM?: The "Big Blue" 'shell game' isn't working
Companies That Say They Are "Hey Hi" (AI) Leaders Don't Really Do Well, They Have Mass Layoffs Because Hype and Storytelling Won't Live Up to Shareholders' Expectations: Microsoft's investment in slop is not going well
Gemini Links 07/05/2026: Unicode and "RSS 4 Noobs (Getting Started)": Links for the day
During IBM's Annual Event/Bash IBM's Stock Fell to (Almost) Lowest Level in a Year, Insiders Explain "IBM is on the Brink of Collapse.": Anthropic - like IBM - pays the media for puff pieces, exaggerations, and obvious vapourware
Servers Became "Cloud", VR Became "Metaverse", Now Bots Become "Agents" (of Slop): Changing the name of things won't prevent rejection, only delay the negative reaction some more
Links 07/05/2026: "The ‘Perfect Storm’ Hanging Over Britain’s Public Debt" and "Internet Shutdowns Spread in Africa": Links for the day
OSI Partners With Microsoft to Help Pretend Proprietary (GitHub) 'Celebrates' Open Source: And a Microsoft operative announced this as well
Links 07/05/2026: "Most Vibe-coded (Slop) Tools Are Not for You" and "Prepare for the PCB Shortage": Links for the day
SLAPP Censorship - Part 69 Out of 200: Microsoft's Graveley Strangles, Gets Arrested, Charged, Then Asks for Apology From Those Who Reported It by Recycling Garrett's Plea for Apology: Garrett realised that his "funny" lawsuit wasn't so funny anymore
Codecs and Software Patents - Part III - AOMedia Video 1 (AV1) and Antitrust Issues: As we'll show in later parts, this already results in bans of some hardware sales in Europe
The Corrupt Lecture the Non-Corrupt - Part XV - Talking About Responsibility and Accountability While Failing to Hold Themselves Accountable: what outlet is there for justice or for the Rule of Law?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 06, 2026: IRC logs for Wednesday, May 06, 2026
Gemini Links 07/05/2026: Dissociated Jekyll And Hyde, New Antenna 2.0.0: Links for the day
Google Slop Contains Serious Errors, Google Has Just Been Sued for 1.5 Million Dollars by One Victim of It: If he wins, the floodgates will open for millions of other people
Keeping Server Costs Under Control in Age of Zombie-Majority Net: The Web has become such a sordid mess not just due to chatbots and LLM bots
People Work for Microsoft Because They Fear No Other Company Would Hire Them: Why do people still work at Microsoft?
The Register MS Does "Microsoft Says", Fails to Accept XBox is Dying and Slop is a Failure: The real news today isn't some tweets from Microsoft
IBM Seems to be Imitating the European Patent Office's "Young Professionals" (YPs) With Client Innovation Center (CIC), Which is About Mass-Hiring Inexperienced People on Very Low Salaries (Sometimes Unlivable): So the future of IBM now is college students without experiences?
IBM Spammers With LLM Slop Discourage Discussion About IBM Problems and Layoffs: they would likely not bother had those discussions not hurt IBM's management [...] There is a similar problem this year in IRC
The Register MS is All About MS After the Site Overhaul, Now They Are a Platform of "Microsoft Says": They rewrite history for sponsors [...] Microsoft says. Hence, it must be true!
Pop the Slop Bubble, Don't Ask When It'll Pop or Expect Others to Pop It for You: It has all along been sold on a lie and it relied a great deal on corrupted (captured) media which played along with deliberate lies because it got paid to do this [...] The slop bubble is similar to the fake-coins bubble
SLAPP Censorship - Part 68 Out of 200: Based on Their Particulars of Claims, Microsoft's Graveley and Garrett Seem Like the Same Person (Exactly Same Words Used, Sloppily Recycled): almost identical (even a description of who they are and how they feel)
The Operating Systems statCounter Cannot Identify or Classify: Is it possible that statCounter just cannot properly decipher and classify systems brought by and controlled by eastern Asia as opposed to Europe and North America?
Gartner Group Paid The Register MS. And Now The Register MS is a "Gartner Says" Rag.: Follow the money
IBM Allegedly Used Apptio to Target and Sack (RA) Productive or 'Expensive' Employees, Are Apptio Staff Now Subjected to Layoffs?: Apptio is one of several companies that IBM buys only to sink together with the IBM boat, RMS Watson
Gemini Links 06/05/2026: "Who Knows That You Blog?" and New Official Antenna by Michael Nordmeyer: Links for the day
Links 06/05/2026: Apple Accepts That It Misled People on Slop and Begins Blocking Software/Games Made With Slop: Links for the day
Microsoft's XBox Exodus Carries on: Corporate VP of Gaming Ecosystem Organization and Corporate VP of XBox Devices and Ecosystem Both Leave Microsoft: Don't expect what's left of the media to properly report the true scale of the XBox cuts and executive-level departures
Codecs and Software Patents - Part II - AV1 and HEVC Not Really Safe: We are, in effect, looking at a sort of cartel (like the one which came out of Germany with MP3)
The Corrupt Lecture the Non-Corrupt - Part XIV - Antisemitism Inside the EPO: A sensitive topic for the European Patent Office (EPO)
Gemini Links 06/05/2026: Childhood Memories, Intense People, and Natural Web Exploration: Links for the day
Links 06/05/2026: Narges Mohammadi in Critical Condition and Copyright Infringement Rampant in Reddit: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 05, 2026: IRC logs for Tuesday, May 05, 2026

Binary 'Security' Vastly Inferior to Free Software Patching

Recent Techrights' Posts