Bonum Certa Men Certa
Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Black Duck Debunked Again, Data Asserted Invalid | Our Richard Stallman Interviews in 2012-2014

Recent Techrights' Posts

Microsoft XBox Staff Know They're in Trouble, They Try to Unionise Ahead of Mass Layoffs
As the slang goes, it's going to be a "bloodbath"
SLAPP Censorship - Part 72 Out of 200: Microsoft's Graveley and Garrett Signed Documents That Hold Them Accountable to Truth and Liable for Lies
Such collaborations are unsavoury and apparently unprofessional, too
 
Codecs and Software Patents - Part V - A Reminder That GAFAM and the European Patent Office (Which Serves American Monopolists) Do Considerable Harm to the Commons and Culture
some 'breaking' developments
Gemini Links 10/05/2026: Inkscape, Guix, and Alhena 5.5.8
Links for the day
The "Alicante Mafia" at the European Patent Office (EPO) Experiments With New Methods for Crushing Industrial Actions
Open letter to VP1 and the COO [...] What does this tell us about the status quo at the European Patent Office, Europe's second-largest institution?
The Corrupt Lecture the Non-Corrupt - Part XVIII - "The European Patent Office (EPO) has a zero-tolerance policy for fraud" (except when managers do it)
The guidebook of the EPO says fraud is not to be tolerated, but who enforces or revisits such "Red Lines"?
Links 10/05/2026: Hantavirus Brings Back 'Contact Tracing' Surveillance, "Staple Food Prices Soar in Iran"
Links for the day
Links 10/05/2026: Fake Suicide Notes and New EU Restrictions on Slop
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 09, 2026
IRC logs for Saturday, May 09, 2026
Gemini Links 10/05/2026: Travelling to Van and "Dark Mode" as Passing Fad
Links for the day
IBM's Kyndryl Holdings Inc Sank 70-75% in 'Value' in 10 Months, Will IBM Follow?
Kyndryl Holdings Inc now has a debt considerably higher than this company is said to be 'worth'!
Belated Sovereignty: GNU/Linux in Iran Skyrockets to 6% Amid Armed Conflict
unless they're truly in control of their networks, hardware and software, somebody else can control them
Gemini Links 09/05/2026: Liberation, The Nocturnals, Rediscovering Internet Radio, and More
Links for the day
Links 09/05/2026: Kremlin’s Biggest Day of the Year and FBI's Attack on the Media (to Save Face)
Links for the day
Google is "Bullshit"
Fix your slop, Google. It's broken.
SLAPP Censorship - Part 71 Out of 200: 5RB Barristers Made Tens of Thousands of Pounds by Changing From Plural to Singular for Microsoft's Graveley and Garrett
Could not even get the client's name right
Links 09/05/2026: "Grand Theft Oil Futures" and Mass Layoffs at Verizon
Links for the day
Gemini Links 09/05/2026: Inkscape "Copy Text Style" and NomadNet
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XVII - European Patent Office (EPO) Management Not Sharing Responsibility for Financial Resources
For those who wonder, EPO strikes are still going on
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 08, 2026
IRC logs for Friday, May 08, 2026
Gemini Links 08/05/2026: Slop Falsely Marketed to Greedy Administrators and New Official Maintainer of Antenna Confirmed
Links for the day
Links 08/05/2026: French Prosecutors Seek Charges Against MElon, Europe Wants Young People Without Skinnerboxes (Smartphones)
Links for the day
2,000-4,000 More Layoffs Expected at IBM's Kyndryl, Some Say Over 10,000 Layoffs
They use euphemisms like "restructuring" or "rebalancing"
Social Control Media and GAFAM as National Security Threats (Domestically and More So Abroad)
"Algorithms control messages, swayed 2024 presidential election"
Gemini Links 08/05/2026: Dissociated Pride and Prejudice, Smallnet Protocols Roundup
Links for the day
Links 08/05/2026: Slop Profiteer NVIDIA (and Circular Financing/Accounting Fraud Leader) May Be Liable for Mass Copyright Infringement, Kyndryl (IBM) Layoffs
Links for the day
Outgoing OSI Chief Was Paid by Microsoft to Advocate for GPL Violations (Using the OSI's Name). Now, Inside OIN, He Says GPL Violations Are 'Freedom'.
It seems like only compromised people can be "allowed" to run today's OSI
SLAPP Censorship - Part 70 Out of 200: Microsoft's Graveley Injunction Request 100% the Same as Garrett's (Pure 'Copy-paste', Not Even a Word or Single Character Changed!)
Not so funny at all
Over 97% of the 'Linux' Foundation's Budget Goes Not to Linux
There is a term for this: mission creep
Cloudflare is a Giant Pile of Debt, Now There Are Mass Layoffs and Media Coverage About This is Churnalism, Sometimes by Slopfarms (False Excuses)
If Cloudflare goes under, it'll be great news
NDAs as a Price Tag on Criticism (or Honest Expressions of Opinion)
What ever happened to accountability? Suppressed by reverse bribes (via NDAs)?
Internal Microsoft Communications Confirm: "Buyout" Offer Worse Than a Year's Salary and Microsoft Offers "Retirement" to Young People Who Cannot Retire
Does that sound like a good offer or marching orders?
It's Not a GAFAM World Anymore and There Are Far More Operating Systems Than Google's, Apple's, and Microsoft's
we're not getting the full picture of what's happening
Site Overhauls at Cybershow and at analognowhere.com (Less is More!)
They seem to be replacing the heavy PHP backend with static HTML pages
Microsoft's XBox is Going Away Like Microsoft's Skype (Slowly But Surely, Then All at Once)
XBox is dying rapidly
Codecs and Software Patents - Part IV - Things Got So Bad That Some Laptop Sales Got Banned in the EU (Over Software Patents!)
If software patents lead to such severe outcomes, shouldn't the media pay closer attention to the problem?
The Corrupt Lecture the Non-Corrupt - Part XVI - EPO Had Data Breaches, Covered Them Up, Now Lectures Staff That Didn't Do It and Didn't Cover It Up
Imagine what would happen to staff if (non-anonymously) blowing the whistle on management leaking and then covering up EPO data breaches
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 07, 2026
IRC logs for Thursday, May 07, 2026
Mass Layoffs at IBM's Kyndryl, Slop Won't Save Kyndryl
Kyndryl is a "done deal". It's done. It's finished.