Bonum Certa Men Certa
Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Recent Techrights' Posts

The GNU Manifesto Turns 40 in a Few Weeks
The FSF turns 40 later this year, too
Another Talk by Richard Stallman Tomorrow, This Time in Bengaluru
This means that in January 2025 he is giving at least 5 public talks
Rhino Linux Can (and Perhaps Should) Promote Alternatives to Microsoft Instead of Preloading Microsoft
Deeper down inside Rhino Linux there's a problem
Slashdot is Once Again Publishing Lies and Revisionism for Bill Gates, Citing Microsoft's MSN to Rewrite History and Distract From the Jeffrey Epstein Crimes
Of course this also distracts
Too Big, Will Fail (How Linux Grew Way Too Fat)
Linux has very extensive hardware support, but that comes at a cost
 
"SuccessFactors" (SAP) Stunts at the EPO Used to Break Laws and Constitutions, Staff Tricked Into Harming Themselves
Ongoing corruption and lawlessness became the norm; Europe's second-largest institution (EPO) along with the largest institution (EU) has its very own Minsk
Continued Support and Momentum at the Free Software Foundation (FSF)
"This helps protect our community."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 27, 2025
IRC logs for Monday, January 27, 2025
Links 27/01/2025: Lukashenko's Sham Elections, TikTok for Insurrection Loyalist (Larry Ellison)?
Links for the day
Gemini Links 27/01/2025: IndieWeb Musings and Devlog
Links for the day
IBM Layoffs in "Co-location Mandate" Clothing
It's possible that later this week, around the time of the so-called 'results', many layoffs would be announced
Microsoft-Funded IDG Seems to be 'Googlebombing' the Term Free Software to Promote Proprietary Spyware Too
Microsoft advocated along with other proprietary things
Videos and Photos of Richard Stallman's (RMS) Keynote Address in India Earlier Today
He probably told the target audience (India) a thing or two about the role of proprietary software in colonialism
GAFAM Hates - Except in a Worryingly Parasitic Way - GNU/Linux and Its Freedoms (or Its Users)
Let the story from DistroWatch serve as a reminder that the era of Social Control Media is over
Links 27/01/2025: Social Control Media Explores Propaganda for Racism as a Business Model, China’s Tibet Dam Criticised
Links for the day
Richard Stallman Gives Keynote Address in a Few Hours
Richard Stallman's personal site was updated to give more details
Microsoft Relegated by Manchester United
No Microsoft
IBM Layoffs in 2025: Rumours Say Even Managers Will Get the Axe, Some Via Loopholes Like PIP and/or RTO (Preparations Already Underway)
Where does IBM's money go?
FOSDEM Talks Are Vanishing
They no longer seem to be taking money from Microsoft and/or its tentacles
Gemini Links 27/01/2025: Mental Locomotion, Gemini Protocol Bots From China, and Domain-Specific Languages
Links for the day
Microsoft Still Hires Journalists to Reward Them (Belated Payment) for Microsoft Propaganda
The PR/lying pipeline
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 26, 2025
IRC logs for Sunday, January 26, 2025
Links 26/01/2025: Privacy Breaches and Growing Nationalism
Links for the day
The UK's Press Gazette Has No Credibility Anymore, It Celebrates Plagiarism and Cheap Misinformation (This Ruins Linux Sites Too)
They encourage a form of plagiarism and that even ruins "Linux" sites
Journalistic Malpractice Helps Bill Gates Cover Up His Marriage Collapsing Because of His Very Deep Ties to Jeffrey Epstein (and It's Melinda Who Dumped Him, Divorce Proceedings Started by Her in 2019)
you can alter narratives and perceptions worldwide
The Linux Foundation's Certificate Authority (CA) Let's Encrypt Hits New Lows in Geminispace
13 known capsules still use it
How "Open Source" Became Microsoft (But It's Actually Proprietary, OSI is an Openwashing Front Group Now)
They're still trying to rewrite history, but it's harder when Richard Stallman (RMS) is alive
Links 26/01/2025: Chatbot Woes and UnitedHealth Data Breach (Windows TCO)
Links for the day
Gemini Links 26/01/2025: The Postman and More
Links for the day
Links 26/01/2025: Fentanylware (TikTok) Turns to Hype/Pyramid Scheme, Insurers Failed to Comply With Federal Law
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 25, 2025
IRC logs for Saturday, January 25, 2025