Bonum Certa Men Certa

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Recent Techrights' Posts

Even Microsoft (MSN) Covers Richard Stallman's Public Talk in Milan 2 Days Ago
He spoke in Spanish earlier this month (Alicante)
Very High Attendance Level at Richard Stallman's Talk Shows People Can Relate to His Message
Smear campaigns have their limits
 
Links 28/05/2025: 'Emulation Layers' (Measurements and Linguistics), Libraries, and Discomfort
Links for the day
Links 28/05/2025: More Arrests for Bitcoin-Connected Torture and Prosecutions for Dieselgate-Linked Executives
Links for the day
Gemini Links 28/05/2025: Techo-authoritarianism With Slop Plagiarism and "No Online June" (Going Offline)
Links for the day
Links 28/05/2025: GitHub MCP Exploited and MathWorks Discovers Huge Windows TCO
Links for the day
Microsofters Were Scheming to Take Over This Entire Web Site (in Their Own Words!)
Money gets spent censoring/deplatforming people who speak about real issues; no money gets spent actually tackling those underlying issues
Gemini Links 28/05/2025: Celsius-Fahrenheit, Endless Scrolling/Infinite Scrolling, and Trapping LLM Slop Bots
Links for the day
Bicycles for the Minds and the Story Harrison Bergeron
"The goal of having people in charge of the tools they use and that the tools should amplify ability" has long been abandoned
Prison gate backdrop to baptism by Fr Sean O'Connell, St Paul's, Coburg
Reprinted with permission from Daniel Pocock
More Photos From This Week's Milan Talk by Richard Stallman
The posts are in Italian, not English
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 27, 2025
IRC logs for Tuesday, May 27, 2025
Links 27/05/2025: Science Defunded, India Arrests an Academic
Links for the day
Gemini Links 27/05/2025: From Celsius to Fahrenheit and Deleting Social Control Media
Links for the day
Microsofters Have, in Effect, Attempted Extrajudicial Action Against Us
Courts and Judges (or Masters) don't exist to facilitate this kind of "bro" culture
UK High Court Masters Are Not Your Jesters, Microsoft
Judges aren't there for "funny" spectacles, they're there to act as arbiters in critical cases, not SLAPPs
Links 27/05/2025: Mass Layoffs at Volvo and More Evidence of 'AI' (Slop) Being a Passing Fad
Links for the day
The Code of Conduct (CoC) Gaslighting Phenomenon
There are still many people and projects foolish enough to outsource their labour to Microsoft via GitHub
They're Very Jealous of Richard Stallman and His Freedom (or Simple Lifestyle)
Jealousy is toxic because it can cause rational people to act irrationally and even severely harm themselves
Akira Urushibata on GNU coreutils
new message
Anouk Rozestraten (Deputy Director) Appears to Have Left the Free Software Foundation
Let's hope Rozestraten is still using and promoting Free software
There's Nothing Funny About Lawbreaking
There's plenty of room in society for humour, but "hacking" the state by breaking laws isn't cool or hip
More Mass Layoffs Coming Soon to Microsoft, Just a Question of When and How Many
Numbers from Washington were close to 5% and judging by prior rumours, it would be 5% + 5% (total 10%) at a later month
Links 27/05/2025: Bikes, Ideal Computers, and BYO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 26, 2025
IRC logs for Monday, May 26, 2025
Richard Stallman's Milan Talk (Public Presentation) Was Packed, Video Available Soon
Looks like they even ran out of seats
Gemini Links 26/05/2025: Intangible Stuff and Slop Issues
Links for the day
The Openwashing Shills Initiative (OSI) - Part I: Complaints to IRS or USDOJ Needed
If enough people do it, this will be more effective, more so if people who are based in the US do it
Open Source Initiative (OSI) Lobbying and the OSI's Status at Stake
At the end we plan to summarise all the issues in one very long article
Breaking Into Other People's Devices Without Authorisation Isn't "Funny" or "Research"
“Chaos was the law of nature; order was the dream of man.”
The Issue Isn't the Internet, the Issue is How People Are Taught to Use or Misuse It
The Web is circling down the drain. The Internet is not.
A Healed Reputation of a Movement's Leader and His Robust Message
The more aggressively you push against resistors, the more credibility they will gain
Links 26/05/2025: Deletions from Microsoft's GitHub, Telegram Blocked in Vietnam
Links for the day
Linux Released Last Night and There's Already LLM Slop With Slop Images
BetaNoise does not seem to mind this anymore
Links 26/05/2025: Walmart Layoffs and DRM Dumpster Fire ('Old' Fire TV Devices Lose Netflix Access)
Links for the day
Gemini Links 26/05/2025: USB Camera Viewer and Fantasy Life
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 25, 2025
IRC logs for Sunday, May 25, 2025