Bonum Certa Men Certa

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Recent Techrights' Posts

Lucas Nussbaum & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
There Were Several Waves of Microsoft Shanghai Layoffs in 2025, Western Media Continues to Turn a Blind Eye to Chinese Layoffs of an Epic Scale
Sometimes select Taiwanese news sites (published in English) or automated translations are all we have
Brett Wilson LLP Spreads Trumpism to the United Kingdom, Looking to Profit From 'Legal Colonialism' (Overriding Sovereignty)
There's growing recognition of this conundrum worldwide
Distinguished Lecture by Richard Stallman This Coming Monday in Rome
After "Free software, Crucial for Freedom in a Digital World"
The Lawsuit by Clients of Brett Wilson LLP Against Brett Wilson LLP is Officially On, It is Progressing, The 'Experts' Pick Outside Law Firms (RPC and Mills & Reeve) to Spare Them From Litigants in Person
So it is probably quite potent
The 'Culture Wars' in Free Software Have Gone Out of Control
Social control media amplifies such utterly infantile discourse
Teaser: To Compensate for the Fact Our Clients Are Terrible Human Beings Who Strangle Women (While on Microsoft's Payroll) and We Get Paid by Mystery Parties We Bombard You and Your Wife With Almost 10 Kilograms of Legal Papers
If you can't win an argument, then drown the other side with papers?
Now Confirmed in Western Media: Microsoft Azure Layoffs This Month
Affirmed by more sources moments ago
 
Microsoft Has Just Lost Privacy Case in Austria and Its Latest Moves Make a Complete Ban Seem Imperative
Microsoft is not a software company, it's a spying agency that uses software to collect data
The Register MS: Microsoft is the Security Expert, Not the Prime Culprit, So Buy More Microsoft
This front page feature is devoid of any actual substance, it's just Microsoft copypasta
Paris 'Love Nest' & Debian Outreachy: from Lycée Lakanal to ENS Cachan, Cr@ns, nepotism
Reprinted with permission from Daniel Pocock
Stefano Zacchiroli (Zack) & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
Gemini Links 12/10/2025: "Palm Computering", Further Exploration of Slide Rules, and Key Takeaways from The Well-Grounded Rubyist
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 11, 2025
IRC logs for Saturday, October 11, 2025
Tomorrow: Founder of the Free Software Foundation and of GNU/Linux, Richard Stallman, Speaks in Roma (Rome), Italy at 4PM
GNU/Linux is more important than ever in this dystopian world
Microsoft and Apple Are Rare Topics in Geminispace
in Geminispace it's rather safe to assume everyone is into BSD, GNU/Linux, and sometimes retro
Qualcomm and Manchester United Appear to Have Dumped Microsoft (Qualcomm Now Invests More in Linux, Apparently)
It's a relief to no longer see Microsoft logos and brands on a local football club's gear (I'm not a Manchester United fan, but not a foe either)
As Guest of Honour in Rome, Founder of the Free Software Foundation to Speak ("Distinguished Lecture") After Introduction by Leonardo Querzoni
Happy hacking...
All Things Open is Proprietary
The OSI has become a front group of proprietary software openwashers, led and sponsored by proprietary giants
When Microsoft Lays Off Lots of Workers They Say It "Invests in AI" (a Lie), Now It's "Reshuffles" or "Microsoft Tightens"
Microsoft "news" by bots
"I saw Richard Stallman give a talk in the mid 80s, which began my fear and loathing of software patents" and "Richard Stallman was always right."
"By betraying the legacy of our ancestors, we’ve set ourselves on a path toward self-destruction — moral, intellectual, economic, and ultimately biological."
The Demise of Shopping in Person
In a world like this, how valued is the customer?
We Are Safe in a Modern "Tech" Society, Right?
People are safer if they control their own computing
This Past Friday, "Nearly 700 People Came to Listen to RMS!" (Richard Stallman)
"Nearly 700 people came to listen to RMS!"
Slopwatch: UbuntuPIT Churning Out Plagiarism and the Slopfarm LinuxSecurity Turns to Pseudonyms
Our hunch is, UbuntuPIT will sooner or later realise that this toxic approach is just harming UbuntuPIT and tainting the reputation of past articles
Gemini Links 11/10/2025: Nyctography, Gerrymandering, and Lurking
Links for the day
Links 11/10/2025: World Mental Health Day 2025, Another European Legal Defeat for Microsoft 360
Links for the day
MIT Technology Review is Part-Time SPAMfarm of Billionaires and Mega-Corporations
Does MIT operate its own "b2b" SPAMfarm?
Open Source Initiative Executive Director Leaves, Replacement Sought by Monopolists, Not the Community or OSI Members
Serves to show who runs this show...
Links 11/10/2025: China-US Tensions Grow Again, "Hey Hi" More Widely Recognised as Bubble Made of Capital That Doesn't Exist
Links for the day
Peter O'Callaghan QC represented grandparents, Westernport Hotel, at Liquor Royal Commission
Reprinted with permission from Daniel Pocock
Either The Register MS Divests From FOSS Coverage or Liam Proven is on Long Holiday
Publishers perish when their audience loses trust in them
Microsoft Cancelling Another Datacentre is a Sign of Financial Trouble and Lack of Growth
The debt continues to grow
Gemini Links 11/10/2025: An Evening at the Fair and Fast Fourier Friday
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 10, 2025
IRC logs for Friday, October 10, 2025
Geminispace is Very Large
The word continues to spread and the number of participants grows
Another Wave of Microsoft Layoffs, This Time During National Day Holiday
This time it's China again
10 Out of 10: RMS Attracts Massive Audience in Göteborg, Sweden (All Seats Occupied, Some People Standing)
a 55-second clip of his talk
Staying Happy in Times of Crackdowns on Civil Society
Optimism in this sort of "new reality" or "new normal" seems like something for the irrational person
"Nobel" Exploited Posthumously for "AI" Hype, Now They Do the Same With "Quantum"
ere have been many jokes about "Nobel" for peace (often granted to pro-war people) and a fake one for "Economics" (establishment propaganda)
Slopwatch: Plagiarism and "Linux" Articles by Bots
Sites that do this won't survive; many of them rely on slop services (suppliers) that will cease to exist after the bubble bursts
Links 10/10/2025: Putin Admits Russia Downed Azerbaijan Airlines Jet, More New Heat Records
Links for the day
Noteworthy Claim That IBM is Firing a Lot of Lawyers This Week (RAs in the Legal Department)
A lot of what they do is patent 'trolling' or lawyering up against their own staff (e.g. HR disputes)
Links 10/10/2025: US Judge Bars Attacks by ICE On Journalists and Protesters; “We Took The Freedom of Speech Away” Says the President
Links for the day
Slopwatch: Serial Sloppers, Google News Gifting Slopfarms, and Fake News/Plagiarism About "Linux"
Google itself is a slop pusher these days
Qualcomm, the New Owner of Arduino, Blasted for Its Software Patents Tax on 'Smartphones'
A lot of Qualcomm's patents are on software. We wrote about this in prior years.
XBox Layoffs Rumours, Downtime, and Criticism From XBox Co-Founder
"everyone is ditching the xbox."
Links 10/10/2025: Honoring The Legacy Of Robert Murray-Smith, Many Articles on the Hey Hi (AI) Bubble
Links for the day
Gemini Links 09/10/2025: October Gothic and Reading Middle Earth Role Playing; C and Ada
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 09, 2025
IRC logs for Thursday, October 09, 2025