Bonum Certa Men Certa
Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Recent Techrights' Posts

Links 19/05/2026: Online 'Storage' (Surveillance) Accounts Lower Thresholds (Gmail, Google Drive, and Google Photos), Slop Debacles Expand (False Promises Made to Staff Regarding Compensation)
Links for the day
SLAPP Censorship - Part 81 Out of 200: SLAPP Censorship Does Not Work If Your Sole Strategy is Revenge (and You Attack the Family)
Both yours and others'
Techrights at 20 (Soon)
It does not seek popularity or affirmation from "Establishment" outlets
We Pay More for Less, for Things That Last Less Time and Are Almost Impossible to Repair
Ever noticed how "modern" or "smart" TVs come with dumber and dumber (worse) controllers?
Vista 11 Turns 5 in a Couple of Months. Not Many People Use It.
It is the only supported version of Windows; many people move elsewhere
Head of GitHub Recently Left, Microsoft Need No Longer Report Mass Layoffs There (User Activity is Declining)
We've long said that LinkedIn and GitHub, which Microsoft bought, would likely end up like Skype
The Slop Bubble is Already Bursting
Slop is not desirable and the general public is growingly impatient, seeing that slop has improved nothing for them
Gemini Links 19/05/2026: Reliable Old Tech, Collection of Essays
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XXVII - European Patent Office (EPO) Became a "Toxic Work Environment" When Cocaine Addicts Put in Charge
They are putting at risk colleagues by abusing them
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 18, 2026
IRC logs for Monday, May 18, 2026
Links 18/05/2026: Slop-induced Shortages, Solicitors Regulation Authority Says It's Unable to Deal With Complaints Load (So Regulation Does Not Really Exist)
Links for the day
Gemini Links 18/05/2026: Ghost Essay and World Wide Web Considered Broken
Links for the day
Cooperation and Collaboration, on a More Personal Level
Rianne, to me, isn't just a wife; she is also my best friend
IBM Has Payroll Problems (Just Like Microsoft)
It's a good thing that many nations around the world are, accordingly if not proactively, divesting from GAFAM
Links 18/05/2026: 25 Years of OLDaily and Dangers of "Living With Too Much Tech"
Links for the day
Trips to London
London isn't a bad place, but it's a long journey and we'd rather stay in Manchester and write about technology
SLAPP Censorship - Part 80 Out of 200: Having Run Out of Time to Meet a Judge's Deadline, Microsoft's Graveley Had Garrett's Lawyers Argued My ~190-Page Defence and CounterClaim (DCC) Was Unclear About My Position
Nothing could be further from the truth
Working in the Shell (and Fish)
Yesterday we spent about 5 hours on the shells and fish
The Corrupt Lecture the Non-Corrupt - Part XXVI - Campinos Has Put Unfit-for-Employment Drug Addicts in Charge of the European Patent Office (EPO)
How many months has Campinos got left before the delegates show him the door?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 17, 2026
IRC logs for Sunday, May 17, 2026
Gemini Links 18/05/2026: Poetry, Sauna, and GNU Taler
Links for the day
"The Society of Media Lawyers" (UK) is a Truly Malicious Anti-Media Lobby Which Helps Rich/Abusive Americans and Hostile Countries Attack Actual Media Workers in the UK
They typically source their money from aboard to besiege domestic actors (like honest journalists or independent outlets that document suppressed beats/topics)
Slop Still Waning, Its Momentum is Driven by Companies That Stand to Lose a Lot (or Everything) When the Bubble Pops
When it comes to LLM slop disguised as news, it's just not working out
Gemini Links 17/05/2026: arXiv Brings Down the Hammer, UnderPOWERed, and Slopping With Tcl/Tk
Links for the day
Links 17/05/2026: Amazon Employees Herded Into Slop, Taiwan Sold Down the River by Cheeto
Links for the day
Links 17/05/2026: Society of Media Lawyers (Brett Wilson LLP et al) Lobby for More SLAPPs in the UK, “Courage in Journalism Award” Given in Oppressive Country
Links for the day
Finland Needs to Dump Microsoft (Microslop) for National Security Reasons and the Same is True for Hundreds of Countries
"I don't see why Ryssäs would want Finns to use microslop products..."
Cyber Show UK is Already Available Over Gemini Protocol
This past week the total number of active Gemini capsules hit all-time records several times
Fight Til the End
This comes to show that persistence pays off
SLAPP Censorship - Part 79 Out of 200: They Will Soon Reach the 100 KG (Kilograms) Milestone; Wheelbarrows, Not Justice (Quantity of Legal Papers Sent to Us)
It's about the quality, not quantity (unless your sole aim is to drown out or "flood the zone")
The Corrupt Lecture the Non-Corrupt - Part XXV - Not Bringing Intelligence to the EPO, Not 'Artificial Intelligence' Either (But Intelligence-Eroding Drugs)
The EPO was meant to be about science and law. In practice, however, it's about breaking the law and being stoned.
The Cyber Show on Why Coding is Important and Slop Cannot Change or Replace That
Hand-crafting one's site has plenty of advantages
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 16, 2026
IRC logs for Saturday, May 16, 2026
Gemini Links 17/05/2026: Music Theory, Reticulum Git Repos, and Releasing Kiln
Links for the day