Bonum Certa Men Certa
Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Recent Techrights' Posts

Many Articles About Layoffs Are Still Fake, Still LLM Slop, Even About IBM Layoffs
No wonder tech and tech journalism are getting so much worse
Slappification: Using More SLAPP to Cover Up SLAPP and Chaining SLAPPs (From Microsoft) in a Failed Bid to Censor Techrights
How low can a person with a law degree stoop?
Hidden from coroners and the public: tech industry cultural contagion
Reprinted with permission from Daniel Pocock
Richard Stallman on Patents
uploaded a day ago by Aleksandar Popovic
 
Gemini Links 21/03/2025: Leasehold, LOTI, and Project Managers
Links for the day
Links 21/03/2025: Energy Facilities Under Fire (or on Fire), EU "Solidarity with Ukraine" and First Console
Links for the day
Links 21/03/2025: "IBM cuts Thousands" and Outlook Outage Again (Microsoft Looks for Excuses)
Links for the day
Gemini Links 21/03/2025: "Happy Spring" and Leaving "The Enterprise"
Links for the day
Speak More About the GNU Manifesto (40 Years Old This Month), It Helps Remind People That GNU/Linux Was Started by Richard Stallman and the Ultimate Goal is Freedom
We generally encourage people to speak about Software Freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 20, 2025
IRC logs for Thursday, March 20, 2025
What Happened to the Open Source Initiative (OSI) Elections: Leaking Information of Members (Even in 2025)
More nonsense about Hey Hi (AI), which OSI has been openwashing on Microsoft's payroll
Recommended New Article From Dr. Andy Farnell and Some Site Miscellany
Andy says he and his daughter successfully avoid GAFAM
Links 20/03/2025: Executions in China and Crackdowns on Science in the US
Links for the day
Gemini Links 20/03/2025: Ubuntu Shafting Common Sense and Blocking of Bots of the Net
Links for the day
Links 20/03/2025: IBM Layoffs (Thousands Reportedly Laid Off) and Lots More Corruption in the White House
Links for the day
Techrights Will Never Capitulate to Threats From Microsofters
Set aside violence against women and all sorts of other things; it's not about personal issues
The Microsoft-Led Open Source Initiative (OSI) is Hurting, It'll Try to Hurt Its Critics and Exposers Now
The OSI's chief meanwhile issues a bunch of meaningless waffle, a sort of "damage control" or "face-saving" platitudes
Apple is Still an Enemy of Open Standards and Software Freedom
Apple did not get any more benign
Gemini Links 20/03/2025: Wanting the Future Back and "Society That Lost Focus"
Links for the day
Fake Articles About GNOME
betanews again
Richard Stallman's Personal Site Says He's Looking for More Opportunities to Speak in Europe
He does not charge people for the talk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 19, 2025
IRC logs for Wednesday, March 19, 2025
Debian Pregnancy Cluster, when I stopped using IRC
Reprinted with permission from Daniel Pocock
Mass Layoffs at IBM Confirmed
Thousands believed to have been laid off
Slopwatch: linuxsecurity.com, cybersecuritynews.com, gbhackers.com, and techmonitor.ai (Fake 'Articles' About "Linux")
Almost all of them (75%) show up in Google News
Is Ubuntu Compromised? Push Away From GNU and GPL Led by Army Officers.
Perhaps people should ask Canonical what the thinking behind it was...
Gemini Links 19/03/2025: go-gopherproxy and 'Small Web' as Self-expression
Links for the day
Links 19/03/2025: Attention's Cost and Media Still Besieged by Dictatorships
Links for the day
Phoronix Seems to be Trying to Kill Discussion About "Asahi Lina" and the Anti-Torvalds Brigade
Our informed guess is that by reporting this news Phoronix got caught up in flamewars that divide and fracture the community
Claiming to Love What You Reject or Seek to Totally Own, Control
The Russia analogy is political
LinuxTechLab Became Just LLM Slop and SPAM
Another dead (former "Linux") site
The Rust Song
It's about control
Facts on the Case Already Disclosed by US Authorities
NGOs in the UK (several keep abreast of this, judging every recent move) are truly unimpressed
The Times Group (and The Times of India) Basically Died Again
This time a death by LLM slop/plagiarism
The Death of The Economic Times (India Times): LLM Slop Presented as 'Articles', Containing Errors and Revisionism
They'd be better off shutting down operations with some dignity than resort to bots giving the false impression (illusion) of authorship
In Belgium, Android is Finally Measured as Bigger Than Windows
In Belgium, the lobbying capital of Microsoft, it wasn't easy to get there
"Rust People" Are a Threat to BSD Too (the Licence Isn't the Main Issue, Nor is the Proprietary Microsoft Hosting)
BSDs aren't written in Rust, so BSD developers should buckle up
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 18, 2025
IRC logs for Tuesday, March 18, 2025
Sami Tikkanen Explains Rust Language and Its Goals
"Sompi" (the nickname of Sami Tikkanen) has weighed in
Links 19/03/2025: Gardening Season and the Web Without an Audience
Links for the day