Bonum Certa Men Certa
Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Recent Techrights' Posts

Cannot Speak About IBM Wrongdoing or Jobs Being Sent Overseas (Lower Salaries)
IBM has long attacked the media, the whistleblowers, and even online forums
European Patent Office (EPO) Series: The CIA-Funded Centre-Left in Portugal
In the political turmoil which followed the fall of the old regime, the communists seemed to be acquiring a dominant position and there was a very real risk that Portugal could end up aligned with the Eastern Bloc if they were not stopped
Yesterday Afternoon The Register MS Published a Fake Article That Says "AI" 31 Times Because It Got Paid to Do This
What will happen when all those loans for slop (Ponzi scheme) stop and companies' marketing budgets - which include media bribes for hype campaigns - are no more?
Extraordinary General Meeting of Staff Union of the European Patent Office Ahead of Intensifying Strikes
We will, in the meantime, run a series about EPO corruption, which is now connected to corruption in Portugal and to corruption inside the EU
European Patent Office (EPO) Series: The Brotherhood of São Bento
The Palácio São Bento – or São Bento Palace – is the seat of the Portuguese National Assembly in Lisbon
 
Links 09/06/2026: "Smartphones Broke Dating" and "EU Open Source Strategy"
Links for the day
This Coming Friday
Richard Stallman (RMS)
Several Slopfarms That Target "Linux" Seem to Have Died
Or perished severely
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 08, 2026
IRC logs for Monday, June 08, 2026
Gemini Links 09/06/2026: Tanana River, Cassette Beasts, and Emacs
Links for the day
IBM's Quantum Bubble Already Deflating
Shares down over $55 in a few days
SLAPP Censorship - Part 101 Out of 200: Women Come to Realise They Don't Wish to Participate in Attacking Vulnerable Women
It relates to another topic that we shall be covering in the coming weeks
Links 08/06/2026: Proprietary Loaded With Security Holes, Armenia Defies Russia
Links for the day
Gemini Links 08/06/2026: NetHack 5.0.0 and Slop as Cannibalism
Links for the day
Links 08/06/2026: "Rising Emissions, Depleting Water" Due to the Pyramid Scheme of Slop; "Canada Needs to Rebuild Public Telecoms"
Links for the day
Brett Wilson LLP Reported to Police for Trying to Throw Large Parcel Into Our Home
This morning the campaign of intimidation...
GAFAM Bots Are Not "Good Bots"
There's nothing "Good" about Google
Links 08/06/2026: Criticism of Microsoft Trying to Criminalise Pointing Out Bug Doors, TikTok Now "Climate-Denying Social Media App"
Links for the day
Slop Has no ROI, an Economy Built on False Assumptions of Slop is Doomed
we're all going to suffer from this Ponzi scheme
The Cyber Show Has "Exciting Guests Coming" and a Gemini Capsule
"Site development is ongoing but now settling into a more stable form"
GNU/Linux Measured at 10% in Liechtenstein This Month
it seems like statCounter wrongly classified some GNU/Linux clients as Mac clients and is now issuing a correction
Communicating With Freedom - Part III - Quibble Envisioned as a New and Easily Accessible Communications Platform Based on LibreJS
the FSF really needs to become more active if not proactive in promoting those sorts of things
Clownflare Says Majority of Web Traffic is Now Bots, But the Net is Another Story
Bots are to Clownflare what lawsuits are to lawyers
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 07, 2026
IRC logs for Sunday, June 07, 2026
The Strikes at the European Patent Office Planned to Carry on for the Entire Year, Maybe Future Years as Well
There's a cautionary tale somewhere
Number of Patent Grants Has Plunged 23% Amid Strikes at the European Patent Office, Today There Are More Strikes (Strike Participation at Over 3,000, More Than Doubled Since Winter)
There is a growing crisis at the European Patent Office
E.E.E. Still Ongoing, the War on Copyleft/GPL Enables That
It also imperils security.
Gemini Links 07/06/2026: Lynx in the 'Modern' Web and 'Overcooked' (Plagiarised by LLM) Code
Links for the day
Links 07/06/2026: Java Needs Seawall, Egypt Blasted for Arbitrary Detention of Activists
Links for the day
SLAPP Censorship - Part 100 Out of 200: Interlude and Outline of the First Half, 3+ Months That Got Us Death Threats Connected to Brett Wilson LLP (and Cyber Attacks That Are Difficult to Attribute)
This week we plan to have a good time
Banning Things Versus Teaching People the Reason/s to Shun/Boycott Those Things
Prohibition has its limits
Links 07/06/2026: NASA's Mars Maven Declared Dead, Telegram Founder Pavel Durov Bemoans Russia's Crackdown
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 06, 2026
IRC logs for Saturday, June 06, 2026
Gemini Links 07/06/2026: How to Train Your Dragon (2010) and "Six Days of Play"
Links for the day