Bonum Certa Men Certa
Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:



A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.


According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills).

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

Dear Microsoft: Windows-Only With DirectX is Not 'Open Source' | Links 10/1/2015: Mirantis OpenStack 6.0, Linux Mint 17.1 KDE, Linux Leap Second

Recent Techrights' Posts

Libya's Share on the Web: 5.2% GNU/Linux
GNU/Linux has hit an all-time high there
Codecs and Software Patents - Part VI - The European Patent Office, Nokia, Microsoft, Sisvel, and More
Whatever Nokia used to be, it's certainly not an ally and a lot of the turmoil at the EPO is the fault of companies like Nokia
 
Links 11/05/2026: The Solicitors Regulation Authority (SRA) Admits It Only Reacts When It's Too Late (Damage Already Done), Ombudsman’s Animal Cruelty HK Report
Links for the day
If It Takes You a Second to Serve (or Receive) a Page, That's Definitely Too Slow
For speeds at milliseconds (e.g. for pages to fully load in a tenth of a second) the pages must be ready to be sent as soon as they're requested
It's Not About Speed, It is About Patience and Adherence to Truth, Principles, Scientific Integrity
attacks on us only ever made us stronger - a lesson that our adversaries have learned the hard way
Cyber Show Does it Like Techrights: Static and Gemini Protocol as 'First-Class Citizen'
HTML and GemText (over Gemini Protocol) would be rendered in tandem
SLAPP Censorship - Part 73 Out of 200: Microsoft's Graveley and Garrett Remain Closely Connected in May 2026 ("Tag-Teaming" Against Bloggers in Another Continent)
The phrase "judge a person by their friends" seems applicable here
Discussions About When the Axe Falls at IBM/Kyndryl (11,000 Layoffs Estimated)
"Kyndryl restructuring should reduce overhead functions and reduce the number of managers that lack technical knowledge"
A World After Microsoft (and GAFAM) and After GitHub Shuts Down
the only growth area is debt
Fake News, Propaganda, and Misinformation: Microsoft Investing Money It Does Not Have in "Hey Hi" (for "Entertainment Purposes" Only)
This will not end well
Today the Whole European Patent Office (EPO) is on Strike and Next Monday an Even Bigger Strike
the media refuses to cover these and is thus complicit
The Corrupt Lecture the Non-Corrupt - Part IXX - EPO Management Speaks of Reputation and Integrity While Putting Cocaine Addicts in Management
If the EPO values its "reputation", then it needs to start by ousting the management
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 10, 2026
IRC logs for Sunday, May 10, 2026
Links 11/05/2026: Security Breaches, Politics, and Energy Crunch
Links for the day
Gemini Links 10/05/2026: "Accidental Cameras" and "Addictive" Interfaces in Social Control Media
Links for the day
Codecs and Software Patents - Part V - A Reminder That GAFAM and the European Patent Office (Which Serves American Monopolists) Do Considerable Harm to the Commons and Culture
some 'breaking' developments
Gemini Links 10/05/2026: Inkscape, Guix, and Alhena 5.5.8
Links for the day
The "Alicante Mafia" at the European Patent Office (EPO) Experiments With New Methods for Crushing Industrial Actions
Open letter to VP1 and the COO [...] What does this tell us about the status quo at the European Patent Office, Europe's second-largest institution?
The Corrupt Lecture the Non-Corrupt - Part XVIII - "The European Patent Office (EPO) has a zero-tolerance policy for fraud" (except when managers do it)
The guidebook of the EPO says fraud is not to be tolerated, but who enforces or revisits such "Red Lines"?
Links 10/05/2026: Hantavirus Brings Back 'Contact Tracing' Surveillance, "Staple Food Prices Soar in Iran"
Links for the day
Microsoft XBox Staff Know They're in Trouble, They Try to Unionise Ahead of Mass Layoffs
As the slang goes, it's going to be a "bloodbath"
Links 10/05/2026: Fake Suicide Notes and New EU Restrictions on Slop
Links for the day
SLAPP Censorship - Part 72 Out of 200: Microsoft's Graveley and Garrett Signed Documents That Hold Them Accountable to Truth and Liable for Lies
Such collaborations are unsavoury and apparently unprofessional, too
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 09, 2026
IRC logs for Saturday, May 09, 2026
Gemini Links 10/05/2026: Travelling to Van and "Dark Mode" as Passing Fad
Links for the day
IBM's Kyndryl Holdings Inc Sank 70-75% in 'Value' in 10 Months, Will IBM Follow?
Kyndryl Holdings Inc now has a debt considerably higher than this company is said to be 'worth'!
Belated Sovereignty: GNU/Linux in Iran Skyrockets to 6% Amid Armed Conflict
unless they're truly in control of their networks, hardware and software, somebody else can control them
Gemini Links 09/05/2026: Liberation, The Nocturnals, Rediscovering Internet Radio, and More
Links for the day
Links 09/05/2026: Kremlin’s Biggest Day of the Year and FBI's Attack on the Media (to Save Face)
Links for the day
Google is "Bullshit"
Fix your slop, Google. It's broken.
SLAPP Censorship - Part 71 Out of 200: 5RB Barristers Made Tens of Thousands of Pounds by Changing From Plural to Singular for Microsoft's Graveley and Garrett
Could not even get the client's name right
Links 09/05/2026: "Grand Theft Oil Futures" and Mass Layoffs at Verizon
Links for the day
Gemini Links 09/05/2026: Inkscape "Copy Text Style" and NomadNet
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XVII - European Patent Office (EPO) Management Not Sharing Responsibility for Financial Resources
For those who wonder, EPO strikes are still going on
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 08, 2026
IRC logs for Friday, May 08, 2026