HN

Comments (183)

• Menu

  VadimPR
  A year ago I used Azure Trusted Signing to codesign FOSS software that I distribute for Windows. It was the cheapest way to give away free software on that platform.A couple of months ago I needed to renew the certificate because it expired, and I ran into the same issue as the author here - verification failed, and they refused to accept any documentation I would give them. Very frustrating experience, especially since there no human support available at all, for a product I was willing to pay and use!We ended up getting our certificate sourced from https://signpath.org and have been grateful to them ever since.
• Menu

  dns_snek
  This is precisely why we can't allow platform-owners to be the arbiters of what software is allowed to run on our devices. Any software signing that is deemed to be crucial for ensuring grandma-safety needs to be delegated to independent third parties without perverse incentives.This is what the Digital Markets Act is supposed to protect developers against. Have there been any news regarding EU's investigation into Apple? Last I remember they were still reviewing their signing & fee-collection scheme.
• billziss
  It is not just VeraCrypt that has been affected by this. There is a bunch of Windows driver developers that have been suddenly kicked out of the "Partner Center" without explanation.https://community.osr.com/t/locked-out-of-microsoft-partner-...
• valeriozen
  We are seeing the dark side of "Security as a Service". When Microsoft simplifies the signing pipeline (like with Trusted Signing), they also centralize the point of failure. The fact that a FOSS pillar like VeraCrypt can be sidelined due to what looks like an automated account flagging issue with no path to human arbitration shows that the current system is too fragile for critical infrastructure. Secure Boot is a great security feature, but it shouldnt be used as a tool for vendor lock in through administrative incompetence
• Menu

  nubinetwork
  https://news.ycombinator.com/item?id=47686549
• Jigsy
  Windscribe is now the third one to be terminated by Microsoft as well...https://nitter.net/windscribecom/status/2041929519628443943
• Menu

  romaniv
  I still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real security. The premises of either of those "mitigations" make absolutely no sense for personal computers.
• Menu

  Lihh27
  heh the same company that controls your secure boot chain just killed the signing account for the tool that encrypts your disk
• Menu

  onehair
  They should have also picked up that WireGuard Creator account also got his account terminated
• Menu

  saltamimi
  I'm confused why they can't just generate their own signing key and deploy it alongside the installer.Using arbiter platforms like this sounds like a great way to footgun yourself.
• avipars
  https://archive.md/Oc85c
• blindriver
  It's okay. I'm pretty sure after 40+ years of using Microsoft products I'm going to switch fully to Linux and MacOS. I'm tired of fighting against Microsoft even though I am a long time (and mostly happy) user of Windows. But whatever is going on in the last few years, especially Recall, has made it dangerous in my opinion to keeping Windows. So as they become and more draconian it only makes my decision easier and easier. I've had Macs and Macbooks for a while now but I bought the latest Macbook Pro and I'm very very happy with it, despite Glass (I barely notice any differences from the previous version).
• Menu

  20k
  There's a good reason everyone calls them microslop these days. The sooner we're all able to ditch this crappy company, the better - they're actively holding back the tech industry at this point
• anon
  undefined
• anon
  undefined
• Menu

  msla
  With Windows, you get what you pay for.In this case, that's an OS controlled by an unaccountable company that can take application software away from you.Related: If you're the customer, you're the product.
• trowaway2
  [dead]
• Menu

  shevy-java
  Microsoft wants to control computers. This is why they came up with InsecureBoot - or ad-hoc eliminating accounts willy-nilly style. Microsoft kind of acts like Google here. It is also interesting that the US government is doing absolutely nothing against this despicable behaviour.
• ChrisArchitect
  [dupe] https://news.ycombinator.com/item?id=47686549