Discussion
Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates
msla: With Windows, you get what you pay for.In this case, that's an OS controlled by an unaccountable company that can take application software away from you.Related: If you're the customer, you're the product.
dark-star: you can always either disable secureboot and driver signature verification, or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...
malfist: > or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...I'll tell Grandma that's what she needs to do.
nubinetwork: https://news.ycombinator.com/item?id=47686549
panzi: I see what you did there.
20k: There's a good reason everyone calls them microslop these days. The sooner we're all able to ditch this crappy company, the better - they're actively holding back the tech industry at this point
tonyedgecombe: [delayed]
trueno: i remember years and years ago learning some posix/shell syntax and working in terminal. felt like my love for windows unraveled in real time. these days using windows... feel like i gotta take a shower after. like many i was just raised on windows it was the household operating system i had like 20 years of general computer usage under my belt on windows before i finally felt a mac trackpad for the first time. that hardware experience alone was the first pillar kicked out upholding my "windows is the best" philosophies. then i got into coding, then i tripped and fell out of hourly boeing slave into a sql job (lost 55% yearly income, no regrets yo). then i started discovering the open source world, and learned just how much computing goes on outside of the world of windows and how many insanely bright minds are out there contributing to... not microsoft. now i have linux and macos machines everywhere, i still haven't found the bottom but the last 6-7 years or so have been a really rich journey.currently have a 32bit win xp env spun up in 86box just to compile a project in some omega old visual studio dotnet 7 and the service pack update at the time (don't ask). it is seriously _wild_ being in there, feels like stepping into a time machine. nostalgia aside, the OS is for the most part... quiet. doesn't bother you, everything is kind of exactly where you expect it to be, no noise in my start menu, there isnt some omega bing network callstack in my explorer, no prompts to o365 my life up.it feels kinda sad, what an era that was. it's just more annoying to do any meaningful work in windows these days.
romaniv: I still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real security. The premises of either of those "mitigations" make absolutely no sense for personal computers.
onehair: They should have also picked up that WireGuard Creator account also got his account terminated
giancarlostoro: Outside of work, I don't use Windows very often if at all. I have a 2017 laptop that Microsoft made, and it is so damn sluggish for absolutely no reason, its VERY VERY vanilla mind you.
tsujamin: They did, just further into the article:> According to a post on Hacker News, the popular VPN client WireGuard is facing the same issue.
astrobe_: I don't know about executable signing, but in the embedded world SecureBoot is also used to serve the customer; id est provide guarantees to the customer that the firmware of the device they receive has not been tampered with at some point in the supply chain.
201984: And what if that customer wants to run their own firmware, ie after the manufacturer goes out of business? "Security" in this case conveniently prevente that.
gjsman-1000: Tradeoffs. Which is more likely here?1. A customer wants to run their own firmware, or2. Someone malicious close to the customer, an angry ex, tampers with their device, and uses the lack of Secure boot to modify the OS to hide all trace of a tracker's existence, or3. A malicious piece of firmware uses the lack of Secure Boot to modify the boot partition to ensure the malware loads before the OS, thereby permanently disabling all ability for the system to repair itself in the future from within itself
Already__Taken: Windows actually isn't very cheap.
stronglikedan: agree, because "free" can be neither "cheap" nor "expensive"
jonathanstrange: It's not free at all. If you buy Windows through the official channels it's quite expensive. If you buy it on the grey market, it's dirt cheap, though.
samlinnfer: 1. P(someone wants to run their own firmware)2. P(someone wants to run their own firmware) * P(this person is malicious) * P(this person implants this firmware on someone else’s computer)3. The firmware doesn’t install itselfYeah I think 2 and 3 is vastly less likely and strictly lower than 1.
gjsman-1000: On Android, according to the Coalition Against Stalkerware, there are over 1 million victims of deliberately placed spyware on an unlocked device by a malicious user close to the victim every year.#2 is WAY more likely than #1. And that's on Android which still has some protections even with a sideloaded APK (deeply nested, but still detectable if you look at the right settings panels).As for #3; the point is that it's a virus. You start with a webkit bug, you get into kernel from there (sometimes happens); but this time, instead of a software update fixing it, your device is owned forever. Literally cannot be trusted again without a full DFU wipe.
samlinnfer: And where are the stats for people running their own firmware and are not running stalkerware for comparison? You don’t need firmware access to install malware on Android, so how many of stalkerware victims actually would have been saved by a locked bootloader?
gjsman-1000: The entirety of GrapheneOS is about 200K downloads per update. Malicious use therefore is roughly 5-1.> You don’t need firmware access to install malware on Android, so how many of stalkerware victims actually would have been saved by a locked bootloader?With a locked bootloader, the underlying OS is intact, meaning that the privileges of the spyware (if you look in the right settings panel) can easily be detected, revoked, and removed. If the OS could be tampered with, you bet your wallet the spyware would immediately patch the settings system, and the OS as a whole, to hide all traces.
kuschku: LineageOS alone has around 4 million active users. So malicious use is at most 1:4, not 5:1.
leptons: Apple also holds back the tech industry in many ways. All companies seem willing to put profits before progress.
dns_snek: [delayed]
VadimPR: A year ago I used Azure Trusted Signing to codesign FOSS software that I distribute for Windows. It was the cheapest way to give away free software on that platform.A couple of months ago I needed to renew the certificate because it expired, and I ran into the same issue as the author here - verification failed, and they refused to accept any documentation I would give them. Very frustrating experience, especially since there no human support available at all, for a product I was willing to pay and use!We ended up getting our certificate sources from https://signpath.org and have been grateful to them ever since.
tosti: Computers should abide by their owners. Any computer not doing that is broken.
cferry: I make the analogy with a company, because on that front, ownership seems to matter a lot in the Western world. It's like it had to have unfaithful management appointed by another company they're a customer of, as a condition to use their products. Worse, said provider is also a provider for every other business, and their products are not interoperable. How long before courts jump in to prevent this and give back control to the business owner?
lazide: Clearly you’ve never met my ex’s (or a past employer). Not even being sarcastic this time.
itsdesmond: This guy thinks that if you rephrase an argument but put some symbols around it you’ve refuted it statistically.P(robably not)
samlinnfer: The argument is that P(customer wants to run their own firmware) cancels out and 2,3 are just the raw probability of you on the receiving end of an evil maid attack.
wat10000: This gets tricky. If I click on a link intending to view a picture of a cat, but instead it installs ransomware, is that abiding by its owner or not? It did what I told it to do, but not at all what I wanted.
