There's a good reason everyone calls them microslop these days. The sooner we're all able to ditch this crappy company, the better - they're actively holding back the tech industry at this point
I still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real security. The premises of either of those "mitigations" make absolutely no sense for personal computers.
Microsoft wants to control computers. This is why they came up with InsecureBoot - or ad-hoc eliminating accounts willy-nilly style. Microsoft kind of acts like Google here. It is also interesting that the US government is doing absolutely nothing against this despicable behaviour.
This is precisely why we can't allow platform-owners to be the arbiters of what software is allowed to run on our devices. Any software signing that is deemed to be crucial for ensuring grandma-safety needs to be delegated to independent third parties without perverse incentives.
This is what the Digital Markets Act is supposed to protect developers against. Have there been any news regarding EU's investigation into Apple? Last I remember they were still reviewing their signing & fee-collection scheme.
A year ago I used Azure Trusted Signing to codesign FOSS software that I distribute for Windows. It was the cheapest way to give away free software on that platform.
A couple of months ago I needed to renew the certificate because it expired, and I ran into the same issue as the author here - verification failed, and they refused to accept any documentation I would give them. Very frustrating experience, especially since there no human support available at all, for a product I was willing to pay and use!
We ended up getting our certificate sourced from https://signpath.org and have been grateful to them ever since.
It is not just VeraCrypt that has been affected by this. There is a bunch of Windows driver developers that have been suddenly kicked out of the "Partner Center" without explanation.
We are seeing the dark side of "Security as a Service". When Microsoft simplifies the signing pipeline (like with Trusted Signing), they also centralize the point of failure. The fact that a FOSS pillar like VeraCrypt can be sidelined due to what looks like an automated account flagging issue with no path to human arbitration shows that the current system is too fragile for critical infrastructure. Secure Boot is a great security feature, but it shouldnt be used as a tool for vendor lock in through administrative incompetence
It's okay. I'm pretty sure after 40+ years of using Microsoft products I'm going to switch fully to Linux and MacOS. I'm tired of fighting against Microsoft even though I am a long time (and mostly happy) user of Windows. But whatever is going on in the last few years, especially Recall, has made it dangerous in my opinion to keeping Windows. So as they become and more draconian it only makes my decision easier and easier. I've had Macs and Macbooks for a while now but I bought the latest Macbook Pro and I'm very very happy with it, despite Glass (I barely notice any differences from the previous version).
Hopefully this is just boot issues, and not VC in general moving forward for now. I just centralized on leveraging VC for container encryption. I actually moved away from VC back to Bitlocker for FDE just a couple weeks ago (I forget the exact reasons why)
But I still like it for containers, and I hope they can figure out a way to get it fixed for VC and WireGuard or they can figure out alternate signing options and a migration path.
23 comments
[ 3.6 ms ] story [ 40.3 ms ] threadIn this case, that's an OS controlled by an unaccountable company that can take application software away from you.
Related: If you're the customer, you're the product.
This is what the Digital Markets Act is supposed to protect developers against. Have there been any news regarding EU's investigation into Apple? Last I remember they were still reviewing their signing & fee-collection scheme.
A couple of months ago I needed to renew the certificate because it expired, and I ran into the same issue as the author here - verification failed, and they refused to accept any documentation I would give them. Very frustrating experience, especially since there no human support available at all, for a product I was willing to pay and use!
We ended up getting our certificate sourced from https://signpath.org and have been grateful to them ever since.
Using arbiter platforms like this sounds like a great way to footgun yourself.
https://community.osr.com/t/locked-out-of-microsoft-partner-...
https://nitter.net/windscribecom/status/2041929519628443943
But I still like it for containers, and I hope they can figure out a way to get it fixed for VC and WireGuard or they can figure out alternate signing options and a migration path.