I&#x27;m in Europe and ended up creating an organization since I have my own company, but they messed up the verification of one of the legitimate documents, and there was no way to reach them once they made that mistake. Frustrating, and definitely a lost customer for them.

For what it’s worth, Trusted Signing verification has been a moving target over the last 12 months. It was open for individuals, then it was closed to anyone except (iirc) US businesses with DUNS numbers, then it opened again to US based individuals (and a few other countries perhaps).My completely uninformed guess was that someone had done something naughty with Trusted Signing-issued code signing certificates.Anyway, when I first saw the VeraCrypt thing this morning my initial reaction was “I wonder if this is them pushing developers onto trusted signing the hard way?”

If someone is willing to put in the work in governance, FOSS projects would be willing to fund it - at least Mudlet would be. We get income from Patreon to cover the costs.

I like the idea of a central signing authority for open source. While this might go against the spirit of open source, I think it eventually creates a critical mass and outcry if Microsoft or Google would play games with them. Also foundations might be a good way to protect against legal trouble distributing OSS under different regulations. I am imagining e.g. an FDroid that plays Googles game. With reproducible or at least audited builds also some trusted authorities could actually produce more trusted builds especially at times of supply chain attacks. However, I think such distribution authorities would need really good governance and a lot of funding.

A year ago I used Azure Trusted Signing to codesign FOSS software that I distribute for Windows. It was the cheapest way to give away free software on that platform.A couple of months ago I needed to renew the certificate because it expired, and I ran into the same issue as the author here - verification failed, and they refused to accept any documentation I would give them. Very frustrating experience, especially since there no human support available at all, for a product I was willing to pay and use!We ended up getting our certificate sourced from <a href="https:&#x2F;&#x2F;signpath.org" rel="nofollow">https:&#x2F;&#x2F;signpath.org</a> and have been grateful to them ever since.

&gt; “Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader,” Idrassi said. “A new Microsoft CA must be used for bootloaders to continue working.”&gt; Without access to the Microsoft account used for sending software updates, “I will not be able to apply the required new signature to VeraCrypt, making it impossible to boot.”

There is nothing stopping you from using third party certificates to sign Windows binaries. It&#x27;s just expensive. You don&#x27;t even need a MS toolchain or CLI tool for it.

This is precisely why we can&#x27;t allow platform-owners to be the arbiters of what software is allowed to run on our devices. Any software signing that is deemed to be crucial for ensuring grandma-safety needs to be delegated to independent third parties without perverse incentives.This is what the Digital Markets Act is supposed to protect developers against. Have there been any news regarding EU&#x27;s investigation into Apple? Last I remember they were still reviewing their signing &amp; fee-collection scheme.

Thanks, the previous title was easy to miss: &quot;Veracrypt project update&quot;

<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47686549">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47686549</a>

It is not just VeraCrypt that has been affected by this. There is a bunch of Windows driver developers that have been suddenly kicked out of the &quot;Partner Center&quot; without explanation.<a href="https:&#x2F;&#x2F;community.osr.com&#x2F;t&#x2F;locked-out-of-microsoft-partner-center-driver-submission-page&#x2F;60061" rel="nofollow">https:&#x2F;&#x2F;community.osr.com&#x2F;t&#x2F;locked-out-of-microsoft-partner-...</a>

Full disk encryption protects from somebody yanking a hard drive from running server (actually happens) or stealing a laptop. Calling it useless because it doesn&#x27;t match your threat model... I hate todays security people, can&#x27;t threat model for shit.

&gt;It&#x27;s necessary for FDE to have any sort of practical securitywhy? do you mean because evil maid attacks exist? anyone that cared enough about that specific vector just put their bootloader on a removable media. FDE wasn&#x27;t somehow enabled by secure boot.&gt;bootkits are a security nightmare and would otherwise be much more common in malwarewhy weren&#x27;t they more common before?serious question. Back in the 90s viruses were huge business, BIOS was about as unprotected as it would ever possibly be, and lots of chips came with extra unused memory. We still barely ever saw those kind of malware.

Anything that restricts user freedom is entirely bad, even if it&#x27;s at the expense of security.

I strongly disagree on the Secure Boot front. It&#x27;s necessary for FDE to have any sort of practical security, it reduces malicious&#x2F;vulnerable driver abuse (making it nontrivial), bootkits are a security nightmare and would otherwise be much more common in malware typical users encounter, and ultimately the user can control their secure boot setup and enroll their own keys if they wish.Does that mean that Microsoft doesn&#x27;t also use it as a form of control? Of course not. But conflating &quot;Secure Boot can be used for platform control&quot; with &quot;Secure Boot provides no security&quot; is a non-sequitur.

And what if that customer wants to run their own firmware, ie after the manufacturer goes out of business? &quot;Security&quot; in this case conveniently prevente that.

Computers should abide by their owners. Any computer not doing that is broken.

I don&#x27;t know about executable signing, but in the embedded world SecureBoot is also used to serve the PRODUCER; id est provide guarantees to the PRODUCER that the firmware of the device they SELL has not been tampered with at some point in the PROFIT chain.

&gt; id est provide guarantees to the customer that the firmware of the device they receive has not been tampered withThe firmware of the device being a binary blob for the most part... Not like I trust it to begin with.Whereas my open source Linux distribution requires me to disables SecureBoot.What a world.

It&#x27;s to serve the regulators. The Radio Equipment Directive essentially requires the use of secure boot fir new devices.

well, unless govt tells MS to tamper it

I don&#x27;t know about executable signing, but in the embedded world SecureBoot is also used to serve the customer; id est provide guarantees to the customer that the firmware of the device they receive has not been tampered with at some point in the supply chain.

&gt; I still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real securityFor home&#x2F;business users I&#x27;d agree. But in Embedded &#x2F; money-handling then it&#x27;s a life-saver and a really important technology.

Geez, this brings back memories.At one time at our university we had table desktop dancers installed everywhere. Was kind of funny when it turned up just as a student wanted to defend their work in a lab.

If only people didn&#x27;t install Ask Jeeves toolbars all over the place and then asked their grandson during vacations to clean their computer.

Apple is also somewhat responsible for the attitude shift with the introduction of iOS. 20-25 years ago a locked down bootloader and only permitting signed code would have been seen by techies as dystopian. It&#x27;s now quite normalized. They say it&#x27;s about security but it&#x27;s always been about control.Stallman tried to warn us with &quot;tivoization&quot;.

This is like saying you shouldn&#x27;t vaccinate your kids because no one gets polio anymore

I still hope that one of these days people in general will realize that executable signing and SecureBoot are specifically designed for controlling what a normal person can run, rather than for anything resembling real security. The premises of either of those &quot;mitigations&quot; make absolutely no sense for personal computers.

heh the same company that controls your secure boot chain just killed the signing account for the tool that encrypts your disk

I meant to say, in the title. As Wireguard is way more popular than VeraCrypt...

They did, just further into the article:&gt; According to a post on Hacker News, the popular VPN client WireGuard is facing the same issue.

They should have also picked up that WireGuard Creator account also got his account terminated

Then you can publish the public Code Signing certificate for download&#x2F;import or publish it through WinGet.Using Azure Trusted Signing or any other certificate vendor does not guarantee that a binary is 100% trustworthy, it just means someone put their name on it.

Because a bad guy can also generate their own signing key and deploy it alongside the installer.See Notepad++ for how that winds up.

I&#x27;m confused why they can&#x27;t just generate their own signing key and deploy it alongside the installer.Using arbiter platforms like this sounds like a great way to footgun yourself.

<a href="https:&#x2F;&#x2F;archive.md&#x2F;Oc85c" rel="nofollow">https:&#x2F;&#x2F;archive.md&#x2F;Oc85c</a>

Are you converting the SSIS automatically somehow or rewriting it?

Yea, I&#x27;m in the process of converting our complete ETL infrastructure from SSIS&#x2F;SQL Server to Python&#x2F;PostgreSQL. Next step is Office 365, which will be more difficult, but doable since we are a small company anyway.

To be fair, the tech industry been holding itself back for decades now too, since lots of people seemingly have somewhat low prices to go from being a FOSS evangelist to wearing a &quot;Microsoft &lt;3 Open Source&quot; t-shirt.

What does this even mean? It&#x27;s like throwing around the word &#x27;bloat&#x27;.

Looking at the rest of the tech industry in 2026 that might be a blessing.

They have been holding back the tech industry for decades now.

Outside of work, I don&#x27;t use Windows very often if at all. I have a 2017 laptop that Microsoft made, and it is so damn sluggish for absolutely no reason, its VERY VERY vanilla mind you.

&gt; feel like i gotta take a shower afterI run Crossover and I feel like I gotta take a shower after. Just knowing there&#x27;s a folder called drive_c on my Mac is the stuff of nightmares.

Yeah. I felt in a similar manner when I moved to Linux. Microsoft seemed to make people dumber. I do actually use both Linux and Windows (Win10 only), largely for testing various things, including java-related software. But every time I use Windows, I am annoyed at how slow everything is compared to Linux. (I should mention that I compile almost everything from source on Linux, so most of the default Linux stack I don&#x27;t use; many linux distributions also suck by default, so I have to uncripple the software stack. I also use versioned appdirs similar as to how GoboLinux does, but in a more free form.)

i remember years and years ago learning some posix&#x2F;shell syntax and working in terminal. felt like my love for windows unraveled in real time. these days using windows... feel like i gotta take a shower after. like many i was just raised on windows it was the household operating system i had like 20 years of general computer usage under my belt on windows before i finally felt a mac trackpad for the first time. that hardware experience alone was the first pillar kicked out upholding my &quot;windows is the best&quot; philosophies. then i got into coding, then i tripped and fell out of hourly boeing slave labor into a sql job (lost 55% yearly income, no regrets yo). then i started discovering the open source world, and learned just how much computing goes on outside of the world of windows and how many insanely bright minds are out there contributing to... not microsoft. now i have linux and macos machines everywhere, i still haven&#x27;t found the bottom but the last 6-7 years or so have been a really rich journey.currently have a 32bit win xp env spun up in 86box just to compile a project in some omega old visual studio dotnet 7 and the service pack update at the time (don&#x27;t ask). it is seriously _wild_ being in there, feels like stepping into a time machine. nostalgia aside, the OS is for the most part... quiet. doesn&#x27;t bother you, everything is kind of exactly where you expect it to be, no noise in my start menu, there isnt some omega bing network callstack in my explorer, no prompts to o365 my life up.it feels kinda sad, what an era that was. it&#x27;s just more annoying to do any meaningful work in windows these days.im currently working with c&#x2F;cpp the idiot way (nothing about my story is ever conventional sigh), by picking a legacy project from like 22 years ago. this has forced me to step back into old redhat 7.1+icc5, old windows xp + dotnet7 like i explained above, and im definitely taking the most unpragmatic approach ever diving in here.. but there&#x27;s one thing that absolutely sticks out to me: microsoft has always tried to capitalize on everything. tool? money. vendor lock. os? money. vendor lock. entire industries&#x2F;education system capture? lotta money. lotta vendor lock. lotta generational knowledge lock.they are lucky people are still using github. theyve tried to poke the bear a few times and theyre slowly but surely enshittifying the place, but im just kinda losing any reverence for microsoft altogether. microsoft has been big for a hot minute now, they have their eras. you can feel when things are driven by smart visionary engineers working behind the scenes, and you can tell when things are in pure slop mode microservice get rich or die trying mode. yea, microsoft has.. always been vendor-lock aggro and kinda hostile, but the current era microsoft is by far the grossest it&#x27;s ever been. see: microsoft teams (inb4 &quot;i use teams every day, i dont have a problem with it&quot;)im aware people smarter than me can write diatribes on why windows is the best at x thing, but im only informed by my own experience of having to use all three (linux&#x2F;macos&#x2F;windows) for my professional work life: i grew up thinking windows was the best.. now im like mostly confident that windows is actually the worst lol. by a pretty damn decent margin. i was gaslit for ages

active directory and excel runs the world.what is apple doing that is similar?

Apple also holds back the tech industry in many ways. All companies seem willing to put profits before progress.

There&#x27;s a good reason everyone calls them microslop these days. The sooner we&#x27;re all able to ditch this crappy company, the better - they&#x27;re actively holding back the tech industry at this point

ChromeOS and Android are definitely comparable.

Hmmm, so basically Google but you also pay for it?

agree, because &quot;free&quot; can be neither &quot;cheap&quot; nor &quot;expensive&quot;

Windows actually isn&#x27;t very cheap.

Ah, yes, the [insert super inconvenient and complex thing to do that most people don’t know, want or should do] will solve it! And when that fails, surely the user can just write their own OS, right? Bunch of skill-issued complainers we the users are.

&gt; or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...I&#x27;ll tell Grandma that&#x27;s what she needs to do.

And they say Linux is inconvenient because you have to open the terminal every once in a while.

you can always either disable secureboot and driver signature verification, or (the better solution) just enroll your own certificate in your TPM and sign the driver with that...

With Windows, you get what you pay for.In this case, that&#x27;s an OS controlled by an unaccountable company that can take application software away from you.Related: If you&#x27;re the customer, you&#x27;re the product.

the US government is owned by corporate interests and has been in some capacity since inception. special mention to the Russians and Israelis and Saudis who also own a piece.

Microsoft wants to control computers. This is why they came up with InsecureBoot - or ad-hoc eliminating accounts willy-nilly style. Microsoft kind of acts like Google here. It is also interesting that the US government is doing absolutely nothing against this despicable behaviour.

[dupe] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47686549">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47686549</a>

Microsoft terminates VeraCrypt account, halting Windows updates