I've no idea whether MS either has a veeeeery clever plan about what they are doing, and I just don't get it, or whether that's just completely stupid in the current times when Windows' fanbase is somewhat declining anyways.
On the other hand, people always have a hard time understanding the trouble they order when they let things centralize too much. When they are too okay with depending on e.g. BigTech companies too much.
And in that regard, those news are probably actually good news... It helps people learning about how things work... So they can make better decisions in the future. Better for all of us.
Microsoft loves sending emails with "Action required" in the subject, when actually no action is required, or it doesn't apply to you, or whatever. Such corporate speak. It's fun searching your email for "Action required" and finding all the things you were supposed to do and it turns out didn't need to do anything about.
"Crying wolf" constantly like this is so frustrating. It waters down the message until they send something you really need to worry about, which you ignore like the rest of the pointless messages.
Google famously just did this with their Captcha service. Had lots of people signing up for a more complicated version on Google Cloud that they didn't need to do.
Because it absolves them of liability of anything goes wrong. They can point to the email say "we warned you". Having to filter and target the specific set of customers that a notice applies to carries risk and costs to them and they wanna pass it to you.
In the tech world, security is mostly just a theater , it is used to push though unwanted and unpopular things, like access control, privacy invasion, etc...
All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...
Because some people realised that insurance is the ultimate form of security? Why prevent failure when the consequences of failure can simply be offloaded to others?
this source is a bit better and answers a couple questions.
first the verification wasn't just "click this link to prove you own this email"
>That account verification process meant that developers were required to upload their government-issued ID before they were allowed to publish potentially highly sensitive code to the broader Windows user base.
Also according to at least one affected user they didn't actually get notified of the process.
> “Microsoft never sent me any notification at all about this. I’ve looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch,” Donenfeld said.
Some devs did get the email and follow the process and still got kicked out
> Don’t let anyone tell you it’s because we didn’t read our emails or submit the right verification paperwork. Cuz we did all that back in October.
> And this month, we were suddenly and without any warning locked out.
And also consider moving some of your repos to Forgejo. I’m running it for more than a year now and it is by far my favorite service. Way faster and essential features do not require monthly payment (branch protection for example). It can easily run on a Raspberry Pi 4 1 GB RAM.
Use Docker Compose and put Caddy in front of it for HTTPS. For backups the easy way is to just git pull your repos via cron on some remote systems. Or use syncthing to also move the server configs over. For the runner, 1 GB RPi 4 should be fine for many situations. It can compile and run many Rust/Python tests fine or build static sites. You could also setup an old x86 next to it (this is essentially what GitHub Runners are too: old x86 cpu’s).
Apple has done the exact same with its iphone app store, lots of companies got shut down because of their app not beeing available anymore with no explanation. The problem is with exclusive app stores.
Writing this from a corporate win11 computer, the whole thing is so laggy, it's unbelievable. Last year, I had revived my old desktop from 2007 with an intel Q6600, windows xp and a clicky dying HDD, and that thing flied compared to this. Dear Microsoft and its partners (Especially DELL!), what the hell happened?!
Your actions, intentional and direct or not, allowed for one more sale of Win11 and an accompanying sad Dell computer, giving them the signal (however weak from you as one single individual) that whatever crap they have been doing up to now, still is a good choice in order to sell one of those combinations.
As the strongest OS advocate who has not ran Windows in a quarter century and is posting this over a Wireguard link; the is some double standards here. A corporate VPN vender who did not ensure they received all notifications from Microsoft regarding a certificate that effectively let's them root millions of computers would be a strong signal of concern.
FYI: on macOS you can’t even ship VPN software that uses the modern APIs outside of the app store for self-distribution. An ADP membership is required, full stop.
I feel like Hanselman is one of the few old generation Microsoft people. When he leaves it’ll be young people who don’t know Microsoft and have no understanding of or connection with Microsoft products.
I don't know about his career in general, but Hanselman once spoke at a conference I was helping organize here in Thessaloniki, and he was great. Really knowledgeable and very down to earth.
Alongside talk from the UK Labour government about intervening on VPNs, I'm getting uneasy vibes about this move, especially since Microsoft is one of the most government-friendly corporations in the big tech arena.
The surveillance state is growing more sinister every day (especially in the UK), but the efforts are somewhat thwarted by the existence of VPNs.
Once they find a way to undermine VPNs, the UK govt will have literal CCP-level control over our access to information and communication.
CCP-level control over access to information is not actually very tight, technologically nor ideologically, but it does enable a form of rule-by-law which is far more useful.
The problem is that the social media companies have not been dealing with abusive posts of various sources. Governments can't take action against the bad posters are they are from another Government (and in some cases are employed by that government to cause trouble). Thus Governments have to take actions which they can control, unfortunately these actions will affect more than the bad abusers.
You assume your premise. No the government actually doesn't 'have to' take action about mean things on the internet. The UK has such an obsession with regulating what is, essentially, politeness.
While I don't particularly care for the UK's approach to these things, I can't help but be shocked at how many governments seem to all of a sudden have dreamed up the same idea. Independently, I'm sure.
I suppose the US is the unique one really, when it comes to a history of protecting certain types of speech. They've never really regulated (what I would call) politeness between people in any form.
The UK, and I assume much of Europe, criminalizes truly petty levels of speech. For example, it's illegal to insult someone and cause them 'alarm' or 'distress' in the street.
Thus the non-technical populace see rudeness on the internet as the result of some kind of wild west situation that the government needs to control, to bring it in line with the rest of the public realm.
This should be made a problem for the social media companies (which it largely has, hence all the age verification fiasco), not absolutely everyone on the internet.
Well, Microsoft is evil so no surprise - but this seems like targeted censorship:
"The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software."
It seems to go against VPN right? Is there a connection to other things such as the mem-test tool? This one is the only one that does not fit here. Or perhaps we don't have the full picture.
It seems to go against developers of Windows drivers (which includes VPNs) - apparently there was a “mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024”, but for some reason it looks like no one notified these guys that they have to verify their accounts.
This is preemption, I believe, in the US for what's coming. Given the states trying to ram in "age verification" (mass surveillance propaganda, same agenda as CSAM) I no doubt believe that the only VPNs the USG wants people to have access to are corporate (easy entry point) and pwn'd VPNs [0] (in the media lately).
Modern computing does not make me feel good. Really hate this signing business controlled by the OS vendors. I get the added security benefits, but I'm not sure the tradeoff is worth it.
At this rate, I'd say we have less than a year before world governments simultaneously start rolling out laws making Linux illegal. Of course they won't call it "The Ban Linux Bill" but it will be back-channeled through some bullshit security or user verification requirement.
It's too late to close that Pandora's box. Linux is far too ubiquitous now. Even if it still lags behind Windows in the desktop computing space, it is already a non-trivial market share and growing quickly. And in many other computing spaces, Linux is king.
They can't realistically make Linux illegal. But they can put onerous requirements on popular Linux distributions - such as the age "verification" features they're currently trying to require[0]. Hopefully that proves to be ineffective.
Well corporations decide on that. I abandoned rubygems.org when they added
the 100.000 download limit; past that point I was no longer able to remove
old gem. Then came the new corporate laws for rubygems.org and mass-firing
of about 8 open source developers who were involved with the ruby ecosystem.
We simply need to accept that corporations controlling an ecosystem can lead
to HUGE problems. We need an alternative here. I don't have a good alternative
either to suggest - money is influential. People adjust their behaviour and how
they think with regards to money all the time. We could need some kind of model
that also handles the economy. And, again - I have absolutely no clue how that
could or should look like.
We need to create a special interest org for people that support general computing. I'm open to be part of something like this.[0]. Reach out to me if interested
I read elsewhere (here?) that it was the main developer of WireGuard who had their account suspended. If true, and based on what I read seems it is true, I am surprised this did not reach the "mainstream" press.
All I can say is this is another proof of M/S abuse of their users:
"I've been using the same account doing the same actions for 10 years what changed"
"We updated our policy 2 years ago. We have been sending you vaguely worded emails this would happen for 2 years, straight to your junk hotmail account you setup for this, why didn't you read them?"
I've no idea whether MS either has a veeeeery clever plan about what they are doing, and I just don't get it, or whether that's just completely stupid in the current times when Windows' fanbase is somewhat declining anyways.
On the other hand, people always have a hard time understanding the trouble they order when they let things centralize too much. When they are too okay with depending on e.g. BigTech companies too much.
And in that regard, those news are probably actually good news... It helps people learning about how things work... So they can make better decisions in the future. Better for all of us.
As I'm sure the Vogons did after they blew up Earth for the hyperspace bypass road and realized the planet had inexplicably still been habitated.
Microsoft terminates VeraCrypt account, halting Windows updates (575 points, 239 comments)
https://news.ycombinator.com/item?id=47690977
All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...
Most security is done badly, but it doesn't mean that security is unnecessary.
But I agree: TooBigTech has TooMuchPower.
first the verification wasn't just "click this link to prove you own this email"
>That account verification process meant that developers were required to upload their government-issued ID before they were allowed to publish potentially highly sensitive code to the broader Windows user base.
Also according to at least one affected user they didn't actually get notified of the process.
> “Microsoft never sent me any notification at all about this. I’ve looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch,” Donenfeld said.
> Don’t let anyone tell you it’s because we didn’t read our emails or submit the right verification paperwork. Cuz we did all that back in October. > And this month, we were suddenly and without any warning locked out.
https://x.com/OSRDrivers/status/2042286973461709183
At this point people will move to MacOS or Linux because so much damage to their brand can’t simply be ignored anymore.
Use Docker Compose and put Caddy in front of it for HTTPS. For backups the easy way is to just git pull your repos via cron on some remote systems. Or use syncthing to also move the server configs over. For the runner, 1 GB RPi 4 should be fine for many situations. It can compile and run many Rust/Python tests fine or build static sites. You could also setup an old x86 next to it (this is essentially what GitHub Runners are too: old x86 cpu’s).
[1]: https://github.com/offen/docker-volume-backup/
I think most people just don't care about their computer. Most people just use whatever they are told to use at work.
Your actions, intentional and direct or not, allowed for one more sale of Win11 and an accompanying sad Dell computer, giving them the signal (however weak from you as one single individual) that whatever crap they have been doing up to now, still is a good choice in order to sell one of those combinations.
Yet, they are still around, they are still deeply embedded in most businesses, and no matter how much they screw up, it just keeps going.
1. claims they do not have access to the signing account
2. Recently said that they are not planning any important release in the next 60 days
Then I would claim that rushing to update is plain reckless. But move fast and break things, I guess
The surveillance state is growing more sinister every day (especially in the UK), but the efforts are somewhat thwarted by the existence of VPNs.
Once they find a way to undermine VPNs, the UK govt will have literal CCP-level control over our access to information and communication.
The UK, and I assume much of Europe, criminalizes truly petty levels of speech. For example, it's illegal to insult someone and cause them 'alarm' or 'distress' in the street.
Thus the non-technical populace see rudeness on the internet as the result of some kind of wild west situation that the government needs to control, to bring it in line with the rest of the public realm.
"The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software."
It seems to go against VPN right? Is there a connection to other things such as the mem-test tool? This one is the only one that does not fit here. Or perhaps we don't have the full picture.
Fuck Microsoft (aka Microslop).
[0] https://www.wired.com/story/using-a-vpn-may-subject-you-to-n...
If you are really disgusted by those moves, you have a time to switch. If enough people switch, then we can just forget about that garbage.
They can't realistically make Linux illegal. But they can put onerous requirements on popular Linux distributions - such as the age "verification" features they're currently trying to require[0]. Hopefully that proves to be ineffective.
[0] https://agelesslinux.org/distros.html
Well corporations decide on that. I abandoned rubygems.org when they added the 100.000 download limit; past that point I was no longer able to remove old gem. Then came the new corporate laws for rubygems.org and mass-firing of about 8 open source developers who were involved with the ruby ecosystem.
We simply need to accept that corporations controlling an ecosystem can lead to HUGE problems. We need an alternative here. I don't have a good alternative either to suggest - money is influential. People adjust their behaviour and how they think with regards to money all the time. We could need some kind of model that also handles the economy. And, again - I have absolutely no clue how that could or should look like.
[0]: https://scottRlarson.com
All I can say is this is another proof of M/S abuse of their users:
https://news.ycombinator.com/item?id=47710149
"I've been using the same account doing the same actions for 10 years what changed"
"We updated our policy 2 years ago. We have been sending you vaguely worded emails this would happen for 2 years, straight to your junk hotmail account you setup for this, why didn't you read them?"
Nothing nefarious unless you consider bureaucracy