Microsoft terminates VeraCrypt account, halting Windows updates (575 points, 239 comments)
CEO can't login during a demo. Sandra from accounting can't print from the closest printer and confirmed this is higher priority
Ticket A: Elevated Response times for Server A outside of allowed tolerance, people experiencing timeouts
Ticket B: Change the colour of a button
I wish Ticket B Submitter could see the ticket before them to gauge what critical actually means.
Nothing else works for prioritisation, any other categorising into "High/Medium/Low" just fails.
By doing so you end up with the nonsense we had at a company I once worked for, where stories were all put in medium.
This was because stories in low were simply never actioned, they'd never ever get done, everyone came to implicitly understand this. It was still a useful dumping ground for the kinds of stories you know you ought to do, but no-one wanted to do, but it was useful to have noted on record. But for prioritising actual work, it was useless.
Stories in High had a special process defined in a handbook that no-one wanted the hassle of dealing with.
So everything was Medium.
This had obvious problems, and it grew larger than could be managed.
So "Just Above Medium" was born, for stories that were higher priority than your everyday stories in Medium.
This in time grew too, so "Just Above Just Above Medium" (aka JAJAM) was born.
By the time I started, there was even a "JAJAM+" category, for stories that had to be fast-tracked through the process too.
The whole thing essentially fell back to having the product/development leads come to an understanding of what work needed to be done. Which is the right way to do it, but that should simply be made more explicit and part of the process by simply having all stories ranked.
Then you don't need the mental overhead of trying to decide in a design meeting if something is "Just above Medium" or just above that...
Long story short: I discontinued their program and it's been 2 years and I still receive those action required emails only to find out that there is absolutely no action required on my side. Harassing users is their favorite past time I swear. Ask the Github desktop folks. On Mac OS, there is no option to disable automatic updates. It loves installing a helper that runs 24/7 with admin privileges. If you click on deny, it will keep harassing you - every. single. day. First thing in the morning - 3 times, 3 times in the evening. You could be in the middle of something important, like a meeting or a screen share or running some serious stuff like CNC milling (which I do) and this thing will just popup and ask you for admin privileges until you accept.
And even if you accept and give it permissions, it just buys you a few days time. People have tried before to open an issue on Github - their response was simply "This isn't a priority for us right now" and they just closed the issue.
Same story with Windows too. I wish there was a law to prevent this kind of bullying behaviour.
Even MS's staff couldn't figure out what resources the "Action Required" email had to do with.
As I'm sure the Vogons did after they blew up Earth for the hyperspace bypass road and realized the planet had inexplicably still been inhabitated.
All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...
Most security is done badly, but it doesn't mean that security is unnecessary.
But I agree: TooBigTech has TooMuchPower.
Passkeys are here to improve your login security! All you have to do is give complete control over your ability to log in to a service to one of three American big tech companies. Yay!
Many times, people choose TooBigTech. People are generally waaaay too lazy to even consider spending some brain cycles on that.
[1] "To be very honest here, you risk having KeePassXC blocked by relying parties." https://github.com/keepassxreboot/keepassxc/issues/10407#iss...
More examples here https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-sti...
I've no idea whether MS either has a veeeeery clever plan about what they are doing, and I just don't get it, or whether that's just completely stupid in the current times when Windows' fanbase is somewhat declining anyways.
On the other hand, people always have a hard time understanding the trouble they order when they let things centralize too much. When they are too okay with depending on e.g. BigTech companies too much.
And in that regard, those news are probably actually good news... It helps people learning about how things work... So they can make better decisions in the future. Better for all of us.
I’m being told we are in the incredible age of fully automated AI programming and yet Microsoft can’t even get login to work.
they would like you to use copilot, so it all checks out, have you installed it on your phone yet? /s
If someone already has MS Teams installed, and their Authenticator App, there is no compelling reason to not install Copilot. Unless the system permissions they ask differ substantially, let's say.
Either you trust MS or you better have nothing installed from them on your (personal) devices at all. No?
The first sign things were souring was when Microsoft dumped their gaming plans after just buying up all he major studios. First sign they only cared about Azure and AI.
Now it's blatantly obvious they're giving up everything to chase enterprise AI.
And there was also that article some days ago that told the story about all the management stupidities at MS from the last years/decades. It was very interesting, and would suggest that this might be yet another very stupid move.
I would just disagree with one detail: With some basic understanding about how human beings work, and how the world works, MS never stopped to be a problematic company. Some were optimistic when they started to open some things up a little, some less so. Are they today more open than they were 20 years ago? Definitely! Was it ever a company that was healthy to depend on? Not a single day imho.
first the verification wasn't just "click this link to prove you own this email"
>That account verification process meant that developers were required to upload their government-issued ID before they were allowed to publish potentially highly sensitive code to the broader Windows user base.
Also according to at least one affected user they didn't actually get notified of the process.
> “Microsoft never sent me any notification at all about this. I’ve looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch,” Donenfeld said.
> Don’t let anyone tell you it’s because we didn’t read our emails or submit the right verification paperwork. Cuz we did all that back in October. > And this month, we were suddenly and without any warning locked out.
Microsoft response at the end of that article.
I used to work for companies that were Microsoft Partners. One of Microsoft's rules was that they required Partners to employ one (or more) developers that have some Microsoft certification. As an MSCD, I met those requirements (for silver and gold levels). That cert is no longer offered, so I wonder if some exception/rule got removed and now all the partners without "certified" developers got kicked to the curb?
developers, developers; nah- AI, AI ...
when Copilot is certified, you'll be fine
At this point people will move to MacOS or Linux because so much damage to their brand can’t simply be ignored anymore.
Use Docker Compose and put Caddy in front of it for HTTPS. For backups the easy way is to just git pull your repos via cron on some remote systems. Or use syncthing to also move the server configs over. For the runner, 1 GB RPi 4 should be fine for many situations. It can compile and run many Rust/Python tests fine or build static sites. You could also setup an old x86 next to it (this is essentially what GitHub Runners are too: old x86 cpu’s).
I think most people just don't care about their computer. Most people just use whatever they are told to use at work.
Asking someone to install Signal is already the end of the world, trying it sounds like starting a PhD. I'm not even talking about thinking about using it as a replacement for WhatsApp.
Really, people just don't care. Which I find sad, of course.
So what is the actual limitation of a neo, and how to they apply to users in that price class?
Your actions, intentional and direct or not, allowed for one more sale of Win11 and an accompanying sad Dell computer, giving them the signal (however weak from you as one single individual) that whatever crap they have been doing up to now, still is a good choice in order to sell one of those combinations.
So, what happened is Microsoft is first a rent-seeker and afterwards, a service and software company.
The fix may vary, but I'm guessing the diagnosis is rather less divisive.
Don't know who those people are or if they exist, but not the brightest ones for sure.
Yet, they are still around, they are still deeply embedded in most businesses, and no matter how much they screw up, it just keeps going.
Apparently nobody at Microsoft considered that blocking critical software hurts Microsoft more than the open source developers being blocked.
It doesn't sound like suspention, because they would be able to fill out the form and get unsuspended. This is closer to account termination.
This, on top of the recent mystery app updates pushed by Apple, has me concerned. So much of security relies on the assumption that, say, Apple, Google, or Microsoft can't be coerced into pushing an update that undermines the entire security model. The "Apple gets hit with a wrench attack" is more salient nowadays.
Hopefully this is nothing but I think it's worth being vigilant. But judging by Microsoft's response, it seems more likely to be an administrative error commensurate with the state of their company rather than something more nefarious.
Suppose a developer account, say that associated with VeraCrypt, had been compromised and the compromiser knew or feared they were unable successfully pass verification.
The compromiser could be exploiting their access to modify the product in profitable but fairly benign ways (say making VeraCrypt part of a botnet that didn't do any damage to the host beyond consuming some resources). However, if they got a message saying "Your account will be suspended in 12 hours if you do not pass verification", the compromiser would know that their profit would/could drop or go away. In response, they might push out one last "mandatory auto install" update with a nuclear bomb (perhaps with a delayed trigger) to just do malicious damage to hosts out of spite.
1. claims they do not have access to the signing account
2. Recently said that they are not planning any important release in the next 60 days
Then I would claim that rushing to update is plain reckless. But move fast and break things, I guess
https://x.com/edgesecurity/status/2042185546152161474
It's currently the #2 story on this website: https://news.ycombinator.com/item?id=47719942
If you are really disgusted by those moves, you have a time to switch. If enough people switch, then we can just forget about that garbage.
They can't realistically make Linux illegal. But they can put onerous requirements on popular Linux distributions - such as the age "verification" features they're currently trying to require[0]. Hopefully that proves to be ineffective.
Well corporations decide on that. I abandoned rubygems.org when they added the 100.000 download limit; past that point I was no longer able to remove old gem. Then came the new corporate laws for rubygems.org and mass-firing of about 8 open source developers who were involved with the ruby ecosystem.
We simply need to accept that corporations controlling an ecosystem can lead to HUGE problems. We need an alternative here. I don't have a good alternative either to suggest - money is influential. People adjust their behaviour and how they think with regards to money all the time. We could need some kind of model that also handles the economy. And, again - I have absolutely no clue how that could or should look like.
"The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software."
It seems to go against VPN right? Is there a connection to other things such as the mem-test tool? This one is the only one that does not fit here. Or perhaps we don't have the full picture.
Fuck Microsoft (aka Microslop).
[0] https://www.wired.com/story/using-a-vpn-may-subject-you-to-n...
The surveillance state is growing more sinister every day (especially in the UK), but the efforts are somewhat thwarted by the existence of VPNs.
Once they find a way to undermine VPNs, the UK govt will have literal CCP-level control over our access to information and communication.
The UK, and I assume much of Europe, criminalizes truly petty levels of speech. For example, it's illegal to insult someone and cause them 'alarm' or 'distress' in the street.
Thus the non-technical populace see rudeness on the internet as the result of some kind of wild west situation that the government needs to control, to bring it in line with the rest of the public realm.
All I can say is this is another proof of M/S abuse of their users:
"I've been using the same account doing the same actions for 10 years what changed"
"We updated our policy 2 years ago. We have been sending you vaguely worded emails this would happen for 2 years, straight to your junk hotmail account you setup for this, why didn't you read them?"
Nothing nefarious unless you consider bureaucracy