After Firing 9000 Employees for AI, Xbox Shares Cringe Job Post with AI Graphics (clawsomegamer.com)

Really it seems like having any expiry date for these certificates is a mistake. The one thing it might protect against is a compromised signing key, but if you have to wait 15 years for a compromised key to stop being valid, it's not very useful!

Don't worry, the replacement MS certs expire in 2038 (a couple of months after the 32-bit unix time rollover).

greatgib · 1h ago

It's totally crazy that we have to go through Microsoft to sign things to be able to have our OS run on third parties computers, and that Microsoft manage to win about this so easily as it was never seriously challenged.

sugarpimpdorsey · 15m ago

It makes more sense if you view it for what it is: Honest Satya's Certificate Authority.

Microsoft showed they can semi-competently run a PKI. The end.

Now had the Linux folks stepped up to the plate early on, instead of childishly acting like Secure Boot was the computing antichrist, the story might be different. But they didn't. We only have shim because some people at Red Hat had the common sense to play ball.

flomo · 5m ago

Maybe this isn't a great take, but RedHat/LKF/etc could obviously run a 'semi-competent' PKI, and probably should be. But doing so would allow PC vendors to cleanly segment machines between Windows and Linux (+$$), so perhaps it made the best sense to lay-low and use MS infrastructure for this.

nine_k · 49m ago

Basically every x64 computer is intended to be able to run Windows. Hence MS had to be involved, and I suppose nobody else with serious money wanted the burden.

AFAICT you can still disable Secure Boot in most UEFI firmware, and boot anything you like (or not like, if an attacker tampers with your system).

oakwhiz · 24m ago

We don't even reap the benefits of autocratic decisions from Microsoft in this area. Boards always come out with things like messed up ACPI, etc.

whatagreatboy · 50m ago

Only legal requirements can change it. Nowadays, the mokutil is good enough that linux users can build a good tool around it to automate registration at boot that should ease some pain. But otherwise, it is a big mess and still needs legal requirement.

saidinesh5 · 1h ago

Just out of curiosity, how good is the secure boot experience these days?

I've had to disable it on all my installations because of either nvidia drivers or virtual box modules. In general Arch based distros didn't seem too friendly for secure boot set up.

paulv · 43m ago

My experience as a long time Linux user (since 1997, so admittedly stuck with some bad habits from when things were actually hard to get working) has been that things are kind of confusing if you deviate from the golden path, but if you are on the golden path you won't ever notice that it is turned on.

The laptops I have gotten from eg Dell with Linux pre installed have just worked. Machines I have upgraded through many versions of Ubuntu (lts versions of 16-24) were weirdly broken for a while when I first turned secure boot on while I figured it out, but that seemed reasonable for such a pathological case. Machines I have installed Debian on in the last few years have been fine, except for some problems when I was booting from a software raid array, but that is because I was using 2 identical drives and I kept getting them confused in the UEFI boot configuration.

I have not used them on machines with nvidia, vbox, or other out-of kernel-tree modules though.

pbhjpbhj · 17m ago

Every couple of years MS do an update that messes up multi-boot/dual boot. I'm sure it's on purpose at this point, and relatively sure "Secure Boot" is how they achieve it.

Still on Windows only for kids games. Linux user since last millennium.

bravetraveler · 1h ago

Signature maintenance for modules can be fully automated. Enrollment requires navigating a mildly-intimidating interface a single time to accept the new PKI.

Fine for systems you physically manage, anything remote in a datacenter I wouldn't bother (without external motivation)

mormegil · 6m ago

Which is strange because secure boot should be useful in _exactly_ the situation you don't have physical control of the HW, shouldn't it? I guess the threat model for a common not-that-important company does not include evil data center (and it's dubious if SecureBoot would protect you in reality), but wasn't that one of the motivations?

negative_zero · 45m ago

Well I can say that the update is not going 100% smoothly. I have a pending KEK update in Fedora but it's a test key (bug filed but no progress as of yet).

Artoooooor · 28m ago

Just another factor creating electro-junk. Currently I can install 30 year old system on 30 year old hardware (assuming that I keep both the machine and the installation media in a good shape). With current computers it will be impossible because they will be "unsupported".

crinkly · 1h ago

So is it a possibility that a grub update breaks an existing bootable node? That worries me as I have a couple of Linux desktops in the field which I can’t remember if secure boot is enabled on.

roschdal · 50m ago

Secure boot is so evil.

Trump Targets "Woke" AI (wsj.com)

Thoughts on External Memory for LLMs (medium.com)

Is HN Down in the UK?

Ask HN: How do you build good software that users pay for? (github.com)

Genocide VC (genocide.vc)

Vibe Scraping / Vibe Coding a schedule app on a phone (simonwillison.net)

AgenticCore: First agentic Linux distro made by a 13 years old (agentic-core.web.app)

Make Your AI SaaS in a Weekend with ShipThing Boilerplate (shipthing.com)

Notes on Spaced Repetition Scheduling (natemeyvis.com)

The Commodore 64 Made a Difference (theprogressivecio.com)

GitHub abused to distribute payloads on behalf of malware-as-a-service (arstechnica.com)

Show HN: UML is dead – so I'm building the tool to revive it (rapidcharts.ai)

The Pragmatic Engineer 2025 Survey: What's in your tech stack? (newsletter.pragmaticengineer.com)

The NEC PC Engine FX Game Console (pcengine-fx.com)

Refactoring to Rust: integrate Rust performance surgically into other languages (manning.com)

"Changing elves to wolves makes a difference" (sciencedaily.com)

What happens when an octopus engages with art? (cnn.com)

India hits 50% non-fossil power milestone five years ahead of 2030 target (reuters.com)

How AI Vibe Coding Is Destroying Junior Developers' Careers (finalroundai.com)

Amazon, Google and Vibe Coding with Steve Yegge [video] (youtube.com)

OpenZFS Bug Ported to C (flak.tedunangst.com)

OrioleDB fastpath search (faster random key lookups for PostgreSQL) (orioledb.com)

Dictionary.com "devastated" paid users by abruptly deleting saved words lists (arstechnica.com)

Upcoming changes to the Bitnami catalog (effective August 28th, 2025) (github.com)

Cloudflare's Transparency Deserves More Credit (dashdot.me)

After Firing 9000 Employees for AI, Xbox Shares Cringe Job Post with AI Graphics (clawsomegamer.com)

India became a French fry superpower (bbc.com)

Astrophotographer Captures Solar Eclipse on Saturn (mymodernmet.com)

US passes first major national crypto legislation (bbc.com)

Show HN: Take – process file lines with a logic-like language (github.com)

Running a vibe-code platform (Coder) on your own infrastructure (thetechenabler.substack.com)

YouTuber faces criminal charges, jail time for reviewing handheld consoles (pcgamer.com)

Ask HN: Is Linux for laptop worth the trouble?

Will AI make you stupid? (economist.com)

Dotenv's Promotion on Runtime Message (github.com)

RNNoise: Learning Noise Suppression (2017) (jmvalin.ca)

Sexually aggressive behavior triggered by parasitic infection [pdf] (frontiersin.org)

Improving End-to-End Tests to Reduce Flakiness: Tools and Strategies (blog.testresult.co)

BatakJava: An Object-Oriented Programming Language with Versions [pdf] (prg.is.titech.ac.jp)

Ancient DNA solves mystery of Hungarian, Finnish language family's origins (news.harvard.edu)

Claudeputer (github.com)

I recommend native Prometheus instrumentation over OpenTelemetry (promlabs.com)

Clip Vault: A cross-platform secure clipboard manager (github.com)

AWS sheds more jobs as Jassy's automation layoff prophecy comes true (theregister.com)

ChatGPT Is Not AI (newsletter.techworld-with-milan.com)

MirageLSD: The First Live-Stream Diffusion AI Video Model (about.decart.ai)

IMO 2025 LLM results are in (matharena.ai)

Our universe may exist inside a spinning black hole, JWST finds (thebrighterside.news)

New VPN Service Can't Log Users by Design (torrentfreak.com)

Apple & CCC Members Test Digital Key 4.0 in Cupertino (macrumors.com)

Linux and Secure Boot certificate expiration

Comments (16)