Hacker News: ZeroWidthJoiner

New comment by ZeroWidthJoiner in "Microsoft's open source tools were hacked to steal passwords of AI developers"

ZeroWidthJoiner — Tue, 09 Jun 2026 10:38:30 +0000

The root of trust in Secure Boot is typically an OEM certificate, not Microsoft's, which is probably even worse: https://www.binarly.io/blog/pkfail-untrusted-platform-keys-u...

In any case, you're free to remove Microsoft's certificates and enroll your own.

New comment by ZeroWidthJoiner in "Custom kernel mode code signing policies on Windows"

ZeroWidthJoiner — Fri, 27 Mar 2026 18:39:57 +0000

This enables hardware owners to specify custom kernel driver signing requirements, enabling kernel mode code to run without having to submit it to Microsoft for signing.

For an in-depth discussion on the topic of driver signing on Windows see Geoff Chappell's excellent write-up: https://www.geoffchappell.com/notes/windows/license/customke... (RIP)

Custom kernel mode code signing policies on Windows

ZeroWidthJoiner — Fri, 27 Mar 2026 18:38:46 +0000

Article URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/custom-kernel-signers

Comments URL: https://news.ycombinator.com/item?id=47546586

Points: 1

# Comments: 1

New comment by ZeroWidthJoiner in "Under the Hood of AFD.sys Part 1: Investigating Undocumented Interfaces"

ZeroWidthJoiner — Tue, 05 Aug 2025 22:36:13 +0000

Yeah, that original name is corroborated by Raymond Chen: https://devblogs.microsoft.com/oldnewthing/20171114-00/?p=97...

New comment by ZeroWidthJoiner in "If you Google 'bad UX', all the results appear in Comic Sans"

ZeroWidthJoiner — Fri, 01 Aug 2025 19:56:50 +0000

Search results for "best font ever" has an easter egg as well.

New comment by ZeroWidthJoiner in "Fairphone 6 is switching to a new design that's even more sustainable"

ZeroWidthJoiner — Mon, 23 Jun 2025 17:24:30 +0000

The backside fingerprint reader could even be used as an input device on some models for scrolling, or pulling down/up the notification bar. Great for scrolling through content or swiping through screens without having to cover your display for gesture input: https://www.androidauthority.com/miss-rear-fingerprint-scann...

New comment by ZeroWidthJoiner in "Reviving Astoria – Windows's Lost Android"

ZeroWidthJoiner — Sun, 01 Jun 2025 11:50:02 +0000

Even before the virtualization-based security feature was introduced this has been the Hyper-V architecture, on server and client SKUs. The management OS is referred to as the "parent partition" or "root partition," and it runs on top of the hypervisor: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-...

New comment by ZeroWidthJoiner in "Windows 2000 Server named peak Microsoft"

ZeroWidthJoiner — Sat, 12 Apr 2025 23:18:28 +0000

This is true for certification, which is mandatory for Server OS, distributing through Windows Update, or certain classes of drivers such as anti-malware or biometric authentication, but you can still submit drivers to Microsoft for "attestation signing" that will load without warnings on desktop OS without having to run them through the testing suite.

In any case, running the certification tests does not provide runtime protection for drivers running in kernel mode, as demonstrated by CrowdStrike. Only Windows 10 started introducing hardware virtualization-based isolation of kernel components (to provide isolation of security subsystems, not runtime checks to prevent crashes): https://learn.microsoft.com/en-us/windows-hardware/design/de...

New comment by ZeroWidthJoiner in "Windows 2000 Server named peak Microsoft"

ZeroWidthJoiner — Sat, 12 Apr 2025 06:57:12 +0000

Driver Verifier is a tool that developers can choose to use for testing and debugging purposes.

It's not used on production machines and it does nothing to prevent a badly written driver from crashing the kernel.

New comment by ZeroWidthJoiner in "Keyhole – Forge own Windows Store licenses"

ZeroWidthJoiner — Sat, 07 Sep 2024 15:01:14 +0000

> They actually advise OEMs not to install this second key by default ("Secured Core" PCs), and some vendors have followed the advice, such as Lenovo. Resulting in yet another hoop to install non-MS OSes.

True, 3rd party not trusted by default is a "Secured-Core PC" requirement, but so is the BIOS option for enabling that trust [0]. On my "Secured-Core" ARM ThinkPad T14s it's a simple toggle option.

> Even recently, a Windows updated added a number of Linux distributions to the Secure Boot blacklist, resulting in working dual boot systems being suddenly cripped. Of course, _ancient_ MS OSes are never going to be blacklisted.

Actually they are in the process of blacklisting their currently used 2011 Windows certificate, i.e. the Microsoft cert installed on every pre-~2024 machine, also invalidating all Windows boot media not explicitly created with the new cert. It's a manually initiated process for now, with an automatic rollout coming later [1].

It'll be very interesting to watch how well that's going to work on such a massive scale. :)

[0] https://learn.microsoft.com/en-us/windows-hardware/design/de...

[1] https://support.microsoft.com/en-us/topic/kb5025885-how-to-m...

New comment by ZeroWidthJoiner in "Introducing Copilot+ PCs"

ZeroWidthJoiner — Tue, 21 May 2024 07:20:09 +0000

> I think drivers are going to be the biggest PITA for ARM-based PC users for the first couple years — for example, Google Drive doesn't work for that reason.

Google Drive does ship with Arm64 drivers, and patching the platform check out of the installer gets them installed just fine (40 84 f6 74 08 -> 40 84 f6 90 90).

No idea why they're blocking the install.

New comment by ZeroWidthJoiner in "Rectify11 Improving upon the Windows 11 experience"

ZeroWidthJoiner — Sat, 12 Aug 2023 14:12:02 +0000

> MORE PADDING everywhere

It's so ridiculous. You ever wanted Explorer's "details" file list view to have horizontal blank space between rows so rather than selecting the nearest item you could just click through the list into a blank void and select nothing? Yeah, that's what the default setting is now. For a list view. It's like making up unusable space between cells in Excel for no reason.

New comment by ZeroWidthJoiner in "Windows 11 calls a zip file a 'postcode file' in UK English"

ZeroWidthJoiner — Wed, 07 Jun 2023 23:29:34 +0000

This was initially reported over 2 months ago when it first showed up in canary builds.

Microsoft, at the time: "This is an issue in the latest Canary Channel build and the loc folks are working on a fix" (https://twitter.com/JenMsft/status/1643599284120723456)