Not if they use cryptographic signing.
Browser sends website the signed identity verification, then the website checks the signature against some key in a list of trusted identity verifiers. With the verification responsibility being pushed to the OS vendors, that will be a short list of tech megacorporations. And maybe Canonical or Red Hat, if we’re lucky.
They can’t make it illegal, but with a little frog-boiling, they can make it functionally useless for visiting websites you might need to use. No identity verification = no access, and Linux = no identity verification.
Almost perfect. You forgot to replace “community chest” with “shareholder portfolios”
this is a case where the problem isn’t the corporations: it is the government.
It can be both.
So… it actually makes perfect sense for the companies that dealt with this bullshit to get reimbursed by the christofacists.
If the company ate the cost, sure.
If the company raised the price on consumers to cover the tariffs, the consumers already made the company whole. If the company gets the reimbursement money on top of that, they’re double dipping.
While renting.
Thanks for correcting me. Considering a long is also 32 bits, a “Long Pointer” being 32 bits makes sense.
Identifying the windows string types is fun. The letters are supposed to have a meaning. Without looking them up, my guess is:
LP_ - Length Prepended
C_STR - C string / null-terminated
WSTR - “Wide” string / utf-16
TSTR - I have no idea
He got off the couch? That’s worrying; couches are inanimate.
Popsicle = should take a seat over there
One-eyed monster = a fan of Austin Powers
It won’t at first. If more essential websites start to unnecessarily adopt it, it will start to lock Linux users out of being able to access the services necessary to exist in modern society.
Imagine if you need age/identity verification to:
Meta is funding a lot of the lobbyists pushing for age verification laws. Uncoincidentally, Meta both owns a stake in a company providing identity verification as a service, and serves to benefit from not having to moderate its own platforms.
It’s like Secure Boot, but without any of those pesky self-signing workarounds.
“But that’s unenforceable”, some will claim.
And to that, let me remind us all of a little-known concept called cryptographic attestation. If that doesn’t ring any bells, then the term “secure boot” should.
Once this shit passes into law, that’s the next step. Operating system vendors have their private keys to sign attestation tokens saying “John Johnson is an adult” and you’re only getting one if you verify your government ID. When you go to a website, your browser sends your signed token to the website and then the website checks if it’s a valid token signed by Microsoft, Apple, or Google.
But Linux?, you may be wondering. No. No Linux. Kiss it good-bye. Your bank will “require” identity attestation for “extra security”, and your bank doesn’t give a fuck about Linux. Your bank will check against whatever list of public keys they want to trust, and it ain’t going to include anything not backed by a global megacorporation.
The man’s getting a two-for-one special of losing both a flame war and a real war.
That is incredibly ironic.
It relies on the .NET runtime already existing on the system, so it can’t even be excused as a false positive mistaking an embedded language runtime as malware.
Either way, somebody pays Apple $10} a year. After paying them the equivalent of a kidney for the hardware. No thanks.
It’s not. They both expose a POSIX API and userspace, but the underlying architecture is very different. macOS is in part based on the Mach microkernel, and creating a process has a bunch of work related to that.
Even ignoring that difference, macOS has built-in signature checking that suspends a newly-started process the first time its executable is seen.
–no-preserve-root
What language was it written in? I read that Microsoft Defender likes to flag the baked-in runtime of some languages as malware because they commonly shows up in actual nalware.
Good point. I’m not keen on personally comitting fraud, but with the inevitable data breaches in mind, identity verification would do absolutely nothing to deter malicious actors.