So I once brought down an alerting system using Excel
(btw, this story is more about unintended consequences instead of MSFT)
- I own an alerting system
- For log based alerts, it looks for a keyword e.g. "alert_log"
- I make a spreadsheet to track data about alerts and call one of the sheets "alert_log"
- Alert system starts going crazy: using tons of CPU, number of alerts processed goes through the roof but not a lot of alerts generated
- Turns out that I was using the cloud version of Excel so any text entered transited the firewall
- Firewall logs store the text "alert_log"
- Alert system thinks it's an alert BUT it's not a real alert so triggers an alert processing alert
- That second alert contains the text from the firewall log and so cycle begins
In other words, systems can operate in weird ways and then cause things to happen you didn't anticipate. It's why things like audits, red teaming and defense in depth all matter.
unethical_ban 29 days ago [-]
As a firewall engineer I have to tell people to make sure to disable traffic logs for syslogs from the firewall for this reason.
_whiteCaps_ 29 days ago [-]
Reminds me of the time I set up tcpdump to log network traffic on a troublesome server. To save disk space I sent it over SSH to my laptop. Oops!
stackskipton 29 days ago [-]
As usual with all these types of posts, people go "HA HA, MICRO$OFT SUCKS" without understanding business practices that keep them afloat.
Don't use Exchange? Cool, what should we use instead? Does it support 15 people all the way up to 150000 people? I used to run Exchange cluster for 70k people, is there other mail software out there complete with non-shared disk redundancy? Where the users connect to single endpoint and software figures it out from there?
Sharepoint with another 2 RCEs. Not shocked, the software is terrible. However, it's only software that will stand up under load and let us shard it easily. All open-source software is one of those, runs fine in Homelab, likely falls down under load. Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
Finally, it's somewhat backwards compatible. Most businesses are filled with ancient software that no one has worked on in 20 years. That Excel document with Macros from 1997. With some registry changes degrading security posture, still works. I doubt you will find Office software with level of backwards compatibility unless they are using Microsoft Office level of compatibility.
Microsoft has real gordian knot here and few solutions besides "Backwards compatibility is OVER. Upgrade to modern or GTFO". Meanwhile, I get hit up by $ThreeJobsAgo over some Exchange Web Services solution I slapped together for them in Python they wanted me to upgrade to GraphAPI since Microsoft turned off Exchange Web Services in Office365.
necovek 29 days ago [-]
I see you build a case for traditional MS product in Exchange, yet this issue is about Sharepoint.
Just like with Windows, Microsoft has built a moat with Exchange, but the question is why do all the companies buy into their full ecosystem, especially for anything relating to web technologies (you even bring up Exchange Web Services), because this they do really badly, and Sharepoint seems to be the worst.
However, I am certain there are big Postfix/Dovecot installations scaling easily to 150k people, but we probably wouldn't know about them. Eg. here a couple of accounts of people doing that: https://www.reddit.com/r/linuxadmin/comments/32fq67/how_woul...
inopinatus 29 days ago [-]
I was running millions of accounts using Postfix/Dovecot on shared-nothing storage with a single MUA-facing endpoint and complex policy options, and that was over a decade ago.
Fastmail today would be much bigger again, and they’re on CMU Cyrus.
150k is rookie numbers. Perhaps that was meant ironically to satirise mediocre enterprise thinking?
xxs 29 days ago [-]
>Perhaps that was meant ironically to satirise mediocre enterprise thinking?
It's a serious post, unfortunately.
stackskipton 29 days ago [-]
Yep, my point was “What is the alternative besides other enterprise cloud like GSuite and others?”
necovek 29 days ago [-]
FWIW, GSuite seems to do fewer things, but at least does them better (think nested groups and calendar invitations for parent groups: adding/removing people does not update future events with MS tools).
But at the same time, within an org of 150k people, we have separate people to support our Teams usge, our Outlook usage, our AD/Entra usage: with the same number of "sysadmins", could we do the same with open source stack?
I don't know, but I know the bugs I see with MS365.
stackskipton 29 days ago [-]
Cool, you got a blog article detailing how that works with Postfix/Dovecot? All clustering articles I'm seeing for those involved shared storage. Fastmail is not very specific how that works.
In any case, Exchange is not just email, it has Calendaring/Contacts stuff going on as well.
29 days ago [-]
Spooky23 29 days ago [-]
Cool. I did that with qmail in 1998 on a couple of Ultra 5s.
Try managing a calendar or booking resources.
inopinatus 29 days ago [-]
Integrated CalDAV is also available. Not in qmail, however. The patch for that would be large.
Woodi 27 days ago [-]
Why DAV should be integrated into any SMTPd ?? DAV is some protocol over HTTP - another service, another port. Why any architect want it in same binary or even deployed on same server ?? And even if some "cal" or "address" part is content in email that still processing it is totally different software layer then plain "sending mail" and storing it.
But no, people get self backdoored by using Exchange... Or clolud :) Or AI hosted by someone else...
29 days ago [-]
MisterTea 29 days ago [-]
> but the question is why do all the companies buy into their full ecosystem,
Old manager I had one told me: "I wish Microsoft made all the software in the world because it works so well together!" He was the guy who bought our company a one-way ticket to O365. He was also woefully tech ignorant and could barley drive software outside of office programs.
casey2 29 days ago [-]
Yup, proves the old adage that you never let the tech fluent make tooling decisions for normal people. Nothing would kill a large orgs momentum faster than half their employees stuck reading man pages for trivial tasks.
Microsoft is a good black and white, you can do this or you can't. Which works better organizationally than the "I bet I could hack this together in a few weeks" and have everyone wait around so one "10x dev" can feel like a special snowflake
necovek 28 days ago [-]
You are ignoring the fact that people are mostly complaining about Microsoft saying their software will do something, and then it not really working or falling apart (like with security incidents).
elevation 29 days ago [-]
Not sure the total number, but a university near me serves 50K active students and hundreds of thousands of alums with Postfix/Dovecot.
stackskipton 29 days ago [-]
I used Exchange because it was what I most familiar with. SharePoint operates in similar matter with all sharding (though backend is still MSSQL with it's sharding last I checked)
Sure, PostFix/DoveCot will scale if you are doing just email. Once you add GroupWare requirements, PostFix/Dovecot are no longer in same boat.
p_ing 28 days ago [-]
SharePoint does not use [SQL] sharding. Each Site Collection is contained within a single Content [SQL] database. However the blobs themselves can be stored elsewhere via a provider, out of the box a file system provider is available (in SPO they use Azure Blob Storage).
zenmac 29 days ago [-]
Craigslist has also uses Haraka to scale their email.
There are plenty of open source email alternatives now days.
lkjdsklf 29 days ago [-]
Comparing postfix/dovecot to exchange is grossly misunderstanding what’s happening
If you’re using exchange/outlook, you’re using Active Directory.
The only real “altetnative” is the reimplementation in samba v4.. calling that an alternative is a bit of a stretch. And it barely scales to one user let alone millions like AD can
necovek 29 days ago [-]
You can trivially set up Postfix/Dovecot with LDAP.
lkjdsklf 28 days ago [-]
There’s nothing trivial about running or scaling an ldap server.
Ldap is also not Active Directory. Ldap is one very small part of it
BeetleB 29 days ago [-]
How oh how did these nuclear weapons facilities manage to function in the days before Exchange and Sharepoint?
stackskipton 29 days ago [-]
Just like everyone else before invention of Email and Document sharing? However, like every other business, no one is willing to slow down velocity for security reasons so now we are here. Unless you have a fix for "Line must go up", market pressures will always cause this.
In 1971 Ray Tomlinson sent the first mail message between two computers on the ARPANET, introducing the now-familiar address syntax with the '@' symbol designating the user's system address.[2][3][4][5] Over a series of RFCs, conventions were refined for sending mail messages over the File Transfer Protocol. Several other email networks developed in the 1970s and expanded subsequently.
Proprietary electronic mail systems began to emerge in the 1970s and early 1980s. IBM developed a primitive in-house solution for office automation over the period 1970–1972, and replaced it with OFS (Office System), providing mail transfer between individuals, in 1974.
azernik 28 days ago [-]
They paid lots of secretaries lots of money and had a whole department called "the mailroom".
No one wants to go back to that.
mikkupikku 28 days ago [-]
When they're managing nuclear bombs, I think some inefficiency shouldn't be a deal breaker.
wombatpm 29 days ago [-]
Novell or Lotus Notes
29 days ago [-]
elevation 29 days ago [-]
How many organizations on the planet require their Exchange server to support 150k users? I doubt most manufacturing plants fall into this category.
stackskipton 29 days ago [-]
They don't but whole point is massive Enterprises use the software, people get accustomed to it and want it in their smaller business. So, Microsoft Small Business Server is developed until O365 came along.
nerdponx 29 days ago [-]
> Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
Or the government could pay people to work on said open source software, providing a benefit to the public along the way. The US government started something like this called "18F" under the Obama administration. It was so effective at making software that was useful to the American public that Trump promptly shut it down 2 months into his second term, in no small part because they had the temerity to develop free-to-use tax filing software.
You can use hosted versions of Google Workplace or Office365 if you can’t figure out how to secure software (places like this typically can’t clearly). Additionally it enforces a separation of concerns where a compromise of your email server doesn’t lead to a compromise of the plant itself (again - clearly IT didn’t know how to partition the network into different parts).
stackskipton 29 days ago [-]
Sure, this business should have converted to either of those and let someone else take over administration since they were clearly negligent. This is stuff that FedRAMP or it's replacement was supposed to fix but didn't.
vlovich123 29 days ago [-]
FedRAMP is only for hosted software for the federal government afaik, not on-prem and not private companies (nuclear reactors afaik are operated by grids/private operators and the federal gov is responsible for auditing and regulating)
dudeinjapan 29 days ago [-]
Sharepoint is enterprisey and all but how about "less software/surface area is more" when it comes to nuclear silos?
bawolff 29 days ago [-]
> Sharepoint with another 2 RCEs. Not shocked, the software is terrible. However, it's only software that will stand up under load and let us shard it easily. All open-source software is one of those, runs fine in Homelab, likely falls down under load. Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
Isn't sharepoint just a file share server? (Ive never used it)
I'm sure solutions like samba or an ftp server hold up fine under the load. Its really more a UI question.
p_ing 28 days ago [-]
No, but storing files is one of it's core functions. The wiki [0] has a decent outline of what it is (may or may not be out of date for on-prem).
Find me an FTP server which integrates with your entire productivity, communication and collaboration suites easily enough that an admin can run a 50k person company off of it and equally Doris from accounts can manage to get some work done.
I hate SharePoint, but i use/administer it every day and it works, mostly.
Exposing it to the internet is a mistake. Why anyone would do that is beyond me.
bawolff 29 days ago [-]
Like i said, its a UI issue not a scalability issue.
zelphirkalt 29 days ago [-]
> Sharepoint with another 2 RCEs. Not shocked, the software is terrible. However, it's only software that will stand up under load and let us shard it easily. All open-source software is one of those, runs fine in Homelab, likely falls down under load. Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
All just empty claims without showing any evidence. Did you ever set up a multi-client syncthing setup to test your theories about it falling over? Or do you have any references, pointing us to analysis, that shows, that any such tool doesn't hold water? What about some bit torrent setups? There are many options in this space, and one doesn't even have to lump synchronization and viewing in a web UI into one service. If one doesn't, then there are many tools that can accomplish the job better than Sharepoint.
And btw. paid MS Office doesn't even hold water for some 80 people, delivering me my e-mails some half an hour later, at a snail's pace, one or two a minute, while my 1 EUR per month free software using e-mail provider (posteo) manages to give me all my new e-mail almost instantly, the moment I open Thunderbird.
stackskipton 29 days ago [-]
Your replacement for Sharepoint is BitTorrent or Syncthing?
Yes, there is other tools, none of them is as integrated as Microsoft suite except other cloud only options like Google Workspace and other cloudy software.
bad_haircut72 29 days ago [-]
I mean this is nuclear wepons were talking about, who cares about features vs security? They could run the department on snail mail if they tried
int_19h 29 days ago [-]
Exchange has valid arguments for it, but I don't think SharePoint has anything going for it other than "we already got a license for that as part of out package deal". As software in its own right, it's uniquely bad even for Microsoft.
29 days ago [-]
29 days ago [-]
Staniel 29 days ago [-]
Why is this comment glowing? \s
crmd 29 days ago [-]
One of the first things I do after getting an inquiry from a recruiter or friend referral is lookup the MX record for the company’s email domain. It is an anonymous one-command check to see if they’re a Microsoft shop.
If they are, it’s enormous personal red flag. MSFT is very popular so I’m only speaking about my own experience, but I have learned over the course of 20 years that an MSFT IT stack is highly correlated with me hating the engineering culture of an organization.
I know I am excluding a lot of companies with great engineering culture where I would thrive and who just happen to use Outlook/Sharepoint/Teams, etc. but it has had such better predictive power of rotten tech culture than any line of questioning I have come up with during interviews that I still use it.
I don’t mean any disrespect to MSFT-centric engineers out there - it’s not you it’s me.
supportengineer 29 days ago [-]
If a company provides a Mac laptop, that to me is a green flag, if it provides a Windows laptop, that is a red flag.
The best company I ever worked at, provided every software engineer both a Mac laptop and a Linux desktop as standard equipment.
FireBeyond 29 days ago [-]
My employer provides a Mac laptop with the Office suite. Red flag, green flag, or yellow?
nicoburns 29 days ago [-]
Word, Excel, and arguably PowerPoint are still the best tools im their respective classes, so if you mean those then very much a green flag.
If they're also making you use Outlook or especially Teams then they're going to start losing "points".
esalman 28 days ago [-]
My workplace let's me choose Mac or Dell laptops.
dataflow 29 days ago [-]
What if they provide both?
gubicle 29 days ago [-]
My calculations tell me that would be a yellow flag.
SapporoChris 29 days ago [-]
My knowledge of colors tells me red and green make brown.
pezezin 29 days ago [-]
#ffff00 is a pretty bright yellow color.
Yokolos 29 days ago [-]
What does a brown flag tell us?
mrheosuper 29 days ago [-]
proceed with caution
bflesch 29 days ago [-]
Both are a red flag
qwertytyyuu 28 days ago [-]
being provided a laptop is a red flag...? unless you get hp or cheap dell, then yeah red flag
bflesch 27 days ago [-]
No for me both Microsoft and Mac devices are a red flag.
craigmcnamara 29 days ago [-]
Hard agree. I've worked both kinds of places, I'm never working in an MS environment again for less than 7 figures.
terminalshort 28 days ago [-]
And companies that use MS aren't paying 7 figures for anything below VP
notmyjob 29 days ago [-]
I’ve definitely noticed a correlation with low regard for labor (h1b abuse). But maybe that’s just a location thing, I’m in California where regard for labor, especially local talent, is non-existent. You know, move fast and break things like nascent tech worker unions and the state itself.
kapone 29 days ago [-]
WTF is this even supposed to mean?
H1Bs use Microsoft products more than others? Or they do it because they have to…or what??
Please explain yourself.
Thorentis 29 days ago [-]
Companies more likely to want to save money on labor costs (employing many h1bs) are also likely to want to save money on Tooling costs, by using safe options like MSFT stuff, rather than finding better tools.
Also yes, due to availability and various other reasons, H1bs, particularly from India, seem more likely to use a MSFT stack.
array_key_first 29 days ago [-]
MSFT tools aren't even cheap - they're very expensive. Many FOSS tools are just better and cheaper. End of the day, even RHEL is cheaper.
notmyjob 27 days ago [-]
It’s “do what everyone else does” style of corporate leadership.
“Nobody ever got fired for choosing MSFT” goes hand in hand with “if we don’t exploit the H1B system to get cheap coders who won’t sue us or try to organize then someone else will.”
Using FOSS, hiring citizens, treating employees well, actually innovating and producing great products, all hang together. Sadly, such companies and people are increasingly rare in tech, because the tech oligarchs fund bad people and bad products because they are often greedy egoists whose wealth is derived from being in the right place at the right time, or from what I call “moral arbitrage” (doing things others are too ethical to consider) rather than deriving wealth from actual talent or ingenuity. Ymmv
a-dub 29 days ago [-]
it's generally pretty remarkably bad. i think i agree. it sets a sort of psychological baseline culture that computers and their software should be shit, which is a pretty bad influence for people making software to be engaging with day in and day out.
29 days ago [-]
jojobas 29 days ago [-]
Too bad Microsoft shops run the world. All the factories and shops, nearly every commercial backoffice runs windows, office/exchange and what not.
a-dub 29 days ago [-]
the software is so bad it's literally a national security risk.
mrsmrtss 28 days ago [-]
While I may agree on Sharepoint, not everything from Microsoft is bad. Often the alternatives are even worse.
a-dub 28 days ago [-]
ok, excluding things they have bought and not yet destroyed. what's good? (we'll accept that xbox is good, distinct and unrelated to the rest of their offerings)
jojobas 28 days ago [-]
Is there a one stop solution for email, calendars, bookings etc that could run on premise?
dijit 27 days ago [-]
Zimbra, Nextcloud Hub, MDaemon (Mail/Cal/Contacts), Group Office and Kopano come immediately to mind.
dijit 28 days ago [-]
Really?
Libreoffice Calc and Excel are probably your strongest argument, Excel runs the world after all.
But, if it wasn’t for incompatibility and fear of incompatibility- I have a hard time thinking Calc is materially worse; I doubt theres a single workflow not possible in Calc- and if O365 utils get worse looking then Calc will win there too soon enough.
For everything else in the microsoft stack, either its “this thing does many things thus is incomparable to any one thing!” or its simply worse.
Even the best tools that I would actively defend (MSSQL) are only equivalent to other solutions (PGSQL) and almost never better than everything offered elsewhere.
waterTanuki 29 days ago [-]
My company uses a MSFT for domains, email, office work etc. but hands all the employees (not just engineers, HR as well) Macs. I don't know what kind of places you're working for but I'm not really interested in spending more time debugging your mattermost instance or email server instead of working on the core product I was hired to work on. I agree microsoft software is a plague but good luck convincing the people with the money to use something else lol
NoPicklez 28 days ago [-]
I have to disagree here, that is such an enormous broad brush
unethical_ban 29 days ago [-]
Companies that don't use Outlook? All five of them?
I've seen companies with varying levels of MS product integration but Outlook is pretty foundational.
Now, if a company says they use SharePoint or Teams to store their documentation, run to the hills. Wikis or bust.
nneonneo 29 days ago [-]
God, Teams is absolutely miserable. Video calling on Teams makes you appreciate just how well Zoom works.
Teams macOS client? Crashes on startup, even after clearing all of my user data.
Teams iOS client? You can join a call by a link, but you can't see the call UI because it's behind the login window.
Teams on Firefox? No video support for years, and most recently just glitches out and shows an empty page when trying to join.
Teams on Chrome? Tried joining a meeting, and was told by the organizers that they couldn't admit me because the button wasn't doing anything.
I've had all four of these things happen within the last month, and it's made me want to tear my hair out. I get that none of these are "Microsoft Edge/native Windows client", but they could at least pretend to care about other platforms...
thomasjudge 29 days ago [-]
The Teams mac client is so awful I completely gave up on it
sigmoid10 29 days ago [-]
Over the years I have used teams on Windows, Mac, iOS, Android and various Linux distros (where I was limited to Chrome and Firefox due to lack of an official client). While it is certainly not the greatest tool in the world, I have never encountered issues like these.
Spooky23 29 days ago [-]
You’re probably doing something cute with your network filtering or EDR.
AlotOfReading 29 days ago [-]
This varies widely by niche. My experience is that a solid majority of West Coast tech companies / startups use Gmail or other non-MS hosted solutions. Outlook or MS365 are a good indicator that the codebase may be older than some of the people writing it.
FreakLegion 29 days ago [-]
Silicon Valley in particular uses Google Workspace at a much higher rate than the rest of the world. If you count every one- or two-person startup as a company, Google probably does have a solid majority. If you count mailboxes, Microsoft still easily wins.
Note that MX records are misleading here. They have no false positives, but are full of false negatives --- daisy-chaining MTAs is common, and since Microsoft owns the mailbox, it's invariably last in the chain. So the MX record will show something like Proofpoint (pphosted) or Mimecast or an internal company host, when really it's Microsoft in the end.
_whiteCaps_ 29 days ago [-]
Wild to see the different experiences here. I haven't worked for a company that uses Outlook in 20+ years.
Recently it's all been gmail/google workspaces.
frumplestlatz 29 days ago [-]
Similar experience; I haven’t had to use Outlook since the late 90s, and even then only for about a year.
Every company I worked for before or since just used IMAP.
fragmede 29 days ago [-]
What did you have as the IMAP client?
frumplestlatz 29 days ago [-]
In the 90s, mutt. After that, Apple Mail.
_whiteCaps_ 28 days ago [-]
Thunderbird
lenerdenator 29 days ago [-]
> Now, if a company says they use SharePoint or Teams to store their documentation, run to the hills. Wikis or bust.
It's never just Teams or SharePoint or a wiki. It's almost always some abomination created by putting various bits of knowledge on all three. Also, corporate wikis suck because how your team classifies data is almost invariably different from how someone else wants to see it.
SharePoint, for all of its flaws, typically gets used by the major announcement-and-policy makers at a company, because they just want to use MS stuff (primarily out of ignorance of alternatives), so at least it's somewhat coherent for everyone in the company.
esseph 29 days ago [-]
I've been at quite a few places that wouldn't touch the MS ecosystem with a twenty-foot pole, and history has proven that to be a wise decision on their part. It certainly has not cost them any business.
NeutralCrane 29 days ago [-]
I’ve worked for six companies and only one of them uses Outlook. I think there is some availability bias by industry or job type. I know there are lots of companies that use Outlook, but you may be overestimating how many do, particularly among the companies more likely to be represented here (tech and/or startups).
unethical_ban 29 days ago [-]
I tend to work at banks, multinationals and power.
My direct employer uses GSuite (and Google docs as a source of record is as bad as a 2000s file share)
bdangubic 29 days ago [-]
Large enterprises (1000+ employees): probably 70-80%+
Mid-sized businesses (100-1000 employees): around 60-70%
Small businesses: more variable, maybe 40-60%
this reply was written by “AI” :)
Hikikomori 28 days ago [-]
Worked for a company that used Lotus Notes 10+ years ago and switched to 365 and outlook, hard to believe that an email client could be worse than Lotus Notes. Only worked for Google workspace companies since then.
pandemic_region 29 days ago [-]
How can you see from the MX record if it is Microsoft?
kyrra 29 days ago [-]
The "dig" command can get them for you
$ dig ycombinator.com mx
;; ANSWER SECTION:
ycombinator.com. 300 IN MX 20 alt1.aspmx.l.google.com.
ycombinator.com. 300 IN MX 10 aspmx.l.google.com.
ycombinator.com. 300 IN MX 20 alt2.aspmx.l.google.com.
ycombinator.com. 300 IN MX 30 aspmx4.googlemail.com.
pixel16 29 days ago [-]
this doesnt work if they use a 3rd party email filtering service like mimecast or proofpoint fyi.
neilv 29 days ago [-]
Another red flag! :)
ExoticPearTree 28 days ago [-]
Proofpoint, definitely a very big red flag.
janderson215 29 days ago [-]
mxtoolbox.com
adamcblodgett 29 days ago [-]
I love this tool so much. It makes so many difficult things easy, and it does it cheaply or free in almost every instance.
fujigawa 29 days ago [-]
I'm gonna be honest, you sound like a problem employee.
The companies not using Microsoft, are using Google. Which in my experience is equally or measurably worse.
Just personal data points, but every avowed Microsoft hater I've ever worked with has been... difficult. Like a-drag-on-the-team-because-he-refuses-to-use-company-tools difficult.
Edit: How does an aged post on this site go from +4 to -1 in the span of a few minutes?
Balinares 28 days ago [-]
My current gig is an MSFT shop and when I joined I was genuinely excited to find out just how far that universe had come in the 20+ years since I last worked in a corp environment that uses it. The Ballmer days are long behind and there's been some genuinely cool stuff coming out of MS since.
I don't think I was ready for how bad it is. Not going to go into an inventory of it all, but I'll admit I genuinely lost it when I discovered that the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized. There's no reliability baseline; if it's broken to the point the amount of work you can do is zero, just open a ticket with support, who will add yet another bit of duct tape or just reboot something somewhere and ask you if the problem went away somehow.
I think possibly the coworkers who don't look away from the emperor's non-clothed-ness, and the higher standards that they drive, may be more valuable to have around than you imagine, if you can get past the bad emotions that their lucidity gives you.
jack_tripper 28 days ago [-]
>I don't think I was ready for how bad it is.
Says it's unthinkably bad then proceeds to give only one example. There are several other issues you can list.
>the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
I wonder when that issue ever happened since I'm always ssh'd into my homelab via the terminal for days and never had to restart it since it never froze.
>The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized.
Microsoft didn't make the culture like that, the managers were always like that which made them choose Microsoft because they just choose the biggest corporate name brand supplier. It's your typical old-school MBA.
I've worked at all-MS shops and at all-Linux shops, and despite the issues with MS tech, the all-MS shops were far less toxic and pleasant to work at as people treated it as a 9-5 job instead of their own personal start-up project that needs to strictly conform to their world view, therefore the linux-shops I worked at tended to attract more of the toxic problem employees like your grandparent whos work life revolved around tech evangelism than pragmatism, which I didn't like since I just wanted to get work done and go home, not participate in some crusade at work to judge and shame choices of OS/IDE/languages/frameworks/tools the company should be using. As long as I get paid, I'll use any widely available tool, I don't really care.
Grimblewald 28 days ago [-]
> as long as I keep getting paid, nothing else matters
Mindset explains the other users complaint perfectly I guess. I suppose it comes to how one views and feels about work. Take pride in your work? Dont go MS shop. Don't care and are just there to get paid? MS shop.
that attitude explains why I can no longer edit calendar evemts in the android app unless I turn the phone sideways, and a deluge of other issues with MS products that reek of sloppy low effort work.
jack_tripper 27 days ago [-]
>Mindset explains the other users complaint perfectly I guess.
Yes, how dare SW engineers work to just put food on the table for their families, and not fight your imaginary tech revolution against MS-shops?
> Take pride in your work? Dont go MS shop.
Sorry buddy, but I work the SW equivalent of "putting the fries in the bag", my work has no impact on the tech issues in your life, and I don't live in The Valley, or the US, or some major international tech hub where hip, non-MS jobs fall from trees in order to make an impact, and so MS shops make the brunt of the jobs market where I live. Should I go homeless and hungry just to virtue signal on HN on how righteous I am via your self-defined Russian nesting doll of obscure purity tests?
>that attitude explains why [...]
Hate to break it to you, but some people on HN like you guys in this thread, are so over privileged with your career opportunities, that their delusions take over rationality and common sense views of the reality outside their bubble, and think the rest of the world must conform to your viewpoints or else they're somehow the "evil ones" responsible for the issues you perceive.
By all means feel free to have your own beliefs and values that differ from others, just don't try to virtue signal, judge others, or impose your view on others, as nobody likes such obnoxious arrogant people on their high horse thinking they're on the right side of history and everyone else is wrong. Live and let live, that's my life's mantra.
Grimblewald 24 days ago [-]
I don't have the opportunities you're talking about. You misunderstand who I am or what my background is. I don't come from the USA and in fact you literally couldn't pay me to go work in or for the USA. Not in my entire life has that ever been possible. USA has always been a last resort option for me. Not that I have the option, but to even consider it, it would need to be the last option left.
I'm not saying that you cannot work in an MS-shop. I am just saying that the attitudes I see reflected in the comments supporting MS-shops explain why MS-shop output looks the way it does.
Ultimately, it comes down to company culture not individual developers. I wouldn't hold devs accountable for what is a systemic issue, in fact I am grateful there are those devs who don't care about taking pride in their work who can survive in an MS-shop without it draining their reason for being. If not for them, positions in places where taking pride in your work doesn't come at personal cost would be far more competitive.
However, that doesn't mean it isn't worth calling out an emerging pattern of MS-shops being the kind of place incompatible with wanting to take pride in your work.
janderson215 23 days ago [-]
I’m an American living in the US. Worked at a startup acquired by a very large enterprise and I very much appreciate your attitude over the parent’s comments. I find it incredibly demoralizing that so many people feel the way they do and appreciate those who work for more than a paycheck. I quit my job (thankfully I was in a position that I was able to) because of this attitude being so prevalent.
You want to provide value to your customers and anything getting in the way of that should be a frustration, not something we just accept. Stagnation will lead to decline that is very difficult to reverse. I don’t know what you do, but thank you for your perspective and disposition and for admonishing the above attitude.
jack_tripper 22 days ago [-]
> I quit my job (thankfully I was in a position that I was able to)
What about those who are not able to? Because your argument falls flat on tis face once if you remove that part.
janderson215 21 days ago [-]
I do not disregard it, but I have no idea what to do about it and it gives me an existential concern about the future of the world with which I am familiar (America? The West?). I don’t think it is a healthy society if the people responsible for systems (critical, luxury, or otherwise) do not care about succession or improvement of the systems they build or maintain. Best case scenario, the problem the systems solve fail and someone else sees value in solving the problem, so they solve it again and re-discover the “why”. My guess is that the longer it takes for the failures to happen, the longer it will take to re-learn the “why”.
I don’t like that people just work for a paycheck. I understand why and it’s very hard to argue against people doing it and not caring when their managers or the companies they work for don’t care about them in return. The Cambrian Explosion of solved problems will lead to an deluge of catastrophes when a large percentage of those systems fail unless people take care to transmit the “why” to the future stewards of these systems.
Grimblewald 17 days ago [-]
That's a great point. I can be less diligant in my documentation than i'd like to be at times. This means somethimes the "why" of something isnt discussed. I need to stop doing that and find a way to add all the "whys" without overwhelming readers who just want answers. Maybe footnotes or appendicies.
janderson215 16 days ago [-]
While I appreciate the effort and strive to do so myself, I’m not sure this is entirely a matter of you trying harder/doing better. You can often explain the context well enough to a degree that is practical enough to solve the narrow case, but communication is lossy by nature, so descriptions of systems become impoverished. It is so hard not to make bad assumptions about the reader, especially if you look forward even 1 or 2 generations from now. It seems this is a large part of the role of the US Supreme Court and I’m certain that is not perfect even with days of deliberation. For technically enforced systems with faster feedback loops, higher volumes, and lower tolerances, there are necessarily more errors.
jack_tripper 22 days ago [-]
> I don't come from the USA and in fact you literally couldn't pay me to go work in or for the USA.
That's why I also said "international tech hubs" because that's were it's easier to find non-MS jobs outside the US. But it seems that passed over your head and you spent 3 sentences to go on a tangent on how much you hate the US even if the US wasn't my point.
>an emerging pattern of MS-shops being the kind of place incompatible with wanting to take pride in your work
There's plenty of non MS-shops that make SW just as bad, if not much more worse and evil than MS-shops (nefarious Facebook and Google spy-/ad-ware isn't done in a Microsoft shop). SW stack is just a tool and a tool does not define one's character just how whether you use DeWalt or Makita doesn't. Which is why I dislike your binary/black-or-white view on this topic as it screams ideological zealotry, short sightedness or even borderline discriminatory.
Taking "pride in your work" in the context of working for someone else's SW corporation, is mostly a luxury belief of privileged people who have the luxury of choice in the labor market, while for most folk, labor is done just as a way to pay bills, while taking pride is reserved for activities with hobbies, family, children and friends.
You don't need to "take pride in your work" to be a kind person and functioning member of society, but it seems it's just a virtue signaling purity test by the "holier than though" crowd of tech workers.
hnthrow231025 28 days ago [-]
[dead]
bitmasher9 29 days ago [-]
Doing research on a potential employer and filtering out opportunities based on preferred toolchains is a green flag not a red flag.
Spooky23 29 days ago [-]
Dev tools, sure. Self-selecting yourself out of the office/email toolset used by 90% of companies seems like a weird flex.
pxc 29 days ago [-]
Companies that use Microsoft for one thing invariably use it for another, and then another, and then another, because they're "already paying for it". Their business model has always been like this.
Microsoft Office usage is highly predictive of lots and lots of other choices.
lostlogin 29 days ago [-]
> Microsoft Office usage is highly predictive of lots and lots of other choices.
Job sites could do with this as a filter. Even more specifically, ‘Teams’.
dijit 28 days ago [-]
I once rejected a job because of Teams; I felt bad/entitled about it though...
I’m fairly certain I’d deeply regret my life choices if I had to use teams daily. Occasional (mandatory) usage interacting with it for various gov’t usage, etc. has reinforced that view.
Why subject yourself to something you know you’ll hate every day if you can avoid it?
Is that being entitled? Plenty of people don’t have such choices, sure!
If so, who cares? Live your life, make your decisions. Don’t let jealous people make your life miserable.
Personally, I’d rank it as:
1. Google meet (as good as a gvc program can get for actual meetings, near as I can tell). Best when you have a group of people who are somewhat co-ordinated and not malicious though.
2. Zoom (not great for actual meeting quality, like audio/video, but not bad - and has a lot of useful tools and workflow stuff, especially for larger groups of strangers. I get it)
3..24 - every other random product.
25. Teams (lots of random bugs, worse than zoom for actual meeting quality, tons of silly MS’isms when trying to actually use it, somehow doesn’t work well for groups of people working together OR for groups of strangers, etc).
MS is the king of the package deal and ‘check box sales’, so they are impossible to avoid for long however.
type0 28 days ago [-]
Teams client version for Linux was discontinued 2022. Yeah MS loves Linux, in the same way cats love mice.
pxc 28 days ago [-]
If everyone else genuinely loved Teams, I could stomach using it even though I hate it. But regardless of what anyone says about it, it seems the rest of the company also hates it— it's a ghost town. There's no sense of community whatsoever.
My personal "sample size" is too small to be sure, but I worry that Teams usage is poisonous to collaboration and engineering culture.
phatskat 28 days ago [-]
When I did my orientation, we got set up on teams and they made a group chat for our cohort. I think I’ve used it…once in the two years I’ve been there? Otherwise, Teams is for meetings, thankfully the company managed to stick with Slack despite pretty much everything else being wrapped in the MS tendrils.
I do wonder if they tried to push teams for text chat before I got there and were shot down. Management seems fairly receptive to some amount of give and take when it comes to decisions about office tooling e.g. I was cited as “the reason” engineers still have access to Figma Dev Mode, and I can’t say we had more than a handful of vocal people pushing to keep it. Company size is somewhere between 200-500 iirc
qwertytyyuu 28 days ago [-]
I don't mind teams but really do hate outlook.
michaelcampbell 27 days ago [-]
I like(d) the fat Outlook windows client; it had the set of rules/filters features that corresponded to my needs.
The web client is pants, though.
lostlogin 28 days ago [-]
But you can ‘thumbs up’ an email!
Do you even read your ‘weekly digest’?
/s
phatskat 28 days ago [-]
I’ve never been so constantly annoyed and confused in an email client than I am in Outlook. I miss actual important emails because the UI is a sea of junk.
honkostani 28 days ago [-]
The whole Eco-system is designed like a lobster trap. Easy to get in, hard to get out except by swimming through hot butter sauce.
29 days ago [-]
philipallstar 29 days ago [-]
Teams is just so much more horrible than Slack and Zoom, and dev teams use Slack and/or Zoom.
cc81 29 days ago [-]
When it was introduced Teams was pretty bad but these days it works just fine. I don't see that it being a decider really more than just historical preference.
phatskat 28 days ago [-]
We have Teams and Slack and I don’t ever see anyone push for a chat in teams. Most channels are a ghost town. To me, teams would be “fine” if it’s all we had, but when you see it next to Slack it’s a no-brainer for me. Teams UI is just baaaaad
Kirby64 29 days ago [-]
Just because someone uses Outlook doesn’t mean they use Teams too. I’ve seen Zoom or Slack with Outlook/Office suite for the remainder at companies.
philipallstar 29 days ago [-]
Yes - agreed. I'm just saying that in my experience dev teams do care about some tools that Office is trying to replace.
7thpower 28 days ago [-]
Slack is an unintuitive piece of junk, and yes I will die on this hill.
rkomorn 28 days ago [-]
It is, but all the other ones I've had the misfortune of dealing with have been worse.
Including IRC.
dotancohen 28 days ago [-]
A few years ago I worked at a company that actually used Telegram and Telegram Desktop. It was great. Available on mobile and desktop, all platforms, supports all the features we needed, new users get full history.
rkomorn 28 days ago [-]
The best I've used, and I say this in all sincerity, is actually Facebook's work platform (but it's not a chat-first experience, obviously, and that's probably what made it better).
davkan 29 days ago [-]
My company uses both outlook and slack. Teams is also used for scheduled meetings but never touched for chat. I personally don’t find teams to be significantly worse than zoom but I’d rather never use either.
Spooky23 29 days ago [-]
Most customers of both use O365.
The zoom fascination is pretty weird. It’s literally Webex 3.0 without Cisco bullshit.
Slack is pretty awesome. It wouldn’t factor in selecting an employer, but that’s just me.
philipallstar 28 days ago [-]
> The zoom fascination is pretty weird
Why? It's much better than Teams, if for no other reason than Teams just got deprecated on MacOS Monterey and that's really annoying. Or rather not for just that reason, but for the reason that Teams is Microsoft's 10th biggest priority, whereas video calling is Zoom's only priority, so they make a better product.
zelphirkalt 29 days ago [-]
I definitely wouldn't call Slack "awesome". Self-hosted tools like Zulip are doing a better job. Slack is however, the smaller evil amongst MS Teams, Zoom, MS Outlook and similarly bad software. Like, if someone told me all communication, including text chat shall happen via MS Teams, I would seriously consider looking for another job. It is a recipe for absolute disaster and completely broken communication. If the same happened with Slack, I would dislike it, but I guess it is at least usable. Still garbage, but not as much garbage, as MS Teams.
1123581321 29 days ago [-]
What do you do to make Zulip better than Slack? A vanilla installation is not better, and scales worse with more users, more devices per user more mobile users and more integration sources. But, I’ve never been in a situation where I was forced to make Zulip an attractive communication tool to an organization; there must be a lot that is possible. Getting away from a Salesforce product is a good goal.
zelphirkalt 28 days ago [-]
What I would do if hosting Zulip for a company, is:
(1) host an up to date Zulip version
(2) setup or rent a Jitsi Meet or other open source / free software voice + video chat solution. Jitsi Meet might be a bit difficult to properly set up, compared to Zulip, because of extra things needed, like TURN server and in general the complexities of web RTC. Maybe renting that for some < 10 EUR is fine for a company.
(3) Configure Zulip to have for example `/jitsi` or `/meeting` for creating meetings right out of Zulip.
(4) Setup other integrations, that exist for Zulip.
(5) Setup backups for the Zulip database. It is just a postgres database. One can dump it and move the dump to a backup store.
If this is too much, for example because the company doesn't have the knowledge in their employees to manage this, then one can also rent Zulip hosted solutions.
Getting away from Salesforce alone is in my opinion already worth it.
dijit 28 days ago [-]
Literally did that at my last company, but the google meet link was “meet:<x>” where the friendly URL of the meet-link was inserted.
It worked pretty well, I do wish Zulip had better ability to generate links from the video call button, it works really well with Jitsi this way.
dijit 29 days ago [-]
I’ve never touched a scaling issue with Zulip, how many devices are we talking about here? Maybe I’ve just never touched the walls of scaling it. The architecture seems fine to scale if you self host though.
The only issues I’ve found with Zulip is how it looks and training people to use it right. I’ve had a lot of comments that Zulip has ruined people because they realised how good it is only after they stopped using it, and can tell that everything is so much worse, but the whole time they used it- they hated it.
The other issue, if we can call it as such, is that there’s not that many native third party integrations, we had to write our own bots for some pretty basic things. But writing bots is so much easier in Zulip than Slack (and for Teams its a lesson in genuine masochism) so I give them a pass.
kapone 29 days ago [-]
[flagged]
rootusrootus 28 days ago [-]
> The zoom fascination is pretty weird. It’s literally Webex 3.0 without Cisco bullshit.
Yes, though Zoom came first, Webex copied their UI during the covid Zoom craze.
numpad0 29 days ago [-]
I think the point is that GP red flagging all MS shops, which is more or less just sorting companies by headcount and flagging all from top, implies incompetency at GP's side than at the company side.
Like, if a fighter jet pilot came and told all American jets are equally weak and overcomplicated and ineffective, it probably tells more about that pilot than about the jets.
I don't know if that's the case, but that would be the idea.
autoexec 29 days ago [-]
> I think the point is that GP red flagging all MS shops, which is more or less just sorting companies by headcount
I wouldn't be surprised if many people find that smaller companies are more fun/interesting to work at, so even if this were only filtering out large companies checking for MS could be helpful.
carlmr 29 days ago [-]
Then it's an overcomplicated company size check.
lucketone 29 days ago [-]
Imagine small startup where ceo knows only windows and small startup where ceo uses linux.
Developer’s quality of life might differ.
lazide 28 days ago [-]
It absolutely would. I can even tell you what type of laptop/dev equipment you’d likely get.
Hard to say what the actual office environment would end up like (plenty of toxic nerds out there), but I’ve worked for CEOs who were devs, and I even when they were terrible people, I never once hated the development part of the job.
computerthings 28 days ago [-]
[dead]
int_19h 29 days ago [-]
SharePoint really is that bad though (and I say this as someone who used to develop for it as a platform).
The fact that it's so widespread in our corporate culture is more indicative of how enshittified it is. Now, realistically, we might not be able to avoid it because of that, but let's not pretend that it's not shit.
kapone 29 days ago [-]
It fills a niche. What’s else does?
Yes, it’s not great, but so what?
croes 29 days ago [-]
How about using tools that do their job great instead of one tool that can do them all but none of them good.
It tells the company values price more than capability.
I asked in my company why we use SharePoint and the answer was name a better alternative.
So I asked an better alternative to do what?
I never got an answer.
mindok 28 days ago [-]
If the objective is to put files where you can’t find them again, I think you’d be hard pressed to find a better alternative.
eitland 28 days ago [-]
Except any plain file server that you can connect to via ordinary protocols?
linksnapzz 28 days ago [-]
Lotus/IBM/HCL Domino.
cachius 29 days ago [-]
What niche?
dijit 29 days ago [-]
The niche of trying to do everything and being good at none of it.
File hosting, web application hosting and integrating with Office.
mcswell 29 days ago [-]
What else? LaTeX Beamer, for one; Libre Office Impress for another.
dpark 29 days ago [-]
You are confusing SharePoint with PowerPoint.
mcswell 26 days ago [-]
Oops...
29 days ago [-]
cactusplant7374 29 days ago [-]
In this economy? This sounds like a fantasy.
carlmr 29 days ago [-]
OP might not have recently been looking for a job.
NeutralCrane 29 days ago [-]
Google is leaps and bounds preferable in my experience than Microsoft. I agree with the above. A Microsoft shop isn’t a guarantee the company culture is bad, but it’s correlated enough to be a flag.
pjmlp 28 days ago [-]
Until one needs to reach out to support.
lazide 28 days ago [-]
G workspaces support has always been at least decent in my experience. MS support, less so.
Oracle support took the cake however, but that was with a commercial support license and a weird bug triggered by a newly released feature (never do that!) in Oracle DB, many years ago. ORA-600 errors for the ‘win’.
joenot443 28 days ago [-]
Google's support for their business clients is considered pretty top of class.
The "Google lacks support" chorus we hear frequently is more associated with their free tier.
ExoticPearTree 28 days ago [-]
Where I am we're kind of Dual Stack for various reasons with GCP and Azure.
Microsoft support has been very good. Google support was abysmal and very "you're dumb, we're smart because we're Google" style.
And we pay money for support to both organizations.
pjmlp 28 days ago [-]
That wasn't my experience on the only project I took part on GCP.
erikerikson 29 days ago [-]
As someone who has been accepting of MS houses and worked at a few, the heuristic holds up in my admittedly anecdotal experience. The Mac houses are fine and Linux houses have been best.
crmd 29 days ago [-]
The chairman of my last big company said I was “ungovernable” at one of our last board dinners, so I’m reluctantly inclined to agree with you.
terminalshort 28 days ago [-]
Yeah, when I hear "problem employee" from a higher up I think "I want that guy on my team." Sounds like someone who pisses off management, but is too valuable to fire.
lazide 28 days ago [-]
Yup. If they weren’t indispensable, they’d be the ex-employee.
craigmcnamara 29 days ago [-]
One of us! One of us! One of us!
827a 29 days ago [-]
Well, in my experience every Microsoft shop I've ever interacted with has been a problem employer. Why do you feel your angle has greater moral defensibility?
carlmr 29 days ago [-]
I can kind of see both points.
OP doesn't like working for people that have bad tools mandated by the company. He uses a proxy measure to determine this beforehand.
The other poster had problems with people like OP because they don't use the (bad) tools provided by the company.
It doesn't sound wrong from either side. It's actually a win-win for both if they don't meet, which would mean OPs strategy is great for both. It might preclude OP from some opportunities though if the filter is too wide.
I personally do think that if you mandate the wrong tools you will never get the best developers, because great developers are very picky about the tools they use. It can be a bit too extreme in some cases, but I've rarely seen anybody that is good at this job and not very opinionated in some way or the other.
In most cases the problem is mandating though, if you give recommendation but allow deviations from that recommendation within reason you can usually get everybody to be happy.
monooso 29 days ago [-]
How can OP be a problematic employee when he's specifically decided never to become an employee of a company which uses such tools?
mikkupikku 28 days ago [-]
It seems like a sour grapes thing. "I can't have you as an employee? Well you must be a problem so I don't want you anyway."
Etheryte 29 days ago [-]
I don't know man, you're gonna have a very tough crowd if you're gonna try and convince anyone that Teams is as good as Google Meet.
fujigawa 29 days ago [-]
They are all equally crap. I'm convinced the people designing collaboration tools don't have to use them on a daily basis.
nicoburns 29 days ago [-]
IME the call quality varies quite widely between video calling software. And being able to reliably hear and be heard with reasonable latency is pretty important!
dijit 29 days ago [-]
Equally?
Definitely not.
Maybe it can be argued that it depends on how you use it, but meet is so far and away better for video calls and screen sharing, its not even funny.
Jitsi is also an incredible improvement, and it is self hostable and free.
Teams is likely the worst software that a company will force on all its employees- with that in mind, I guess some people can get stockholm syndrome? Some people who only jump from MSFT shops literally don’t know that there’s anything better. They went from Communicator to Lync to Skype for Business and now to Teams- and Teams is better than those just about.
qwertytyyuu 28 days ago [-]
It seems you have had the fortune to not have had to suffered through jabber
dijit 28 days ago [-]
Oh, I did… I quite liked it actually. :)
supportengineer 29 days ago [-]
The plague that is currently infesting our software industry is "Promo-Driven Culture". Employees are incentivized to get a promotion, not to make life better for anyone, except for their manager's promotion.
alternatex 28 days ago [-]
When it comes to Teams, unfortunately we do. It's actually used across Microsoft in general. A company of this size requires Teams even if just for the sake of keeping up with security and compliance.
dieortin 29 days ago [-]
I’m sure the people who designed Teams and Meet use their own products on a daily basis. And if those are crap, what’s a better alternative?
zelphirkalt 29 days ago [-]
It is funny, that even a Slack Huddle, something that's not even the core of Slack's function, is better than anything one gets with MS Teams. MS Teams is so laughably bad, I think I have never used a worse chat/voice chat/video chat program. Probably not even Skype in its single core days was worse, even though it ate one third of my single core CPU, just to have a call back then.
Etheryte 28 days ago [-]
In the early Skype days, that tradeoff made sense. Internet speeds across the globe were far from fast so they spent more CPU cycles on compression so they could save on bandwidth.
cc81 29 days ago [-]
What is it that is bad about it these days?
Lio 29 days ago [-]
Do they? Didn’t Microsoft force all its employees back to the office?
That doesn’t sound like they have faith in Teams themselves.
I use Teams every day and it can’t even do threading in channels properly. The spellchecker is unreliable and even copy and paste is occasionally patchy.
It is not a good product. I’d switch to Slack given the choice.
alternatex 28 days ago [-]
Teams is used in the Teams org that develops it in Microsoft yes. Source: I work on Teams free/consumer.
Not to say that the developers working on it are satisfied with it..
NeutralCrane 29 days ago [-]
Zoom + Slack
supportengineer 29 days ago [-]
Windows is a parasitic drag-on-the-team.
Now, if Microsoft creates a Microsoft Linux desktop OS, that would be something.
dpifke 29 days ago [-]
That's basically WSL.
My work laptop is Windows, and the only native applications I run on it are a web browser, Zoom, and the company's VPN software. Everything else runs inside WSL.
I greatly prefer Debian to Homebrew, so if I can't run actual Linux, this is (to me) superior to trying to develop on a Mac.
illusive4080 29 days ago [-]
I agree that Debian beats Homebrew. But wouldn’t a persistent Debian container on Mac be better? WSL is nothing more than a container on the system, no?
The Mac hardware is vastly superior to most Windows laptops, especially enterprise Windows laptops.
spankibalt 29 days ago [-]
> The Mac hardware is vastly superior to most Windows laptops, especially enterprise Windows laptops.
Man alive, what you mean is normie "Apple-style" Windows laptops with a bit of an "enterprise" makeover. Mobile enterprise workhorses (e. g. Panasonic, Getac)? Apple has no hardware in this segment. Detachables with extended five-year warranties plus certified dual-OS support? Nothing. Some of you fruit afficionados need to get out more.
dpifke 29 days ago [-]
With Windows 11, WSL has X and Wayland support, so you can run graphical applications as if they're native (e.g. share the same cut-and-paste buffer, switch between windows using alt+tab, and so on). It's also much easier to attach USB devices like Yubikeys to an already-running container than the last time I tried to do the same with Parallels. (That was quite a few years ago, so maybe it's gotten better.) You can also launch Windows applications from Linux, which is makes it trivial to control my (Windows-native) browser from within WSL.
I strongly disagree about Mac hardware vs. Thinkpads or Framework, but to each their own.
pjmlp 28 days ago [-]
My Thinkpad has CUDA and native Vulkan support, with hardware specs that are 1000 euros cheaper than getting the same capabilities on a Mac laptop.
Wingy 29 days ago [-]
You can do that at least for CLI apps with OrbStack. Not sure if it has X or Wayland support.
spankibalt 29 days ago [-]
> Windows is a parasitic drag-on-the-team.
Not in my industry. And workstations, mobile or otherwise, on the clock? You work with what's certified and available. But to be fair, "Apple people", praise the Great Maker, are utterly irrelevant here. Hardware- and software-wise.
rewgs 29 days ago [-]
> How does an aged post on this site go from +4 to -1 in the span of a few minutes?
I just down-voted you, so I contributed to that.
OP bent over backwards to make it clear that he didn't mean any offense, and you opened with "you sound like a problem employee."
rcbdev 29 days ago [-]
But, he truly does. That is not because they have caused any offence, it's just that this pattern of behaviour may indicate similar tendencies in other parts of the tech stack.
For example, if OP for some reason stops liking a maintainer of, say, RabbitMQ or PostgreSQL, they might be penetrant about switching a finished project to a different stack without any tangible reason, causing completely unnecessary headaches for the team.
dijit 29 days ago [-]
Using collaboration and productivity software as a proxy for how the company thinks about collaboration and productivity is, good, actually.
He didn’t say he doesn’t like Satya or Gates or whatever, he was clear that he doesn’t like the solution.
I just went back to a microsoft shop, and honestly while the company is great you can feel how the communication is stilted compared to my previous company. Those little edges, warts, unreliable loading moments and awkward loading times all sum up to people being disincentivised to create, edit and consume documents or even to chat.
This inexplicably drives meeting culture as async communication just doesn’t happen. I totally understand why its primarily MSFT shops that have RTO mandates.
kenjackson 28 days ago [-]
“I totally understand why it’s primarily MSFT shops that have RTO mandates.”
That just seems factually incorrect. I’ve seen no correlation on RTO and tools used. Do you have data on this?
dijit 28 days ago [-]
Only anecdotes across 20 or so companies (and: european ones).
Companies that use Teams as primary communication software have all had strong and non-negotiable RTO mandates, companies that use o365 and Slack allow exceptions for certain individuals and teams, but have also had RTO requirements.
Those that are using gsuite or are paying lip service to email and documents (excel, word etc) and using mostly Confluence and something like Slack for most communication are the only ones with proper flexible working.
Now, I could be wrong, and there's no public data to back this up. If I think about how I would construct such a dataset I can't even fathom how; even if I was to check every company with an RTO mandates MX records there would be no way to control for the sheer dominance of O365, and, no way to tell who is only playing lip service to their productivity suites.
I'd be interested in hearing other opinions, but like mentioned, it feels pretty universal. I haven't seen even a single exception to this, and I'm pretty old and I have friends across many companies.
A4ET8a8uTh0_v2 28 days ago [-]
<< you sound like a problem employee.
To be fair, any employee that knows their worth and is not afraid to treat the relationship the same way as the company is a problem for the company ( and thus: 'problem employee' ).
abc123abc123 28 days ago [-]
I disagree. He sounds like an excellent, intelligent, potentially attractive employee.
People who signal that MS is sh*t are always worthwhile to listen to. They have character and principles, and they know bad and good software when they see it.
Needless to say, in my company all microsoft products are banned and I would never hire microsoft fanboys.
tw04 28 days ago [-]
^^Microsoft may have its warts, but I don't know how someone can go from Excel to Google Sheets or Outlook to Gmail and think: this is just such a major upgrade I don't know how I existed in the past and I would never work someplace that uses Microsoft productivity tools.
Excel in particular, for any power user, sheets just doesn't hold a candle to its functionality. Outside of the valley Microsoft must still have a 10:1 ratio of corporate use, I never run across a customer that has made the switch.
dotancohen 28 days ago [-]
> How does an aged post on this site go from +4 to -1 in the span of a few minutes?
Oh, I can answer that one. It's happened consistently to me on HN when I post about a specific topic.
First, the post looses two points at once. When I see that, I know it's going to continue losing points consistently until it settles into -2 to -4. There is some trigger that starts with a loss of two points, and then continues down.
saltcured 28 days ago [-]
Addressing the "aged" part, I think people forget that timezones exist and so different global audiences may wake up and add their votes on a long-running comment chain here.
SergeAx 28 days ago [-]
I am not a Microsoft hater; in fact, I have been using Microsoft products since MS-DOS 3.3. But Outlook and its ecosystem are a horrible shit show and an indicator of terrible decision-making.
Google Workspace is an infinitely better productivity framework; there's no space for discussion here.
stickfigure 29 days ago [-]
I currently work in a Microsoft shop that has Slack. Everyone uses Slack and all the Microsoft tools, including email, are crickets. This was never the case in the Google shops; we still used email.
Outlook is objectively a terrible experience.
darkhorn 29 days ago [-]
Microsoft's softwares do not follow standards thus they hard to work with.
phs318u 28 days ago [-]
What? Are there UX "standards", the lack of which might impede an end-users experience of the product? Or are you referring to protocol and/or interoperability standards, which make it difficult for 3rd parties to integrate (though, looking at my current work desktop, I can see that Zoom integrates very well with Outlook).
darkhorn 28 days ago [-]
This was 2 years ago; compression in Azure Front Door works only when you enable caching in Azure Front Door. This is made up rule by Microsoft. It is not standard.
Also I was compressing my responses in my back-end but Azure Front Door was decompressing them. Why?!!!
coolestguy 29 days ago [-]
"using the biggest software suite tailored for offices/IT environments is a red flag"
honestly the things i read here sometimes hahaha
epistasis 29 days ago [-]
The idea that the most commonly purchased thing in the market is of mediocre quality should not be hard to accept, and neither should the idea that some people only want tk work with what they, personally, consider to be the best.
zelphirkalt 29 days ago [-]
If this is "tailored", then I don't even want to know what how bad other MS products are. Oh wait, we can see that in Windows in general. But then again MS Teams is worse. It's almost as if the more MS has its fingers on something, the worse it gets.
computerthings 28 days ago [-]
[dead]
photochemsyn 29 days ago [-]
The timeline here is interesting. Microsoft releases info and instructions for mitigation on July 19, and a more complete report on July 22nd, here's a copy of that:
Then according to this report, 'sometime in August' the exploit is used against the Honeywell-managed nuclear facility, since it wasn't patched, if I read correctly? So it really could have been anyone, and it's hardly just Russia and China who have a record of conducting nuclear espionage in the USA using their nation-state cybercapabilities (Israel?). As the article notes:
> "The transition from zero-day to N-day status, they say, opened a window for secondary actors to exploit systems that had not yet applied the patches."
Also this sounds like basically everything that goes into modern nuclear weapons, including the design blueprints. Incredible levels of incompetence here.
> "Located in Missouri, the KCNSC manufactures non-nuclear mechanical, electronic, and engineered material components used in US nuclear defense systems."
synapsomorphy 29 days ago [-]
Sharepoint is one of the worst, most bug-ridden softwares I've worked with.
It has a bug with Solidworks (3D design suite) that sporadically makes files completely un-openable unless you go in and change some metadata. They are aware of this, doesn't seem to be any limitation preventing them from fixing it, and it has sat unfixed for years.
Microsoft's cloud storage as a whole is an insane tangle where you never know where you'll find something you're looking for or whether it will work. Some things work only in browser, some only in the app, zero enumeration of these things anywhere.
Completely unsurprised and I'm sure there are many more vulnerabilities ripe for the picking.
VladVladikoff 29 days ago [-]
Every time I need to touch anything made my Microsoft lately I am met with multiple levels of glitchyness, straight up bugs, most frustratingly it’s so excruciatingly slow.
Recently I tried to configure a new subdomain to handle mail on 365 and even finding their DKIM configuration section was a mission. Once finding it, I learned that their DNS check fails to properly handle subdomains for email, so you have to put their DKIM keys against your root domain. Genius!
curvaturearth 29 days ago [-]
But wait! 35% of Microsoft's code is now written by AI so surely it will get better
int_19h 29 days ago [-]
Yep, especially after laying off several thousand veteran engineers (who, in many cases, were the only ones with a solid understanding of how a given product works as a whole, and why it is the way it is).
29 days ago [-]
throwforfeds 29 days ago [-]
I'm working on a gov contract right now and they're forcing everyone to migrate off of Slack and into Teams. I somehow have managed to avoid MS corporate products for the better part of two decades. People's tolerance to UX pain seems to be boundless in corporate/fed worlds.
29 days ago [-]
aidos 29 days ago [-]
We sync content to MS hosted Sharepoint using rsync. When the file arrives, they change the internal metadata inside the file, which changes the checksum, which causes rsync to think the content is different and needs syncing again.
Edit to say: this is for MS files like Excel docs
elygre 29 days ago [-]
Is that a supported method?
crmd 29 days ago [-]
Supported by who? Microsoft?
If a file server breaks basic Unix tools it should be unplugged and put in the garbage.
bArray 29 days ago [-]
Microsoft Word online deletes text in Firefox Linux (maybe others too) for at least two years now [1]. The one thing you want a text editor to do is be able to write text into a document, and somehow this bug goes unfixed. You would think it would be priority #1 for paying customers of Business Office 365 - and yet nothing.
It ended up being easier just to switch to paid Overleaf and teach our non-tech members how to write LaTeX and/or use the built-in editor. The documents are beautiful, Overleaf doesn't miss a beat and we are very happy with their solution.
Microsoft should be ashamed - I don't know how anybody would ever consider using them for any serious production work.
I am a social worker and SharePoint is unfortunately widely used by nonprofit agencies for storing client records. It's a real shame, but they can't afford anything better.
mmooss 29 days ago [-]
Why not use a file server and/or a simple database, even a CRM database (there must be FOSS ones)? What do you mean by "client records"?
bArray 28 days ago [-]
Some of it will be about reliability, i.e. the office burns down and Microsoft still hold a copy. Some of it will be about having a third-party that is "trusted" handle the most dangerous part - security. If SharePoint gets compromised there is plausible deniability that "we did everything we should do".
I know for example that some companies will hire subcontractors for high risk parts of a project, just so that there is somebody to blame if anything goes wrong.
rs186 29 days ago [-]
Not defending Microsoft in any way but my guess of what's happening:
* Too few people use Firefox to access Office online, they don't care
* Your organization is too small for them to care
bee_rider 29 days ago [-]
Firefox is the only browser other than Chrome (and derivatives) on their OS. The web is supposed to be multi-platform. I guess it isn’t that surprising that modern MS is happy to just live in Google’s ecosystem though.
bArray 28 days ago [-]
> * Too few people use Firefox to access Office online, they don't care
It's pretty much the majority of their Linux users. Firefox is often the default browser on many distros due to the Chrome/Chromium data sharing concern.
> * Your organization is too small for them to care
Then why even have a business tier if not for the support?
The result of Microsoft's current stance is simply that users look elsewhere. I mentioned Overleaf, but Google Docs is also a solid choice. For local editing we are using LibreOffice.
rs186 26 days ago [-]
> It's pretty much the majority of their Linux users.
Sure, but for heavy users of office 365, how many use Linux to begin with?
luckylion 29 days ago [-]
if they will lose data when you're on a rarely used browser, can you really trust them not to lose data in general?
"yes, your car exploded, but you were driving on a dirt drive way. it works just fine on the highway"
nairboon 29 days ago [-]
That bug has been around for years. I always wondered if that was deliberate. I guess that Microsoft support answer settles the question...
>Sorry for that we may have no enough resources about the Linux environment.
bArray 28 days ago [-]
> That bug has been around for years. I always wondered if that was deliberate. I guess that Microsoft support answer settles the question...
I remember years ago there was a browser demo, some kind of game I think, that would only be played on Internet Explorer. If you changed your User Agent string to be Internet Explorer, the demo would work entirely without issue. I think this was prior to Microsoft getting a large fine for not offering other browser choices.
> >Sorry for that we may have no enough resources about the Linux environment.
That is a difficult to parse sentence. "may" indicates uncertainty about the claim about to be made. "have no enough resources" seems to indicate that there is not enough engineering time available. "about the Linux environment" seems to indicate that it is a knowledge gap. Very strange.
mmooss 29 days ago [-]
> teach our non-tech members how to write LaTeX
How did that go? :)
bArray 28 days ago [-]
Far easier than it sounds. Essentially the advice was "copy something else that does what you want, and if you run into issues or want something new, just ask". For the most part they were able to edit and generate large parts of the documents without issue.
actionfromafar 29 days ago [-]
It's one of those semantic riddles. Because, once they know LaTeX they aren't non-tech anymore. :)
soupfordummies 29 days ago [-]
It's such a critical backbone to so many of their services but they treat it like a forgotten stepchild for the most part
eterm 29 days ago [-]
They've managed to mess up sharepoint even worse lately.
I went there to try to find where company meetings got recorded to.
I went to my sharepoint bookmark, which weirdly is www.office.com after some previous nightmare rebrand.
Except what used to be the way into your sharepoint files, is now just a full page copilot screen with no hint of where the fuck your files are.
Even though you've been visiting this bookmark for years, to get to your sharepoint files.
I do NOT want to ask copilot to dig out my files every time you want a file. I want to get back to the directory listing so I can find the directory listing to find the company meeting recording.
How does MS not understand that replacing all UX with copilot is not an improvement, and is not helping sell copilot.
tanseydavid 28 days ago [-]
MS has adopted the Winchester Mystery House model for architecture in Sharepoint.
cachius 29 days ago [-]
Did you find it eventually?
eterm 29 days ago [-]
Yes, via an old way into the system that specified the correct subdomain and folder path that I found from an old teams conversation.
I've no idea how to find the "proper" way into the system.
downrightmike 29 days ago [-]
Developed and maintained in China by Chinese nationals, with untechnical escorts overseeing their work.
ThinkBeat 29 days ago [-]
How large are the files?
synapsomorphy 29 days ago [-]
Kilobytes or single digit megabytes. It happens because Sharepoint sporadically alters created/edited metadata for any (?) file it stores. Most programs don't care about that but Solidworks does.
zelphirkalt 29 days ago [-]
Hahaha, how stupid must anyone be to deploy SharePoint anywhere near anything of national security relevance! How can it still be a thing, that anyone entrusted with such sensitive matter dates to even touch MS products of the kind of SharePoint? That includes the complete MS Office 365 disaster suite, MS Teams and Edge.
Sounds like they need to seriously redesign their security policies.
count 29 days ago [-]
I have some reaallllly bad news for you on that front.
belter 29 days ago [-]
Wait until you hear about the guy storing Top Secret Nuclear documents in the public toilet of his resort....
timeon 29 days ago [-]
Or the one that invites journalist to Signal group during combat mission.
In general you'll get downvoted if you're talking about any politician or political party. You are allowed to shit on (or advocate for) the government doing stuff tho.
jahewson 29 days ago [-]
What would you recommend instead?
baobun 29 days ago [-]
For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.
Decisions like these need to be done from first principles. SharePoint shouldn't even have been a contender here if looked at seriously. Do your own homework.
Havoc 29 days ago [-]
Think you answered just about everything except the question asked
rcbdev 29 days ago [-]
I think this guy wants OpenBSD running on a POWER-based Mainframe at every governmental organization.
saltcured 28 days ago [-]
Well, if you can't manage text emails with BSD mailx from the CLI, you probably shouldn't be working on nuclear weapons in the first place...
mmooss 29 days ago [-]
> For security-critical or sensitive situations, auditability should be a requirement. That implies access to source code and capabilty to build it.
Vendors can be accountable without providing source code, for example through contracts specifying performance.
I don't know how large Sharepoint's source is, though it has many components and I assume there is quite a bit of code. Auditing the source code of something like Microsoft Office seems almost impossible.
> first principles.
What does that mean in this context?
LoganDark 29 days ago [-]
Doesn't Microsoft have government programs that grant source code access for products like Windows and (probably) SharePoint?
givemeethekeys 29 days ago [-]
But, look at everything we get for free! /s
bhewes 29 days ago [-]
As a company that supports OT systems we hate seeing level 5 in the Purdue model with direct write access to level 1 and 0.
cj 29 days ago [-]
Link describing the acronyms in the above comment:
Thanks CJ, I live with that chart, but forget maybe most don't. And to add 4 to level 2-0 can also be an attack vector, but seeing straight 5 to 1-0 happens more then people want to admit even with the "firewalls"
schnitzelstoat 28 days ago [-]
It seems like it was a minor incident affecting only a few systems and the real nuclear systems are airgapped anyway, so they were never at risk.
Sensationalism gets more clicks though I guess.
tedggh 29 days ago [-]
If it is that bad why don’t we see it being exploited at scale? I work with many Fortune 500 companies and I would say 9/10 use SharePoint. Also some deployments are much better than others, so I would rather say many implementations of SharePoint are shit but if done right it’s actually pretty solid. There’s really no better alternative unless you want to maintain 5-10 separate tools owned by multiple vendors. I also don’t get the hate for Teams. I use Zoom, Slack even Discord for work and don’t have strong feelings for Teams. I can take calls, join meetings from my calendar, record them and summarize them with Copilot. I don’t need anything else and Teams does that just fine. I do like Discord ability to share multiple screens and jump into a channel to collaborate, particularly useful when debugging or pair programming.
dijit 29 days ago [-]
Most people treat Sharepoint for what it is, and only expose it internally.
With Microsoft pushing o365 the “new” Sharepoint is SaaS instead, so Microsoft is exposing it to the internet on your behalf, but then they make a lot of effort to patch it and use WAFs on your behalf instead.
OutOfHere 29 days ago [-]
Whoever puts a nuclear fission facility on the internet should be put behind bars.
GuB-42 29 days ago [-]
It is not a nuclear fission facility, it is "a plant that produces the vast majority of critical non-nuclear components for US nuclear weapons".
The also targeted the IT side, not the operational side, which, according to the article is likely to be airgapped. Even sensitive production facilities need some internet access, people work there and like everyone else, they need food, office supplies, toilet paper, etc... they can't be cut off the rest of the world completely.
OutOfHere 29 days ago [-]
Something tells me they also use it to order operational side materials, including nuclear gear and materials, from the IT side. To expose this on the internet screams of idiocy.
GuB-42 28 days ago [-]
How are they supposed to contact their suppliers without email? Even for phone calls, they are probably using some kind of VoIP. For sensitive communication, they most likely encrypt and sign their messages on the airgapped side before moving it to the internet facing side and sending it using regular email.
Not having internet access at all is like not having your building connected to public roads. That makes it harder (but not impossible) for bad guys to come, but it is so much of a hassle that almost no one does that. Instead, they use gates and checkpoints.
Same idea for internet access. They have internet access, but they have security systems, from traditional firewalls and VPNs to airgaps.
Security is about letting the good guys in while keeping the bad guys out, the latter is meaningless without the former. That's why security is hard, if is was just about blocking everything, it would be easy, but nothing would be done.
OutOfHere 28 days ago [-]
Thank you for your patience. The document portal and access to it probably should have remained airgapped.
29 days ago [-]
29 days ago [-]
phs318u 28 days ago [-]
For the Outlook haters out there here's my 2c of anecdata. At home I use BetterBird, at work Outlook, and I used to use Apple Mail/Calendar on my phone. I access multiple mailboxes: Microsoft 365, Google Workplace and Apple iCloud.
1. There is no planet on which BetterBird/Thunderbird is better than Outlook as a mail client. None.
2. I hate having my mail and calendar apps separated, so on the phone moved from Apple Mail+Calendar to the Outlook iOS app. Been using it for a couple of years. Can't imagine going back.
In my experience, the Outlook client provides features I want in a way that is usable across multiple clients. While I use BetterBird on my personal linux laptop (mainly for sync, so I always have a local copy of my mailboxes), I also use the web Outlook client (much more usable).
On Linux I've also used Evolution - not a massive usability difference with the FooBird. If anyone can recommend a combined mail + calendar client for Linux that is polished and power-user functional, and can work well with differing mailbox providers, I'd love to give it a try.
gizzlon 28 days ago [-]
Thunderbird is a good email client, and much better IMO than all web clients.
Haven't used Outlook propper on Windows for a long time. But I did not like it, and I seriously doubt I would like it today.
Have you used Thunderbird without Exchange? Is the calender functionality you don't like? (haven't used it)
MSSQL is one of the few Microsoft products I would consider to be genuinely decent. Like, there's a lot of idiosyncratic stuff there (but then that's also true for Oracle), yet the feature set and stability are good.
lenerdenator 29 days ago [-]
Side gripe:
I'm sitting here with a very performant computer running its native web browser.
It's ridiculous that I kept losing my place in that article because the page kept getting shifted to fit yet another damn ad (there were at least three in-view at all times as I was looking at it) onto the screen.
Either make the ads fast and don't load the page until they're all there, or better yet, admit that online content isn't a way to make your private equity group even more obscenely rich, and cut back on the monetization that you put on it.
> The Department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.
Are they completely disillusional? They nuclear arsenal is running on Microsoft M365?
zastai0day 29 days ago [-]
Looking at the comments, it seems like everyone is just busy arguing about Microsoft versus other companies. Does anyone actually care about how this SharePoint vulnerability was exploited?
If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.
mikewarot 28 days ago [-]
How is this anything more than an Operating System issue? You should be able to run anything you want without risking the system. Systems that are both usable and secure were developed in the 1970s and 80s.
reenorap 29 days ago [-]
There needs to be a law that all nuclear and nuclear-adjacent facilities have no connection to the Internet. The fact it's allowed is unbelievable.
fujigawa 29 days ago [-]
It's believable when the industry has pivoted to pushing SaaS garbage in every place imaginable to the point that on-prem solutions don't exist anymore. Do you expect them to not use email either?
Remember, the industry told us we're in a 'zero trust' world now. The network perimeter is an anachronism.
OTOH you know damn well they keep the important stuff airgapped, in which case the title (and your predictable reaction) is just fanning the flames. It could very well be they 'breached' the receptionist's PC she uses to browse Facebook to pass the time.
IAmBroom 29 days ago [-]
I have some sad news for you, about the realities of "airgapped security" IRL.
It starts with military officers using the hallway photocopiers for secure documents, and ends with TS docs stored in a Florida hotel's restroom.
ninalanyon 29 days ago [-]
Email is much easier to secure.
> receptionist's PC she uses to browse Facebook to pass the time.
Why does 'her' PC have access to the internet?
azalemeth 29 days ago [-]
While we're at it "and not use Microsoft products". Literally every time a story like this surfaces...
dimitrios1 29 days ago [-]
That's more of a form of survivorship bias. Microsoft continued to maintain its lockdown on government IT and infrastructure through the decades, over the alternatives.
BeetleB 29 days ago [-]
> While we're at it "and not use Microsoft products".
I'm not sure if Oracle would be better.
Razengan 29 days ago [-]
I don't think any Microsoft Surfaces were involved in this..
bink 29 days ago [-]
From the article:
> OT cybersecurity specialists interviewed by CSO say that KCNSC’s production systems are likely air-gapped or otherwise isolated from corporate IT networks, significantly reducing the risk of direct crossover. Nevertheless, they caution against assuming such isolation guarantees safety.
This was also not a nuclear facility, however. The article says it makes "non-nuclear components".
In my experience auditing critical infrastructure, most facilities are "air gapped". I put that in quotes because while you can't browse the Internet from the control network(s), there are ways to exfiltrate data. The managers, engineers, regulators, and vendors need to know what is going on in real-time. Back in the day this could've been a serial port connecting two systems for a one-way feed. Now I imagine it's something far more sophisticated and probably more susceptible to abuse.
As an example, you might have a collection of turbines manufactured by GE and GE needs to have real-time data coming from them for safety monitoring and maintenance. The turbines might have one connection for control traffic and another for monitoring. How to secure these vendor connections was always a debate.
Ah yes, "likely air-gapped", what a high-confidence statement. Any competently designed air-gap must be precisely auditable and demonstrably, positively air-gapped.
The only world where "likely" is a reasonable word is in reference to possible physical taps or a precise enumeration of physical access points that went unaudited, but have reliably followed safe access control/configuration procedures. Anything else is plain incompetence.
jcrawfordor 29 days ago [-]
KCNSC is a large organization that will have hundreds of distinct networks at different risk and control levels. Every variation of "public internet" to "single-site air-gapped network" probably exists there, including many levels in between like multi-site secure networks and networks with limited internet connectivity. Many networks air airgapped, this sometimes means that they consist of a small number of assets in a single room, and it sometimes means that they have connectivity to airgapped enclaves of AWS and hundreds of other military, government, and contractor sites. All of these controls will have been determined by a combination of risk scoring, compliance policies, legal requirements, office politics, and happenstance. Multiple contracting authorities will periodically audit many of these networks against various standards, which may or may not allow connectivity to specific other networks depending on risk levels. Connectivity between networks is sometimes controlled by NSA accredited cross-domain solutions and multi-level security systems that enforce complex policy, in other cases it's controlled by an administrative assistant with a DVD burner. There will be case-by-case risk analysis decisions made for specific systems, ultimately signed off by a government official who may or may not have read them. Inevitably some of these will appear reasonable and cautious in retrospect and others will not.
The root fault with this article, and the resulting discussion, is the extent to which it generalizes over one of the larger organizations in a very complex part of the defense industrial complex. Many parts of KCNSC's operations are absolutely not exposed by this incident. Other parts absolutely are. Determining which fall into which category, and to what extent that is acceptable, keeps quite a few people employed.
fintler 29 days ago [-]
They have multiple networks. One of them is definitely airgapped (red for RD). The medium security one is protected by annoyingly strict network ACLs (yellow for ITAR). Then there's a low security one for stuff like sharepoint (green).
This article is full of nonsense and speculation.
Veserv 29 days ago [-]
The standard you linked literally talks about: "High Impact BES Cyber Systems with External Routable Connectivity" and "Remote Access Management" for "High Impact BES Cyber Systems". That explicitly indicates non-airgapped critical systems. Furthermore, the proscribed auditing specifically spells out "network diagrams or architecture documents" as good evidence. Obviously, that is a high level document, but I see nothing to indicate robustness against state-level actors which are a expected threat.
philipallstar 29 days ago [-]
> Anything else is plain incompetence.
It's an answer from talking heads, not from people from the facility.
nathanmcrae 29 days ago [-]
How do you go about positively demonstrating such a system is air-gapped?
fintler 29 days ago [-]
Speaking from past experience with the DoE (I'm happy I don't need to deal with security like this anymore), there were constant and randomized checks to make sure fiber cables (they were all fiber to make it harder to tamper with and to avoid accidental RF) were fully visible (e.g. not hidden under a desk or something) and not tampered with. Also, lots of locks and doors, both electrical and mechanical. The guy at the front desk with a big gun probably helped too.
tcoff91 29 days ago [-]
Wasn't the internet literally created by the military for military comms? The decentralized routing was in part to ensure that comms could survive some areas being taken out by nuclear weapons.
SoftTalker 29 days ago [-]
As the effect of yesterday's AWS event demonstrates, the major Amazon, Microsoft, and Google data centers are surely top tier targets in every adversary's war plans.
The decentralized internet is less of a reality today than it was years ago.
diggan 29 days ago [-]
Don't we have more internet submarine cables and less single points of failure in our internet infrastructure today than years ago? If so, shouldn't that make it easier to route around failures?
The web though I agree isn't very decentralized.
Root_Denied 29 days ago [-]
Considering that the AWS outage took out a lot of lines of communication (email, video, chat systems) for both commercial and government entities, I'd say that US-East-1 is a pretty big single point of failure. Even if it didn't result in infrastructure impact directly, if there was some kind of infrastructure issue and you had delayed or unavailable communications, how would you know? How quickly could a response be mounted? There's some parts of the infrastructure that could damage themselves irreparably in the time it would take to to fix the outage or get comms routed through a backup channel - like parts of the electrical grid or water treatment plants.
An attacker (read: nation-state actor) wouldn't even need to take down US-East-1, it could just take advantage of the outage.
I assume (hope?) there's some kind of backup comms plan or infra in place for critical events, but I don't actually know.
SoftTalker 29 days ago [-]
Maybe yes in that regard. But in the past, most organizations ran their own mail and web servers. Software supporting the business ran on-prem. Now they use Google or Azure or AWS. So business and civilian usage, at least, seem more vulnerable now.
HippyTed 29 days ago [-]
We sacrificed resillience for effeciency. Now things are much more fragile and liable to exploitation.
1718627440 29 days ago [-]
That's fine, when all the nodes run autonomously and the internet is only used for real information sharing. What we now have is that the nodes are display control servers and all the computation and storage happens externally. That is not how it was designed by the military.
philipallstar 29 days ago [-]
The very very earliest form of some of the protocols involved it were, yes. But not really now at all. That "internet" would not be worth using.
1970-01-01 29 days ago [-]
Wasn't it literally designed for that specific task? As a robust C&C system during nuclear war? The fact that we're doing it wrong doesn't mean we need to pull the plug on everything. How else do you survive WWIII?
That only works, if the nodes still operate just fine, without the Internet.
groby_b 29 days ago [-]
You don't. Internet or not.
ferguess_k 29 days ago [-]
I heard that once you put up a website on the public internet, it would immediately gets attacked by all kinds of scanners or other worse things. Not sure if it's true as I'm not a web guy.
rtldg 29 days ago [-]
All IPv4 addresses, domains (maybe more so for recently-registered ones), and subdomains from Certificate Transparency Logs (for HTTPS certs) are all constantly checked and poked.
pdntspa 29 days ago [-]
Back in the day, I made the mistake of hooking up a fresh Windows XP (at least I think it was; pre-SP2) install directly to the internet. There was no firewall or NAT to protect me. The machine got pwned almost immediately.
fragmede 29 days ago [-]
It's still true!
> What happens if you connect Windows XP to the Internet in 2024?
Every public IPv4 address is port scanned multiple times a day.
pdntspa 29 days ago [-]
Watching my website's firewall and ssh logs show all the various hacking attempts is calming in the same way that watching waves crash on to the shore is.
diggan 29 days ago [-]
More like looking a thin net preventing mosquitoes from biting your skin, as there is some intention behind it, not just physics.
ta1243 29 days ago [-]
Which really isn't a problem, unless you're being scanned so much your bandwidth is being overwhelmed. Certainly not the case for me, despite having port 80 and 443 open
tgv 29 days ago [-]
I have a server that has a slow (5s) response to unknown pages, returns it as 200, and makes the next failing request even slower (for unauthenticated users). That seems to keep the number of requests limited. Perhaps I should just drop the connection after a certain number of requests.
BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.
eks391 29 days ago [-]
Do you configure this in your firewall? How can I replicate this?
fragmede 29 days ago [-]
what firewall do you use?
tgv 28 days ago [-]
It's in the "404" handler of the backend. It should be possible to write a caddy or nginx module for it.
ferguess_k 28 days ago [-]
Damn that's like Blood War in DND...
1718627440 29 days ago [-]
Per day? per minute or second.
aerostable_slug 29 days ago [-]
IIRC Carnegie Mellon did a study years ago which showed that you could not unbox a new Windows machine, connect it "directly" to the Internet, and get it fully patched before it was pwned.
hypeatei 29 days ago [-]
> needs to be a law that all nuclear and nuclear-adjacent facilities have no connection to the Internet
You want to make everything about a nuclear facility bespoke and subject to air-gapped drift? What about the guard booth that verifies peoples access, the receptionist who schedules meetings, and the janitor who wants to watch YouTube on his break? It seems unrealistic to lump everything that goes on at a nuclear facility under this umbrella.
reenorap 29 days ago [-]
Opening up the internet to a nuclear facility so that the janitor can watch Youtube seems preposterous. People can afford to do things slower for the sake of security. Having things typed out, verifying security via phone calls, etc like it's the 1970s seems reasonable to me. Does it really matter if things aren't fully optimized for speed and convenience in nuclear facilities?
aerostable_slug 29 days ago [-]
IRL the way we do it is separating the business network (Youtube, finance people, HR, etc.) from the operational network (relays and sensors). You use data diodes to send business-critical data from the operational network to the business network.
Also, the Kansas City Plant is like a watchmaker's factory, not a power plant. They make widgets and gewgaws, not literally split atoms.
hypeatei 29 days ago [-]
> really matter if things aren't fully optimized for speed and convenience in nuclear facilities
For hiring and retaining people, yes. It's understood that the "guts" of what's happening at these facilities needs to be locked down to the max. But, for supporting roles you need to be able to bring people in off the street without 1) a bunch of specialized training on your bespoke way of doing things, and 2) making your employees less attractive on the job market.
Just my opinion, though. Maybe I'm completely off base but it doesn't seem like a good idea to me long-term.
0_____0 29 days ago [-]
Being airgapped didn't help Iran avoid Stuxnet.
sgjohnson 29 days ago [-]
That also had a HUMINT element.
aspenmayer 29 days ago [-]
It’s possible that the (un)timely demise of the individual involved also had a HUMINT element as well.
> Dutch engineer Erik van Sabben allegedly infiltrated the Natanz nuclear facility on behalf of Dutch intelligence and installed equipment infected with Stuxnet. He died two weeks after the Stuxnet attack at age 36 in an apparent single-vehicle motorcycle accident in Dubai.
> A programming error later caused the worm to spread to computers outside of Natanz. When an engineer "left Natanz and connected [his] computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed." The code replicated on the Internet and was subsequently exposed for public dissemination. IT security firms Symantec and Kaspersky Lab have since examined Stuxnet. It is unclear whether the United States or Israel introduced the programming error.
Also bearing mention is Flame, which is often left out when Stuxnet comes up, but which was allegedly part of the wider operation.
> “We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.
> The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.
There is likely a small number of people who could collectively list out the events it _did_ help Iran avoid.
dylan604 29 days ago [-]
It is funny to read this kind of comment knowing at the same time this kind of stuff was happening while the launch codes were 0000000 or some such non-secure code. At same time, the computers in the nuclear launch facilities were still using 5.25" floppies. I did wonder how often they were loading updates from those, if ever.
jayd16 29 days ago [-]
You mean its a bad idea to slap a Starlink dish in the same building as the nuclear football?
boringg 29 days ago [-]
Which breach was that again?
wslh 29 days ago [-]
Microsoft could have been sold this with a special "nuclear license".
schnitzelstoat 28 days ago [-]
The nuclear systems are air-gapped. So this is already the case.
porridgeraisin 29 days ago [-]
Fine, keep it on the internet. But SharePoint, seriously? A 15 year old version of nginx pointed to the ~/.ssh folder is more secure.
KaiserPro 29 days ago [-]
I mean there were also rules about non-sanctioned network connections in the pentagon, or using only sanctioned apps to discuss secrets, but thats not really been enforced recently.
JumpCrisscross 29 days ago [-]
> needs to be a law that all nuclear and nuclear-adjacent facilities have no connection to the Internet
Why the special treatment for nuclear? Do you really think redlining a dam or storm-levee system would be less damaging?
Also, turning off internet connections means less-capable remote shut shut-off. Less-responsive power plants. Fewer eyes on telemetry.
We should be mindful of what is and isn't connected to the internet, and how it's firewalled and--if necessary--air gapped. That doesn't mean sprinting straight for the end zone.
doublerabbit 29 days ago [-]
> Also, turning off internet connections means less-capable remote shut shut-off.
Why does it have to be remote what's wrong with it being in-house? Besides a shut-off should never be able to be triggered remotely.
The same goes for digital emergency shut off buttons; all should be physical.
> Less-responsive power plants.
What? How is remote any more responsive than physical workers being in-house?
If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet.
JumpCrisscross 29 days ago [-]
> Why does it have to be remote what's wrong with it being in-house?
Nothing wrong with it being in house. But having a back-up is never bad.
> How is remote any more responsive than physical workers being in-house?
If the on-site workers are incapacitated. It's a remote (hehe) risk. But so is foreign hackers doing anything with our nukes.
> If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet
If you're fine paying 50s power prices again, sure, I'm sure a power company would happily run their plants retro style.
fragmede 29 days ago [-]
> When expressed in constant 2019 dollars, the average price of electricity in the United States fell from $4.79 per kilowatt-hour in 1902 (the first year for which the national mean is available) to 32 cents in 1950.
> $0.32 is $0.41 accoreit BLS, which is less than I'm paying today
Out of curiosity, what was the real power price where you live in the 60s?
fragmede 28 days ago [-]
Had a long back-and-forth with ChatGPT and it says, accounting for inflation, that it's roughly the same from the 50s and the 60s versus today.
IAmBroom 29 days ago [-]
> But having a back-up is never bad.
It is always an increase in risk, in a security sense.
tehjoker 29 days ago [-]
good argument against having nukes
JumpCrisscross 29 days ago [-]
One can paraphrase the joke about democracy for nukes. Having nukes is the worst, other than every situation where you don’t have nukes and the other guy does.
tehjoker 28 days ago [-]
Most of the other guys get nukes because we have nukes and threaten them militarily. They're very expensive, countries don't want them unless they need a deterrent, and we're often the main threat.
HippyTed 29 days ago [-]
The one exception I can think of is remote shutdown in the face of a rapid natural disaster. Like how the japanese train network is set to shut down rapidly when a high power quake is detected.
But that is very geography dependant.
HippyTed 29 days ago [-]
Just wait until these places get flooded with vibe coded stuff that even those deploying it have little understanding. What could go wrong!?
Sleep well.
ninalanyon 29 days ago [-]
Why is a weapons plant using any cloud services?
buyucu 28 days ago [-]
If you use a Microsoft product for anything security sensitive, you only have yourself to blame when it inevitably goes wrong.
29 days ago [-]
29 days ago [-]
AJRF 29 days ago [-]
Does this kind of thing happen to China + Russia?
I don't see news about that much - but to be fair, I am not looking for it.
enkonta 29 days ago [-]
They may also be less likely to admit it or allow any reporting on it
ThinkBeat 29 days ago [-]
yes.
but it doesn't get covered by western media.
much like how NATO airplanes violating Russian airspace
is not reported about either.
mmooss 29 days ago [-]
> much like how NATO airplanes violating Russian airspace is not reported about either.
How do you know it's happening?
tryauuum 29 days ago [-]
Yes, recently some russian airline was hacked, they also used microsoft mail servers
29 days ago [-]
wiredbox 29 days ago [-]
Newsflash; nation state, or state sponsored hackers will gain access one way or another. The vector here just happens to be Sharepoint, but could've easily been something else, like a good old social engineering attack.
ninalanyon 29 days ago [-]
Reducing the attack surface by not using cloud services would still help.
darepublic 29 days ago [-]
That guy who jumped the office chair will be the end of us all
zkmon 29 days ago [-]
The jump was amazing though! At his age.
mrguyorama 29 days ago [-]
When I try to access sharepoint files in my browser, the site goes through 37 redirects (thanks single sign on) shows all the files, then despite me very obviously being fully authenticated, it pops up a modal that says "sign in to see files", and I click "Cancel" and then I get to actually interact with the files.
What?
Gee, who would have guessed this isn't secure.
AtNightWeCode 29 days ago [-]
No, they did not breach anything through SharePoint. The flaw is that IDIOTS exposed these servers to the Internet. I am very pro holding vendors accountable but this is just stupid. "Pro-tip" btw. SharePoint installations often have the pw sharepoint, sharepoint123, sharepoint-123 and so on in various casing and delimiters.
highfrequencyy 29 days ago [-]
they breached it* meaning that they had access to their "Welcome !" page in sharepoint lol.
ubermonkey 29 days ago [-]
A flaw? In Sharepoint?
I'm shocked. Shocked, I tell you.
MetroWind 28 days ago [-]
It's SharePoint. shrug~
exabrial 29 days ago [-]
Say it ain’t so. Another Microsoft security problem? Inconceivable!
stefantalpalaru 29 days ago [-]
[dead]
nsm1232 29 days ago [-]
[dead]
nsm1232 29 days ago [-]
[dead]
nakamoto_damacy 29 days ago [-]
Microsoft is a national security threat but no one cares because they automate genocide.
nakamoto_damacy 29 days ago [-]
[flagged]
36280132928226 29 days ago [-]
[flagged]
connorgurney 29 days ago [-]
What a worthwhile contribution to the thread, though an ironic one, considering that you're echoing the very same sentiment - albeit reversed - that the person to whom you're replying did.
Rendered at 20:23:45 GMT+0000 (UTC) with Wasmer Edge.
(btw, this story is more about unintended consequences instead of MSFT)
- I own an alerting system
- For log based alerts, it looks for a keyword e.g. "alert_log"
- I make a spreadsheet to track data about alerts and call one of the sheets "alert_log"
- Alert system starts going crazy: using tons of CPU, number of alerts processed goes through the roof but not a lot of alerts generated
- Turns out that I was using the cloud version of Excel so any text entered transited the firewall
- Firewall logs store the text "alert_log"
- Alert system thinks it's an alert BUT it's not a real alert so triggers an alert processing alert
- That second alert contains the text from the firewall log and so cycle begins
In other words, systems can operate in weird ways and then cause things to happen you didn't anticipate. It's why things like audits, red teaming and defense in depth all matter.
Don't use Exchange? Cool, what should we use instead? Does it support 15 people all the way up to 150000 people? I used to run Exchange cluster for 70k people, is there other mail software out there complete with non-shared disk redundancy? Where the users connect to single endpoint and software figures it out from there?
Sharepoint with another 2 RCEs. Not shocked, the software is terrible. However, it's only software that will stand up under load and let us shard it easily. All open-source software is one of those, runs fine in Homelab, likely falls down under load. Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
Finally, it's somewhat backwards compatible. Most businesses are filled with ancient software that no one has worked on in 20 years. That Excel document with Macros from 1997. With some registry changes degrading security posture, still works. I doubt you will find Office software with level of backwards compatibility unless they are using Microsoft Office level of compatibility.
Microsoft has real gordian knot here and few solutions besides "Backwards compatibility is OVER. Upgrade to modern or GTFO". Meanwhile, I get hit up by $ThreeJobsAgo over some Exchange Web Services solution I slapped together for them in Python they wanted me to upgrade to GraphAPI since Microsoft turned off Exchange Web Services in Office365.
Just like with Windows, Microsoft has built a moat with Exchange, but the question is why do all the companies buy into their full ecosystem, especially for anything relating to web technologies (you even bring up Exchange Web Services), because this they do really badly, and Sharepoint seems to be the worst.
However, I am certain there are big Postfix/Dovecot installations scaling easily to 150k people, but we probably wouldn't know about them. Eg. here a couple of accounts of people doing that: https://www.reddit.com/r/linuxadmin/comments/32fq67/how_woul...
Fastmail today would be much bigger again, and they’re on CMU Cyrus.
150k is rookie numbers. Perhaps that was meant ironically to satirise mediocre enterprise thinking?
It's a serious post, unfortunately.
But at the same time, within an org of 150k people, we have separate people to support our Teams usge, our Outlook usage, our AD/Entra usage: with the same number of "sysadmins", could we do the same with open source stack?
I don't know, but I know the bugs I see with MS365.
In any case, Exchange is not just email, it has Calendaring/Contacts stuff going on as well.
Try managing a calendar or booking resources.
But no, people get self backdoored by using Exchange... Or clolud :) Or AI hosted by someone else...
Old manager I had one told me: "I wish Microsoft made all the software in the world because it works so well together!" He was the guy who bought our company a one-way ticket to O365. He was also woefully tech ignorant and could barley drive software outside of office programs.
Sure, PostFix/DoveCot will scale if you are doing just email. Once you add GroupWare requirements, PostFix/Dovecot are no longer in same boat.
https://haraka.github.io
There are plenty of open source email alternatives now days.
If you’re using exchange/outlook, you’re using Active Directory.
The only real “altetnative” is the reimplementation in samba v4.. calling that an alternative is a bit of a stretch. And it barely scales to one user let alone millions like AD can
Ldap is also not Active Directory. Ldap is one very small part of it
Market pressures dominate nuclear weapons development?
Microsoft was founded in 1975. The standard for SMTP wasn't published in 1981. Most early predecessors were the late 70s.
In 1971 Ray Tomlinson sent the first mail message between two computers on the ARPANET, introducing the now-familiar address syntax with the '@' symbol designating the user's system address.[2][3][4][5] Over a series of RFCs, conventions were refined for sending mail messages over the File Transfer Protocol. Several other email networks developed in the 1970s and expanded subsequently.
Proprietary electronic mail systems began to emerge in the 1970s and early 1980s. IBM developed a primitive in-house solution for office automation over the period 1970–1972, and replaced it with OFS (Office System), providing mail transfer between individuals, in 1974.
No one wants to go back to that.
Or the government could pay people to work on said open source software, providing a benefit to the public along the way. The US government started something like this called "18F" under the Obama administration. It was so effective at making software that was useful to the American public that Trump promptly shut it down 2 months into his second term, in no small part because they had the temerity to develop free-to-use tax filing software.
See
https://handbook.tts.gsa.gov/18f/history-and-values/ https://web.archive.org/web/20250000000000*/https://handbook... https://archive.is/CIXG1
and
https://www.lawfaremedia.org/article/learning-from-the-legac... https://web.archive.org/web/20250000000000*/https://www.lawf... https://archive.is/fmaf6
Isn't sharepoint just a file share server? (Ive never used it)
I'm sure solutions like samba or an ftp server hold up fine under the load. Its really more a UI question.
[0] https://en.wikipedia.org/wiki/SharePoint
I hate SharePoint, but i use/administer it every day and it works, mostly.
Exposing it to the internet is a mistake. Why anyone would do that is beyond me.
All just empty claims without showing any evidence. Did you ever set up a multi-client syncthing setup to test your theories about it falling over? Or do you have any references, pointing us to analysis, that shows, that any such tool doesn't hold water? What about some bit torrent setups? There are many options in this space, and one doesn't even have to lump synchronization and viewing in a web UI into one service. If one doesn't, then there are many tools that can accomplish the job better than Sharepoint.
And btw. paid MS Office doesn't even hold water for some 80 people, delivering me my e-mails some half an hour later, at a snail's pace, one or two a minute, while my 1 EUR per month free software using e-mail provider (posteo) manages to give me all my new e-mail almost instantly, the moment I open Thunderbird.
Yes, there is other tools, none of them is as integrated as Microsoft suite except other cloud only options like Google Workspace and other cloudy software.
If they are, it’s enormous personal red flag. MSFT is very popular so I’m only speaking about my own experience, but I have learned over the course of 20 years that an MSFT IT stack is highly correlated with me hating the engineering culture of an organization.
I know I am excluding a lot of companies with great engineering culture where I would thrive and who just happen to use Outlook/Sharepoint/Teams, etc. but it has had such better predictive power of rotten tech culture than any line of questioning I have come up with during interviews that I still use it.
I don’t mean any disrespect to MSFT-centric engineers out there - it’s not you it’s me.
The best company I ever worked at, provided every software engineer both a Mac laptop and a Linux desktop as standard equipment.
If they're also making you use Outlook or especially Teams then they're going to start losing "points".
H1Bs use Microsoft products more than others? Or they do it because they have to…or what??
Please explain yourself.
Also yes, due to availability and various other reasons, H1bs, particularly from India, seem more likely to use a MSFT stack.
“Nobody ever got fired for choosing MSFT” goes hand in hand with “if we don’t exploit the H1B system to get cheap coders who won’t sue us or try to organize then someone else will.”
Using FOSS, hiring citizens, treating employees well, actually innovating and producing great products, all hang together. Sadly, such companies and people are increasingly rare in tech, because the tech oligarchs fund bad people and bad products because they are often greedy egoists whose wealth is derived from being in the right place at the right time, or from what I call “moral arbitrage” (doing things others are too ethical to consider) rather than deriving wealth from actual talent or ingenuity. Ymmv
Libreoffice Calc and Excel are probably your strongest argument, Excel runs the world after all.
But, if it wasn’t for incompatibility and fear of incompatibility- I have a hard time thinking Calc is materially worse; I doubt theres a single workflow not possible in Calc- and if O365 utils get worse looking then Calc will win there too soon enough.
For everything else in the microsoft stack, either its “this thing does many things thus is incomparable to any one thing!” or its simply worse.
Even the best tools that I would actively defend (MSSQL) are only equivalent to other solutions (PGSQL) and almost never better than everything offered elsewhere.
I've seen companies with varying levels of MS product integration but Outlook is pretty foundational.
Now, if a company says they use SharePoint or Teams to store their documentation, run to the hills. Wikis or bust.
Teams macOS client? Crashes on startup, even after clearing all of my user data.
Teams iOS client? You can join a call by a link, but you can't see the call UI because it's behind the login window.
Teams on Firefox? No video support for years, and most recently just glitches out and shows an empty page when trying to join.
Teams on Chrome? Tried joining a meeting, and was told by the organizers that they couldn't admit me because the button wasn't doing anything.
I've had all four of these things happen within the last month, and it's made me want to tear my hair out. I get that none of these are "Microsoft Edge/native Windows client", but they could at least pretend to care about other platforms...
Note that MX records are misleading here. They have no false positives, but are full of false negatives --- daisy-chaining MTAs is common, and since Microsoft owns the mailbox, it's invariably last in the chain. So the MX record will show something like Proofpoint (pphosted) or Mimecast or an internal company host, when really it's Microsoft in the end.
Recently it's all been gmail/google workspaces.
Every company I worked for before or since just used IMAP.
It's never just Teams or SharePoint or a wiki. It's almost always some abomination created by putting various bits of knowledge on all three. Also, corporate wikis suck because how your team classifies data is almost invariably different from how someone else wants to see it.
SharePoint, for all of its flaws, typically gets used by the major announcement-and-policy makers at a company, because they just want to use MS stuff (primarily out of ignorance of alternatives), so at least it's somewhat coherent for everyone in the company.
My direct employer uses GSuite (and Google docs as a source of record is as bad as a 2000s file share)
Mid-sized businesses (100-1000 employees): around 60-70%
Small businesses: more variable, maybe 40-60%
this reply was written by “AI” :)
$ dig ycombinator.com mx
The companies not using Microsoft, are using Google. Which in my experience is equally or measurably worse.
Just personal data points, but every avowed Microsoft hater I've ever worked with has been... difficult. Like a-drag-on-the-team-because-he-refuses-to-use-company-tools difficult.
Edit: How does an aged post on this site go from +4 to -1 in the span of a few minutes?
I don't think I was ready for how bad it is. Not going to go into an inventory of it all, but I'll admit I genuinely lost it when I discovered that the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized. There's no reliability baseline; if it's broken to the point the amount of work you can do is zero, just open a ticket with support, who will add yet another bit of duct tape or just reboot something somewhere and ask you if the problem went away somehow.
I think possibly the coworkers who don't look away from the emperor's non-clothed-ness, and the higher standards that they drive, may be more valuable to have around than you imagine, if you can get past the bad emotions that their lucidity gives you.
Says it's unthinkably bad then proceeds to give only one example. There are several other issues you can list.
>the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
I wonder when that issue ever happened since I'm always ssh'd into my homelab via the terminal for days and never had to restart it since it never froze.
>The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized.
Microsoft didn't make the culture like that, the managers were always like that which made them choose Microsoft because they just choose the biggest corporate name brand supplier. It's your typical old-school MBA.
I've worked at all-MS shops and at all-Linux shops, and despite the issues with MS tech, the all-MS shops were far less toxic and pleasant to work at as people treated it as a 9-5 job instead of their own personal start-up project that needs to strictly conform to their world view, therefore the linux-shops I worked at tended to attract more of the toxic problem employees like your grandparent whos work life revolved around tech evangelism than pragmatism, which I didn't like since I just wanted to get work done and go home, not participate in some crusade at work to judge and shame choices of OS/IDE/languages/frameworks/tools the company should be using. As long as I get paid, I'll use any widely available tool, I don't really care.
Mindset explains the other users complaint perfectly I guess. I suppose it comes to how one views and feels about work. Take pride in your work? Dont go MS shop. Don't care and are just there to get paid? MS shop.
that attitude explains why I can no longer edit calendar evemts in the android app unless I turn the phone sideways, and a deluge of other issues with MS products that reek of sloppy low effort work.
Yes, how dare SW engineers work to just put food on the table for their families, and not fight your imaginary tech revolution against MS-shops?
> Take pride in your work? Dont go MS shop.
Sorry buddy, but I work the SW equivalent of "putting the fries in the bag", my work has no impact on the tech issues in your life, and I don't live in The Valley, or the US, or some major international tech hub where hip, non-MS jobs fall from trees in order to make an impact, and so MS shops make the brunt of the jobs market where I live. Should I go homeless and hungry just to virtue signal on HN on how righteous I am via your self-defined Russian nesting doll of obscure purity tests?
>that attitude explains why [...]
Hate to break it to you, but some people on HN like you guys in this thread, are so over privileged with your career opportunities, that their delusions take over rationality and common sense views of the reality outside their bubble, and think the rest of the world must conform to your viewpoints or else they're somehow the "evil ones" responsible for the issues you perceive.
By all means feel free to have your own beliefs and values that differ from others, just don't try to virtue signal, judge others, or impose your view on others, as nobody likes such obnoxious arrogant people on their high horse thinking they're on the right side of history and everyone else is wrong. Live and let live, that's my life's mantra.
I'm not saying that you cannot work in an MS-shop. I am just saying that the attitudes I see reflected in the comments supporting MS-shops explain why MS-shop output looks the way it does.
Ultimately, it comes down to company culture not individual developers. I wouldn't hold devs accountable for what is a systemic issue, in fact I am grateful there are those devs who don't care about taking pride in their work who can survive in an MS-shop without it draining their reason for being. If not for them, positions in places where taking pride in your work doesn't come at personal cost would be far more competitive.
However, that doesn't mean it isn't worth calling out an emerging pattern of MS-shops being the kind of place incompatible with wanting to take pride in your work.
You want to provide value to your customers and anything getting in the way of that should be a frustration, not something we just accept. Stagnation will lead to decline that is very difficult to reverse. I don’t know what you do, but thank you for your perspective and disposition and for admonishing the above attitude.
What about those who are not able to? Because your argument falls flat on tis face once if you remove that part.
I don’t like that people just work for a paycheck. I understand why and it’s very hard to argue against people doing it and not caring when their managers or the companies they work for don’t care about them in return. The Cambrian Explosion of solved problems will lead to an deluge of catastrophes when a large percentage of those systems fail unless people take care to transmit the “why” to the future stewards of these systems.
That's why I also said "international tech hubs" because that's were it's easier to find non-MS jobs outside the US. But it seems that passed over your head and you spent 3 sentences to go on a tangent on how much you hate the US even if the US wasn't my point.
>an emerging pattern of MS-shops being the kind of place incompatible with wanting to take pride in your work
There's plenty of non MS-shops that make SW just as bad, if not much more worse and evil than MS-shops (nefarious Facebook and Google spy-/ad-ware isn't done in a Microsoft shop). SW stack is just a tool and a tool does not define one's character just how whether you use DeWalt or Makita doesn't. Which is why I dislike your binary/black-or-white view on this topic as it screams ideological zealotry, short sightedness or even borderline discriminatory.
Taking "pride in your work" in the context of working for someone else's SW corporation, is mostly a luxury belief of privileged people who have the luxury of choice in the labor market, while for most folk, labor is done just as a way to pay bills, while taking pride is reserved for activities with hobbies, family, children and friends.
You don't need to "take pride in your work" to be a kind person and functioning member of society, but it seems it's just a virtue signaling purity test by the "holier than though" crowd of tech workers.
Microsoft Office usage is highly predictive of lots and lots of other choices.
Job sites could do with this as a filter. Even more specifically, ‘Teams’.
https://news.ycombinator.com/item?id=30264591
Why subject yourself to something you know you’ll hate every day if you can avoid it?
Is that being entitled? Plenty of people don’t have such choices, sure!
If so, who cares? Live your life, make your decisions. Don’t let jealous people make your life miserable.
Personally, I’d rank it as:
1. Google meet (as good as a gvc program can get for actual meetings, near as I can tell). Best when you have a group of people who are somewhat co-ordinated and not malicious though.
2. Zoom (not great for actual meeting quality, like audio/video, but not bad - and has a lot of useful tools and workflow stuff, especially for larger groups of strangers. I get it)
3..24 - every other random product.
25. Teams (lots of random bugs, worse than zoom for actual meeting quality, tons of silly MS’isms when trying to actually use it, somehow doesn’t work well for groups of people working together OR for groups of strangers, etc).
MS is the king of the package deal and ‘check box sales’, so they are impossible to avoid for long however.
My personal "sample size" is too small to be sure, but I worry that Teams usage is poisonous to collaboration and engineering culture.
I do wonder if they tried to push teams for text chat before I got there and were shot down. Management seems fairly receptive to some amount of give and take when it comes to decisions about office tooling e.g. I was cited as “the reason” engineers still have access to Figma Dev Mode, and I can’t say we had more than a handful of vocal people pushing to keep it. Company size is somewhere between 200-500 iirc
The web client is pants, though.
Do you even read your ‘weekly digest’?
/s
Including IRC.
The zoom fascination is pretty weird. It’s literally Webex 3.0 without Cisco bullshit.
Slack is pretty awesome. It wouldn’t factor in selecting an employer, but that’s just me.
Why? It's much better than Teams, if for no other reason than Teams just got deprecated on MacOS Monterey and that's really annoying. Or rather not for just that reason, but for the reason that Teams is Microsoft's 10th biggest priority, whereas video calling is Zoom's only priority, so they make a better product.
(1) host an up to date Zulip version
(2) setup or rent a Jitsi Meet or other open source / free software voice + video chat solution. Jitsi Meet might be a bit difficult to properly set up, compared to Zulip, because of extra things needed, like TURN server and in general the complexities of web RTC. Maybe renting that for some < 10 EUR is fine for a company.
(3) Configure Zulip to have for example `/jitsi` or `/meeting` for creating meetings right out of Zulip.
(4) Setup other integrations, that exist for Zulip.
(5) Setup backups for the Zulip database. It is just a postgres database. One can dump it and move the dump to a backup store.
If this is too much, for example because the company doesn't have the knowledge in their employees to manage this, then one can also rent Zulip hosted solutions.
Getting away from Salesforce alone is in my opinion already worth it.
It worked pretty well, I do wish Zulip had better ability to generate links from the video call button, it works really well with Jitsi this way.
The only issues I’ve found with Zulip is how it looks and training people to use it right. I’ve had a lot of comments that Zulip has ruined people because they realised how good it is only after they stopped using it, and can tell that everything is so much worse, but the whole time they used it- they hated it.
The other issue, if we can call it as such, is that there’s not that many native third party integrations, we had to write our own bots for some pretty basic things. But writing bots is so much easier in Zulip than Slack (and for Teams its a lesson in genuine masochism) so I give them a pass.
Yes, though Zoom came first, Webex copied their UI during the covid Zoom craze.
Like, if a fighter jet pilot came and told all American jets are equally weak and overcomplicated and ineffective, it probably tells more about that pilot than about the jets.
I don't know if that's the case, but that would be the idea.
I wouldn't be surprised if many people find that smaller companies are more fun/interesting to work at, so even if this were only filtering out large companies checking for MS could be helpful.
Developer’s quality of life might differ.
Hard to say what the actual office environment would end up like (plenty of toxic nerds out there), but I’ve worked for CEOs who were devs, and I even when they were terrible people, I never once hated the development part of the job.
The fact that it's so widespread in our corporate culture is more indicative of how enshittified it is. Now, realistically, we might not be able to avoid it because of that, but let's not pretend that it's not shit.
Yes, it’s not great, but so what?
It tells the company values price more than capability.
I asked in my company why we use SharePoint and the answer was name a better alternative. So I asked an better alternative to do what? I never got an answer.
File hosting, web application hosting and integrating with Office.
Oracle support took the cake however, but that was with a commercial support license and a weird bug triggered by a newly released feature (never do that!) in Oracle DB, many years ago. ORA-600 errors for the ‘win’.
The "Google lacks support" chorus we hear frequently is more associated with their free tier.
Microsoft support has been very good. Google support was abysmal and very "you're dumb, we're smart because we're Google" style.
And we pay money for support to both organizations.
OP doesn't like working for people that have bad tools mandated by the company. He uses a proxy measure to determine this beforehand.
The other poster had problems with people like OP because they don't use the (bad) tools provided by the company.
It doesn't sound wrong from either side. It's actually a win-win for both if they don't meet, which would mean OPs strategy is great for both. It might preclude OP from some opportunities though if the filter is too wide.
I personally do think that if you mandate the wrong tools you will never get the best developers, because great developers are very picky about the tools they use. It can be a bit too extreme in some cases, but I've rarely seen anybody that is good at this job and not very opinionated in some way or the other.
In most cases the problem is mandating though, if you give recommendation but allow deviations from that recommendation within reason you can usually get everybody to be happy.
Definitely not.
Maybe it can be argued that it depends on how you use it, but meet is so far and away better for video calls and screen sharing, its not even funny.
Jitsi is also an incredible improvement, and it is self hostable and free.
Teams is likely the worst software that a company will force on all its employees- with that in mind, I guess some people can get stockholm syndrome? Some people who only jump from MSFT shops literally don’t know that there’s anything better. They went from Communicator to Lync to Skype for Business and now to Teams- and Teams is better than those just about.
That doesn’t sound like they have faith in Teams themselves.
I use Teams every day and it can’t even do threading in channels properly. The spellchecker is unreliable and even copy and paste is occasionally patchy.
It is not a good product. I’d switch to Slack given the choice.
Not to say that the developers working on it are satisfied with it..
Now, if Microsoft creates a Microsoft Linux desktop OS, that would be something.
My work laptop is Windows, and the only native applications I run on it are a web browser, Zoom, and the company's VPN software. Everything else runs inside WSL.
I greatly prefer Debian to Homebrew, so if I can't run actual Linux, this is (to me) superior to trying to develop on a Mac.
The Mac hardware is vastly superior to most Windows laptops, especially enterprise Windows laptops.
Man alive, what you mean is normie "Apple-style" Windows laptops with a bit of an "enterprise" makeover. Mobile enterprise workhorses (e. g. Panasonic, Getac)? Apple has no hardware in this segment. Detachables with extended five-year warranties plus certified dual-OS support? Nothing. Some of you fruit afficionados need to get out more.
I strongly disagree about Mac hardware vs. Thinkpads or Framework, but to each their own.
Not in my industry. And workstations, mobile or otherwise, on the clock? You work with what's certified and available. But to be fair, "Apple people", praise the Great Maker, are utterly irrelevant here. Hardware- and software-wise.
I just down-voted you, so I contributed to that.
OP bent over backwards to make it clear that he didn't mean any offense, and you opened with "you sound like a problem employee."
For example, if OP for some reason stops liking a maintainer of, say, RabbitMQ or PostgreSQL, they might be penetrant about switching a finished project to a different stack without any tangible reason, causing completely unnecessary headaches for the team.
He didn’t say he doesn’t like Satya or Gates or whatever, he was clear that he doesn’t like the solution.
I just went back to a microsoft shop, and honestly while the company is great you can feel how the communication is stilted compared to my previous company. Those little edges, warts, unreliable loading moments and awkward loading times all sum up to people being disincentivised to create, edit and consume documents or even to chat.
This inexplicably drives meeting culture as async communication just doesn’t happen. I totally understand why its primarily MSFT shops that have RTO mandates.
That just seems factually incorrect. I’ve seen no correlation on RTO and tools used. Do you have data on this?
Companies that use Teams as primary communication software have all had strong and non-negotiable RTO mandates, companies that use o365 and Slack allow exceptions for certain individuals and teams, but have also had RTO requirements.
Those that are using gsuite or are paying lip service to email and documents (excel, word etc) and using mostly Confluence and something like Slack for most communication are the only ones with proper flexible working.
Now, I could be wrong, and there's no public data to back this up. If I think about how I would construct such a dataset I can't even fathom how; even if I was to check every company with an RTO mandates MX records there would be no way to control for the sheer dominance of O365, and, no way to tell who is only playing lip service to their productivity suites.
I'd be interested in hearing other opinions, but like mentioned, it feels pretty universal. I haven't seen even a single exception to this, and I'm pretty old and I have friends across many companies.
To be fair, any employee that knows their worth and is not afraid to treat the relationship the same way as the company is a problem for the company ( and thus: 'problem employee' ).
People who signal that MS is sh*t are always worthwhile to listen to. They have character and principles, and they know bad and good software when they see it.
Needless to say, in my company all microsoft products are banned and I would never hire microsoft fanboys.
Excel in particular, for any power user, sheets just doesn't hold a candle to its functionality. Outside of the valley Microsoft must still have a 10:1 ratio of corporate use, I never run across a customer that has made the switch.
First, the post looses two points at once. When I see that, I know it's going to continue losing points consistently until it settles into -2 to -4. There is some trigger that starts with a loss of two points, and then continues down.
Google Workspace is an infinitely better productivity framework; there's no space for discussion here.
Outlook is objectively a terrible experience.
Also I was compressing my responses in my back-end but Azure Front Door was decompressing them. Why?!!!
honestly the things i read here sometimes hahaha
https://archive.ph/plNZU
Then according to this report, 'sometime in August' the exploit is used against the Honeywell-managed nuclear facility, since it wasn't patched, if I read correctly? So it really could have been anyone, and it's hardly just Russia and China who have a record of conducting nuclear espionage in the USA using their nation-state cybercapabilities (Israel?). As the article notes:
> "The transition from zero-day to N-day status, they say, opened a window for secondary actors to exploit systems that had not yet applied the patches."
Also this sounds like basically everything that goes into modern nuclear weapons, including the design blueprints. Incredible levels of incompetence here.
> "Located in Missouri, the KCNSC manufactures non-nuclear mechanical, electronic, and engineered material components used in US nuclear defense systems."
It has a bug with Solidworks (3D design suite) that sporadically makes files completely un-openable unless you go in and change some metadata. They are aware of this, doesn't seem to be any limitation preventing them from fixing it, and it has sat unfixed for years.
Microsoft's cloud storage as a whole is an insane tangle where you never know where you'll find something you're looking for or whether it will work. Some things work only in browser, some only in the app, zero enumeration of these things anywhere.
Completely unsurprised and I'm sure there are many more vulnerabilities ripe for the picking.
Recently I tried to configure a new subdomain to handle mail on 365 and even finding their DKIM configuration section was a mission. Once finding it, I learned that their DNS check fails to properly handle subdomains for email, so you have to put their DKIM keys against your root domain. Genius!
Edit to say: this is for MS files like Excel docs
If a file server breaks basic Unix tools it should be unplugged and put in the garbage.
It ended up being easier just to switch to paid Overleaf and teach our non-tech members how to write LaTeX and/or use the built-in editor. The documents are beautiful, Overleaf doesn't miss a beat and we are very happy with their solution.
Microsoft should be ashamed - I don't know how anybody would ever consider using them for any serious production work.
[1] https://learn.microsoft.com/en-us/answers/questions/5216132/...
I know for example that some companies will hire subcontractors for high risk parts of a project, just so that there is somebody to blame if anything goes wrong.
* Too few people use Firefox to access Office online, they don't care
* Your organization is too small for them to care
It's pretty much the majority of their Linux users. Firefox is often the default browser on many distros due to the Chrome/Chromium data sharing concern.
> * Your organization is too small for them to care
Then why even have a business tier if not for the support?
The result of Microsoft's current stance is simply that users look elsewhere. I mentioned Overleaf, but Google Docs is also a solid choice. For local editing we are using LibreOffice.
Sure, but for heavy users of office 365, how many use Linux to begin with?
"yes, your car exploded, but you were driving on a dirt drive way. it works just fine on the highway"
>Sorry for that we may have no enough resources about the Linux environment.
I remember years ago there was a browser demo, some kind of game I think, that would only be played on Internet Explorer. If you changed your User Agent string to be Internet Explorer, the demo would work entirely without issue. I think this was prior to Microsoft getting a large fine for not offering other browser choices.
> >Sorry for that we may have no enough resources about the Linux environment.
That is a difficult to parse sentence. "may" indicates uncertainty about the claim about to be made. "have no enough resources" seems to indicate that there is not enough engineering time available. "about the Linux environment" seems to indicate that it is a knowledge gap. Very strange.
How did that go? :)
I went there to try to find where company meetings got recorded to.
I went to my sharepoint bookmark, which weirdly is www.office.com after some previous nightmare rebrand.
Except what used to be the way into your sharepoint files, is now just a full page copilot screen with no hint of where the fuck your files are.
Even though you've been visiting this bookmark for years, to get to your sharepoint files.
Ok, so you search bing sign into sharepoint.
Top result is office.com . You ignore it.
Next result is:
https://support.microsoft.com/en-gb/office/sign-in-to-sharep...
This links you to https://m365.cloud.microsoft/
Ok great. Nope! Redirects you back to copilot.
I do NOT want to ask copilot to dig out my files every time you want a file. I want to get back to the directory listing so I can find the directory listing to find the company meeting recording.
How does MS not understand that replacing all UX with copilot is not an improvement, and is not helping sell copilot.
I've no idea how to find the "proper" way into the system.
Sounds like they need to seriously redesign their security policies.
Decisions like these need to be done from first principles. SharePoint shouldn't even have been a contender here if looked at seriously. Do your own homework.
Vendors can be accountable without providing source code, for example through contracts specifying performance.
I don't know how large Sharepoint's source is, though it has many components and I assume there is quite a bit of code. Auditing the source code of something like Microsoft Office seems almost impossible.
> first principles.
What does that mean in this context?
https://www.paloaltonetworks.com/cyberpedia/what-is-the-purd...
Sensationalism gets more clicks though I guess.
With Microsoft pushing o365 the “new” Sharepoint is SaaS instead, so Microsoft is exposing it to the internet on your behalf, but then they make a lot of effort to patch it and use WAFs on your behalf instead.
The also targeted the IT side, not the operational side, which, according to the article is likely to be airgapped. Even sensitive production facilities need some internet access, people work there and like everyone else, they need food, office supplies, toilet paper, etc... they can't be cut off the rest of the world completely.
Not having internet access at all is like not having your building connected to public roads. That makes it harder (but not impossible) for bad guys to come, but it is so much of a hassle that almost no one does that. Instead, they use gates and checkpoints.
Same idea for internet access. They have internet access, but they have security systems, from traditional firewalls and VPNs to airgaps.
Security is about letting the good guys in while keeping the bad guys out, the latter is meaningless without the former. That's why security is hard, if is was just about blocking everything, it would be easy, but nothing would be done.
1. There is no planet on which BetterBird/Thunderbird is better than Outlook as a mail client. None.
2. I hate having my mail and calendar apps separated, so on the phone moved from Apple Mail+Calendar to the Outlook iOS app. Been using it for a couple of years. Can't imagine going back.
In my experience, the Outlook client provides features I want in a way that is usable across multiple clients. While I use BetterBird on my personal linux laptop (mainly for sync, so I always have a local copy of my mailboxes), I also use the web Outlook client (much more usable).
On Linux I've also used Evolution - not a massive usability difference with the FooBird. If anyone can recommend a combined mail + calendar client for Linux that is polished and power-user functional, and can work well with differing mailbox providers, I'd love to give it a try.
Haven't used Outlook propper on Windows for a long time. But I did not like it, and I seriously doubt I would like it today.
Have you used Thunderbird without Exchange? Is the calender functionality you don't like? (haven't used it)
I'm sitting here with a very performant computer running its native web browser.
It's ridiculous that I kept losing my place in that article because the page kept getting shifted to fit yet another damn ad (there were at least three in-view at all times as I was looking at it) onto the screen.
Either make the ads fast and don't load the page until they're all there, or better yet, admit that online content isn't a way to make your private equity group even more obscenely rich, and cut back on the monetization that you put on it.
(809 points, 447 comments) https://news.ycombinator.com/item?id=44629710
US Nuclear Weapons Agency Breached in Microsoft SharePoint Hack (18 points) https://news.ycombinator.com/item?id=44654869
Are they completely disillusional? They nuclear arsenal is running on Microsoft M365?
If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.
Remember, the industry told us we're in a 'zero trust' world now. The network perimeter is an anachronism.
OTOH you know damn well they keep the important stuff airgapped, in which case the title (and your predictable reaction) is just fanning the flames. It could very well be they 'breached' the receptionist's PC she uses to browse Facebook to pass the time.
It starts with military officers using the hallway photocopiers for secure documents, and ends with TS docs stored in a Florida hotel's restroom.
> receptionist's PC she uses to browse Facebook to pass the time.
Why does 'her' PC have access to the internet?
I'm not sure if Oracle would be better.
> OT cybersecurity specialists interviewed by CSO say that KCNSC’s production systems are likely air-gapped or otherwise isolated from corporate IT networks, significantly reducing the risk of direct crossover. Nevertheless, they caution against assuming such isolation guarantees safety.
This was also not a nuclear facility, however. The article says it makes "non-nuclear components".
In my experience auditing critical infrastructure, most facilities are "air gapped". I put that in quotes because while you can't browse the Internet from the control network(s), there are ways to exfiltrate data. The managers, engineers, regulators, and vendors need to know what is going on in real-time. Back in the day this could've been a serial port connecting two systems for a one-way feed. Now I imagine it's something far more sophisticated and probably more susceptible to abuse.
As an example, you might have a collection of turbines manufactured by GE and GE needs to have real-time data coming from them for safety monitoring and maintenance. The turbines might have one connection for control traffic and another for monitoring. How to secure these vendor connections was always a debate.
Btw, there are strong cybersecurity regulations around critical infrastructure. CIP-005-07 covers security perimeters. You can view them here: https://www.nerc.com/pa/Stand/Reliability%20Standards%20Comp...
The only world where "likely" is a reasonable word is in reference to possible physical taps or a precise enumeration of physical access points that went unaudited, but have reliably followed safe access control/configuration procedures. Anything else is plain incompetence.
The root fault with this article, and the resulting discussion, is the extent to which it generalizes over one of the larger organizations in a very complex part of the defense industrial complex. Many parts of KCNSC's operations are absolutely not exposed by this incident. Other parts absolutely are. Determining which fall into which category, and to what extent that is acceptable, keeps quite a few people employed.
This article is full of nonsense and speculation.
It's an answer from talking heads, not from people from the facility.
The decentralized internet is less of a reality today than it was years ago.
The web though I agree isn't very decentralized.
An attacker (read: nation-state actor) wouldn't even need to take down US-East-1, it could just take advantage of the outage.
I assume (hope?) there's some kind of backup comms plan or infra in place for critical events, but I don't actually know.
https://ieeexplore.ieee.org/document/5432117
> What happens if you connect Windows XP to the Internet in 2024?
https://youtu.be/6uSVVCmOH5w
BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.
You want to make everything about a nuclear facility bespoke and subject to air-gapped drift? What about the guard booth that verifies peoples access, the receptionist who schedules meetings, and the janitor who wants to watch YouTube on his break? It seems unrealistic to lump everything that goes on at a nuclear facility under this umbrella.
Also, the Kansas City Plant is like a watchmaker's factory, not a power plant. They make widgets and gewgaws, not literally split atoms.
For hiring and retaining people, yes. It's understood that the "guts" of what's happening at these facilities needs to be locked down to the max. But, for supporting roles you need to be able to bring people in off the street without 1) a bunch of specialized training on your bespoke way of doing things, and 2) making your employees less attractive on the job market.
Just my opinion, though. Maybe I'm completely off base but it doesn't seem like a good idea to me long-term.
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Histor...
> Dutch engineer Erik van Sabben allegedly infiltrated the Natanz nuclear facility on behalf of Dutch intelligence and installed equipment infected with Stuxnet. He died two weeks after the Stuxnet attack at age 36 in an apparent single-vehicle motorcycle accident in Dubai.
https://en.wikipedia.org/wiki/Erik_van_Sabben
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Histor...
> A programming error later caused the worm to spread to computers outside of Natanz. When an engineer "left Natanz and connected [his] computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed." The code replicated on the Internet and was subsequently exposed for public dissemination. IT security firms Symantec and Kaspersky Lab have since examined Stuxnet. It is unclear whether the United States or Israel introduced the programming error.
Also bearing mention is Flame, which is often left out when Stuxnet comes up, but which was allegedly part of the wider operation.
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Signif...
> The Washington Post reported that Flame malware was also part of Olympic Games.
https://www.washingtonpost.com/world/national-security/us-is... | https://web.archive.org/web/20220322045917/https://www.washi... | https://archive.is/6hRl7
> “We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.
> The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.
https://en.wikipedia.org/wiki/Flame_(malware)
Why the special treatment for nuclear? Do you really think redlining a dam or storm-levee system would be less damaging?
Also, turning off internet connections means less-capable remote shut shut-off. Less-responsive power plants. Fewer eyes on telemetry.
We should be mindful of what is and isn't connected to the internet, and how it's firewalled and--if necessary--air gapped. That doesn't mean sprinting straight for the end zone.
Why does it have to be remote what's wrong with it being in-house? Besides a shut-off should never be able to be triggered remotely.
The same goes for digital emergency shut off buttons; all should be physical.
> Less-responsive power plants.
What? How is remote any more responsive than physical workers being in-house?
If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet.
Nothing wrong with it being in house. But having a back-up is never bad.
> How is remote any more responsive than physical workers being in-house?
If the on-site workers are incapacitated. It's a remote (hehe) risk. But so is foreign hackers doing anything with our nukes.
> If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet
If you're fine paying 50s power prices again, sure, I'm sure a power company would happily run their plants retro style.
https://spectrum.ieee.org/electricity-its-wonderfully-afford...
$0.32 is $0.41 accoreit BLS, which is less than I'm paying today (I live somewhere with expensive electricity), so I'd enjoy the discount if they did!
https://data.bls.gov/cgi-bin/cpicalc.pl?cost1=0.32&year1=201...
Out of curiosity, what was the real power price where you live in the 60s?
It is always an increase in risk, in a security sense.
But that is very geography dependant.
Sleep well.
I don't see news about that much - but to be fair, I am not looking for it.
How do you know it's happening?
What?
Gee, who would have guessed this isn't secure.
I'm shocked. Shocked, I tell you.