• ed_cock@feddit.de
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    7 months ago

    In a healthy marketplace, these would be fireable offenses. Regrettably, the marketplace is far from healthy — Microsoft has the government locked in as a customer, so the government’s options for forcing change at Microsoft are limited, at least in the short term.

    And that’s why nothing will happen to MS, except maybe line go down a bit. But then line will go up again so it’s all good.

    Kinda annoyed by articles like this making it sound like security wasn’t always an afterthought at MS though. It’s just that it’s even worse with everything being forced online to push SaaS revenue.

    Them just quietly throwing the towel when it comes to Bitlocker getting circumvented on Windows 10 because the recovery partition is too small is only the tip of that shitberg.

    As long as decision makers will flip their shit when they can’t have PowerPoint and Outlook the company will just keep on trucking’

      • 4am@lemm.ee
        link
        fedilink
        English
        arrow-up
        14
        ·
        edit-2
        7 months ago

        Current Win11 update fails if the recovery partition doesn’t have enough space. Microsoft says it won’t fix the problem, users have to resize their own partition first.

        That’s fine for nerds. Grandma doesn’t know what the fuck a hard disk even is.

        (Edit: not sure what the bitlocker problem is in relation to this)

      • ed_cock@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        @4am@lemm.ee already explained most of it, Bitlocker comes into play because the recovery environment can be booted without needing to provide the recovery key for Bitlocker, the vulnerability that is being patched additionally allows bypassing the need to log into it.

        That said, Microsoft frequently disables Bitlocker anyway to do OS updates, it really only works if you enable the additional pin feature.

    • sic_1@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      7 months ago

      What I don’t get is that there is not even a discussion about repercussions, regardless of what country is affected. The money paid annually to M$ would be sufficient to equip any government computer with Linux and develop Linux based variants for any special case software needed.

      I mean I get why there is no change, their lobbyists are entrenched as hell, but there isn’t even a discussion!

  • Shawdow194@kbin.social
    link
    fedilink
    arrow-up
    9
    ·
    6 months ago

    Microsoft has the government locked in as a customer, so the government’s options for forcing change at Microsoft are limited, at least in the short term.

    Who would’ve guessed that a monopoly really sucks in a free market… oh yeah. Every single American citizen who also feels like they have 1 option of brand to buy from for 99% of purchases

  • Godort@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Currently, Microsoft directs the vast majority of their security investments in revenue generating roles instead of internal security roles

    This is understandable as they have an obligation to their shareholders to try to be profitable. Fixing things that are broken costs money and ignoring them while spending those resources elsewhere can make money.

    • Tinidril@midwest.social
      link
      fedilink
      English
      arrow-up
      7
      ·
      7 months ago

      Thanks for explaining why basic societal infrastructure - even digital infrastructure - doesn’t belong in the hands of private corporations.

    • thesmokingman@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      I’m assuming Poe’s Law here and I laughed pretty hard.

      Paying down tech debt is a huge part of providing shareholder value. Executives might mistakenly believe it’s not. At some point your customer experience degrades too much and people leave unless you’re balancing new functionality against paying down debt. Or, in this case, you’ve made a business model of never paying down debt and taken over the market while executing a flawless regulatory capture.