Notices by Steve Syfuhs (stevesyfuhs@hachyderm.io)

@GossiTheDog yes, and you made an impact in how things happen internally. I'm not denying that. My point is that we listened, and jumping to conclusions about how this behaves after doing a ton of work based on the things you raised, without seeing what changed does not help. If it's a pile of crap after you've had a chance to see the new security work then yeah, I'll eat my words.

@GossiTheDog *had*. Operative word. Leaked states of things are a poor substitute for shipping features. All I'm saying is complaining about a car not having air bags while it's still on the assembly line isn't necessarily productive.

@GossiTheDog it's a little more complicated than that. In some ways it was a lot better than the things you heard. In some ways it was a lot dumber than the things you heard. Regardless, the shipping version has much better security controls in place and folks are being more mindful of how this can go poorly.

@GossiTheDog whether they'd *actually* pay you is a whole other thing

@GossiTheDog I'll refrain from commenting on antitrust, but I can say the MSPAC basically did an about-face the last couple years after you left where contributions and bullshit politicking have improved significantly. I can't say I agree with everything they support, but it had gotten better.

@GossiTheDog @malwaretech oh yeah, I can only imagine how incredibly stupid the compensation differences are in the US compared to outside

@malwaretech @GossiTheDog I won't defend the practice, but the argument is that we provide a better work life balance than...other...companies and that contributes to "the deal". I think the balance part is genuinely true comparatively and that's not nothing, but it still means I can and would make more most other places. The shittiness that Kevin has encountered is pretty lousy though. I don't think that's unique to the company. Shitty humans gonna shit.

@hacks4pancakes @lauren heck, I don't even trust the government websites when they require that

@jmorris certainly more so than the version with the virus

@GossiTheDog I thought both Mars and the moon used real NASA graphics to plot out landmarks?

@adrianco @GossiTheDog there's some cherrypicking in that statement. HSMs are already used throughout the environments in most places requiring key storage. Clearly one was not used here and that's a big problem.

@adrianco @GossiTheDog to poorly mix analogies, one does not simply turn a $3T cargo ship on a dime. We *do* have incredibly strong security programs throughout the company, but clearly there are gaps that Kev is rightfully skewering us on. The trick is not to fill in those gaps bit by bit, but to build out the program so future gaps fill themselves. Takes time. Lots of it isn't publicly visible.

@GossiTheDog kev you're one of my favorite people here but for the love of all things holy clean your desk man!

Good news! We're hiring another junior developer! School plus a year or more of experience or no school and a few years of experience. Platform experience a bonus. That is: low level stuff, OS stuff, C/C++.

https://jobs.careers.microsoft.com/global/en/job/1666568/Software-Engineer

It's a thanksgiving miracle! My Bluehat presentation was uploaded earlier today. As usual, any and all criticism shall be met with ugly crying.

https://www.youtube.com/watch?v=zlhoAYsSd4c

https://syfuhs.net/deprecating-ntlm-is-easy-and-other-lies-we-tell-ourselves

Fun fact: latest Windows Server preview contains all sorts of interesting security goodies including fun stuff with Kerberos.

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/whats-new-active-directory-domain-services-insider-preview

In which we continue the deathening of NTLM.

Rumor has it we will have more news soon.

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206