(809 points, 447 comments) https://news.ycombinator.com/item?id=44629710
US Nuclear Weapons Agency Breached in Microsoft SharePoint Hack (18 points) https://news.ycombinator.com/item?id=44654869
I'm shocked. Shocked, I tell you.
Remember, the industry told us we're in a 'zero trust' world now. The network perimeter is an anachronism.
OTOH you know damn well they keep the important stuff airgapped, in which case the title (and your predictable reaction) is just fanning the flames. It could very well be they 'breached' the receptionist's PC she uses to browse Facebook to pass the time.
The decentralized internet is less of a reality today than it was years ago.
Why the special treatment for nuclear? Do you really think redlining a dam or storm-levee system would be less damaging?
Also, turning off internet connections means less-capable remote shut shut-off. Less-responsive power plants. Fewer eyes on telemetry.
We should be mindful of what is and isn't connected to the internet, and how it's firewalled and--if necessary--air gapped. That doesn't mean sprinting straight for the end zone.
Why does it have to be remote what's wrong with it being in-house? Besides a shut-off should never be able to be triggered remotely.
The same goes for digital emergency shut off buttons; all should be physical.
> Less-responsive power plants.
What? How is remote any more responsive than physical workers being in-house?
If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet.
It has a bug with Solidworks (3D design suite) that sporadically makes files completely un-openable unless you go in and change some metadata. They are aware of this, doesn't seem to be any limitation preventing them from fixing it, and it has sat unfixed for years.
Microsoft's cloud storage as a whole is an insane tangle where you never know where you'll find something you're looking for or whether it will work. Some things work only in browser, some only in the app, zero enumeration of these things anywhere.
Completely unsurprised and I'm sure there are many more vulnerabilities ripe for the picking.
You want to make everything about a nuclear facility bespoke and subject to air-gapped drift? What about the guard booth that verifies peoples access, the receptionist who schedules meetings, and the janitor who wants to watch YouTube on his break? It seems unrealistic to lump everything that goes on at a nuclear facility under this umbrella.
BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.
It ended up being easier just to switch to paid Overleaf and teach our non-tech members how to write LaTeX and/or use the built-in editor. The documents are beautiful, Overleaf doesn't miss a beat and we are very happy with their solution.
Microsoft should be ashamed - I don't know how anybody would ever consider using them for any serious production work.
[1] https://learn.microsoft.com/en-us/answers/questions/5216132/...
Sounds like they need to seriously redesign their security policies.
Recently I tried to configure a new subdomain to handle mail on 365 and even finding their DKIM configuration section was a mission. Once finding it, I learned that their DNS check fails to properly handle subdomains for email, so you have to put their DKIM keys against your root domain. Genius!
For hiring and retaining people, yes. It's understood that the "guts" of what's happening at these facilities needs to be locked down to the max. But, for supporting roles you need to be able to bring people in off the street without 1) a bunch of specialized training on your bespoke way of doing things, and 2) making your employees less attractive on the job market.
Just my opinion, though. Maybe I'm completely off base but it doesn't seem like a good idea to me long-term.
Nothing wrong with it being in house. But having a back-up is never bad.
> How is remote any more responsive than physical workers being in-house?
If the on-site workers are incapacitated. It's a remote (hehe) risk. But so is foreign hackers doing anything with our nukes.
> If power-plants operated efficiently back in the 50's without internet, they should be able to now without internet
If you're fine paying 50s power prices again, sure, I'm sure a power company would happily run their plants retro style.
Edit to say: this is for MS files like Excel docs
The web though I agree isn't very decentralized.
> OT cybersecurity specialists interviewed by CSO say that KCNSC’s production systems are likely air-gapped or otherwise isolated from corporate IT networks, significantly reducing the risk of direct crossover. Nevertheless, they caution against assuming such isolation guarantees safety.
This was also not a nuclear facility, however. The article says it makes "non-nuclear components".
In my experience auditing critical infrastructure, most facilities are "air gapped". I put that in quotes because while you can't browse the Internet from the control network(s), there are ways to exfiltrate data. The managers, engineers, regulators, and vendors need to know what is going on in real-time. Back in the day this could've been a serial port connecting two systems for a one-way feed. Now I imagine it's something far more sophisticated and probably more susceptible to abuse.
As an example, you might have a collection of turbines manufactured by GE and GE needs to have real-time data coming from them for safety monitoring and maintenance. The turbines might have one connection for control traffic and another for monitoring. How to secure these vendor connections was always a debate.
Btw, there are strong cybersecurity regulations around critical infrastructure. CIP-005-07 covers security perimeters. You can view them here: https://www.nerc.com/pa/Stand/Reliability%20Standards%20Comp...
Then according to this report, 'sometime in August' the exploit is used against the Honeywell-managed nuclear facility, since it wasn't patched, if I read correctly? So it really could have been anyone, and it's hardly just Russia and China who have a record of conducting nuclear espionage in the USA using their nation-state cybercapabilities (Israel?). As the article notes:
> "The transition from zero-day to N-day status, they say, opened a window for secondary actors to exploit systems that had not yet applied the patches."
Also this sounds like basically everything that goes into modern nuclear weapons, including the design blueprints. Incredible levels of incompetence here.
> "Located in Missouri, the KCNSC manufactures non-nuclear mechanical, electronic, and engineered material components used in US nuclear defense systems."
The only world where "likely" is a reasonable word is in reference to possible physical taps or a precise enumeration of physical access points that went unaudited, but have reliably followed safe access control/configuration procedures. Anything else is plain incompetence.
https://www.paloaltonetworks.com/cyberpedia/what-is-the-purd...
This article is full of nonsense and speculation.
What?
Gee, who would have guessed this isn't secure.
I went there to try to find where company meetings got recorded to.
I went to my sharepoint bookmark, which weirdly is www.office.com after some previous nightmare rebrand.
Except what used to be the way into your sharepoint files, is now just a full page copilot screen with no hint of where the fuck your files are.
Even though you've been visiting this bookmark for years, to get to your sharepoint files.
Ok, so you search bing sign into sharepoint.
Top result is office.com . You ignore it.
Next result is:
https://support.microsoft.com/en-gb/office/sign-in-to-sharep...
This links you to https://m365.cloud.microsoft/
Ok great. Nope! Redirects you back to copilot.
I do NOT want to ask copilot to dig out my files every time you want a file. I want to get back to the directory listing so I can find the directory listing to find the company meeting recording.
How does MS not understand that replacing all UX with copilot is not an improvement, and is not helping sell copilot.
Don't use Exchange? Cool, what should we use instead? Does it support 15 people all the way up to 150000 people? I used to run Exchange cluster for 70k people, is there other mail software out there complete with non-shared disk redundancy? Where the users connect to single endpoint and software figures it out from there?
Sharepoint with another 2 RCEs. Not shocked, the software is terrible. However, it's only software that will stand up under load and let us shard it easily. All open-source software is one of those, runs fine in Homelab, likely falls down under load. Few Open Source Developers want to work on this stuff which I get because it's tedious work interfacing with computer illiterate end users. I'd rather chug sewage then do this work for free.
Finally, it's somewhat backwards compatible. Most businesses are filled with ancient software that no one has worked on in 20 years. That Excel document with Macros from 1997. With some registry changes degrading security posture, still works. I doubt you will find Office software with level of backwards compatibility unless they are using Microsoft Office level of compatibility.
Microsoft has real gordian knot here and few solutions besides "Backwards compatibility is OVER. Upgrade to modern or GTFO". Meanwhile, I get hit up by $ThreeJobsAgo over some Exchange Web Services solution I slapped together for them in Python they wanted me to upgrade to GraphAPI since Microsoft turned off Exchange Web Services in Office365.
Also, the Kansas City Plant is like a watchmaker's factory, not a power plant. They make widgets and gewgaws, not literally split atoms.
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Histor...
> A programming error later caused the worm to spread to computers outside of Natanz. When an engineer "left Natanz and connected [his] computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed." The code replicated on the Internet and was subsequently exposed for public dissemination. IT security firms Symantec and Kaspersky Lab have since examined Stuxnet. It is unclear whether the United States or Israel introduced the programming error.
Also bearing mention is Flame, which is often left out when Stuxnet comes up, but which was allegedly part of the wider operation.
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Signif...
> The Washington Post reported that Flame malware was also part of Olympic Games.
https://www.washingtonpost.com/world/national-security/us-is... | https://web.archive.org/web/20220322045917/https://www.washi... | https://archive.is/6hRl7
> “We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.
> The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.
Or the government could pay people to work on said open source software, providing a benefit to the public along the way. The US government started something like this called "18F" under the Obama administration. It was so effective at making software that was useful to the American public that Trump promptly shut it down 2 months into his second term, in no small part because they had the temerity to develop free-to-use tax filing software.
See
https://handbook.tts.gsa.gov/18f/history-and-values/ https://web.archive.org/web/20250000000000*/https://handbook... https://archive.is/CIXG1
and
https://www.lawfaremedia.org/article/learning-from-the-legac... https://web.archive.org/web/20250000000000*/https://www.lawf... https://archive.is/fmaf6
It's an answer from talking heads, not from people from the facility.
If they are, it’s enormous personal red flag. MSFT is very popular so I’m only speaking about my own experience, but I have learned over the course of 20 years that an MSFT IT stack is highly correlated with me hating the engineering culture of an organization.
I know I am excluding a lot of companies with great engineering culture where I would thrive and who just happen to use Outlook/Sharepoint/Teams, etc. but it has had such better predictive power of rotten tech culture than any line of questioning I have come up with during interviews that I still use it.
I don’t mean any disrespect to MSFT-centric engineers out there - it’s not you it’s me.
Just like with Windows, Microsoft has built a moat with Exchange, but the question is why do all the companies buy into their full ecosystem, especially for anything relating to web technologies (you even bring up Exchange Web Services), because this they do really badly, and Sharepoint seems to be the worst.
However, I am certain there are big Postfix/Dovecot installations scaling easily to 150k people, but we probably wouldn't know about them. Eg. here a couple of accounts of people doing that: https://www.reddit.com/r/linuxadmin/comments/32fq67/how_woul...
https://en.wikipedia.org/wiki/Operation_Olympic_Games#Histor...
> Dutch engineer Erik van Sabben allegedly infiltrated the Natanz nuclear facility on behalf of Dutch intelligence and installed equipment infected with Stuxnet. He died two weeks after the Stuxnet attack at age 36 in an apparent single-vehicle motorcycle accident in Dubai.
(btw, this story is more about unintended consequences instead of MSFT)
- I own an alerting system
- For log based alerts, it looks for a keyword e.g. "alert_log"
- I make a spreadsheet to track data about alerts and call one of the sheets "alert_log"
- Alert system starts going crazy: using tons of CPU, number of alerts processed goes through the roof but not a lot of alerts generated
- Turns out that I was using the cloud version of Excel so any text entered transited the firewall
- Firewall logs store the text "alert_log"
- Alert system thinks it's an alert BUT it's not a real alert so triggers an alert processing alert
- That second alert contains the text from the firewall log and so cycle begins
In other words, systems can operate in weird ways and then cause things to happen you didn't anticipate. It's why things like audits, red teaming and defense in depth all matter.
Fastmail today would be much bigger again, and they’re on CMU Cyrus.
150k is rookie numbers. Perhaps that was meant ironically to satirise mediocre enterprise thinking?
I've seen companies with varying levels of MS product integration but Outlook is pretty foundational.
Now, if a company says they use SharePoint or Teams to store their documentation, run to the hills. Wikis or bust.
Sure, PostFix/DoveCot will scale if you are doing just email. Once you add GroupWare requirements, PostFix/Dovecot are no longer in same boat.
In any case, Exchange is not just email, it has Calendaring/Contacts stuff going on as well.
Old manager I had one told me: "I wish Microsoft made all the software in the world because it works so well together!" He was the guy who bought our company a one-way ticket to O365. He was also woefully tech ignorant and could barley drive software outside of office programs.
The root fault with this article, and the resulting discussion, is the extent to which it generalizes over one of the larger organizations in a very complex part of the defense industrial complex. Many parts of KCNSC's operations are absolutely not exposed by this incident. Other parts absolutely are. Determining which fall into which category, and to what extent that is acceptable, keeps quite a few people employed.
Teams macOS client? Crashes on startup, even after clearing all of my user data.
Teams iOS client? You can join a call by a link, but you can't see the call UI because it's behind the login window.
Teams on Firefox? No video support for years, and most recently just glitches out and shows an empty page when trying to join.
Teams on Chrome? Tried joining a meeting, and was told by the organizers that they couldn't admit me because the button wasn't doing anything.
I've had all four of these things happen within the last month, and it's made me want to tear my hair out. I get that none of these are "Microsoft Edge/native Windows client", but they could at least pretend to care about other platforms...
I'm sitting here with a very performant computer running its native web browser.
It's ridiculous that I kept losing my place in that article because the page kept getting shifted to fit yet another damn ad (there were at least three in-view at all times as I was looking at it) onto the screen.
Either make the ads fast and don't load the page until they're all there, or better yet, admit that online content isn't a way to make your private equity group even more obscenely rich, and cut back on the monetization that you put on it.
Decisions like these need to be done from first principles. SharePoint shouldn't even have been a contender here if looked at seriously. Do your own homework.
It's never just Teams or SharePoint or a wiki. It's almost always some abomination created by putting various bits of knowledge on all three. Also, corporate wikis suck because how your team classifies data is almost invariably different from how someone else wants to see it.
SharePoint, for all of its flaws, typically gets used by the major announcement-and-policy makers at a company, because they just want to use MS stuff (primarily out of ignorance of alternatives), so at least it's somewhat coherent for everyone in the company.
Recently it's all been gmail/google workspaces.
The companies not using Microsoft, are using Google. Which in my experience is equally or measurably worse.
Just personal data points, but every avowed Microsoft hater I've ever worked with has been... difficult. Like a-drag-on-the-team-because-he-refuses-to-use-company-tools difficult.
Edit: How does an aged post on this site go from +4 to -1 in the span of a few minutes?
But that is very geography dependant.
$ dig ycombinator.com mx
;; ANSWER SECTION:
ycombinator.com. 300 IN MX 20 alt1.aspmx.l.google.com.
ycombinator.com. 300 IN MX 10 aspmx.l.google.com.
ycombinator.com. 300 IN MX 20 alt2.aspmx.l.google.com.
ycombinator.com. 300 IN MX 30 aspmx4.googlemail.com.
The best company I ever worked at, provided every software engineer both a Mac laptop and a Linux desktop as standard equipment.
Now, if Microsoft creates a Microsoft Linux desktop OS, that would be something.
My work laptop is Windows, and the only native applications I run on it are a web browser, Zoom, and the company's VPN software. Everything else runs inside WSL.
I greatly prefer Debian to Homebrew, so if I can't run actual Linux, this is (to me) superior to trying to develop on a Mac.
Every company I worked for before or since just used IMAP.
The Mac hardware is vastly superior to most Windows laptops, especially enterprise Windows laptops.
honestly the things i read here sometimes hahaha
Not in my industry. And workstations, mobile or otherwise, on the clock? You work with what's certified and available. But to be fair, "Apple people", praise the Great Maker, are utterly irrelevant here. Hardware- and software-wise.
I strongly disagree about Mac hardware vs. Thinkpads or Framework, but to each their own.
Like, if a fighter jet pilot came and told all American jets are equally weak and overcomplicated and ineffective, it probably tells more about that pilot than about the jets.
I don't know if that's the case, but that would be the idea.
My direct employer uses GSuite (and Google docs as a source of record is as bad as a 2000s file share)
An attacker (read: nation-state actor) wouldn't even need to take down US-East-1, it could just take advantage of the outage.
I assume (hope?) there's some kind of backup comms plan or infra in place for critical events, but I don't actually know.
Note that MX records are misleading here. They have no false positives, but are full of false negatives --- daisy-chaining MTAs is common, and since Microsoft owns the mailbox, it's invariably last in the chain. So the MX record will show something like Proofpoint (pphosted) or Mimecast or an internal company host, when really it's Microsoft in the end.
In 1971 Ray Tomlinson sent the first mail message between two computers on the ARPANET, introducing the now-familiar address syntax with the '@' symbol designating the user's system address.[2][3][4][5] Over a series of RFCs, conventions were refined for sending mail messages over the File Transfer Protocol. Several other email networks developed in the 1970s and expanded subsequently.
Proprietary electronic mail systems began to emerge in the 1970s and early 1980s. IBM developed a primitive in-house solution for office automation over the period 1970–1972, and replaced it with OFS (Office System), providing mail transfer between individuals, in 1974.
The also targeted the IT side, not the operational side, which, according to the article is likely to be airgapped. Even sensitive production facilities need some internet access, people work there and like everyone else, they need food, office supplies, toilet paper, etc... they can't be cut off the rest of the world completely.
The fact that it's so widespread in our corporate culture is more indicative of how enshittified it is. Now, realistically, we might not be able to avoid it because of that, but let's not pretend that it's not shit.
All just empty claims without showing any evidence. Did you ever set up a multi-client syncthing setup to test your theories about it falling over? Or do you have any references, pointing us to analysis, that shows, that any such tool doesn't hold water? What about some bit torrent setups? There are many options in this space, and one doesn't even have to lump synchronization and viewing in a web UI into one service. If one doesn't, then there are many tools that can accomplish the job better than Sharepoint.
And btw. paid MS Office doesn't even hold water for some 80 people, delivering me my e-mails some half an hour later, at a snail's pace, one or two a minute, while my 1 EUR per month free software using e-mail provider (posteo) manages to give me all my new e-mail almost instantly, the moment I open Thunderbird.
Outlook is objectively a terrible experience.
Man alive, what you mean is normie "Apple-style" Windows laptops with a bit of an "enterprise" makeover. Mobile enterprise workhorses (e. g. Panasonic, Getac)? Apple has no hardware in this segment. Detachables with extended five-year warranties plus certified dual-OS support? Nothing. Some of you fruit afficionados need to get out more.
There are plenty of open source email alternatives now days.
Yes, there is other tools, none of them is as integrated as Microsoft suite except other cloud only options like Google Workspace and other cloudy software.
Also yes, due to availability and various other reasons, H1bs, particularly from India, seem more likely to use a MSFT stack.
If they're also making you use Outlook or especially Teams then they're going to start losing "points".
Microsoft Office usage is highly predictive of lots and lots of other choices.
> What happens if you connect Windows XP to the Internet in 2024?
https://spectrum.ieee.org/electricity-its-wonderfully-afford...
$0.32 is $0.41 accoreit BLS, which is less than I'm paying today (I live somewhere with expensive electricity), so I'd enjoy the discount if they did!
https://data.bls.gov/cgi-bin/cpicalc.pl?cost1=0.32&year1=201...
Out of curiosity, what was the real power price where you live in the 60s?
I just down-voted you, so I contributed to that.
OP bent over backwards to make it clear that he didn't mean any offense, and you opened with "you sound like a problem employee."
For example, if OP for some reason stops liking a maintainer of, say, RabbitMQ or PostgreSQL, they might be penetrant about switching a finished project to a different stack without any tangible reason, causing completely unnecessary headaches for the team.
I wouldn't be surprised if many people find that smaller companies are more fun/interesting to work at, so even if this were only filtering out large companies checking for MS could be helpful.
If you’re using exchange/outlook, you’re using Active Directory.
The only real “altetnative” is the reimplementation in samba v4.. calling that an alternative is a bit of a stretch. And it barely scales to one user let alone millions like AD can
Isn't sharepoint just a file share server? (Ive never used it)
I'm sure solutions like samba or an ftp server hold up fine under the load. Its really more a UI question.
I hate SharePoint, but i use/administer it every day and it works, mostly.
Exposing it to the internet is a mistake. Why anyone would do that is beyond me.
But at the same time, within an org of 150k people, we have separate people to support our Teams usge, our Outlook usage, our AD/Entra usage: with the same number of "sysadmins", could we do the same with open source stack?
I don't know, but I know the bugs I see with MS365.
Definitely not.
Maybe it can be argued that it depends on how you use it, but meet is so far and away better for video calls and screen sharing, its not even funny.
Jitsi is also an incredible improvement, and it is self hostable and free.
Teams is likely the worst software that a company will force on all its employees- with that in mind, I guess some people can get stockholm syndrome? Some people who only jump from MSFT shops literally don’t know that there’s anything better. They went from Communicator to Lync to Skype for Business and now to Teams- and Teams is better than those just about.
He didn’t say he doesn’t like Satya or Gates or whatever, he was clear that he doesn’t like the solution.
I just went back to a microsoft shop, and honestly while the company is great you can feel how the communication is stilted compared to my previous company. Those little edges, warts, unreliable loading moments and awkward loading times all sum up to people being disincentivised to create, edit and consume documents or even to chat.
This inexplicably drives meeting culture as async communication just doesn’t happen. I totally understand why its primarily MSFT shops that have RTO mandates.
That doesn’t sound like they have faith in Teams themselves.
I use Teams every day and it can’t even do threading in channels properly. The spellchecker is unreliable and even copy and paste is occasionally patchy.
It is not a good product. I’d switch to Slack given the choice.
The only issues I’ve found with Zulip is how it looks and training people to use it right. I’ve had a lot of comments that Zulip has ruined people because they realised how good it is only after they stopped using it, and can tell that everything is so much worse, but the whole time they used it- they hated it.
The other issue, if we can call it as such, is that there’s not that many native third party integrations, we had to write our own bots for some pretty basic things. But writing bots is so much easier in Zulip than Slack (and for Teams its a lesson in genuine masochism) so I give them a pass.
With Microsoft pushing o365 the “new” Sharepoint is SaaS instead, so Microsoft is exposing it to the internet on your behalf, but then they make a lot of effort to patch it and use WAFs on your behalf instead.
OP doesn't like working for people that have bad tools mandated by the company. He uses a proxy measure to determine this beforehand.
The other poster had problems with people like OP because they don't use the (bad) tools provided by the company.
It doesn't sound wrong from either side. It's actually a win-win for both if they don't meet, which would mean OPs strategy is great for both. It might preclude OP from some opportunities though if the filter is too wide.
I personally do think that if you mandate the wrong tools you will never get the best developers, because great developers are very picky about the tools they use. It can be a bit too extreme in some cases, but I've rarely seen anybody that is good at this job and not very opinionated in some way or the other.
In most cases the problem is mandating though, if you give recommendation but allow deviations from that recommendation within reason you can usually get everybody to be happy.
> receptionist's PC she uses to browse Facebook to pass the time.
Why does 'her' PC have access to the internet?
It tells the company values price more than capability.
I asked in my company why we use SharePoint and the answer was name a better alternative. So I asked an better alternative to do what? I never got an answer.
Vendors can be accountable without providing source code, for example through contracts specifying performance.
I don't know how large Sharepoint's source is, though it has many components and I assume there is quite a bit of code. Auditing the source code of something like Microsoft Office seems almost impossible.
> first principles.
What does that mean in this context?
If Microsoft had just contacted ZAST.AI earlier, I believe this security incident wouldn't even have happened.
Sensationalism gets more clicks though I guess.
That just seems factually incorrect. I’ve seen no correlation on RTO and tools used. Do you have data on this?
> How does an aged post on this site go from +4 to -1 in the span of a few minutes?
Oh, I can answer that one. It's happened consistently to me on HN when I post about a specific topic.First, the post looses two points at once. When I see that, I know it's going to continue losing points consistently until it settles into -2 to -4. There is some trigger that starts with a loss of two points, and then continues down.
Not having internet access at all is like not having your building connected to public roads. That makes it harder (but not impossible) for bad guys to come, but it is so much of a hassle that almost no one does that. Instead, they use gates and checkpoints.
Same idea for internet access. They have internet access, but they have security systems, from traditional firewalls and VPNs to airgaps.
Security is about letting the good guys in while keeping the bad guys out, the latter is meaningless without the former. That's why security is hard, if is was just about blocking everything, it would be easy, but nothing would be done.
Companies that use Teams as primary communication software have all had strong and non-negotiable RTO mandates, companies that use o365 and Slack allow exceptions for certain individuals and teams, but have also had RTO requirements.
Those that are using gsuite or are paying lip service to email and documents (excel, word etc) and using mostly Confluence and something like Slack for most communication are the only ones with proper flexible working.
Now, I could be wrong, and there's no public data to back this up. If I think about how I would construct such a dataset I can't even fathom how; even if I was to check every company with an RTO mandates MX records there would be no way to control for the sheer dominance of O365, and, no way to tell who is only playing lip service to their productivity suites.
I'd be interested in hearing other opinions, but like mentioned, it feels pretty universal. I haven't seen even a single exception to this, and I'm pretty old and I have friends across many companies.
Yes, though Zoom came first, Webex copied their UI during the covid Zoom craze.
Why subject yourself to something you know you’ll hate every day if you can avoid it?
Is that being entitled? Plenty of people don’t have such choices, sure!
If so, who cares? Live your life, make your decisions. Don’t let jealous people make your life miserable.
Personally, I’d rank it as:
1. Google meet (as good as a gvc program can get for actual meetings, near as I can tell). Best when you have a group of people who are somewhat co-ordinated and not malicious though.
2. Zoom (not great for actual meeting quality, like audio/video, but not bad - and has a lot of useful tools and workflow stuff, especially for larger groups of strangers. I get it)
3..24 - every other random product.
25. Teams (lots of random bugs, worse than zoom for actual meeting quality, tons of silly MS’isms when trying to actually use it, somehow doesn’t work well for groups of people working together OR for groups of strangers, etc).
MS is the king of the package deal and ‘check box sales’, so they are impossible to avoid for long however.
Hard to say what the actual office environment would end up like (plenty of toxic nerds out there), but I’ve worked for CEOs who were devs, and I even when they were terrible people, I never once hated the development part of the job.
Oracle support took the cake however, but that was with a commercial support license and a weird bug triggered by a newly released feature (never do that!) in Oracle DB, many years ago. ORA-600 errors for the ‘win’.
I don't think I was ready for how bad it is. Not going to go into an inventory of it all, but I'll admit I genuinely lost it when I discovered that the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized. There's no reliability baseline; if it's broken to the point the amount of work you can do is zero, just open a ticket with support, who will add yet another bit of duct tape or just reboot something somewhere and ask you if the problem went away somehow.
I think possibly the coworkers who don't look away from the emperor's non-clothed-ness, and the higher standards that they drive, may be more valuable to have around than you imagine, if you can get past the bad emotions that their lucidity gives you.
To be fair, any employee that knows their worth and is not afraid to treat the relationship the same way as the company is a problem for the company ( and thus: 'problem employee' ).
Not to say that the developers working on it are satisfied with it..
Why? It's much better than Teams, if for no other reason than Teams just got deprecated on MacOS Monterey and that's really annoying. Or rather not for just that reason, but for the reason that Teams is Microsoft's 10th biggest priority, whereas video calling is Zoom's only priority, so they make a better product.
I know for example that some companies will hire subcontractors for high risk parts of a project, just so that there is somebody to blame if anything goes wrong.
It's pretty much the majority of their Linux users. Firefox is often the default browser on many distros due to the Chrome/Chromium data sharing concern.
> * Your organization is too small for them to care
Then why even have a business tier if not for the support?
The result of Microsoft's current stance is simply that users look elsewhere. I mentioned Overleaf, but Google Docs is also a solid choice. For local editing we are using LibreOffice.
(1) host an up to date Zulip version
(2) setup or rent a Jitsi Meet or other open source / free software voice + video chat solution. Jitsi Meet might be a bit difficult to properly set up, compared to Zulip, because of extra things needed, like TURN server and in general the complexities of web RTC. Maybe renting that for some < 10 EUR is fine for a company.
(3) Configure Zulip to have for example `/jitsi` or `/meeting` for creating meetings right out of Zulip.
(4) Setup other integrations, that exist for Zulip.
(5) Setup backups for the Zulip database. It is just a postgres database. One can dump it and move the dump to a backup store.
If this is too much, for example because the company doesn't have the knowledge in their employees to manage this, then one can also rent Zulip hosted solutions.
Getting away from Salesforce alone is in my opinion already worth it.
I remember years ago there was a browser demo, some kind of game I think, that would only be played on Internet Explorer. If you changed your User Agent string to be Internet Explorer, the demo would work entirely without issue. I think this was prior to Microsoft getting a large fine for not offering other browser choices.
> >Sorry for that we may have no enough resources about the Linux environment.
That is a difficult to parse sentence. "may" indicates uncertainty about the claim about to be made. "have no enough resources" seems to indicate that there is not enough engineering time available. "about the Linux environment" seems to indicate that it is a knowledge gap. Very strange.
It worked pretty well, I do wish Zulip had better ability to generate links from the video call button, it works really well with Jitsi this way.
Libreoffice Calc and Excel are probably your strongest argument, Excel runs the world after all.
But, if it wasn’t for incompatibility and fear of incompatibility- I have a hard time thinking Calc is materially worse; I doubt theres a single workflow not possible in Calc- and if O365 utils get worse looking then Calc will win there too soon enough.
For everything else in the microsoft stack, either its “this thing does many things thus is incomparable to any one thing!” or its simply worse.
Even the best tools that I would actively defend (MSSQL) are only equivalent to other solutions (PGSQL) and almost never better than everything offered elsewhere.
Microsoft support has been very good. Google support was abysmal and very "you're dumb, we're smart because we're Google" style.
And we pay money for support to both organizations.
People who signal that MS is sh*t are always worthwhile to listen to. They have character and principles, and they know bad and good software when they see it.
Needless to say, in my company all microsoft products are banned and I would never hire microsoft fanboys.
My personal "sample size" is too small to be sure, but I worry that Teams usage is poisonous to collaboration and engineering culture.
Excel in particular, for any power user, sheets just doesn't hold a candle to its functionality. Outside of the valley Microsoft must still have a 10:1 ratio of corporate use, I never run across a customer that has made the switch.
Google Workspace is an infinitely better productivity framework; there's no space for discussion here.
Says it's unthinkably bad then proceeds to give only one example. There are several other issues you can list.
>the terminal -- the terminal! -- freezes after staying open several days, and you need to kill it and restart it.
I wonder when that issue ever happened since I'm always ssh'd into my homelab via the terminal for days and never had to restart it since it never froze.
>The worst part, I think, is how the brokenness ends up permeating the engineering culture. Malfunction is just normalized.
Microsoft didn't make the culture like that, the managers were always like that which made them choose Microsoft because they just choose the biggest corporate name brand supplier. It's your typical old-school MBA.
I've worked at all-MS shops and at all-Linux shops, and despite the issues with MS tech, the all-MS shops were far less toxic and pleasant to work at as people treated it as a 9-5 job instead of their own personal start-up project that needs to strictly conform to their world view, therefore the linux-shops I worked at tended to attract more of the toxic problem employees like your grandparent whos work life revolved around tech evangelism than pragmatism, which I didn't like since I just wanted to get work done and go home, not participate in some crusade at work to judge and shame choices of OS/IDE/languages/frameworks/tools the company should be using. As long as I get paid, I'll use any widely available tool, I don't really care.
Mindset explains the other users complaint perfectly I guess. I suppose it comes to how one views and feels about work. Take pride in your work? Dont go MS shop. Don't care and are just there to get paid? MS shop.
that attitude explains why I can no longer edit calendar evemts in the android app unless I turn the phone sideways, and a deluge of other issues with MS products that reek of sloppy low effort work.
1. There is no planet on which BetterBird/Thunderbird is better than Outlook as a mail client. None.
2. I hate having my mail and calendar apps separated, so on the phone moved from Apple Mail+Calendar to the Outlook iOS app. Been using it for a couple of years. Can't imagine going back.
In my experience, the Outlook client provides features I want in a way that is usable across multiple clients. While I use BetterBird on my personal linux laptop (mainly for sync, so I always have a local copy of my mailboxes), I also use the web Outlook client (much more usable).
On Linux I've also used Evolution - not a massive usability difference with the FooBird. If anyone can recommend a combined mail + calendar client for Linux that is polished and power-user functional, and can work well with differing mailbox providers, I'd love to give it a try.
Also I was compressing my responses in my back-end but Azure Front Door was decompressing them. Why?!!!
Haven't used Outlook propper on Windows for a long time. But I did not like it, and I seriously doubt I would like it today.
Have you used Thunderbird without Exchange? Is the calender functionality you don't like? (haven't used it)
I do wonder if they tried to push teams for text chat before I got there and were shot down. Management seems fairly receptive to some amount of give and take when it comes to decisions about office tooling e.g. I was cited as “the reason” engineers still have access to Figma Dev Mode, and I can’t say we had more than a handful of vocal people pushing to keep it. Company size is somewhere between 200-500 iirc
The web client is pants, though.
Yes, how dare SW engineers work to just put food on the table for their families, and not fight your imaginary tech revolution against MS-shops?
> Take pride in your work? Dont go MS shop.
Sorry buddy, but I work the SW equivalent of "putting the fries in the bag", my work has no impact on the tech issues in your life, and I don't live in The Valley, or the US, or some major international tech hub where hip, non-MS jobs fall from trees in order to make an impact, and so MS shops make the brunt of the jobs market where I live. Should I go homeless and hungry just to virtue signal on HN on how righteous I am via your self-defined Russian nesting doll of obscure purity tests?
>that attitude explains why [...]
Hate to break it to you, but some people on HN like you guys in this thread, are so over privileged with your career opportunities, that their delusions take over rationality and common sense views of the reality outside their bubble, and think the rest of the world must conform to your viewpoints or else they're somehow the "evil ones" responsible for the issues you perceive.
By all means feel free to have your own beliefs and values that differ from others, just don't try to virtue signal, judge others, or impose your view on others, as nobody likes such obnoxious arrogant people on their high horse thinking they're on the right side of history and everyone else is wrong. Live and let live, that's my life's mantra.
But no, people get self backdoored by using Exchange... Or clolud :) Or AI hosted by someone else...
“Nobody ever got fired for choosing MSFT” goes hand in hand with “if we don’t exploit the H1B system to get cheap coders who won’t sue us or try to organize then someone else will.”
Using FOSS, hiring citizens, treating employees well, actually innovating and producing great products, all hang together. Sadly, such companies and people are increasingly rare in tech, because the tech oligarchs fund bad people and bad products because they are often greedy egoists whose wealth is derived from being in the right place at the right time, or from what I call “moral arbitrage” (doing things others are too ethical to consider) rather than deriving wealth from actual talent or ingenuity. Ymmv